We are primarily using the solution to protect our network.
Sr Network Administrator at Orient Petroleum Inc
Reliable and user-friendly with good technical support
Pros and Cons
- "The user interface is easy to navigate."
- "The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco."
What is our primary use case?
What is most valuable?
The security the solution offers is very good. Security-wise, it's the top in the world.
The product has excellent technical support.
The user interface is easy to navigate.
Everything is user friendly.
What needs improvement?
The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already very cheap and have less annual maintenance costs compared to Cisco.
For how long have I used the solution?
I've been using the solution for a few years now.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is reliable. We have been using it for more than a couple of years and we haven't had any problems. There's been no downtime and no hardware failures. It's pretty stable.
What do I think about the scalability of the solution?
We've never tried to scale. We have a pretty small set up in our country. It's unlikely we will have to scale.
Currently, we have between 200 and 300 people on the solution.
How are customer service and support?
The technical support has been very good. They are helpful and knowledgeable. We're quite satisfied with their level of service.
Which solution did I use previously and why did I switch?
This is the first product of this nature that we have implemented. We didn't previously use a different solution.
How was the initial setup?
Initially, the preliminary set up took us some time. However, we did have some local expertise in Pakistan. Once, when we were stuck on something, we could manage to get help from Cisco online. It wasn't that tricky or complex. In the end, it was straightforward.
What about the implementation team?
We had some assistance with a local expert as well as Cisco.
What's my experience with pricing, setup cost, and licensing?
There's an annual subscription. It's not cheap. It's quite pricey if you compare it to other competitors in Pakistan. There aren't any extra costs beyond the yearly licensing.
We pay about $200 yearly and we have two firewalls.
What other advice do I have?
We are the customer. We are in the oil and gas business. We don't have a business relationship with Cisco.
I'd recommend the solution to others straight away. It's more or less a very standard option here in Pakistan.
Overall, on a scale from one to ten, I'd rate the solution at an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cisco Security Specialist at a tech services company with 10,001+ employees
Robust solution that integrates well with both Cisco products and products from other vendors
Pros and Cons
- "If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning."
- "Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough."
What is our primary use case?
The ASAs are a defense solution for companies. Many of them use the AnyConnect or the VPN licenses. They also use it to have a next-generation firewall and to be compliant with GDPR.
The majority of our usage of the solution is on-prem or hybrid. The culture, here in Portugal — even knowing that the future is full cloud, in my opinion — is to only be on the way to full cloud.
What is most valuable?
All the features are very valuable.
Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users.
The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago.
Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA.
Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center.
What needs improvement?
My concern in the 21st century, with ASA, is the front-end. I think Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough. They probably still make a good profit even with the front-end being difficult, but it's not easy. It's not user-friendly. All the configuration procedures are not user-friendly.
Also, they launched the 1000 series for SMBs. They have all the same features as the enterprise solutions, but the throughput is less and, obviously, the price is less as well. It's a very nice appliance. However, imagine you buy one, take it out of the box to connect it and the device needs one hour or two hours to start up. That is a pain and that is not appropriate for the 21st century. They should solve that issue.
Another issue is that when you integrate different Cisco solutions with each other, there is an overlap of features and you need to turn some of them off, and that is not very good. If you don't, and you have overlap, you will have problems. Disabling the overlap can be done manually or the solution can identify that there is already a process running, and will tell you to please disable that function.
For today's threats, for today's reality, you need to add solutions to the ASA, either from Cisco or from other vendors, to have a full security solution in an enterprise company.
For how long have I used the solution?
I've been using Cisco ASA NGFW for almost two years.
What do I think about the stability of the solution?
The stability of the ASA is perfect. There is no downtime. And you can have redundancy as well. You can have two ASAs working in Active-Passive or load balancing. If the product needs a restart, you don't have downtime because you use the other one. From that point of view it's very robust.
What do I think about the scalability of the solution?
You can go for other models for scalability and sort it out that way.
My suggestion is to think about scalability and about your tomorrow — whether you'll increase or not — and already think about the next step from the beginning.
How are customer service and technical support?
Cisco's technical support for ASA is very good. I have dealt with them many times. They are very well prepared. If you have a Smart Account, they will change your device by the next business day. That is a very good point about Cisco. You have to pay for a Smart Account, but it's very useful.
How was the initial setup?
The initial setup is very complex. You need to set a load of settings, whether from the CLI or the GUI. It's not an easy process and it should be. That is one of the reasons why many retailers don't go for Cisco. They know Cisco is very good. They know Cisco does ensure security, that it is one of the top-three security vendors, but because of the work involved in the implementation, they decide to go with other solutions.
There are two possibilities in terms of deployment. If we go to a client who is the ASA purchaser and they give us all their policies, all their permissions, and everything is organized, we can deploy, with testing, in one full day. But many times they don't know the policies or what they would like to allow and block. In that scenario, it will take ages. That's not from the Cisco side but because of the customer.
One person, who knows the solutions well, is enough for an ASA deployment. I have done it alone many times. After it's deployed, the number of people needed to maintain the solution depends on their expertise. One expert could do everything involved with the maintenance.
What's my experience with pricing, setup cost, and licensing?
When it comes to security, pricing should not be an issue, but we know, of course, that it is. Why is an Aston Martin or a Rolls Royce very expensive? It's expensive because the support is there at all times. Replacement parts are available at all times. They offer a lot of opportunities and customer services that others don't come close to offering.
Cisco is expensive but it's a highly rated company. It's one of the top-three security companies worldwide.
Which other solutions did I evaluate?
I can see the differences between Cisco and Check Point.
Cisco has a solution called Umbrella which was called OpenDNS before, and from my point of view, Umbrella can reduce 60 percent of the attack surface because it checks the validity of the DNS. It will check all the links you click on to see if they are real or fake, using the signature link. If any of them are unknown, they will go straight to the sandbox. Those features do not exist with Check Point.
What other advice do I have?
Cisco ASA is a very robust solution. It does its job and it has all the top features. If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning. It lacks when it comes to the configuration steps and the pain that that process is. You need to spend loads of time with it at setup. Overall, it does everything they say it does.
It's a very good solution but don't only go with the ASA. Go for Cisco Umbrella and join them together. If you have remote employees, go for AnyConnect to be more than secure in your infrastructure.
You cannot do everything with Cisco Defense Orchestrator. You have a few options with it but cannot do everything from the cloud if you are connected with the console of a device. You don't have all the same options, you only have some options with it. For example, you can manage the security policies, all of them, from the cloud. However, not all the settings and all the things you can do when in front of the device are available with CDO. What you see is what you get.
Most companies using ASA are big companies. They are not SMB companies. There are very few SMB companies using it. There are the banks and consulting companies, the huge ones. Usually the ASAs are for massive companies.
Our reality in Portugal is a little different. I was at a Cisco conference here in Lisbon and the guy said, "Oh, we have this solution," — it was for multi-factor authentication — "and we have different licenses. We have a license for 40,000 and for 20,000 users. And I was thinking, "This guy doesn't know Portuguese reality. There are no companies in Portugal with 40,000 employees."
Large companies who do use ASA use various security tools like IPS and Layer 7 control. From my experience, and from common sense, it's best to have solutions from different vendors joining together. The majority have defense products for the deterrent capacities they need to achieve security. Our clients also often have Cisco ISE, Identity Service Engine. It's a NAC solution that integrates perfectly with ASA and with AnyConnect as well.
As for future-proofing your security strategy, ASA is the perfect solution if you integrate other Cisco solutions. But the ASA alone will not do it because it does not handle some of the core issues, like full visibility of the network, the users, the machines, the procedures, and the applications, in my opinion.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
A flexible and easy to manage solution for segregating our servers from the rest of the environment
Pros and Cons
- "The most valuable features are the flexibility and level of security that this solution provides."
- "There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue."
What is our primary use case?
We use this solution as a firewall and for the segregation of our servers from the rest of the environment.
How has it helped my organization?
Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.
What is most valuable?
The most valuable features are the flexibility and level of security that this solution provides.
What needs improvement?
There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.
Some of the features should be baked-in by default.
What do I think about the stability of the solution?
Stability has been pretty good, so far.
What do I think about the scalability of the solution?
This solution is very scalable.
How are customer service and technical support?
We have contacted technical support about an issue that we were having, and it took a very long time for them to figure it out. We were on the phone for six or seven hours with them.
Which solution did I use previously and why did I switch?
We previously used an ASA 5500, and it was simply time to upgrade it. We used this solution as a direct replacement.
How was the initial setup?
The initial setup of this solution is pretty straightforward.
Which other solutions did I evaluate?
We are not restricted to any one vendor, but this solution worked well as a direct replacement for our previous one. We considered both Juniper and FortiGate.
What other advice do I have?
This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Administrator at Vegol
A stable solution with good monitoring and VPN capabilities
Pros and Cons
- "The stability is good. Very simple. Upgrades are great."
- "They really need support for deployment."
What is most valuable?
The VPN and monitoring are the most valuable features.
What needs improvement?
I tried to buy licenses, but I had trouble. Their licensing is too expensive.
If they can get the reporting to go into deeper detail, it would really be helpful because in order to get the reports in Cisco you have to go to look at the information that you don't necessarily need.
Also, the pricing is quite high.
For how long have I used the solution?
I've been using the solution for six years.
What do I think about the stability of the solution?
The stability is good. Very simple. Upgrades are great. But when we upgrade it, things break. You have to upgrade about three things before you get something stable.
What do I think about the scalability of the solution?
I haven't had to scale, so I can't speak to this aspect of the solution.
How are customer service and technical support?
I haven't had to deal with technical support, so I don't have much to say.
Which solution did I use previously and why did I switch?
We didn't previously use a different solution.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
I did the setup myself. The budget I had didn't allow me to get support. I would use Google a lot. The first implementation took me about three weeks because I did not know what I was doing. So it took me a while. It took me about three weeks, but everything else took about two days, maybe three days and I was done.
Which other solutions did I evaluate?
We did look at Barracuda.
What other advice do I have?
They really need support for deployment.
I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Infrastructure Manager at Beltone Securities Brokerage S.A.E.
Secure, stable, and their technical support has excellent service
Pros and Cons
- "The features I found most valuable in this solution, are the overall security features."
- "It could also use a reporting dashboard."
What is our primary use case?
We have around 250 users and security is extremely important for us.
What is most valuable?
The features I found most valuable in this solution are the overall security features.
What needs improvement?
The overall application security features can be improved.
It could also use a reporting dashboard.
For how long have I used the solution?
Our company, Beltone Financial, has been using Cisco ASAv for about three years now.
What do I think about the stability of the solution?
I found that Cisco ASAv is a really stable solution.
What do I think about the scalability of the solution?
I haven't tested scalability yet, but I believe it is a very scalable solution. We currently have 250 employees working on it without any issues.
How are customer service and technical support?
The few times I've had to call in technical support, the service was excellent. I've had no issues.
Which solution did I use previously and why did I switch?
Our company has used various other solutions in the past. We've decided to also install Cisco ASAv to add extra features to our system.
How was the initial setup?
The initial setup was straightforward and it took me about two days to do the installation. The fine tuning took about a week. I am the IT Infrastructure Manager of our company, but I don't believe that individuals without IT knowledge would struggle to do the installation themselves.
What about the implementation team?
We didn't use any consultant for the deployment - we installed and implemented Cisco ASAv ourselves and we didn't experience any problems.
What's my experience with pricing, setup cost, and licensing?
We pay an annual fee.
Which other solutions did I evaluate?
We have used many other solutions in the past and we constantly look out for other options. So we didn't switch to Cisco ASAv, we simply started using it together with another solution. We now use two products in the same time.
What other advice do I have?
I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Gives more visibility into what's going on when traffic comes in and goes out from the company
Pros and Cons
- "Stability is perfect. I haven't had any problems."
- "I would like for them to develop better integration with other security platforms."
What is our primary use case?
My primary use case for this solution is for Internet access for the enterprise or for users, publishing, email, and to protect our network.
How has it helped my organization?
Before Firepower, we didn't have any visibility about what attack was happening or what's going on from the inside to outside or the outside to inside. After Firepower and the reporting that Firepower generates, I can see what's going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what's going on. It enables me to solve any problem.
What is most valuable?
They give me more visibility of what's going on when traffic comes in and goes out from the company or comes in from the outside. I can see what's going on with this traffic, which is a nice feature. I also like the malware inspection and management of the dashboard features. The management of the dashboard is different from the old Cisco Firewall. This management brings everything together into one management platform.
What needs improvement?
I would like for them to develop better integration with other security platforms. I would also like for them to make the Cloud configuration easier.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Stability is perfect. I haven't had any problems.
What do I think about the scalability of the solution?
Scalability is great. We have around 1,500 users.
How are customer service and technical support?
Their technical support is good. I opened a ticket when we did the installation. We didn't have any issues with them.
Which solution did I use previously and why did I switch?
We were previously using Cisco ASA without Firepower. We switched to Cisco Firepower because Firepower has more features, like malware inspection, and more possibilities with identity management.
How was the initial setup?
The initial setup was a little complex. We required three staff members for deployment and maintenance.
What about the implementation team?
We implemented ourselves. Deployment took around six months.
What's my experience with pricing, setup cost, and licensing?
It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.
Which other solutions did I evaluate?
We also evaluated Fortinet and Juniper.
What other advice do I have?
I would advise someone considering this solution to subscribe to the URL filtering and to use malware inspection.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Info Sec Consultant at Size 41 Digital
Keeps costs low and provides granular control using appliances familiar to the team
Pros and Cons
- "Among the top features are integrated threat defence and the fact that each virtual appliance is separate so you get great granular control."
- "There are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates."
What is our primary use case?
Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.
How has it helped my organization?
Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.
It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.
What is most valuable?
Top features:
- Easy to deploy for staff to use VPNs
- Ease of setup
- Integrated threat defence
- Great flow-based inspection device
- Easy ACLs
- Failover support
- Each virtual appliance is separate so you get great granular control
- Has own memory allocation
- Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
- License control
- SSH or RESTful API
What needs improvement?
We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.
Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.
How was the initial setup?
We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.
What other advice do I have?
Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.
This solution gets an eight out of ten because it is easy, has the features we need, keeps costs low, and provides granular control using appliances that are already familiar to the team.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Partner - Consulting & Advisory at Wipro Technologies
It provides the transparency of a single UI to ensure security
Pros and Cons
- "The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it."
- "The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."
What is our primary use case?
Our primary use case is security.
How has it helped my organization?
From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.
What is most valuable?
The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.
What needs improvement?
The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The stability is alright.
What do I think about the scalability of the solution?
Scalability is not an issue.
How is customer service and technical support?
Its technical support is the main reason why we selected the product.
How was the initial setup?
The integration and configuration are transparent and easy.
What's my experience with pricing, setup cost, and licensing?
We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.
Which other solutions did I evaluate?
We evaluated VMware Virtual Networking and Check Point.
We chose Cisco because of the support and their roadmap for the changing technology landscape is good. Therefore, it is always better to be partnered with them.
What other advice do I have?
When you are going to select a product, don't look at the cost, but at the functionality. Also, look at the stability. These days, the startups will show a new function or functionality, but when looking for a partner, make sure the company is sustainability for the new four years? Do they have the funding?
We have a large ecosystem system: Symantec, McAfee, Splunk, Check Point firewalls, Cisco firewalls and IPS IDS from Cisco. They integrate and work well together. Cisco has been security leader for the last 20 years, so the products are quite stable working in sync.
We are using every version of the product: On-premise, Azure, and AWS, which is a new offering.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Meraki MX
Zscaler Internet Access
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Palo Alto Networks WildFire
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?