Cisco Secure Firewall Reviews

We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

The solution has been quite stable.

Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

In the past, I've worked with Check Point and Fortinet as well.

I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

We're handing the implementation via our own in-house team.

I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

Our company has a partnership with Cisco.

We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

Overall, I would rate the solution at a nine out of ten.

We are using this solution for the site-to-site VPN tunnels and VPN Connections.

I like all of the features.

It is my understanding that they are in the process of discontinuing this device.

They are in the process of shutting down this ASA series and will continue with Firepower.

In the next release, it could be more secure.

I have been using Cisco ASA Firewall for six years.

We are not using the latest version.

It's a stable solution. I have not had any issues.

This product is scalable. We have 100 users in our organization.

We will not continue to use this solution. We will be upgrading to either Firepower or Check Point.

Technical support is perfect.

I was using Dell SonicWall before Cisco ASA Firewall.

The initial setup was straightforward. 

It's easy to install and it doesn't take a lot of time for the initial configuration.

It took an hour to install.

I completed the installation myself. We did not use a vendor or vendor team.

There are licensing costs.

I would not recommend this solution. The technology is old and they should move to Firepower or NextGen Firewall.

I would rate the Cisco ASA Firewall an eight out of ten.

We are an IT integrator. We include parts of the infrastructure as part of our services, which includes firewalls, routers, switches, and even some end-user devices. We are deploying Cisco, Palo Alto, and Aruba. We are a very big company, and we have probably about 300,000 employees all over the world.

We use this solution for security and for enabling site-to-site VPN. We have on-premises and cloud deployments, and we are using the latest version of this solution. It is 5500 or something like that. 

The configuration capabilities and the integration with other tools are the most valuable features. 

I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.

It can probably provide a holistic view of different appliances because many customers do not have only one brand, besides the traditional SNMP protocols, to cover all their devices. There are some specific requirements in terms of configurations or actions that sometimes have to be done in a very manual way because of the different versions or brands in a customer's infrastructure.

It could also have some additional analytics capabilities. It has some very interesting ways to monitor the traffic and identify false positives from the architecture and the environment. It would be good if there is a way to patch with some other industry-specific solutions and synchronize some of the information, such as what other customers experience in their operations and probably share some additional information that could be leveraged or shared among the industry. Such information would be something interesting to see. It could have AI capabilities related to how the appliances could benefit from learning the current environment and different exposures.

I have been using this solution since the beginning of this company, which would be more than 20 years.

It is stable and reliable.

There is no real limit to the way they can scale. It is very easy to integrate additional firewalls or even nodes on appliances. Whenever needed, they are stackable. They are very flexible in that sense. Our clients are large businesses.

The service that we have received from Cisco has been reliable, fast, and efficient. They are very good. As long as you have a contract, you can rely on them. You should also have a technical team certified or at least trained on the infrastructure to provide in-depth first-level help. 

I have also used other solutions like Palo Alto. The capabilities are pretty much the same. It is just a matter of how they integrate with the overall landscape of the customers. Palo Alto seems to be the top end firewall these days, but the customers might have purchased Cisco in the past or have a DNA subscription using which they could probably take advantage of the security landscape that Cisco offers. It is more about what is the overall benefit rather than just the appliance.

They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range.

I would suggest to be sure that it smoothly integrates with the infrastructure that you have. Try to take advantage of the DNA subscription and the new monitoring features that it has. Be informed about what's new with this product.

I would rate Cisco ASA Firewall a nine out of ten.

The way we've installed Firepower was for the migration process. For example, there was a data center consolidation, and therefore we had to move everything. We offer data center products to our customers across VPN funnels. We had to move away from older ASAs, so it's a lift and shift. We move older ASAs, which were dispersed in many sites, and we consolidated a couple of services in a single site. Firepower was left there in place. I came in and I took over the administration duties, and now I'm trying to put everything together in a way that it makes sense.

With Firepower, they have better hardware. It's fitted for more throughput, more load. I'm trying to centralize service delivery on this high-availability pair and move all the remote access to Firepower. Then, it's all part of a transition process from a hybrid cloud to a full cloud deployment on a cloud provider. It's mostly just a necessary pain, until we move away from our on-prem deployments. Currently, I'm working with Azure, etc. and I try to look at the main design of the whole process, even though it's going to take two years. 

COVID has also made everything very, very slow for us as we try to move away from our initial plan.

The 2100 models are extremely useful for us.

It's got the capabilities of amassing a lot of throughput with remote access and VPNs. 

They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me.

We've been using the solution for about a year.

The solution is pretty solid in terms of stability, however, I prefer Palo Alto. For the enterprise world, it's better to have Palo Alto. For the service provider field, Firepower is quite well suited, I'd say. That said, Palo Alto, is definitely the enterprise way to go. For a smaller deployment, you can also go with FortiGate. It's simple, however, it works for smaller offices.

The scalability of the product is pretty good. If you need to expand it, you can do so with relative ease.

The technical support is amazing. They do reply quickly, and often within an hour. It's been great. I've worked at Cisco before, however, with the type of contract we are in, I find it super fast right now. We're quite satisfied with the level of support.

I don't have any knowledge as to what the product costs. It's not part of the business I deal with.

Palo Alto, it's my understanding, is a little more expensive, however, it depends on the users and on the design. It always depends on the contract

We're just customers. We don't have a business relationship with Cisco.

It's a solid, reliable product, however, if it's right for a company depends on the use case and the size of the organization. For a startup, this might not be a suitable option.

Overall, I'd rate this solution nine out of ten. As a comparison, if I was rating Palo Alto, I would give it a ten out of ten.

The solution is primarily used for protecting the environment, or the cloud environments for our customers.

All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features. 

The implementation is pretty straightforward.

The security market is a fast-changing market. The solution needs to always check if the latest threats are covered under the solution. 

It would always be helpful if the pricing was improved upon a bit.

In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.

We've been using the solution for about five or more years at this point.

The solution is stable. It's very reliable. It doesn't crash or freeze and doesn't seem to be plagued by bugs or glitches.

The solution can scale quite well. A company that needs to expand it can do so easily.

In our case, we have clients with anywhere between 1,000 and 10,000 users.

We have our own in-house team that can assist our clients should they need technical support. They're quite knowledgeable and can handle any issues.

I also have experience with Fortinet and Check Point.

The implementation isn't complex. It's straightforward. However, it also depends on the specifications of the customer. Normally we check that out first and then we can make a judgment of how to best implement the solution.

Typically, the deployment takes about two days to complete.

In terms of maintenance, we have about five people, who are engineers, who can handle the job.

We deliver the solution to our customers.

You do need to pay for the software license. In general, it's a moderately expensive solution. It's not the cheapest on the market.

We're a partner. We aren't an end-user. We are a managed security provider, and therefore we use this solution for our customers.

We always provide the latest version of the solution to our clients.

Typically, we use both cloud and on-premises deployment models.

I'd recommend the solution to others. It's quite good.

On a scale from one to ten, I would rate it at an eight.

I use it to protect my DMZ from external attacks.

Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.

The Adversity Malware Protection (AMP) feature is the most valuable. 

It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.

Its interface is sometimes is a little bit slow, and it can be improved.

When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. 

In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.

I have been using Cisco Firepower for two years.

We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.

We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports. 

We have used their technical support. They are amazing. Cisco's technical support is the best.

We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.

The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.

We used our reseller and contractor to deploy Cisco Firepower. They were good.

I would recommend this solution. I would rate Cisco Firepower a nine out of ten. 

Our primary use case is as a data center firewall for internet firewalls and also as a VPN concentrator. I'm the chief technology officer and we are partners of Cisco. 

In terms of features there hasn't been much improvement but it's a very stable solution and a very good firewall with almost all of the features required for next generation firewall purposes. Almost all the firewalls on the market have the same features available, but if you take into account the integrations and reporting of Cisco, it's a little better than the others. In particular, the briefing reporting is better. With Fortinet we would probably have to use FortiAnalyzer as a separate reporting module for Fortinet, but here the reporting is good.

There needs to be an improvement in the time it takes to deploy the configurations. It normally takes two to four minutes and they need to reduce this. The deployment for any configuration should be minimal. It's possibly improved on the very latest version. 

An additional feature I would like to have in Firepower would be for them to give us the data from the firewall - Cisco is probably working on that. 

I've been using this solution for close to five years. 

The scalability is very good. 

We generally provide support but if we're not able to resolve an issue, we escalate it to Cisco and they're great. They are one of the best support services I've used and it's one of the reasons Cisco is doing so well in the market. 

I also work with Fortinet and Palo Alto. Fortinet is also a really good product but Cisco is a leader in next generation firewalls and now that they are catching up to Fortinet, they have provided a lot of features and flexibility. I personally see Cisco as being good for large enterprise companies and Fortinet is better for families as well as small and medium size businesses. When it comes to Palo Alto, the high price point is one thing that is an issue, some companies are unable to afford it. Palo Alto is good but Cisco is catching up to them and I believe in a year or two, Cisco will probably match Palo Alto as well and be much better. 

The initial setup is not too complex, but as with Fortinet, they have some detailed steps required which adds to the flexibility also. With flexibility comes a bit of complexity, but it's not too bad. Deployment time takes a few minutes. I am responsible for implementation and maintenance for our clients. We were previously deploying only for medium or large enterprise companies but Cisco has come up with the 1000 and 1100 series firewalls for smaller companies which is pretty good. They're a cost-effective solution and competitive in the market. 

Cisco falls somewhere in the middle in terms of pricing, it's not very expensive and it's not very cheap. There is an additional accessory fee associated with Cisco but normally they have a separate subscription cost for different types of security to protect the firewall. There are separate bundles available inside the pricing and that's probably true for all of the firewalls. 

Cisco is a large, good and reliable firewall. They are working on advanced features and catching up with the leaders in the market. I believe that's a score for them. A yearly subscription is cheaper than Palo Alto and Fortinet offer. They provide good support and once it's loaded, it doesn't give a lot of problems, that's very important.

I would rate this solution an eight out of 10. 

We primarily use the solution for the various firewalls.

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There is one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

Before an ASA, it was a live log. It was easy and comfortable to work with. After the next-generation firewall, Firepower, the live log became really slow. I cannot reach the information easily or quickly. This has only been the case since we migrated to next-generation firewalls.

There is some delay between the log itself. It's not really real-time. Let's say there's a delay of more than 20 seconds. If they had a monitoring system, something to minimize this delay, it would be good.

It would be ideal if I could give more bandwidth to certain sites, such as Youtube.

I work with Fortinet also, and I find that Fortinet is easier now. Before it was Cisco that was easier. Now Fortinet is simpler to work with.

On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.

I've been using the solution since about 2003, when I originally implemented it.

The solution is extremely stable. We don't have any issues whatsoever. It doesn't have bugs or glitches. It works well. Occasionally, it may need patches, however, there's very little downtime.

The scalability of the solution is very good. We have no trouble expanding the solution.

They have multiple products that fit in multiple areas. They also have virtual firewalls, which are working well in virtualization systems. They have the data center firewalls feature for data centers. It's scalable enough to cover most of the use cases that might arise.

Cisco offers excellent technical support.  They're useful and very responsive - depending on the situation itself. Sometimes we require the support of agents and we've found Cisco to have one of the best support systems in the market.

I also work with Fortinet, and it's my sense that, while Fortinet is getting easier to use, Cisco is getting harder to deal with.

The initial setup is not complex at all. It's pretty straightforward.

A full deployment takes between two and three days. It's pretty quick to set up.

The pricing is neither cheap nor expensive. It's somewhere in the middle. If you compare it to Fortinet or Palo Alto, Fortinet is low and Palo Alto is very high. Cisco falls in the middle between the two.

As far as deployment options go, they often have more wiggle-room with discounts, especially for larger deployments. Therefore, in general, it ranges closer to Fortinet's pricing.

We're partners with Cisco, Fortinet, and Palo Alto.

I work with on-premises deployments and virtual firewalls, however, I don't use the cloud.

The solution works well for medium-sized enterprises.

Overall, I would rate the solution nine out of ten.

I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.