Cisco Secure Firewall Reviews

We are using it to manage our environment.

The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices.

It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.

I have been using this solution for five to ten years.

It is rather stable. It can have some peculiarities, but most of the time, it is quite stable.

These are big devices. They have multiple models, but most of the models can be virtualized. You can create many virtual firewalls and add whatever you want.

We faced some issues, but I don't deal with these issues. My colleague interacts with them, and it seems it is not that easy. Cisco is a large company, and sometimes, it is not easy to get quick and very efficient support.

We have a firewall specialist who handles the installation.

It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days. 

It is a good solution for a big traffic load, but its management is not very easy. FortiGate is better in terms of management and user-friendliness.

I would rate Cisco ASA Firewall an eight out of ten.

I use it for VPNs, remote-access VPNs, environment issues, and failover issues. I also use the
content mode, NAT, and PAT in this firewall. We always use ASA for VPN sites and firewall sites. We use the edge for internet access for data center servers or company customers' internet access.

We always use ASA for integration another companies  and branches easily. 

The Inline Mode configuration works really well, and ASA works very impressively.

I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic at all. It's important, and you'll need an additional firewall. 

All next-generation firewalls don't have much control over Layer 7, but there's a little bit of control for inspection. ASA never controlled Layer 7, and it's a bad point.

 I don't like to use ASDM, a graphical interface, and other solutions for ASA. I wouldn't say I like this, and it's not good(ASDM).

I have over seven years of experience with Cisco ASA Firewall.

It's stable. ASA works very well, and it's impressive. I use only ASA and only the Inline Mode. 

It's a scalable, high availability solution. It's an active/standby model for VPN. But if you don't use VPN in these devices, it works as an active/active high availability model.

If you're a Cisco Administrator or Cisco certified, the initial setup isn't a problem. But if you don't know Cisco devices and how they work, it can get a little complicated.

I would advise new users to look at next-generation firewalls like FTD or other models from Cisco. It's better than Cisco ASA. Cisco ASA Firewall isn't a next-generation firewall.

On a scale from one to ten, I would give Cisco ASA Firewall an eight.

We are using the solution for airports.

The Cisco NGFW is an excellent fit for purpose for our network security.

I have been using the solution for five years.

We have not had to deal with stability issues.

The support of the solution is great, their staff is perfect.

My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.

People have said that Palo Alto is a less expensive solution than Cisco, but in my experience, at least from today, Cisco is cheaper than Palo Alto. 

I do not hear anything bad about the competition. I am difficult to change my ways and learn a new product. Unless somebody comes and makes a SWOT analysis and shows me the evidence of how the alternative is better, I am fine with Cisco.

I would recommend this solution to others. 

I rate Cisco Firepower NGFW Firewall an eight out of ten.

Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.

Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.

They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.

I have been using Cisco ASA Firewall for roughly four years.

It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.

I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.

Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.

If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

We handle the implementation for our customers. 

I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.

We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.

My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. 

Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.

We use the platform to provide secure perimeter internet access for customers and also to provide secure networks or secure SANs for customers. We have a global partnership with Cisco and I'm a re-sales and security manager of IT services.

The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations. 

To configure the FirePower it is required an external console. It would be nice to have the console embedded in the Firewall so you don't require an extra device. I'd like to see some kind of SD-WAN included as a feature. 

I've been using this solution for six years. 

The solution is very stable and we feel very secure with it. 

The scalability is no problem. 

The technical support is excellent. 

The initial setup is quite straightforward. I think someone who knows the iOS platform and knows about firewalls can setup the device. If you don't have experience, it will be somewhat complicated. If you know the platform, implementation is very quick. We've installed over 1,000 firewalls for different customers.

This is a very stable platform, and you can adjust the engine for malware protection. It is one of the best and a very reliable solution.

I would rate this solution a 10 out of 10. 

I often work with financial sector companies such as banks as well as retail organizations.

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

The initial setup can be a bit complex for those unfamiliar with the solution.

There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced. 

The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.

We've used the solution recently. We've used it at least over the last 12 months or so.

The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.

This particular product does not have high availability and therefore scalability is limited.

You need a pretty sizable solution for a center.

We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.

I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.

We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.

I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.

You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.

The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.

I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.  

I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.

We use this solution for our firewall and intrusion prevention system.

The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside. 

There are no issues that we are aware of. It does its job silently in the background.

The initial setup could be simplified, as it can be complex for new users.

We have been working with this solution for a couple of years.

It's stable. If there is ever a problem, it never seems to be the firewall.

This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.

Technical support is good. They are responsive.

The initial setup was somewhat complex at first.

We had help from an integrator, which was Dell. They were helpful.

The price is comparable.

We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.

We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.

We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.

I would rate the Cisco firepower NGFW Firewall a nine out of ten.

The feature set is fine and is rarely a problem.

Cisco makes horrible UIs, so the interface is something that should be improved. Usability is poor and it doesn't matter how good the feature set is. If the UI, whether the command-line interface or GUI, isn't good or isn't usable, then you're going to miss things. You may configure it wrong and you're going to have security issues.

Security vendors have this weird approach where they like to make their UIs a test of manhood, and frankly, that's a waste of my time.

The SNMP implementation is incredibly painful to use.

I have been using Cisco Firepower NGFW Firewall within the past year.

I work with a lot of different IT products including three different firewall solutions in the past 12 months.

Everything has room for improvement.

I would rate this solution a five out of ten.