Cisco Secure Firewall Reviews

Our primary use case is to protect our network from external threats. We need to keep our portal safe. 

We use the public cloud model of this solution. 

The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. 

I would like for the user interface to be easier for the admin and network admin. I would also like to be able to access everything from the GUI interface. The way it is now, it needs somebody experience in iOS to be able to operate it. I would like to have a GUI interface. 

It should have integrated licenses with our other products. There should be a license bundle, like for firewalls and iOS. It would be better if it was a bundled license. 

It's very stable.

The scalability is good. We have around 1,500 users. The users are regular end-users, network admins, technicians, etc. 

We require three admins for this solution. We require five staff members for the deployment and maintenance. 

It is used weekly. We do plan to increase the users.

Their technical support is good. We have a maintenance contract with them for two years and we plan to renew the contract. 

The initial setup was straightforward. It took around two to three days to implement. 

We used a Cisco partner for the implementation. They were knowledgable and did a good job. 

There are no additional costs to the standard licensing fees. 

We don't evaluate different solutions because our infrastructure is Cisco-based. We wanted it to be homogeneous with our infrastructure. 

I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product.

You should have a good technician and admin support for all this product in order to maximize the value and benefits. 

I would rate it an eight out of ten. 

Our primary use for the solution is as a firewall. We implemented it as an IT tech solution for our accesses through Sourcefire. It provides security.

The main product in our company is dependent on Cisco as a security solution. Cisco has a great reputation in the market. We are using Cisco as our main firewall in the company because it provides the best security.

The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.

I'm not really sure that much has to be improved. Compared to other firewall solutions probably the thing that could be improved is the interface — the GUI. Other than that I don't think there is anything else that could be better. I think it is a great product.

I believe that Cisco is one of the most stable firewall solutions. Compared to other solutions, Cisco has a better stability record than others. That's why we like it a lot.

I don't know that we have plans to scale the business on this site. But Cisco products are expandable. If we want to expand the functionality with new feature sets we can add modules. So in that way, it is a flexible and scalable solution. 

We currently have 200 to 500 users who are using this solution at any time.

We have used technical support quite a bit and always contact them if we have an issue. They will always respond as soon as possible. So I think the support is great. We don't have any issue with them being unresponsive or providing bad solutions. I like to check with them on solutions sometimes and they respond as soon as possible. It saves time and helps me to be sure I am doing the right thing before I go in the wrong direction.

I don't know the exact product they were using before but I think it was just proxy. When I came to the company, the Cisco solution had already been installed, so I don't know the exact product from before.

I think the main reason why they would have switched is the stability and possibilities are better than just proxy. Cisco is very different and more powerful than the other simple products. It's very stable.

I wasn't part of the company at the time of the initial setup, and I am just performing additional tasks. We have a staff of a maximum of three or four persons so once the deployment is live it doesn't need much effort.

I'm not sure if the company has plans to increase usage and grow our responsibilities. It's not not for me to decide. I think the company is growing and traffic is increasing. But my superior is the person responsible for determining when it is time to scale.

We used a consultant for the implementation. They actually continue to help a lot when we need them for something.

I don't know if the company evaluated other solutions before choosing Cisco. When I came to the company, it was already there. Cisco is a very popular enterprise solution so they may have just chosen it without other evaluations.

On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface.

As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). 

I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.

We use this solution as a firewall and for the segregation of our servers from the rest of the environment.

Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.

The most valuable features are the flexibility and level of security that this solution provides. 

There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.

Some of the features should be baked-in by default.

Stability has been pretty good, so far.

This solution is very scalable.

We have contacted technical support about an issue that we were having, and it took a very long time for them to figure it out. We were on the phone for six or seven hours with them.

We previously used an ASA 5500, and it was simply time to upgrade it. We used this solution as a direct replacement.

The initial setup of this solution is pretty straightforward.

We are not restricted to any one vendor, but this solution worked well as a direct replacement for our previous one. We considered both Juniper and FortiGate.

This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into.

I would rate this solution a nine out of ten.

We use it as a network firewall.

For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily.

The solution is part of a suite. If you pay for it, it has basically a view that's called Firepower, and it's really good at being able to analyze exact bits of a pack, at the packet level, and has the ability to allow you to examine that traffic. It is really good. That's probably my favorite part of the suite.

I would definitely say the pricing could be improved. If you're going to get the latest and greatest of this solution, it's very expensive and it's actually the reason my organization is moving away from it.

I'm working on a slightly older version, but what it needs is better alert management. It's pretty standard, but there are no real advanced features involved around it.

We haven't had any major issues in regards to stability. In general, there are best practices in the industry to use. It's never really mattered because generally, with firewalls, you have two in any given location or service. They seem to be redundant of each other. So there's never been a problem where we lost functionality because of the firewall.

It's pretty scalable. Cisco is a large enterprise solution and it's designed to be able to serve large enterprise, so, it's fairly scalable. We're using the solution minimally at this point, and we're decreasing usage because it's too expensive to upgrade.

They have pretty good customer support. The solution's technical support is great.

I had not previously used another solution.

I was not with the organization when they originally rolled it out, so I can't speak to how straightforward or complex the initial setup was. There are about six people who manage the solution. We have security engineers and network engineers. If someone is trying to get an idea of how many people are required, it varies because a lot of organizations will have multiple firewalls in different locations. Six for one organization may be way more than somebody needs or way fewer than somebody needs.

We didn't use any other group for the deployment. We did all the work in-house.

My company is moving away from the solution because it is quite expensive.

We've looked at the Fortinet solution. The Fortinet FortiGate.

I would just say that it's expensive. The product is fine on its own, it's high end. It's got a high brand name attached to it. I would recommend the product, however. The product works great. It does everything it's supposed to do. There's no issues with it, no real concerns. It's just expensive.

I would rate it an eight out of 10 because it does everything it's designed to do, but it is not any better than other industry-leading solution, and it's far more expensive.

The primary use of Cisco ASA (Adaptive Security Appliances) for us it to protect from external threats to our network as a firewall and VPN solution.

Cisco ASA serves a purpose more than it improves us. It is good at what it does. We are using other vendors and splitting the traffic to different devices based on what they do best. Even though we use other products the trend at our company is that we will increase the traffic through Cisco ASA.

It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability.

It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device.

My opinion is that the new direction Cisco is taking to improve its product is not correct. They want to make the old ASA firewall into a next-generation firewall. FirePower is a next-generation firewall and they want to combine the two solutions into one device. I think that this combination — and I know that even my colleagues who work with ASA and have more experience than me agree — everybody says that it's not a good combination. 

They shouldn't try to upgrade the older ASA solution from the older type Layer 4 firewall. It was not designed to be a next-generation firewall. As it is, it is good for simple purposes and it has a place in the market. If Cisco wants to offer a more sophisticated Layer 7 next-generation firewall, they should build it from scratch and not try to extend the capabilities of ASA.

Several versions ago they added support for BGP (Border Gateway Protocol). Many engineers' thought that their networks needed to have BGP on ASA. It was a very good move from Cisco to add support for that option because it was desired on the market. Right now, I don't think there are other features needed and desired for ASA.

I would prefer that they do not add new features but just continue to make stable software for this equipment. For me, and for this solution, it's enough. 

It is a stable solution. It is predictable when using different protocol and mechanics.

We've used several models of the product, from the smallest to the biggest. I think that this family of the ASAs is scalable enough for everything up to an enterprise environment. I think the family of products is able to handle small and large company needs.

Cisco is a well-known vendor and its support is good. In my previous company, we sometimes used a vendor rather than direct Cisco support, but sometimes we used Cisco. For ASA in my current company, we have additional support from the local vendor. If we have a problem we can also initiate a ticket directly on the Cisco support site.

About one-and-a-half years ago we implemented a different solution to handle certain situations like BGP. But when we upgraded our Cisco devices just few months ago, we could have BGP on ASA. Now our devices from Cisco have enhanced capability, not just something new and maybe less dependable. Implementing BGP on ASA was a late addition. It had been tested, the bugs were worked out and engineers wanted the solution. The stability of ASA as an older solution is what is important.

I think it is not the simplest solution to set up because it is sophisticated equipment. For engineers to work with vendors and incorporate totally different solutions, it could be difficult. It is also different from the other Cisco devices like Cisco Router IOS. It differs in a strange way, I would say, because the syntax or CRI differs. If you are used to other OSs, it is not easy to switch to ASA because you have to learn the syntax differences. 

It's common for there to be differences in syntax between vendors. But, I would say that this is more complex. The learning curve for start-up and configuration of ASA is at mid-level when it comes to the difficulty of implementation.

I did the implementation myself. ASA is not the newest solution for Cisco or the newest equipment. You can use the vendor and ask for help if you need it during the installation and for support. Because it was an older solution, it was already somewhat familiar to me.

My current company has been using ASA for quite a long time, so I was not involved in the choices.

I have been participating in choosing a new vendor and new equipment for some specific purposes as we go forward. For a next-generation firewall, Cisco's product — a combination of ASA and Firepower — is not the best solution. We are choosing a different vendor and going with Palo Alto for next-generation solutions because we feel it is better.

I think I can rate this product as an eight out of ten. A strong eight. The newest version of software and solutions often have bugs and functional problems because they have not been rigorously tested in a production environment. It is not the modern, next-generation firewall, but it solidly serves simple purposes. For simple purposes, it's the best in my opinion. I am used to its CRI (Container Runtime Interface) and its environment, so for me, familiarity and stability are the most important advantages.

We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.

I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.

Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.

To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.

For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.

For me it is stable. It is amongst the best products in that way.

It is a scalable solution. It may cost money and resources to scale.

I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.

Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.

The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.

Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.

I did the implementation by myself.

If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. 

I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.

The VPN and monitoring are the most valuable features.

I tried to buy licenses, but I had trouble. Their licensing is too expensive.

If they can get the reporting to go into deeper detail, it would really be helpful because in order to get the reports in Cisco you have to go to look at the information that you don't necessarily need. 

Also, the pricing is quite high. 

The stability is good. Very simple. Upgrades are great. But when we upgrade it, things break. You have to upgrade about three things before you get something stable.

I haven't had to scale, so I can't speak to this aspect of the solution.

I haven't had to deal with technical support, so I don't have much to say.

We didn't previously use a different solution.

The initial setup was straightforward.

I did the setup myself. The budget I had didn't allow me to get support. I would use Google a lot. The first implementation took me about three weeks because I did not know what I was doing. So it took me a while. It took me about three weeks, but everything else took about two days, maybe three days and I was done. 

We did look at Barracuda.

They really need support for deployment.

I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.

Our primary use for the solution is for checking on and verifying the security of our customer data.

Our organization has been improved by the solution because we can be assured that the firewall is secure. It gives us more flexibility to monitor other things. Because we have safe firewalls, we don't have to worry about that and can direct resources elsewhere. If our internet goes down in one location we can bring it back up pretty easily.

The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage.

Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security.

One way the product could be improved is if you could monitor more than one rule at a time. We only have the option to have one monitor window up at a time if you're trying to troubleshoot something you end up switching back-and-forth and don't get the bigger picture all at once.

It's reliable and it does its job. It gives you the freedom to do other things while you get indications of any issues. The multi-monitor would be a huge improvement.

I'd definitely recommend the product. Even when you set it up for the first night, it definitely will tell you the status of the network. The important part in the setup is following the instructions to get it going.

The solution itself is good as far as stability.

The technical support is good and the response time quick. We had some firewalls down and gave them a call. They helped resolve the issue and it was all positive.

Previous to this we had just a normal firewall that I didn't like. It didn't provide enough.

The setup was straightforward, even without initially having all the information we needed. It was very intuitive. When I went in to get help, help was there.

We got the product from a reseller and we did the installation ourselves.

We certainly have seen a return on investment at the very least from being able to reallocate human resources.

Before selecting this as a solution we really didn't evaluate other options at all.

As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.