Cisco Secure Firewall Reviews

We mainly use this solution for our firewall and it's one layer of our security. From the time that we've used it, the organization as a whole got a sense of security because Cisco is a known product. When we do need support locally or online, we get it instantaneously. We use this solution for a couple of things: for security, for their technical support, and in terms of the knowledge and skills of the team here that gave us a good grip and confidence in the use of the product.

It gives the organization a higher vote of confidence. When I joined the organization more than six years ago, we were using the old Cisco, and some of the products already reached their end of life. Some of the products were not in its latest state, in terms of security or license. We've learned a very good lesson there. Since then, when we upgraded we made sure that all the licenses and all the security facets are in place. It gives the organization a higher vote of confidence. There may have been one or two incidences of malicious threats, but it did not really bring down the organization to a level that we would all be sorry for. The greatest benefit for the organization is the confidence that we are secured.

Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.

I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide.

My primary use case for this solution is for Internet access for the enterprise or for users, publishing, email, and to protect our network.

Before Firepower, we didn't have any visibility about what attack was happening or what's going on from the inside to outside or the outside to inside. After Firepower and the reporting that Firepower generates, I can see what's going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what's going on. It enables me to solve any problem.

They give me more visibility of what's going on when traffic comes in and goes out from the company or comes in from the outside. I can see what's going on with this traffic, which is a nice feature. I also like the malware inspection and management of the dashboard features. The management of the dashboard is different from the old Cisco Firewall. This management brings everything together into one management platform. 

I would like for them to develop better integration with other security platforms. I would also like for them to make the Cloud configuration easier. 

One to three years.

Stability is perfect. I haven't had any problems. 

Scalability is great. We have around 1,500 users. 

Their technical support is good. I opened a ticket when we did the installation. We didn't have any issues with them.

We were previously using Cisco ASA without Firepower. We switched to Cisco Firepower because Firepower has more features, like malware inspection, and more possibilities with identity management.

The initial setup was a little complex. We required three staff members for deployment and maintenance.

We implemented ourselves. Deployment took around six months. 

It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.

We also evaluated Fortinet and Juniper.

I would advise someone considering this solution to subscribe to the URL filtering and to use malware inspection.

I would rate this solution a nine out of ten.

Its security is the most valuable feature. 

The phishing emails could be improved. 

It is stable. 

The scalability is good. I'm happy with the service. We are around twenty users. Some are in finance, some are in a mid-user roles, and some are in other official roles.

We did not previously use a different solution. 

The initial setup was straightforward. Implementation took two days. We needed two people for the deployment. 

Pricing is high, but it is corporate's decision.

We didn't look at any other solutions. All of our campuses use Cisco products. This is why we chose this solution. 

This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good.

I would rate this solution an eight out of ten. 

We are currently using version 6.3. Our primary use case of this solution is to put Firepower inside of the data center and at the Edge network.

This solution has improved my organization. I'm a solution provider and so I deploy in many different companies that are my customers right now. Before Firepower, we had some problems with the architecture of the firewall. Firepower can support two types of intelligence identity: it can support the application visibility and control, and it has a great deep inspection in the packet. Before this solution, we had some problems with malware detection. Right now, we can easily detect and filter all the applications. Before this solution, we never had any file trajectory, but right now we do, according to the file trajectory of Firepower that we have after attack solutions. 

We never had any solution or any workaround for after an attack. We never had any clue what the source of an attack was or how the attack could affect the company. Right now, because of the file trajectory and the great monitoring that FMC does, we know what's happened so we can analyze it after an attack.

The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.

I would like to see real-time log systems because it's very helpful when you want to troubleshoot.

Stability really depends on the software that you use. If you use the suggested software that Cisco suggests, you will see a highly robust and highly stable system. A crash or block will never happen to you. It really depends on the version that you are using. Definitely check the release notes before installation.

I've worked with the 2000 series, the 4000, and the 9000. The 9000 series is really impressive because it's absolutely scalable for large deployments.

I haven't had to contact their technical support. 

We previously used ASA, which is a regular firewall. We switched to Firepower because it has a lot of features. It is one of the best firewalls in the world so we shifted to Firepower.

The time it takes to implement depends on the policy of the customer. Practically speaking, it takes around three to four hours to deploy, but it can depend because the Firepower solutions have two parts. One part is the hardware, it is an actual firewall and actual device but the monitoring system and the control system is a software called FMC. Most of the customers deploy it over VMware. The time of deployment really depends on your resources, but on average will take three to four hours.

At least two to three people with professional knowledge, around three years of experience, are needed for the deployment and maintenance, not only for Firepower but in every security solution. The device is doing something, but the most important part is analyzing it. The device can give you logs, but the engineer should analyze the log and do something.

Deployment without inspection can require only one person but if you want to analyze the IPS, at least two people will be needed.

Based on the services that you will get, especially the AMP license, the price is very reasonable. The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet.

I would advise someone considering this solution to just read the release notes before doing anything. You should know what the exact architecture is and what the exact details of the software are before trying to deploy it.

I would rate this solution a ten. 

I have deployed Cisco ASA as a terminator firewall. Normally, I would have preferred to have a sandwich configuration for firewalls: One possible firewall that would make an internal firewall and another for an external firewall. 

Cisco ASA is best suited for our external firewall protection.

• Its VPN and ASN features are very stable. 
• It is easy to configure. 

In terms of next-generation capabilities, Cisco is a little behind. It is way behind leaders like Palo Alto, Check Point and Fortinet. While Cisco is headed in the right direction, it will take several years for it to get there.

When I need support, Cisco has provided quality support. I like working with them because of their support system.

The setup was straightforward. I was happy with the configuration and deployment of the solution, as it was quick.

Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.

Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.

It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.

Top features:

• Easy to deploy for staff to use VPNs
• Ease of setup
• Integrated threat defence
• Great flow-based inspection device
• Easy ACLs
• Failover support
• Each virtual appliance is separate so you get great granular control
• Has own memory allocation
• Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
• License control
• SSH or RESTful API

We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.

Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.

We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.

Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.

This solution gets an eight out of ten because it is easy, has the features we need, keeps costs low, and provides granular control using appliances that are already familiar to the team.

It is our firewall solution. We connect to other locations, as well as use programs in-house.

The most valuable feature is the security that it provides our company and users.

Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.

It needs improvement as a "Next-Generation" firewall solution. In addition, it needs to be more user-friendly. 

There is no downtime, and it is working great. 

It is scalable. We have had no issues. 

The initial setup was complex. But, after that, to maintain and keep creating rules it was easy.

We evalutated Cisco ASA vs Fortinet FortiGate VM.

Our primary use case is security.

From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.

The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.

The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.

The stability is alright.

Scalability is not an issue.

Its technical support is the main reason why we selected the product.

The integration and configuration are transparent and easy.

We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.

We evaluated VMware Virtual Networking and Check Point.

We chose Cisco because of the support and their roadmap for the changing technology landscape is good. Therefore, it is always better to be partnered with them.

When you are going to select a product, don't look at the cost, but at the functionality. Also, look at the stability. These days, the startups will show a new function or functionality, but when looking for a partner, make sure the company is sustainability for the new four years? Do they have the funding?

We have a large ecosystem system: Symantec, McAfee, Splunk, Check Point firewalls, Cisco firewalls and IPS IDS from Cisco. They integrate and work well together. Cisco has been security leader for the last 20 years, so the products are quite stable working in sync.

We are using every version of the product: On-premise, Azure, and AWS, which is a new offering.