Cisco Secure Firewall Reviews

E-commerce environment, Enterprise data center.

It has improved the security posture and visibility of our traffic. It has been proven very reliable on the hardware finishing and network portion. Since Cisco have been very experience in networking.                                                                                                                                                                                   

• Snort IPS with recommendation template
• Extendable hardware module
• Straightforward licensing
• Cisco product integration

• I would like to see more improvements made to the dashboard and UI, as well as to the reporting, the reporting is quite limited and not user friendly. 
• I would like them to consider offering more predefined security templates.
• Technical support product knowledge, licensing portal, activation process will need to be improved. 
• The configuration is not straightforward, Cisco will need to improve this so the user can easily pick up the product.
• Bugs are more than other firewall competitors, some bugs are quite serious. 

One to three years.

Yes, we found some firmware bugs and Cisco took some time to fix them. We needed to escalate the issue to the account manager to expedite the escalation process.

No.

A five out of 10.

Cisco ASA.

Complex in configuration and understanding. It would be very challenging for a non-Cisco trained engineer.

We implemented ourselves with some assistance from the vendor. Some vendor are not expertise in this deployment, possible because of the complexity of the product.

Base hardware cost are average. Additional hardware modules are priced higher than the base module. They also offer very clear licensing and pricing.

Check Point, FortiGate, Palo Alto, SonicWall, Huawei, and Sophos.

Cisco is still a very good hardware manufacture, but they need to catch up on the software portion. We used the Cisco product because we know they tried very hard to get back into the market and we were willing to give them a chance since we are still using a lot of Cisco product. For those who are non-Cisco trained, it would be very hard to pick up.

The primary use is that it manages all of our incoming and outgoing VOIP transmissions as well as data transmissions between our branches and our third-party bank processor. It has performed well.

The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all. 

Three to five years.

The scalability is very good. We use the 5600 models and the lower 5000s. We were able to upgrade as needed. We added a ton of VPN tunnels to them and they handled all that traffic quite well.

Support has been very good, very professional, got right to the point. My third-party administrator got stuck on setting up some tunnels. We called ASA support and they walked him right through how to do it. That was good.

The third-party did all of the setup. I told him what I wanted and he set everything up and got the tunnels for us as well.

The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface.

We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product.

When selecting a vendor the most important factors are

• Security - obviously that is number one because we are a financial institution
• stability of the vendor
• how the product is ranked in the market.

In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier.

I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

IT landscape is dynamic, requiring security policy, controls, and visibility to be better than ever. 

• 1Gbps
• Multi-service
• Beats sophisticated cyber attacks with a superior security appliance.
• IT landscape is dynamic.
• Requires security policy, controls, and visibility to be better than ever. 

This applies to all ASA-related Management/to-the-box traffic, like SNMP, SSH, etc., with Firepower services combined with our proven network firewall along with the industry’s most effective next-generation IPS and advanced malware protection. Therefore, you can get more visibility, be more flexible, save more, and protect better.

Historic events related to security incidents. My organization must have a unified strategy for event logging and correlation.

The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.

The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network. The operational procedures in use on the network contribute as much to security as the configuration on devices.

There is 24/7 support anytime, anywhere.

Before, I did not manage my private network well (or professionally). For this reason, I have been updating products.

Commercial leasing is the best option.         

Our primary use case is as a firewall and using it for web filtering. We use IPsec VPN services on it, as well as the router.

I have been using the product for only a few months, but the company has been using it for a couple of years.

The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything. I don't think really highly of it, though.

The IPsec VPN and web filtering.

I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it. 

It seems very clunky and slow. I would like to be able to tune it to be a more efficient product.

It has generally been okay in terms of stability. We haven't had it go down, but we do have some interruptions. I don't know if it is the ISP or the firewall. We have more frequent network disruptions, and other branches call in telling us that they are unable to use their services to do their job. Unfortunately, we can't really do anything about it. It just clears up in about five or six minutes. In terms of stability, I would give it a seven and a half out of 10.

I don't see it being very scalable. I don't have access to the actual interface on it. However, it is an older product, so it probably doesn't have high availability features. So, it's scalability is probably limited. I know that we kind of put it through the ringer with our fewer than a hundred connections into it.

AT&T handles our technical support, since it's leased through them.

I was not involved with the initial setup.

We pay a lot of money for it.

For big organizations who are used to throwing around a lot of money for absolutely surety, this would probably be a good fit for them. For the average SME, this particular firewall system, as well as Cisco in general, this product would not be a good fit for them.

We are currently looking at WatchGuard, pfSense, and Fortinet FortiGate. Netgate would provide the hardware.

We have still got nine months left on our contract with AT&T before we can actually do anything. We are just trying to do as much research and ask as many questions as we can before we get to that point.

We just don't have a lot of the control or customizability that we would like to have over the system. A lot of this has to do with how AT&T is handling the access to it. Also, the hardware is outdated. We would like to go with a product in which everything is very transparent, clear, organized, all in the same place, and we can monitor clearly. The reason that we are looking to change is price: We pay a lot for it. If we had more control over it, we would be better able to control the quality and performance of the network and services, as well as the budget.

The most important criteria when selecting a vendor:

• IPsec VPN
• Good stable connection
• Failover support: We need to have dual-WAN, so we can get two WAN connections in there and have failover. 
• Load balancing would be good, especially for those rough patches. 
• Internal web filtering and blocking: We need to be able to control what our end users are looking at.
• Monitoring: As much monitoring as we can get.
  

• High-performance intrusion prevention
• Malware protection
• Multiple firewalls to control departments on a business by business level (security policies per department).
• Allowed us to consolidating multiple security devices into a single appliance.

• Intrusion protection
• We were able to determine when we are being attacked.
• We determine that our inspections were causing latency.

We needed a way to monitor threat protection and not cause latency.

It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.

We are looking for software taxi capabilities.   

Going forward, we are evaluating Anomali. The founder of ArcSight founded Anomali. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.

It's primarily for managing our employees. So far, it has been working great. We don't have many problems.

It gives us all the features that we need.

We can shift traffic, block certain content, or redirect policies.

We would like to see MS Word BPM as a feature. 

We don't use the technical support too much. It is not good, especially for Latin America. Therefore, we employ people who have skills or certifications, using them for technical support.

We started with Cisco Firepower.

It was a bit complex to set up. However, after some practice, it was not too difficult.

It is a great solution for medium or big enterprises, not so much for small businesses, mainly due to the financial costs. Cisco Firepower is a great solution, but it is expensive compared to others that can provide similar benefits for much less.

Most important criteria when selecting a vendor:

• Quality of the product
• Cost.

Firewall and VPN.

I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.

Pro user-based firewall rules.

The solution that we have right now doesn't do what I want it to do. We don't have a ratified solution for all the things that I wanted to right across our business. We're doing similar functions using different technology and I want ratification. I want to be able to do more than what we are currently able to do with the existing service, all under the umbrella of improving security.

The product crashes. We have a cluster of firewalls and we regularly get failovers.

I have used technical support once, and they were superb.

When selecting a vendor, the most important criteria include:

• Security - the ability of the technology from a security perspective.
• The ability of the company to support the technology - knowledge of the product by the company. It may sound really silly to say that, but you'd be surprised how poor some companies' technical support is.
• The financial stability of the company.

I was involved in the initial setup. It was complex. 

Do your research, know what you want to achieve.

Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.

The primary use is to block incoming threats from the internet, at the edge of the network.

It's performing well. We check the report of blocked pages, blocked attacks, etc.

Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure.

All the features are good. The GUI is among the most valuable.

It is on multiple boxes so ISP load balancing, multiple network load balancing would be helpful.

Also a web-based portal for VPN. Earlier they had it in the ASA model, but currently, they don't have it. The user needs to just click on the link so he can work.

It is quite stable, it is able to detect. But the malware part should probably be upgraded. Performance-wise it is good and it has a long life.

It has limits. If your network is going beyond it, then you'll have to replace it with higher model.

Technical support is good.

We have been using Cisco for a long time, various models. We had PIX, then ASA. We were quite comfortable with the performance, it never failed. But our old solution was coming to end-of-life. Also, this is able to more block more threats from the application layer, etc.

The most important criteria when selecting a vendor are 

• reputation
• technology
• features
• cost.
  

The initial setup was a bit complex.

My advice would depend on what your comfort level is. If you have already used Cisco, I would recommend this, to evaluate it at least. Evaluate it and learn how useful it is.

It gives good performance, the technology is quite good, sufficient for our objectives, protecting our network, etc. The missing two points are because they have to do make more improvements.