Cisco Secure Firewall Reviews

My company uses Cisco Secure Firewall for its protection and security features.

I won't be able to speak about the strong points of the product. I will need the input from my team to be able to speak about the advantages of the product. The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market.

The solution's price can be lowered because, currently, it is pricier than the tool its competitors offer in the market. If the product's prices are lowered, it may help Cisco to expand its market base.

If Cisco reduces the price of its product, then it can gain more advantage and become much more competitive in a market where there are solution providers like Fortinet FortiGate.

I have been using Cisco Secure Firewall for five years.

I don't remember the version of the solution since there is a support team in my company to manage it. My company has a partnership with Cisco.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 2,500 people use the solution in my company.

Most of the time, the solution's technical support is helpful and responsive. There have been a few cases where a few black spots have been noticed, which I think is because Cisco opted for localization of support because, during holidays, nighttime, or weekends, it becomes difficult for users to reach the support team, though the rest of the time the support is good.

If you have already scheduled a call with the support team of Cisco, then it is good. If you need to reschedule a call with the support team when you face a new issue with the product, then it may get a bit of a problem to get a hold of someone from the support team of Cisco. Earlier, there were no problems with Cisco's support team. Recently, there have been a few issues cropping up related to the technical team of Cisco. Technically speaking, the support team is good, but the availability offered by the technical team has deteriorated.

I rate the technical support a seven out of ten.

Neutral

I work with Palo Alto, Fortinet, and Check Point for different parts of our IT environment.

The product's initial setup phase was taken care of by another team in my company before I joined my current company.

On our company's core payroll, we have a very small support team, but we do have a support team in my company for the product. The support team in my company consists of around 20 to 25 engineers who work around the clock.

The solution is deployed on an on-premises model.

I rate the product's price a seven on a scale of one to ten, where one is expensive, and ten is cheap. If we compare Cisco with other OEMs available in the market, Cisco needs to work on price improvement. Nowadays, there is a lot of competition in the market with newer solutions, like Fortinet, gaining popularity, amongst a few other names like Cyberoam, a product from a local Indian vendor. Palo Alto has also gained a lot of market share in recent years.

From a security perspective, generally, there are only three solutions that our company looks at, which include Check Point in the last four or five years, among other options like Palo Alto and Cisco.

I recommend the solution for SMB businesses.

I rate the overall tool a seven out of ten.

I've deployed them in a number of different use cases. I've deployed them at the internet edge. I've used those VPN concentrators, and I've deployed them at the data center core, segmenting VLANs.

We've seen a lot of improvements in terms of cybersecurity resilience and securing our infrastructure from end to end so that we can detect and remediate threats. The visibility with FMC is excellent. Being able to have, for instance, a data center core firewall, an internet edge firewall, and a VPN concentrator device managed by the same FMC and being able to take all of that information and see it in one place is very beneficial from the security posture standpoint. It's a time saver because it makes things easy. I can log in and very easily see what my detected threats are, what's been happening over the last 24 hours, or if there's anything I need to be concerned about. Being able to see who's logging into the VPN, but also what traffic are they sending, what are they bringing back, and being able to have all that in one place is really nice. The integration between the FMC and endpoints is a nice feature and a big time saver in terms of remediating threats and remediating malware and other malicious software.

FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent.

The policies module in FMC specifically isn't the most user-friendly. Coming from Cisco ASA, Cisco ASA is a little bit easier to use. When you get into particularly complex deployments where you have a lot of different interfaces and all that kind of stuff, it's a little bit tricky. Some usability improvements there would be nice. 

For scalability, they could support a little bit more diverse deployments around clustering and high availability. Currently, it's very active standby, and being able to do a three firewall cluster or four or five firewall cluster would suit some of my deployments a little bit better. It would also help to keep the cost down for the customer because you're buying smaller devices and clustering them versus larger devices.

I've been using Cisco firewalls for fifteen years at least. I've been using them in some form or another, such as from ASAs and now FTDs and Firepower.

Its stability is excellent. In the last six months, I've probably deployed about 14 Cisco Secure Firewall devices, and I am yet to get a callback. I deploy them, and then the customer takes ownership of the device, and they're off to the races and ready to go. They've been stable, which is good. I don't like devices that break the week after I install them and make me look bad.

I've implemented them anywhere from a 500 MB throughput device up to a 20 GB throughput device. Particularly around scalability, some improvements in terms of clustering would be good.

I've called Cisco TAC many times throughout my career, and I never hesitate to do it. They've always been fantastic for me. I'd rate them a ten out of ten.

Positive

I've used a number of other competitive devices. I've customers running SonicWall, I've customers running Palo Alto, and I've customers running Fortinet. Cisco Secure Firewalls are excellent.

Cisco is at a really good place, especially with a lot of the recent updates that have happened. Compared to Palo Alto and Fortinet specifically, I find FMC is way easier to use. Specifically in the realm of cybersecurity resilience, it's for sure a much more effective tool than Palo Alto. Having come from Palo Alto, the way FMC surfaces threats and enables response to set threats is vastly easier for me and my team to work with, so we're seeing a lot more resiliency. We're seeing a lot quicker response to threats. We're seeing a lot quicker identification of threats. From that perspective, it's far and away better.

Cisco Secure Firewall is the best in the market right now. Palo Alto is okay, but Cisco is better. In terms of resiliency and providing actionable intelligence to a security team, I find Cisco products to be way better. Fortinet is also fairly easy to use. They have a lot of the same strengths. However, Fortinet's technical support is terrible. Cisco has a nice package of devices. It's easy to use. It's easy to integrate for the security team. It gives you a lot of actionable intelligence in your network. Having that kind of company and technical support to be able to back that up and be able to support the customers is very useful.

I've deployed them countless times, and I find it very easy. I did a high availability pair of internet edge firewalls for a 2,000 users organization migrating from Palo Alto, and I moved them over with AnyConnect, Umbrella, and Duo from Palo Alto in a week and a half with no downtime. I do a lot on-prem just because of my verticals. I work a lot in law enforcement. I work a lot in government, and those end up being very on-prem heavy. 

It's pretty competitive. If they could make it cheaper, it would be great. You always want cheaper, but relative to the performance capabilities of the firewall and relative to what you get, it's fair.

It's not the cheapest in the world, but you get an excellent product for that price. The onus is on us as a customer to look at what we're buying and establish not just the price but the value. You need to look at what you're getting for your dollars there. Cisco has a very good proposition there.

Its licensing is pretty good. It's not very complex. There are not a million different SKUs. I had a Palo Alto deployment where the customer had asked for a license for integration with their Cortex XDR, and they didn't include it. It was eight more SKUs and eighty thousand dollars more. It was a real disaster, and it can put a customer off from using Palo Alto. Cisco's licensing model is easy to understand whether it's apps or VPN. The way that they handle the subscriptions is very easy to understand. It's very fair.

To someone researching this solution who wants to improve cybersecurity in their organization, I'd say that the main thing to look for is usability. Find something that you can understand and that provides you with actionable intelligence because a security device that's not administered and monitored properly isn't going to do much for you. It's not going to be very effective. So, you want a device that's easy to use and that gives you a lot of that visibility and makes your job as a security administrator easy. It should make identifying and responding to threats as seamless as humanly possible because the quicker you can respond, the more security you're able to keep in your organization.

Cisco Talos is an excellent product. I've been using Cisco Talos since Cisco introduced it. In fact, I was a Sourcefire customer before Cisco acquired them, so I'm very familiar with the roots of that team and where it's from. I've been all in on them since day one.

Overall, I'd rate Cisco Secure Firewall a nine out of ten. There's always room for improvement, especially in security because the security world is changing on a daily basis. We're always looking for what can we do better and how can we improve, but what Cisco has done since the Sourcefire acquisition and where they've taken it, I'm very excited for the future.

We had implemented our Cisco API and Cisco Stealthwatch. We use the Cisco Secure Firewall for easy integration that can collaborate with all these Cisco solutions. My operations will also have less maintenance and the same existing team.

Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.

The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us.

The solution's graphical user interface could be made more user-friendly, and the configuration can be simple.

I have been using Cisco Secure Firewall for five years.

Cisco Secure Firewall is a stable solution.

I rate Cisco Secure Firewall ten out of ten for stability.

Cisco Secure Firewall is a scalable solution. Around 400 users are using the solution in our organization.

I rate Cisco Secure Firewall a nine out of ten for scalability.

The solution’s technical support is good.

Positive

The solution’s initial setup is complex and requires Cisco-certified people.

Two engineers were involved in the solution's deployment, which took one week.

We have seen a return on investment with Cisco Secure Firewall because it provides advanced malware protection and seamless integration with my existing solutions.

Cisco Secure Firewall is a moderately priced solution. We have to pay a yearly licensing fee for the solution.

The solution’s maintenance is very easy, and one person can do it.

Overall, I rate Cisco Secure Firewall an eight out of ten.

Our use case is mostly for the data center. We are introducing a security zone in the data center, and Cisco is helping us to identify the traffic that is coming from north to south or from outside the data center to inside the data center. It helps us to manage the traffic and ensure that it's secure and allowed to go inside the data center. We have almost completed the project. We are currently tuning the access policies to only allow what's allowed to go inside.

We are using all the firewall models for the data center. AMP, detection, and prevention are a part of the solution.

It was a requirement from our security and compliance team that any traffic going to the data center needs to be checked and secured. We are almost at the final stage of this project to allow only secure access to the data center. We are almost there. We haven't yet completed the project, but it will definitely be a very critical service for us. Our data center is huge with more than 1,000 applications. It will protect and secure our services.

We are using Cisco firewalls not only in the data center but also on the internet edge. We also have it on the OT system or OT network. We are using most of the products from Cisco, and it was easy to integrate with other services. We have the Cisco ACI solution in the data center. We could integrate Cisco ACI with our firewall. We also have Cisco Stealthwatch and Cisco ISE. We can easily integrate different technologies.

Integration and troubleshooting are the main challenges of having multiple vendors. Having an end-to-end solution from one vendor makes life a lot easier because there is an ease of integration. We don't need a third party. It is also easy in terms of support. One engineer from the same vendor can help us with various technologies. We don't need engineers from different vendors, and we also avoid that common scenario where they start to blame the other one for the issue.

Having an end-to-end solution from the same vendor simplifies the implementation. We are able to have centralized management of different products. We were able to integrate and centrally manage even the older versions of Cisco firewalls.

I'm not a security person. I'm a planner, and we were interested in the advanced features of the firewall to allow us to manage the traffic. At the current stage of implementation, their help in implementing a policy has been valuable. It simplified the implementation. Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.

Its implementation was not straightforward. It was mainly because we were running two projects together. In terms of features, at this stage, I don't have inputs for the area of improvement. We are still in the implementation stage of our project. After we have the solution ready and we test it, we can go to phase two and see how to enhance the solution in the future. We can then see which features will allow us to do that. After we implement it, the next stages will be to maintain it, tune it, and build on it. We will then see how flexible it is.

I've been using Cisco firewalls for about 20 years. The last model we bought for the data center is 9300.

Cisco is always there to support customers and their businesses. They are there 24/7. Whenever you have an issue or challenge, they are always there. For us, a good thing about Cisco is that there is a Cisco office in Oman. Our colleagues coordinate and communicate with them almost daily. They are always there to support us through any challenge or issue. All vendors are not available in Oman, so having a trusted partner who would always help us was a key factor for investing in Cisco. 

When we open a ticket with Cisco support, we always get someone to help us. We have a dedicated engineer who knows our infrastructure and can help us and track the issues. We are a big organization, and we have critical services. We are the biggest oil producer in Oman, which is the main economy of the country. We can't afford any interruptions. We are trying our best, and Cisco always supports us. They handle our cases in an urgent manner because they know the criticality.

For the data center, we didn't have a security zone previously. It was one of the key requirements to come up with the security zone. We chose Cisco firewalls because we were implementing ACI in the data center, and we thought that having one vendor for both activities will reduce our time of implementation, which didn't turn out to be true.

It was not a straightforward implementation. The main challenge was that we were running two projects together, so we ended up doing the same activity twice. We had two requirements: refresh the data center devices and secure them because there was no security zone. We went for the ACI implementation, which was new for us and required a lot of discussions, and when we tried to introduce the firewall, we again had a lot of discussions with Cisco about whether to go with clustering or active standby.

We discovered that our ACI was not compatible with the firewall that we are introducing. So, we ended up upgrading our ACI. That was a big activity because we had to interrupt our data center. It should have been a seamless upgrade, but because some of our services didn't have dual links, we had to do some maintenance for that. After that, we also ended up upgrading our switches because they were not supporting 40 gigs, which is what the firewall interface supported. That was another challenge that we had. After that, going to active-standby or clustering was another challenge because the switch fabric didn't work well with our design. So, we ended up going with active-standby.

It was a journey, but in the end, we managed to overcome those challenges and implemented our solution.

We've definitely seen an ROI. It was a requirement, and looking at the way it went, especially in terms of coming up with the policy and securing our data center, there has been a value-add. We now have a security zone, and we have policies. We can manage and monitor the traffic coming in and going out.

In addition, we have the flexibility of sending any traffic to the firewall, even internally from the data center. Whenever we have a doubt about any application or traffic to any application, we can just send it to the firewall and let it check and monitor. We have this visibility that we didn't have before. We can see any traffic that comes in. 

We bought a three-year license as a part of the enterprise agreement, which includes help with implementation and troubleshooting. We have a big data center with many applications, so implementation was not straightforward. We had to put effort into it. It wasn't an easy or straightforward implementation. The support that we got from Cisco engineers with the three-year premium license was helpful. The enterprise agreement helped to consume the licenses in a practical and faster way and streamline the implementation.

We are very pleased with Cisco for the automation they did to help us in coming up with a policy. That was a big challenge because we didn't have any policy in place. It was a big help for us that they came up with a policy or at least proposed a policy for us.

Our engineers are familiar with Cisco firewalls, and they are not new to them. However, things are changing and technology is changing, and new features are getting added. Automation will be the main challenge for us. Some of our engineers are not yet very good at scripting. They're still learning. The way forward would be to have people do some amount of programming to come up with useful information to enhance the solution in the future.

I'd rate Cisco Secure Firewall a seven out of ten.

We are currently using the Cisco Firepower 2140 model because it fits our sizing and performance needs.

We use Cisco Secure Firewall as the internal firewall to protect our retail PCI networks from the rest of the corporate business.

We are a global company, and we have multiple data centers. There are two in Europe, and we deployed Cisco Firepower in all of our worldwide data centers. In each region in the world, we have two data centers with Cisco Firepower to separate retail from corporate and Firepower for IPS services. This solution protects around 1,500 stores, and our corporate office has around 10,000 people.

I like the basic firewall features. We use Cisco Firepower to separate PCI from corporate, so we're not using it at the edge. If we were to use Firepower at the edge, then we would enable other features like IDS and SSL inspection. However, since we only use it as an internal firewall, plain level-four firewalling is enough for us.

Cisco Firepower is useful for securing our infrastructure from end to end so that we can detect and remediate any threats. I like the Cisco products because they are very stable and what you see is what you get. There are no vague or gray areas. We log all of our logs to Splunk, for example, and everything we see in Splunk is very useful. Finding errors or finding reasons why something is or is not working is very easy.

This solution helped to free up our IT staff's time so that they can focus on other projects. The management platform makes deployment and management, that is, day-to-day changes, very easy.

Cisco Firepower saved our organization's time because it has role-based access. We can give some engineers the ability to do day-to-day tasks and give more experienced engineers more in-depth tasks.

We have been able to consolidate our tools and applications. The FTD tool also manages our Firepower IDS nodes. As a result, we have a consolidated single pane of glass for all of our Cisco Firepower security tools.

We use the FTD management platform for the boxes. The GUI that manages multiple Firepower boxes could be improved so that the user experience is better.

We have been using Cisco Firewall for the last 15 years. We started off using Cisco ASA and have now migrated to Cisco Firepower.

The stability is very good; there's no vagueness. Either it works or it doesn't, and it's also very easy to find out why.

There haven't been any performance issues. We run HA clusters and don't do multiple clusters for scaling. We scale the boxes to our performance needs. We have nine staff members who work with this solution.

Cisco's technical support staff have always been helpful and have been able to solve our issues. I would rate them a nine out of ten.

Positive

We used Cisco ASAs, and they were all individually managed. We went from individually managed IDS and Firepower IDS solutions to this consolidated single management platform.

We chose Cisco Firewall over competing solutions because what you see is what you get. We liked that the changes are immediate. The way the logs come into our Splunk system gives us a good feeling about the stability and performance of Cisco products.

We have seen an ROI. Compared to that of other vendors, Cisco's pricing is in a good range. We use Cisco products for their complete lifespan. With the support context that we have, we also know what we spend over the lifetime of the solution.

The pricing of Cisco's boxes is pretty good.

My advice would be to talk to people who work with different vendors and get some hands-on experience. Don't just listen to or look at sales documents. See whether the performance actually matches that mentioned in the sales documents. Check with other competitors for hands-on experience as well.

I would give Cisco Secure Firewall an overall rating of eight out of ten because I'm not 100% happy with the management dashboard.

I use it every day. It's something that's part of my daily tasks every day. I log in, look at logs, and do some firewall rule updates. 

We have a managed services team. I'm not part of that team, I use it for our company. I look at why things are being dropped or allowed. 

I'm using an older version. They got rid of EIGRP out of FlexConfig, which was nice. Now there's policy-based routing, which is something that I have to update my firewalls or my FMC so I can utilize that product.

Right now I use the Cisco-recommended version of FMC which is 7.0.5.

I like the GUI base of Secure Firepower Management Center. Coming from an ASA where it was the ASDM, I like the FMC where you can see everything is managed through one pane of glass. 

It's a single pane of glass, we have multiple firewalls. I can click and be on to the next firewall in a few seconds, really. 

As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end. 

We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure. 

Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.  

I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire. 

It runs forever. I haven't had any problems with any Secure Firewall. It just runs. You don't have to worry about it crashing. All Cisco products run forever. They run themselves. You need to update them. 

I'm a team of two. Either I'm looking at it, the other guy's looking at it, or no one's looking at it. It's part of my daily routine as I get in there and I make sure that I have the status quo before I move on to other projects or other tickets for the day. It's a daily process. They log the information right in.

I'll find out about scalability in a few weeks. I need to change out some firewalls that are a lower model to a higher model because of the VPN limitations. I'm going to have to do some more work and see how long it takes. 

They're awesome. I talked to the guys here, I had a couple of problems that keep me up at night. I was able to come here and they're going to help me out with some different ideas. Anybody I talk to has a solution, and the problem is fixed. So it's nice. I've never had any problem with TAC. They're awesome.

I wouldn't give them a ten. Nobody is perfect. I'll give them a nine because they help me with any issues I've had. I could put a ticket in a day, and then it gets taken care of in a speedy, efficient manner, and then I'm able to move on to other things that I need to worry about.

Positive

Palo Alto seems clumsy to me. I don't like it. It shouldn't be a guessing game to know where stuff is. Cisco is laid out in front of you with your devices, your policies, and logging. You point and click and you are where you need to be. 

I haven't used Check Point in a while. It's been some time but it's an okay product.

For deployment, we have different locations on the east coast, on-prem, and in the data centers. We introduced a couple of firewalls, AWS, and Azure and we're implementing those in the cloud.  

On-prem is pretty easy to implement. I could lab up an FTD on my own time. It's super easy to download and install. You get 90 days to mess around in a lab environment. I'm new to the cloud stuff. I've built firewalls there, but there were other limitations. I didn't quite understand that I have to get some practice and learn about the load balancers.  

We're a Cisco partner, so we get 80% off. That's a big discount and companies are always looking at ways to save money these days.

I don't really look at Talos. It's in the background. I don't really look at it. It's there and it works. 

Nothing is perfect so I would rate Cisco Secure Firewall a 9.2 out of ten. I love the product. It's part of my daily routine. I'll hopefully use it until I retire. 

We are a Cisco partner and we are currently using Cisco Firepower for our internet edge, intrusion prevention systems, and filtering.

We use virtual appliances in the cloud and hardware appliances on-premises.

Cisco Secure Firewall has improved usability in our environment.

The application visibility and control are great. Cisco Secure Firewall provides us with visibility into the users and the applications that are being used.

We are capable of securing our infrastructure from end to end, enabling us to detect and address threats. We have excellent visibility into the traffic flows, including those within the DMZs.

Cisco Secure Firewall has helped save our IT staff a couple of hours per month of their time because it is much easier to use the GUI instead of attempting to manage things through the CLI, which we have to access from the CRM.

We have several clients who had larger security stacks that they were able to consolidate because they were using separate products for IPS or URL filtering. With Firepower, we were able to consolidate all of those into a single solution.

The ability of Cisco Secure Firewalls to consolidate tools or applications has had a significant impact on our security infrastructure by enabling us to eliminate all the additional tools and utilize a single product.

Cisco Talos helps us keep on top of our security operations.

Cisco Secure Firewall has helped our organization enhance its cybersecurity resilience. We can generate periodic reports that are shared with the security teams to keep them informed.

The ASA has seen significant improvement due to the IPS. 

The ability to troubleshoot more easily through the gate is valuable.

The integration with all the necessary products needs improvement. Managing various product integrations, such as Umbrella, is challenging.

I have been using Cisco Secure Firewall for four years. My organization has been using Cisco Secure Firewall for a much longer period of time. 

We experienced stability issues when transitioning to version 7.2, particularly related to operating Snort from Snort Two to Snort Three. In some cases, the firewalls necessitated a reboot, but we ultimately reverted back to using Snort Two.

The technical support is responsive. In most cases where I've opened a ticket, they have promptly worked on figuring out the actual problem and assisting me in resolving it.

Positive

We have had clients who switched to Cisco Secure Firewall from Check Point, Palo Alto, and WatchGuard due to the features and support that Cisco offers.

The initial setup is straightforward. Since we were transitioning from ASA to Firepower, a significant portion of our work involved transferring the access control lists to the power values in the GUI. After that, we began adding additional features, such as IPS.

The pricing and licensing structure of the firewall is fair and reasonable.

The closest competitor that matches Cisco Firepower is Palo Alto, and the feature sets are quite comparable for both of them. One issue I have noticed with Cisco's product is the SSL decryption when used by clients connecting from inside to outside the Internet. 

Cisco lacks the ability to check CRLs or OCSP certificate status unless we manually upload them, which is impractical for a large number of items like emails. On the other hand, Palo Alto lacks the ability to inspect the traffic within the firewall tunnel, which is a useful feature to have. 

I rate Cisco Secure Firewall eight out of ten.

I recommend taking advantage of the trial by downloading virtual next-gen firewalls provided by OBA, deploying them in a virtual environment, and testing their performance to evaluate their effectiveness. This is a crucial step.

We use Cisco Secure Firewalls to secure our business.

Cisco Secure Firewall is a Layer 7 next-generation firewall, providing us with a significant amount of visibility into our traffic patterns and the traffic passing through the firewall. It informs us about the zones that facilitate a smooth data flow, where the data is being directed, and covers ingress and egress all the way up to layer seven. Therefore, I believe the visibility it offers is excellent.

Cisco Secure Firewall is effective in securing our infrastructure from end to end, enabling us to detect and remediate threats. However, the way we currently utilize it may not be the most optimal approach to fully leverage its end-to-end capabilities. Nonetheless, considering its purpose within our usage, it effectively fulfills its intended role.

The ability of Cisco Secure Firewall to enhance our organization's cybersecurity posture and resilience is commendable. Cisco Secure Firewall serves as our primary line of defense, deployed at the Internet edge of every site across the globe.

The most valuable feature is zone segmentation, which we utilize through the Firepower management console. This allows for centralized management, which proves highly useful. In the past, when using Cisco Firewalls, we had to manage them independently. However, now we have a single unified interface to manage all our Cisco Firewalls worldwide.

The Cisco Firewall UI could be improved. While having a centralized management console is a significant improvement, I believe there are several enhancements that could be made to the UI to enhance its user-friendliness and improve the overall flow. This is particularly important during troubleshooting, as we want to avoid wasting time navigating through different sections and excessive clicking. It would be beneficial to have everything readily accessible and a smoother flow to quickly reach the desired locations.

I believe Cisco needs to make the appliance more automated in order to provide us with additional time. This would eliminate the need for us to manually go through the firewall, search, find, and troubleshoot everything. It would be beneficial if the appliance had some form of AI integrated to generate such information, enabling us to quickly identify the problem. If necessary, we could then delve deeper into the issue.

I have been using Cisco Secure Firewall for 19 years.

Cisco Secure Firewall is stable.

The scalability of Cisco Secure Firewall depends on the different models available, as each model may have a fixed scalability level. Therefore, the scalability we obtain will vary depending on the specific model we utilize.

The quality of technical support varies. We occasionally receive excellent technicians, while other times we do not. Consequently, I believe it is preferable to rely more on the competent ones rather than the subpar ones.

Neutral

We had previously used Check Point but decided to switch to Cisco Secure Firewall. The reason for this switch was the lower cost and our company's desire to remove Check Point from our environment. It was an excellent deal, and the technology was on par. We did not lose any functionality or experience any drawbacks by choosing Cisco over Check Point. In fact, I believe we gained additional features, and Cisco is more widely adopted and supported compared to Check Point. Therefore, I am confident that we made the right decision.

The initial setup was complex. Firstly, we were migrating from a completely different platform and vendor to Cisco. Therefore, the ruleset migration was not only complex but also tedious because there was no suitable migration tool available for transitioning from Check Point to Cisco Firepower. The second part involved a complete change in our design, as we opted for a more zone-based approach where our checkpoints are more streamlined. This complexity was a result of our own decision-making.

We utilized our partner, ConvergeOne, for the integration, and they were exceptional. They demonstrated sharp skills, and together we successfully completed the job. The entire process took us a year during which we managed to cover every site within our company.

We have witnessed a return on investment through the capabilities of Cisco Secure Firewall itself, along with its numerous threat defense technologies. As a result, we do not need to purchase additional tools to enhance the firewall; everything is already integrated. Therefore, I believe this was a significant victory for us.

The pricing structure for Cisco Secure Firewall can be challenging to manage. It involves separate line items that need to be carefully tracked, such as SmartNet, FCD licenses, and other license features. This complexity adds to the difficulty of dealing with the pricing.

I rate Cisco Secure Firewall an eight out of ten.

Cisco Secure Firewall has not helped consolidate any of our applications or tools.

We use Cisco Talos to pull the signatures for everything we download. However, we don't rely on Cisco Talos for our day-to-day operations. 

Cisco Secure Firewall is a commendable product and holds a leadership position in the industry. While there are other competitors available, it is certainly worth considering, particularly for organizations that already utilize Cisco switching, routing, and related infrastructure. Cisco Secure Firewall can seamlessly integrate into the existing ecosystem, making it an appealing option to explore.

Having in-house expertise in Cisco and its products is indeed valuable when making a decision to go with Cisco Secure Firewall. The fact that our team already had a lot of expertise and experience with Cisco products played a significant role in the decision-making process.