Cisco Secure Firewall Reviews

We use it as a perimiter firewall and do VPNs and filtering.

As a reseller, because Cisco includes different companies like Sourcefire, Meraki, and Talos, I think Cisco has a good portfolio for the security business, with their own devices too. For example, we have our firewall, we have a Web security appliance, things like OpenDNS with Umbrella. I think Cisco can cover with all the platforms.

All the visibility the device gives us as well as management and administration facilities.

It needs better documentation for when we present solutions to non-technical people. They need to bring together all the information, across the various firewalls, so that we can more clearly explain them.

Also, pricing could be better.

It's very stable. 

When we implement a firewall we need to be aware of whether it is growing over a short time period or a long time period. I think the scalability, from our implementation, is good because you can use the same configuration for another platform. If you implement on a small platform, it It is easy to implement the same configuration to another, bigger device.

I think tech support is a large part of Cisco. It's good, it provides support around the clock, answers problems. I would rate it nine out of 10.

SonicWall.

For some things it is very easy, but configuring other things is a little complex. It depends on the use case.

Cisco may be a little expensive but it has everything, and they support very well.

Juniper, Fortinet.

I think Cisco has all the solutions: switching, routing, security, they have wireless. You can cover all the devices with Cisco. They have all the network and engineered tools to help resolve the issues that we have. They are really very good devices.

In terms of advice, I would say Cisco is the best company. They're very stable, there aren't too many issues. And when there is an issue they have many engineers who can solve the problem.

We use it for security of branch offices and data centers. 

It works like a firewall for security reasons. 

Filtering is the best feature, as I have gotten used to using it.                               .

The IPS and GUI are outdated. It is finally getting IPS inside, which will be a big improvement. The GUI is outdated, and they are slowly improving it. We will see if they go in the correct direction. Unfortunately, they usually just follow other vendors.

It is slowly not supported and other vendors are a few years ahead of Cisco in development.  

Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module.

Business use. It has performed well.

Its ability to work with the traffic.

I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface.

Stability has been fine.

It is good.

I have not used technical support.

We have always been with Cisco.

Initial setup was fairly complex. Just having to know the command prompt rather than having a better user interface.

We looking for a possible new solution because of the licensing and VPN.

We evaluated Cisco and Meraki.

Look through what your needs are.

Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.

Do not do cluster to add more bandwidth.

Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

The needed features are already being done on Firepower, but this software is still in flux. 

It is very stable.

Setting it up is not as intuitive as other more modern NGFWs.

Service Provider Operations manipulating thousands of firewall rules deploying Network Access Translations (NAT) for various multiservice networks.

• Easy and fast to deploy.
• User-friendly GUI
• REST API offering with rich capabilities which makes the product very robust.

Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.

ASDM needs to be able to customize applets.

REST API stability needs improvement in order for customizing resource allocation available to the user rather than just being there transparently. This way users can customize REST API and tailor it to their needs.

Currently used for at our disaster recovery site as our internal firewall, not a lot of services are running through it. We are still going around learning how to use it.

Since we have used Firepower firewall, we are facing issues of getting real-time logs, as they are not available with the latest version.

It is easy to create interfaces and routing, which all can be done at the GUI level. For now, we are still going around the services and will add more in the future.

The product needs real-time logs to be able to monitor our services, so we can know if any our services have been blocked via the firewall or on the application side.

• Datacenter and edge firewalls
• Used in central and remote sites.
• Used in datacenter production sites.

• Deployed between users and servers transparently.
• Easy to deploy in a working environment between servers and users.
• Improved security and visibility.

• Failover
• Transparent firewall
• Multi-context
• Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.

HTTPs inspection and higher throughput/spec would be good. Now, it has been replace by Firepower, which is a lot faster. 

ASA5585-SSP-60 was deployed after a migration from Juniper SRX5600. The solution is used for the protection of the mobile data network. It is protecting 3G/4G Internet customers and the Private APN.

So far, we are not satisfied by the move. The precedent solution is much more adapted to the Telco environment, although Cisco recommended this platform. Cisco ASA also brought our network down several times due to a memory leakage bug, which is still not resolved.

All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers

• VPN creation with Cisco is quite difficult: Some DH groups are not supported (compared to Juniper).
• Expected to see the enablement of virtual routing, which is key in a Telco environment. We need to provide this in LAN to LAN services with shared platforms (DNS, proxies, etc.).
• Application visibility 

Yes, a memory leakage issue which literally freeze the nodes (we have an HA environment). The issue is still not solved and the only recommendation from Cisco is to reboot the node.

Yes, the throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput.

Experience with technical support was mitigated. 

Technically, they denied any issues on the node and call the memory leak issue, "A cosmetic issue." They were stating that memory disappearance reported by SNMP was an error and will have no impact on the traffic. They have reviewed this since we have recorded several blackouts during the year.

We were using Juniper SRX5600. The switch was more a strategic decision than a technical one.

We are also using a 5520 for seven years in our datacenter and we are satisfied by this version.

The initial setup was very complex. Migration from Juniper (with wide usage of VR) to Cisco is complex and you should make sure to master all the flows on the node. Also, Juniper is more permissive on asymmetric traffic, which Cisco will deny by default. 

Implementation was performed by a Cisco recommended local partner. 

We were not satisfied at all (from the pre to post implementation). Their level of expertise was zero.

I do not know.

Nothing to highlight at this level. 

We did an evaluation with Check Point.

It is definitely not for Telco.