Cisco Secure Firewall Reviews

Malicious URLs are being blocked.

Advanced malware protection, it blocks malicious attacks.

• Bandwidth allocation.
• SSL decryption (avoid installing the intermediate device certificate in the client) should happen from Firepower itself.
• Critical bugs need to be addressed before releasing the version.
• Need to reduce the time to for detection of new threats.
• Enable a feature for importing/exporting logs when required for analysis.
• Dynamic IP address in client systems mapping with respect to OS change or device change should be updated periodically in FireSIGHT management.
• Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues.

Yes, there were stability issues due to memory issues in the cluster environment and Firepower misbehaved due to non-responding of service/process.

No scalability issues.

Good support.

We switched from our previous solution because of scalability issues.

It was straightforward, even though we migrated from a third-party to Cisco.

Price should be judged based on the above answers, among the most capable vendors.

FortiGate.

We are using ASA5585-X with Firepower SSP-20 (ASA version 9.6(1)3, Firepower version 6.1.0.5).

When looking at different solutions, take a deep look at the features.

It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

There were no problems in terms of scaling an existing solution, though very expensive.

I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

Choose it if you aim to have a stable environment.

It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.

I've used the devices for over 10 years.

I have never had an issue with my deployments.

One of the best things about ASA's is that they are very stable.

With ASA, you can scale to the largest deplyments. As an example, I have installed an ASA in an environment with 80.000 users.

Cisco Support is very good, you don't have problems using it.

10/10.

I have migrated customers from Cisco's competitors to ASA's.

Once you have the knowledge it is not complex to install an ASA, but it does depend on the network of the customer.

Our customers also evaluate PaloAlto.

The feature I have found most valuable is the IPS advanced threat detection for removing ransomware and malware.

An area of improvement for this solution is the console visualization.

I have been using this solution for two months.

The solution is stable.

The customer service/technical support is very good with this solution.

The initial setup is straightforward and it took two weeks to deploy. Currently, 5000 employees use this solution in our company.

The solution was chosen because of its price compared to other similar solutions.

I would recommend this solution to other users.

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch.

In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future.

I have been using this solution for the last one and a half years.

Stability-wise, it is pretty stable. It is probably not very feature-rich, but whatever features we are using, they are pretty stable.

Scalability-wise, we did not have much problem because we have a single site. If we have two or more sites, and if we want to have a site-to-site VPN and more number of users, we are not sure about the scalability. We will have to go for an updated version of the new product line. 

We have close to 80 plus users. We anticipate a huge increase in the number of users and plan to increase the usage of Cisco ASA Firewall. We may have to open a new center in a different city, which will lead to more sites, users, and usage.

Their support is good, but the cost of support is very high. Next year onwards, we may not go for technical support because most of the time, they only do the configuration, and the configuration-related information is pretty much available on the internet.

Initially, we started with some open-source alternatives, like Opium, but eventually, we thought of moving towards a proven solution. We just did a study. We didn't put the open-source solution into production. One of our customers was basically suggesting us to go with this one, and we went for it. We did not get time to go through, study, and explore different options because we didn't have the bandwidth for testing the complete features of the open-source alternatives. Therefore, we thought of going for a commercial solution. A lot of alternatives are available right now for this solution.

The initial setup was not too complicated. It was good. 

We took the help of a reseller for the initial configuration. 

The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.

I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness. 

Our primary use case for this solution is to protect the Internet Edge, and our VPN (Virtual Private Network).

We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.

The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

The product would be improved if the GUI could be brought into the 21st Century.

Its security is the most valuable feature. 

The phishing emails could be improved. 

It is stable. 

The scalability is good. I'm happy with the service. We are around twenty users. Some are in finance, some are in a mid-user roles, and some are in other official roles.

We did not previously use a different solution. 

The initial setup was straightforward. Implementation took two days. We needed two people for the deployment. 

Pricing is high, but it is corporate's decision.

We didn't look at any other solutions. All of our campuses use Cisco products. This is why we chose this solution. 

This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good.

I would rate this solution an eight out of ten.