Cisco Secure Firewall Reviews

The simple access rule, Internet NAT and routing are valuable features. It is very simple and the most reliable perimeter firewall.

We were using Cisco Security Manager (CSM) to control and configure all of our Cisco products. ASA worked very well on the CSM.

The next-generation firewall could improve. Still, they have NGFW 5525 but I haven’t tried it yet.

We have been using this solution for seven years.

We have never faced any stability issues.

Sometimes, the throughput and CPU counter issues were faced, maybe because we started to use it a long time ago.

Technical support is great. They are very responsible, know the bugs and workaround.

We have used it from the beginning.

The initial setup is not simple and straightforward, because it is Cisco and you need to configure it by CLI.

Obviously, Cisco products are not cheap.

If you are looking for a stable run and it is easy to find someone to configure the service, then better go for Cisco; their support is very professional.

The solution's reliability, performance, and security are most valuable.

The price and compatibility with other vendors' products can be improved.

I have used this solution for three years.

I have not encountered any issue with stability.

I have not encountered any issues with scalability.

I would give technical support a rating of 9/10.

I used Juniper Networks and I switched due to the lack of technical and sales support in Romania.

The initial setup was complex because of its outdoor position. We had to solve this problem with outdoor protection.

Negotiate the quote.

Before choosing, I evaluated Juniper Networks SRX.

Be careful with temperature control in the rack area, since Cisco ASA 5585-X with SSP-10 heats up a lot.

• Hardware reliability
• Software stability
• Quick software updates for known bugs/vulnerabilities

These are very important in an enterprise environment.

It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

• License politics
• License price
• Precise vendor roadmap for this product

I have used Cisco ASA for five years.

We have not had stability issues.

I would give them a high rating.

We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
Cisco has good documentation and it is easy for Cisco certified engineers.

The initial setup was straightforward.

Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.

We did not evaluate any alternatives.

The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.

The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

It provides detection of zero day infections through FirePOWER AMP.

Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.

I have used the ASA portion for over eight years and the FirePOWER portion for about three years.

We did have stability issues with the FirePOWER software.

We did not have scalability issues with the high end devices.

I give technical support a rating of 5/10.

We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

The setup was reasonably straightforward.

Get a clear understanding of what the licensing entails before committing.

We checked out Check Point and FortiGate.

Plan very well in order to have a seamless project implementation and transition.

NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.

It is small, nobody knows where it is, nobody knows what it is, it works silently. So, as there is no issue, it is good for business and organization.

License politics, license price, precise vendor roadmap for this product.

Two years.

Yes, FirePower is not stable, because every new software version comes with many features that cause problems. Cisco has to do it because other vendors have already added these features.

No.

High.

3Com TippingPoint as IPS, Zyxel ZyWALL ZyXEL ZyWALLas VPN server. Cisco has good documentation and it is easy for Cisco certificated engineers.

Complex, because of non-ready Firepower service software setup.

The last years' experience showed that there is no full security, so why pay more. Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities and reliable hardware, is acceptable for an organization.

No.

Cisco's ASA product line will be replaced by Cisco FTD. And Cisco FTD software is not ready for production (lack of many basic NGFW features). So, maybe only high-performance Firepower 41xx/21xx/90xx Series is good as IPS.

Cisco doesn't have many features but only basic firewalls.

No improvement. My clients have been using this product and moving to other products.

This product should have moved towards making UTMs.

Eight years.

No.

No.

Technical support and documentation is great.

No, I worked with this product by working for a client.

It is easy to set up and implement.

Never worked on pricing and licensing.

I would always prefer to evaluate other products when I have been asked for advice on firewall solutions.

Evaluate other product before using this product.

Firewall, VPN and Single Sign On.

Remote Access and SSO Authentication.

One year.

No.

Not yet.

Good.

Watchguard Firewall. Switched due to license cost.

A bit complex compared to Watchguard Firewall.

Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

If so, which ones? Yes, Checkpoint, Juniper, Cyberoam.

Cisco is good. Look at your requirements and create a matrix to figure out the best option.

VPNs, reliability.

Connectivity with client Telcos works perfectly way and administration is simple.

I think it's the perfect Firewall for SME.

Five years.

No.

No.

10 out of 10.

Version 5515 is better than 5510 or 5505.

If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way
of configuring it with ease.

Go for the complete bundle, it's a one time investment only. Otherwise, in the future you will have to buy other tools as licenses for some add-on services.

FortiGate 100D.

I would go for bundle licenses and hire a Cisco engineer for implementation.