Cisco Secure Firewall Reviews

I have worked with other solutions similar to Cisco Secure Firewall, and in the past, I worked with Pulse Secure VPN. My experience with Pulse Secure VPN was also good in the past. In the near past, I replaced a lot of Ivanti VPN with Cisco Secure Firewall. The migration to Cisco Secure Firewall was caused by many security incidents on the side of Ivanti.

From my point of view, the biggest return on investment when using Cisco Secure Firewall is that the end-users have a good experience with the remote access VPN, are happy to use it, and have to use it every day. That is very satisfying for the customer.

The scalability of Cisco Secure Firewall is sufficient to meet the growing needs of my clients.

My experience with the documentation is that sometimes it refers to Cisco ASA instead of Cisco Secure Firewall, and the screenshots are not accurate. That is sometimes confusing for my customers.

The stability and reliability of Cisco Secure Firewall is reliable. The high-availability function of Cisco Secure Firewall helps to minimize downtimes, which is why I find it reliable.

My clients have never tried to expand its usage, or there was not a need for it. It is always enough for them because we are good at planning, so they do not need to resize.

My experience with the customer service and technical support of Cisco Secure Firewall is mostly with the partner support and not with the TAC directly.

Negative

In the past, my installations of Cisco Secure Firewall were on-premise.

I would describe the deployment process for Cisco Secure Firewall as straightforward. The deployment process is very easy because Cisco Secure Firewall has a good setup in the Firepower Management Center.

I was not told about a return on investment, but my clients are happy to use the remote access VPN solution.

My experience with the price, the setup costs, and the licensing of Cisco Secure Firewall is that the price and the licenses are fair and competitive in the market.

I have worked with other solutions similar to Cisco Secure Firewall, and in the past, I worked with Pulse Secure VPN. My experience with Pulse Secure VPN was also good in the past. In the near past, I replaced a lot of Ivanti VPN with Cisco Secure Firewall. The migration to Cisco Secure Firewall was caused by many security incidents on the side of Ivanti.

My main use cases for Cisco Secure Firewall include serving as a perimeter firewall between the data center and users, and as the firewall between the internet and users.

An example of how Cisco Secure Firewall benefits my organization is that we use it with Azure, along with Azure firewall and FTD, and it works very well.

Cisco Secure Firewall is highly performant and easy to manage. 

Cisco Secure Firewall handles this adequately, but a simpler licensing model would be beneficial, especially when using the firewall in the cloud, since on-premises performance is limited by the hardware being used.

I have been using Cisco Secure Firewall for approximately fifteen years, starting from Cisco PIX.

Cisco Secure Firewall has demonstrated good reliability and stability. Although we did not invest heavily, which results in limited performance due to our license being restricted to one gigabit, that is our constraint rather than a Cisco limitation. I have not experienced any crashes or downtime with Cisco Secure Firewall, and everything has operated smoothly.

Cisco Secure Firewall can scale with the growing needs of my organization.

I have not needed to use customer service.

Negative

Deploying Cisco Secure Firewall is very straightforward and uncomplicated, as the systems are simple to deploy and the graphic interface is user-friendly.

My experience with the pricing, setup cost, and licensing for Cisco Secure Firewall is positive.

Before choosing Cisco Secure Firewall, I considered some competitors, as we have other firewalls from different vendors. It is beneficial to use firewalls from different vendors because if someone can overcome one firewall, there is the other firewall for protection.

I selected Cisco Secure Firewall because it works well in the Azure environment. 

Our main use case for Cisco Secure Firewall is to protect the data center workloads and branch infrastructure.

Many features of Cisco Secure Firewall help us. One of the features is Cisco ISE to authenticate and authorize users and user devices, along with the data center switches and campus switches Catalyst, together with DNA Center.

For segmentation of our application workloads in the data center for East-West traffic, Cisco Secure Firewall is essential.

We primarily use Cisco Secure Firewall as a firewalling solution with basic ACL functionality.

I don't think there are things that could be improved or features that I would have in Cisco Secure Firewall.

We have been using Cisco Secure Firewall for five to six years.

We did not have any major issues with Cisco Secure Firewall. Sometimes some features are a bit buggy, but it doesn't really result in any major outages.

We have quite static infrastructure, so we did not have any growth requirements in the past with Cisco Secure Firewall, so I cannot provide information about that.

We use customer service for Cisco Secure Firewall. Sometimes the GUI is very laggy and slow, and it improves with every update we receive, but sometimes that is a small problem. My rating for customer service is 4.

Positive

Before having Cisco Secure Firewall, we used several solutions from different vendors.

We still use Check Point as well, even after changing to Cisco Secure Firewall.

You need some knowledge to set up Cisco Secure Firewall, but overall, there is good documentation and it was doable.

We do not currently have a dedicated implementation team for Cisco Secure Firewall.

It is hard to say if there was something we implemented with Cisco Secure Firewall that gives us a return on investment.

Regarding pricing, setup cost, and licensing for Cisco Secure Firewall, it is not that relevant, but from my experience, it can be very complex to oversee and to have a good view on the cost and licensing. It is a bit simpler with Cisco Smart, but it can be a challenge.

We did consider another solution before selecting Cisco Secure Firewall. However, we did not want to have that many vendors in the enterprise.

I prefer staying in the same Cisco ecosystem with one or two vendors maximum.

Check Point is one vendor on the firewall level that we still use.

We have to deploy the full feature set of Cisco Secure Firewall, so I cannot provide information about partial deployments.

Regarding the use cases for the Cisco Secure Firewall, the Firepower is used in enterprise corporations, DMZ sites, perimeter security, and IPS applications.

The valuable features of the Cisco Secure Firewall include the unified console and compatibility with other solutions such as Duo Mobile with DAC and EDR. The single solution allows users to see one dashboard, and the compatibility solution provides better dashboard integration.

Areas that could be improved with the Cisco Secure Firewall include the ease of use with the product, and it needs to work better with NAC and integration.

Cisco could improve their firewall by providing better support when issues arise, such as during an attack, to help resolve problems more efficiently.

The stability of the Cisco Secure Firewall is excellent, and I find it very reliable at this moment.

Regarding the scalability of the Cisco Secure Firewall, it depends on the situation because in some cases, equipment changes are necessary when the size is very small.

Equipment changes become necessary when companies upgrade with more devices and people, as the firewall becomes insufficient for different security requirements.

The score for their support is eight.

Positive

I work only with Firepower and Palo Alto security solutions.

The initial setup for the Cisco Secure Firewall is very easy, particularly during the initial start of the equipment.

On a scale of one to ten, I would score the setup as eight.

I have experience with Cisco Secure Firewall, specifically the ASA and Firepower solutions. I work in the education and retail industry, where Palo Alto firewall is commonly used in my country. For B2B business, I use the Firepower solution as a Cisco partner.

We use Network Access Control with NAC, and we use Duo for solutions with easy integration. We also implement attack protection.

I would rate this solution as ten out of ten.

Until a couple of years ago, everything was fine regarding my main use cases for Cisco Secure Firewall. I didn't have any problems with the equipment, quality, or support. However, in the last couple of years, they started making our lives difficult. Trying to renew the partnership with them became challenging as they were requesting numerous things on our side, and since we are a very small business, it wasn't possible to get through that verification.

Until a couple of years ago, everything was fine regarding my main use cases for Cisco Secure Firewall.

They are definitely reliable, and regarding positive features, once you get through with the purchasing of this equipment they offer their special support schemes, SmartNet support schemes, which are quite useful.

They offer their own software, and regarding integration capabilities, it's not wise to have only one vendor. One might get Cisco Secure Firewall for the outside drone and then get some other software from other companies such as ESET or Panda for the PCs and the servers, and that's how it's typically done.

Regarding policies about partnership, they are losing, not us. There are other equipment options out there that don't require such strict requirements.

With the new systems that Cisco Secure Firewall is deploying right now, I don't have experience with downtimes. With older systems, it happened once with a big customer that they went through the repair and they actually hacked the whole thing. It wasn't actually the equipment's fault. It was a customer's fault because we were begging them to implement two-factor authentication mechanisms, and they never did it, and in the end something happened. That's understandable. You can't blame the equipment for that.

The technical support for Cisco Secure Firewall once you have the SmartNet is very good. The people are always willing to help, they can even log on remotely on the devices and check things. They're very good with that.

Positive

It depends on the customer, and regarding the deployment time of Cisco Secure Firewall, it depends on what you want to implement. To set it up just for getting out to the internet may take a couple of hours. However, to prepare a skilled network with site to site VPNs, it's going to take days.

There are other equipment options out there that don't require such strict requirements.

They say that their new software for Cisco Secure Firewall is AI compliant, whatever that means. They have some kind of databases on the cloud, the system communicates with them in order to monitor the traffic getting through and clearing things and stopping attacks or whatever. Everybody does this, but at what level they do it, nobody really knows.

The security policies that an organization has are also upon the IT people and the management to properly identify and implement. If they don't do these things, and they don't update the software of the servers, they leave all the usernames and passwords vulnerabilities there and they don't do something about that, you can't blame the equipment. It's the perimeter kind of firewalling you have with the equipment. But after that you have to do something on your own to help yourself.

On a scale of one to ten, I would give Cisco Secure Firewall an eight.

My use case for Cisco Secure Firewall includes secure access into the network, remote access VPN, site-to-site VPN, NAT, and access control.

I believe the most valuable feature of having the FTD in Cisco Secure Firewall is that it is typically managed through FMC, which is a tool that allows you to manage multiple devices. The ability to manage, view, and push templates across multiple devices at one time is beneficial versus having to manually do it.

Cisco Secure Firewall helps organizations improve by making networking easier, as they have provided a graphical user interface for much of the functionality. I think people prefer the GUI and find it easier to navigate versus having to remember commands, making it excellent for both novice and senior engineers.

If I could improve Cisco Secure Firewall, I feel that even with my experience, I have difficulty navigating some of the logs and trying to find specific flows, whether it is the source address or the pre-NAT address. I find the filtering very difficult to navigate and determine exactly what field I have to put the criteria in, as there are too many fields.

I probably started using Cisco Secure Firewall at the beginning of the pandemic, around 2021, while I was using ASAs before that, which had been for approximately 10 years. I have used FTD and Firepower for approximately five years and ASA for approximately 10 years.

I believe Cisco Secure Firewall is stable because I have never seen it crash and I have never seen it fail to forward packets.

My experience with customer support for Cisco Secure Firewall is positive, as they are helpful. On a scale of one to ten, I would rate Cisco Secure Firewall customer support as a nine, with ten being best.

Positive

I have briefly looked at some marketing materials for other firewall solutions such as Palo Alto, Fortinet, and FortiGate to understand where they are in the market, but I have never really managed or configured those platforms.

The complexity of deploying Cisco Secure Firewall varies depending on how many you have deployed. When I first deployed it, I still had to refer to documentation and conduct some trial and error, as we had to reconfigure some elements because of the interesting environment where we had to port-channel separately instead of as one bundled channel in an HA cluster. The complexity really depends on the environment.

I have deployed Cisco Secure Firewall with some customers.

I believe the market space for firewall solutions is crowded, and these vendors need to be competitive. I find that they are all quite similar.

I implemented the product which provides end-to-end networking and security features. It starts with secure tunneling, and I performed micro-segmentation in the firewall specific to a particular customer environment. It offers comprehensive security as well as networking features that I have enabled.

The software was mainly the highlight. Most firewalls have a challenge of identifying keywords and providing restricted access, which I encountered. However, Cisco Firewall has very good features, like trusted applications and restricted access for users based on keywords. I could access it appropriately, unlike some firewalls where this is a challenge. Essentially, the restricted access to websites has been exceptional. I was in the life science industry, focusing heavily on compliance. This product meets compliance requirements, and the security process has improved. Stability and consistent performance are critical components of Cisco's product.

The integration, especially for APIs or with other firewall products, is a challenge for me. In some satellite sites where large firewalls are not involved, I used Cisco Meraki. The integration between Cisco products themselves presents difficulties, such as SD-WAN configuration. Managing centralized networking with Cisco is challenging for me in terms of integration with other firewall products.

I have used the solution for almost four years.

The solution is stable and performs well.

Scalability presents a challenge. There is commercial involvement and several factors, making it complex for me. I would rate scalability seven out of ten.

Technical support is unsatisfactory for me. There might be restructuring within Cisco India or with the partner's capability. Whenever I encounter a technical support challenge, it is not an easy process. Even with premium support, it is a struggle. I have to provide many logs, yet problems remain unresolved, often requiring workarounds rather than solutions.

Neutral

The initial setup is not simple as it is all based on my requirements. If the requirement or site is predominantly complex, specialist involvement is necessary. However, for a vanilla installation, it is fine - just not easy.

I have assessed and decided to move on to Sophos. Sophos's support is excellent compared to Cisco and other products, with their technical support team based in South India. I have received a lot of good feedback about it.

Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. 

However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk.

I rate the overall solution six out of ten.

The solution is used in a normal enterprise-level configuration. It has effectively worked as a perimeter firewall. Our VPN was also configured on it.

The threat prevention is better than FortiGate, but it is less effective than Palo Alto. The VPN functionality is consistent, and the performance is good.

Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps. Compared to Palo Alto and FortiGate, it is not as effective. Cisco Firewalls require FMC for management. 

If you have a small to medium-sized office with only a few firewalls, you can deploy and manage them without FMC. However, without FMC, it is not fully functional, limiting the features available. You cannot use the asterisk value in address objects in Cisco. 

In other firewalls, hovering over an object displays details like the IP address. With Cisco, you need to access the object to see inside details. Cisco should improve this aspect. The NAT process is handled differently, which I do not like. Obtaining support is challenging compared to FortiGate and Palo Alto. 

Although knowledge-wise they are good, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

I have used the solution for almost two years.

The scalable performance is good, however, the voice communication is not effective. Compared to FortiGate and Palo Alto, it lags in configuration and other aspects.

Knowledge-wise, they are good, however, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

Negative

The deployment was a normal activity, similar to how enterprises operate. It worked as a perimeter firewall, and our VPN was configured on it. The installation took approximately half a day.

For mid-sized organizations, I do not recommend it. For ISPs or data centers, I would recommend it due to its good performance and hardware capabilities. Their hardware can handle substantial amounts of data without causing latency. I recommend it for ISP or data center. For enterprise purposes, I do not recommend it. 

I rate the overall solution seven out of ten.