Network Engineer at a university with 1,001-5,000 employees
Real User
Its cybersecurity resilience has been top-notch and paramount for our organization
Pros and Cons
  • "Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch."
  • "I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do."

What is our primary use case?

We pretty much use it as our edge firewall and data center firewall.

We have a colocation that is the center for all our campuses. That is where our edge firewall is. We use that for VPN as well, and it was a great thing during the pandemic because we were already ready to go with VPN. We didn't have to do anything extra on that part.

How has it helped my organization?

The solution has really enabled us to ensure our university is secure.

Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch.

What is most valuable?

The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.

What needs improvement?

I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do.

Buyer's Guide
Cisco Secure Firewall
February 2023
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
672,411 professionals have used our research since 2012.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

I would rate the stability as 10 out of 10.

We do maintenance for software updates, etc. I don't think we have had any major hardware failures.

What do I think about the scalability of the solution?

We haven't had to really scale up too much.

How are customer service and support?

The technical support is excellent. Every time that we have ever had an issue, we got a result very quickly. I would rate them as nine out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have always had ASA since I have been at the company. The ASAs were in place and we have upgraded to newer ASA Next-Generation Firewalls.

What's my experience with pricing, setup cost, and licensing?

I am not a huge fan of Cisco licensing in general. However, I wasn't really involved with the pricing. That decision was made a little higher than me.

Which other solutions did I evaluate?

We are in the middle of an upgrade to the newer Firepowers.

We have used Palo Alto for another solution and they have a better firewall. It is a whole new GUI to learn. With Palo Alto, you simply get one code, then that is your firewall. With the newer Firepowers, there are two or three different ways that you can run it. So, we currently have our data center running in ASA code, then we are doing it a different way with our edge ASA. My supervisor has complained about all the different ways that the new hardware can be configured and installed.

What other advice do I have?

Stay more up-to-date with equipment. The old equipment is what will get you, e.g., leaving Windows 7 machines on your network or 15-year-old switches.

Heavily research what can do cluster mode, HA pairs, etc. That is where we ran into the "gotchas". You have to run it in certain ways to have it clustered and run it another way to have it as an HA pair.

I would rate ASA Firewall as nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Network Architect at a tech services company with 10,001+ employees
MSP
A stable and secure solution that works well
Pros and Cons
  • "Cisco tech is always good and helpful. I would rate them as 10 out of 10."
  • "Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower."

What is our primary use case?

We are using it for security on everything from small customers to big data centers.

How has it helped my organization?

It is stable. We saw benefit from this in just a few days.

What is most valuable?

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

What needs improvement?

Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower. Everything that I could wish for is in Firepower. We will probably not be doing too many new installations of ASAs since Firepower is mostly taking over.

For how long have I used the solution?

I have been using it for 15 to 20 years.

What do I think about the stability of the solution?

It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.

There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.

What do I think about the scalability of the solution?

The solution's scalability is very good.

We use it on customers who have two employees up to customers with 5,000 employees. It is also used for customers who have one site or several sites. It is all over the place

How are customer service and support?

Cisco tech is always good and helpful. I would rate them as 10 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I didn't use another solution previously.

How was the initial setup?

All our deployments have been different. Some have been really easy and others have been really complex. It could go either way: some are complex and some are easy. The complex solutions could take days or a couple of weeks to deploy. Easy solutions take a day.

If it was a big project, there would be a pre-project identifying what we were going to do and making a plan for it, then we would realize that plan. If it was a smaller thing, we would just jump into it.

What about the implementation team?

It was deployed in-house. Depending on the solution and its complexity, it could take a single person to a team of 20 people to deploy it.

What was our ROI?

Our return on investment is having a network that we don't need to think too much about. It works, and that is it.

What's my experience with pricing, setup cost, and licensing?

Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money.

AnyConnect is an extra license. If you want the IDS/IPS things, those are usually extra too.

Which other solutions did I evaluate?

I evaluated Check Point, Palo Alto, and Fortinet, but Cisco won the race. Since we were already running most of our other networking with Cisco, it felt natural to land on Cisco.

What other advice do I have?

I would rate the solution as 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
February 2023
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
672,411 professionals have used our research since 2012.
Deputy Manager at Star Tech Engineering Ltd
Reseller
Automated policy application and enforcement free up time for us
Pros and Cons
  • "The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
  • "One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."

What is our primary use case?

We use it for malware and IPS.

How has it helped my organization?

The automated policy application and enforcement have freed up time for us, on the order of 30 percent.

Also if one Cisco antivirus implementation is the subject of an attack, all other Cisco implementations get that information rapidly, in real time. All the other firewalls are in sync when it comes to malware attacks, through the update of the database. That is good.

The visibility it provides into threats is good. Every day we find lots of malware attacks targeting our network, but they don't get through to the network.

What is most valuable?

The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.

Cisco Talos is well known around the world and everyone trusts Talos for malware intelligence. It is number one. It is also the most secure for Snort rules. It is more secure than others because its real-time analysis is better.

In addition, Firepower Management Center is helpful. 

We also use Cisco ISE and the integration between it and Firepower is okay.

For how long have I used the solution?

I've been using Cisco Firepower NGFW Firewall for four or five years.

What do I think about the stability of the solution?

It's a stable product.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

Their technical support is good. When my NOC or my engineers have needed support the feedback I've had is that tech support has been good at critical moments. They have given us good service.

How was the initial setup?

There was no issue with the initial setup. It's straightforward because Cisco gives us lots of documentation. It's not a big deal, for me. In four or five years I have deployed 35 to 40 Firepowers for financial organizations and corporate offices.

Which other solutions did I evaluate?

We also use Palo Alto, Fortinet, Sophos, and Check Point.

One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.

The other issue is the upgrading process, with Cisco. Sometimes, if we use a standalone device we need to create maintenance windows at that time and we need to restart Firepower. But with other vendors, like Palo Alto, there is no need to update in that way.

If they mitigated these two things, Cisco would be number-one in the world in the security domain.

What other advice do I have?

We have not integrated Firepower with Cisco SecureX because it needs IOS 6.6. It's a limitation. If we have an external device, we would need downtime and in a financial organization, management will not allow us the downtime.

In my experience, the deployment procedure with Cisco is not the easiest, it's not plug-and-play. I hope that Cisco will give us that type of implementation.

Overall, I would rate Firepower at eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Specialist WINTEL Services at Descon Engineering Limited
Real User
Not completely integrated with Active Directory. I like its policy and objects feature.
Pros and Cons
  • "The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
  • "Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."

What is our primary use case?

I work for an engineering company that has multiple sites located in different locations, overseas and domestically in Pakistan. There are 30 to 35 sites connected to our network. We restrict the website at these locations using the Cisco Firepower module.

What is most valuable?

The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly. 

What needs improvement?

Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing. 

There are some other issues related to their reports where we want to extract some kind of user activity. When a user tries to connect to our website, we are unable to read its logs in a proper manner and the report is not per our requirement. These are two things that we are facing.

Per my requirements, this product needs improvement. For example, I want to use and integrate with Active Directory groups. 

For how long have I used the solution?

We have been using it since last year.

What do I think about the stability of the solution?

It is a stable product.

How are customer service and support?

I haven't tried to work with Cisco support.

Which solution did I use previously and why did I switch?

In the last 10 years, we were using the Barracuda Web Security. Compared with that product, I would give this solution six or seven out of 10 when compared to Barracuda. Barracuda has one of the best web security features, giving access to users by deploying a web agent on client computers at different sites. 

Barracuda Web Security's hardware was obsolete so our management never tried to renew its license. That is why we are trying to use the Cisco Firepower module. We want to understand their web security gateways, web security logs, what it provides, and the kind of reporting it has. We are currently doing research and development regarding what features and facilities it provides us compared to our requirements.

What other advice do I have?

I am happy with the web security. However, I am not happy with the groups, reports, and integration with Active Directory.

We are using the web security, and only the web security feature. Therefore, if someone asked me to give them advice about the Cisco product, then I will definitely not recommend it since it is not fulfilling our requirement. We have different sites located domestically and at overseas sites, which is about 30 to 35 sites. It is not locating any of the clients. This is compared to the Barracuda web agent on the client computer, which is always connected to Barracuda with live IP addresses, pushing and pulling all the procedures and policies to that client and computer. This is why I will not recommend the product to anyone who has a similar situation to ours. .

I would love to use the product in the future, if my requirements are met.

I would rate the product as four out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
A simple and reliable firewall with best support and very good netting, routing, and VPN functionalities
Pros and Cons
  • "Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support."
  • "Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."

What is our primary use case?

I am using Cisco ASA 5525 for netting, routing, and site-to-site VPN. We have two sites. I am using Cisco ASA Firewall on one site and Check Point Next-Generation Firewall on another site.

How has it helped my organization?

We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.

What is most valuable?

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

What needs improvement?

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

For how long have I used the solution?

We have been using this solution for one and a half years.

What do I think about the stability of the solution?

It is stable and reliable. If you are looking for security from Layer 1 to Layer 4, Cisco ASA is good, but if you are looking for Layer 7 security, deep security, and malware detection, this is not the right product. You have to use some other product.

What do I think about the scalability of the solution?

We have more than 400 employees. We are currently not thinking of increasing its usage because we need more security, and Cisco ASA is not good for Layer 5 to Layer 7 security.

How are customer service and technical support?

The biggest advantage of a Cisco product is technical support. They provide 24/7 support on 365 days. Their technical support is one of the best. I would rate them a ten out of ten.

How was the initial setup?

Cisco ASA is very not complex. It is a very simple firewall. If you are configuring it through CLI, it is easy. If you configuring it through ASDM, it will be more difficult for a beginner engineer.

It takes around two to three days to cover all the parameters. It is very easy to deploy in an existing network, which is one of the main advantages of Cisco ASA.

What's my experience with pricing, setup cost, and licensing?

We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS.

Which other solutions did I evaluate?

I considered pfSense, but when I checked the reviews, pfSense's reviews were really bad, so we purchased Cisco ASA.

What other advice do I have?

I am very happy with this product in terms of netting, routing, and VPN functionalities. If you are a small organization with around 100 people and you are not thinking of Layer 7 security, deep security, and malware detection, Cisco ASA would be very useful and cost-effective for you.

I would rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network engineer at a government with 10,001+ employees
Real User
Keeps the outsiders on the outside and enables us to monitor content going out
Pros and Cons
  • "The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current."
  • "Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."

What is our primary use case?

We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.

How has it helped my organization?

It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.

What is most valuable?

The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

What needs improvement?

Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.

There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.

For how long have I used the solution?

I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.

What do I think about the stability of the solution?

They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal. 

What do I think about the scalability of the solution?

It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.

How are customer service and support?

Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.

Which other solutions did I evaluate?

We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.

What other advice do I have?

I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.

Things are changing and the ASAs are becoming dated. People want content filtering and so on now.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Data center design at a comms service provider with 10,001+ employees
Real User
Provides great security for our applications
Pros and Cons
  • "One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI."
  • "It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection."

What is our primary use case?

We use them for site-to-site VPN solutions as well as other VPN activities, and for general application security.

We needed a good VPN solution and, as our network grew, we had more applications that were virtualized and that can be spun up. We needed a solution that would keep us ahead.

How has it helped my organization?

Cisco ASA provides great security for our applications.

What is most valuable?

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

What needs improvement?

It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.

Also, the ASAs need to be improved a little bit to keep up with the demand for high bandwidth and session count applications.

For how long have I used the solution?

I've been using Cisco ASAs for about 11 years.

What do I think about the stability of the solution?

It's reliable. It doesn't have all the features of some of the newer firewalls, but it's very reliable. It doesn't break. It's pretty rock-solid.

What do I think about the scalability of the solution?

We have at least a pair in every one of our data centers. We gateway our applications around the firewall system, meaning all application data goes through firewalls.

How are customer service and support?

We have good support from Cisco for the ASAs. That helps us out a lot. Some of our ASAs are pretty old and technically not supported anymore, but TAC always helps us out.

How was the initial setup?

The initial one, for me, was a little bit complex because I hadn't done it before. It was inline and an active/standby pair, so it involved a little bit more than just deploying one firewall. 

We had some documentation written and we tested it in the lab and then the deployment took about four hours.

We deployed it alongside different solutions and then we cut over to it when it wouldn't impact the customers.

The maintenance involves doing code upgrades periodically to keep up with the security environment requirements. One person handles that.

What about the implementation team?

We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.

From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.

What's my experience with pricing, setup cost, and licensing?

The licensing is straightforward and simple, so we don't have to keep relicensing every year as we do with other applications.

Which other solutions did I evaluate?

We use Juniper as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Analytical Engineer at a pharma/biotech company with 10,001+ employees
Real User
Keeps away threats trying to come into my organization
Pros and Cons
  • "With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
  • "It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices."

What is our primary use case?

We are using it for our VPN. We have a remote VPN and then a VPLS connection. Overall, it is a pretty big design.

We were looking for an opportunity to integrate our Firepower with Cisco ASA.

We mainly have these appliances on the data center side and in our headquarters.

How has it helped my organization?

It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that. 

The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.

With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.

What is most valuable?

The most valuable features are the remote VPN and site-to-site VPN tunnels.

I use the solution to write policies and analyze the data coming in via the firewalls.

What needs improvement?

It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.

I would like to see more identity awareness.

For how long have I used the solution?

I have been using it for over six years.

What do I think about the stability of the solution?

The stability is pretty good. They are keeping up the good work and making updates to the current platform. 

How are customer service and support?

The support is good. They have been there every time that we need them. I would rate them as nine out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have used Check Point and Palo Alto. We are still using those but for more internal stuff. For external use, we are using the Cisco client.

How was the initial setup?

The initial deployment was straightforward. We have worldwide data centers. For one data center, it took three days from design to implementation. 

What about the implementation team?

It was a self-deployment. It took eight people to deploy.

What's my experience with pricing, setup cost, and licensing?

It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this.

Which other solutions did I evaluate?

We also evaluated Zscaler, which is more cloud-based. It was pretty new and has a lack of support on the system side.

What other advice do I have?

They have been keeping up by adding more features to the next-gen and cooperating with other vendors.

I would rate this solution as nine out of 10. It is pretty good compared to its competitors. Cisco is doing well. They have kept up their old traditional routing and fiber policies while bringing on new next-gen features.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: February 2023
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.