Cisco Secure Firewall Reviews

We have some in our DMZ. We have some located in several locations throughout our state. Then we have our local Egress and VPN firewalls that we use.

The VPN is our most widely used feature for Cisco Secure Firewall. Since we were forced into a hybrid working situation by COVID a few years back, VPN is the widely used feature because everybody is working remotely for our agency. So it came in very handy.

Cisco Secure Firewall’s customer support could be improved.

I have been using Cisco Secure Firewall for 20 years.

Cisco Secure Firewall is a very stable solution.

We bought scalable products, and we're in a good position.

With Cisco Secure Firewall's technical support, it's always hard to get somebody that knows what they're doing on the line. However, when you finally get somebody on the line, it's pretty good. Having to deal with the licensing and be able to open a TAT case based on the serial numbers was very difficult. The individuals we get support from are pretty good, but the solution's support is two out of ten because of the process of having to get to that point to get support.

Negative

I have previously used Juniper. Our company decided to go with Cisco Secure Firewall because of the cost and ease of use. Also, the people in our team knew Cisco versus other solutions.

Cisco Secure Firewall's initial setup was pretty straightforward. They have a wizard, which helped in some instances, but there's also a lot of documentation online that helps a lot.

We have a reseller that we go through, and they helped implement Cisco Secure Firewall for us.

The application visibility and control with Cisco Secure Firewall is pretty great. We have the FTD, the firewall threat defense, and FMC, the management console we use, and we have great visibility using that product.

Cisco Secure Firewall's ability to secure our infrastructure from end to end is really good. We always find things and or block things before they even happen. So it's great, especially with Talos.

Cisco Secure Firewall has helped free up our IT staff for other projects to a certain degree. We still have to review logs in the firewall, and hopefully, someday, we'll have AI to help do that for us too. The solution has probably saved our organization about ten hours a week.

We use Talos, among other threat advice tools, and it's very good. Talos automatically updates us on the threats out there, and we can deploy those to our devices if we deem it fit to deploy them.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience. We've used Cisco for so long, and we've never had a data breach up to this point.

Overall, I rate Cisco Secure Firewall ten out of ten.

We are currently utilizing the Cisco Secure Firewall, partially due to its historical relevance and partly because Cisco continues to maintain a prominent position in providing client VPN access.

We have employed Cisco Firepower and ASA on Firepower to facilitate client VPN access and to enforce fundamental layer four security policies.

We utilize security products in central locations to provide VPN access for clients throughout Europe.

The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.

Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.

The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.

The overall licensing structure could improve to make the solution better.

I have been using Cisco Secure Firewall for approximately 15 years.

My experiences with the Cisco Secure Firewall support have varied. Since we access it through a partner, some issues are quickly resolved, while others require more time and effort.

I rate the support from Cisco Secure Firewall a six out of ten.

Neutral

While I have not personally utilized other security products, our organization also employs FortiGate devices and applications for security purposes alongside Cisco Secure Firewall.

Acquiring licensing for Cisco Secure Firewall can be a bit cumbersome, therefore a more straightforward licensing process would be preferable. 

The licensing process can be frustrating, as it requires selecting between on-box or per-client options and other related considerations. Simplifying this process would be beneficial.

We are using access switches, routers, catalysts, and ISR products. Additionally, we are using Cisco as a platform, which is somewhat old, and Cisco ASA on Firepower devices.

I would advise others to thoroughly evaluate their requirements before selecting a security solution. While some products may seem like an obvious choice, it is important to take the time to assess the available options and determine which one best suits your specific needs. This approach is wise and can ultimately lead to a more effective security solution.

I rate Cisco Secure Firewall a seven out of ten.

We use them for some of our border firewalls in our data centers and also as our VPN concentrator. 

It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.

I don't have any specific improvements to recommend. However, when you compare the throughput of a Cisco firewall to the competitors, especially Fortinet, what you find is that Cisco has lagged a little bit behind in terms of firewall throughput, especially for the price that you pay for that throughput.

We've been using Cisco firewalls for probably 10 years.

We have 105,000 users, and they all have access to use a VPN to connect back into our network. We found that it works very well for us, and it's very scalable to the number of users that we have. That's why we continue using it.

It's very good. Cisco has excellent support. It's better than most of our vendors. I'd rate their support a ten out of ten. 

Positive

I don't believe so. We've used Cisco, at least for this specific use case, for a long time.

The enterprise agreement that we have has helped with the pricing because it allows us to consume licensing in more of a consumption model versus a per-user type model. That has helped us a lot.

I don't know. I wasn't with the organization then.

We don't use Cisco Secure for securing our infrastructure from end to end to be able to detect and mediate threats. We have other products that serve as our endpoint detection and especially for the end-to-end side of things. That's not really our strongest use case for it. Cisco Secure hasn't helped save our organization any time or operations expenditure because we have other products that we use for that.

Overall, I'd rate Cisco Secure Firewall a ten out of ten.

We are one of our Swedish municipalities. We use this solution to support our environment and keep it safe and secure.

At the moment, Cisco SecureX is just for the monitoring part. We are migrating servers from an old infrastructure to a new one. It monitors how they're behaving on the network.

We have 500 sites using it. It's a mix of remote sites and connected sites. We have a lot of devices. We are a Swedish municipality, so we do everything from healthcare to taking care of the roads. We have a wide spectrum of users, so we have to supply everyone with what they need. So, we have a lot of devices in our network.

Cisco SecureX is doing a good job for us in terms of securing our infrastructure from end to end so that we can detect and remediate threats. It's detecting what we want it to detect, and it's protecting us from what we want to be protected against. So, it does its job. That's our need at the moment.

It has saved us time. Attackers are constantly trying to get hold of our environment. We've had around 20 to 30 breach attempts to get ahold of our environment. It protects us from that. It also protects us when an attempt is underway. We can see them starting to get into our network, so we can prevent it in time. The time saved varies. It can be days of work.

Its efficiency and security are the most important. We are more efficient and more secure.

We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.

There should be more integration with Microsoft Identity.

We get customer support through ITEA for a bunch of solutions. We get the help we need. I'd rate them a nine out of ten. You can always do better.

We haven't used any other solution for a long time. We have been a Cisco customer for a long period.

I was involved in its design. Some parts of the initial setup were quite easy and some parts were quite complex. We were quite early adopters of some parts of the Cisco brand, so we had some challenges, but overall, it was quite straightforward.

For some parts, we took the help of a third party called ITEA. Our experience with them was good.

We haven't calculated the overall ROI. There are different areas we use it for. For some management areas, we can calculate ROI, but in some areas, we can't.

You get what you pay for. It's always priced based on what you get and what it can handle. It's acceptable.

To those evaluating this solution, I'd advise finding out what you want to use it for. Our usage is quite basic. Overall, I am quite satisfied with what we are using it for.

Overall, I'd rate it a nine out of ten.

We have all kinds of use cases. Our customers are large enterprises, and they need perimeter security. Zero trust, network access control, and network segmentation are quite important these days.

We are a partner and reseller. We implement, and we resell. As a Cisco Secure reseller, we have all the expertise. Our customers are usually overworked and have no time to learn how to implement these things and get some expertise. That's what we bring in. We help them select the right solution, select the proper design and architecture, and implement it. They basically lack the time and expertise, and we are a trusted advisor who helps them with their issues.

I'm working with security. It improves the security posture of our customers and protects them from threats. We recently saw a bunch of hacks in Germany and our customers are concerned. We help to protect our customers from that, and that's very important.

The analysis tools and encrypted traffic analysis save time. They help detect security threats and incidents that can cause outages for customers. It's a great improvement.

Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers. I'm from Germany, and in Germany, people are very concerned about privacy. We have a bunch of public customers, and they have an issue with decrypting traffic, even if it's only for security analysis. They have some fears. So, they are quite interested in the capability to detect threats without decrypting traffic.

The usability of Cisco Firepower Threat Defense is an issue. The product is still under development, and the user interface is very difficult to deal with. That's one area where it should be improved. Another area for improvement, which is also related to the firewall, is stability. We are having stability issues, and we had some cases where customers had a network down situation for about one or two days, which is not great.

As a partner, I have been working here for about nine years, but we offered this solution all the time. The company has probably been doing that for at least 15 years.

Cisco Firepower Threat Defense has improved a lot over the last few years, but we sometimes still have really big issues.

Their support is pretty awesome. It doesn't really matter if you have a hardware issue or a software issue. If it's a hardware issue, you get a replacement quickly, and if you have a software issue, you get quick support. There are also some bad examples. I have one from wireless where after a problem was acknowledged, it needed about one year to get fixed. It depends a little bit on how complex the issue is, but in general, it's quite okay.

We are also selling Fortinet, Palo Alto, and Check Point. We sell all solutions, but I'm quite focused on Cisco. It's mostly because I have the most expertise and experience with it over the years. I've been working with Cisco security solutions for 15 to 20 years. That's where my expertise is, and with Cisco, you have a solution for everything. It's not always the best of breed, but in the overall solution frame, you have something for everything, and they interact nicely with each other, which is great.

The deployment model is totally customer dependent. The way we work, we look at the customer environment and develop a proper deployment model for them. Some of them are using enterprise agreements. It's becoming more and more common, so they can use several solutions at once or with some kind of added use price and other benefits.

I'm not always involved in the deployment. I work as an architect. I do not implement all the solutions I design, but I implement some of them. For me, it's important because, for one, I like it, and second thing is that I need to have some kind of hands-on experience to understand the solution so that I can make better designs.

If you do the initial setup for the first time, it's somewhat complex., but over time, you get the experience, and then it's more or less straightforward. 

Our clients rarely used the firewall migration tool. It gives you a starting point for the configuration, but usually, there are so many things you need to rework afterward. We use it sometimes, but it only does a part of the job.

It does require maintenance. The clients have maintenance contracts for that.

In our company in Germany, just for the security solutions, we have about 20 to 30 engineers. They are experienced in different areas. For the firewalls, we have 10 engineers.

Cisco was never a cheap solution. Compared to other vendors, it's more or less at the same level, except maybe Fortinet which is fairly cheap.

In terms of licensing, we still have issues with the subscription model. Many of our customers are used to buying a solution and owning it. It takes time to convince people to go for the subscription model. That's still an issue for us.

We have Cisco Firepower Threat Defense, email security, web security, and Cisco Umbrella. Most of the time, I am working with Identity Services Engine for identity-related things. That's the main product I work with all the time. I have almost no direct contact with Talos, but I know that below the hood, it just improves all their security solutions.

To those evaluating this solution, I would advise being a little bit careful with it. It interfaces well with other Cisco solutions, so it has value, but it's not always the best solution.

At the moment, I would rate it a six out of ten.

I'm working as a Solution Architect for an energy provider in Austria. We have approximately 1,500 people working in Austria and also in some neighboring countries.

We are using Cisco Secure Firewall. We started with Cisco ASA long ago, and now, we have Cisco Firepower or Cisco Secure Firewall. We are using the product as a perimeter firewall and for remote access VPN and site-to-site VPN tunnels with other partner companies. So, the primary use case of Cisco Secure Firewall is to secure our perimeter, but it's also for the remote access VPN for employees in the home office or if they are outside the company.

The benefit of using Cisco Secure Firewall is that there is a lot of integration with other Cisco products like Cisco ISE or even with third-party systems. It's important to have these integrations with other systems. On one hand, you get more visibility, and on the other hand, you can also use the information that you have from the firewall in other systems, such as a SIEM or other similar things. You overall get better visibility and better security.

In terms of securing our infrastructure from end to end so that we can detect and remediate threats. When it comes to detection, it's pretty good because you have the background of Cisco Talos. I can't say if it's the truth, but they probably are one of the top players in threat hunting, so it's pretty good at detecting known things that are outside.

The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.

There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement. In the past, we had problems with new releases. 

Also, from the beginning, some functionalities or features have not worked properly. There are bugs. Every product has such problems, but sometimes, there are more problems than other products, so it's definitely something that can be improved, but Cisco seems to be working on it.

There is room for improvement in the stability of the product.

I know that there are several models for every type of scale that you need. For small branches up to the data center or even for the cloud, there are models, but so far, we only have one cluster. Among all these different types, we found the perfect matching size for our company.

The Cisco support with Cisco TAC is pretty good. With the TAC Connect Bot that you have with WebEx, you can easily open a case or escalate the case through the WebEx app. That's pretty cool. Also, the engineers that are working for Cisco TAC are really good. Among all the vendors that we have in place, it's the best support that we have experienced. I'd rate them a 10 out of 10 because compared to the other vendors that we have in place, it's definitely the best support.

Positive

We have a multi-vendor strategy for the firewall so that if there is some security issue in the software or something like that, you are not directly impacted, and there is another vendor in between. If I compare Cisco Secure Firewall with the other vendor that we have in place, the pro for Cisco Secure Firewall is that detection is better with the database of Talos. The con that comes to my mind is the deployment time when you deploy a change. With the other vendor, the change is more or less deployed immediately, whereas, with Cisco Secure Firewall, you have to wait for a few minutes until the change is deployed. This is one of the biggest cons on this side because if there's a misconfiguration, you are not able to correct the issue as fast as with the other vendor.

We migrated from Cisco ASA to Cisco Firepower, and it was straightforward because there were some migration tools to export the old ASA rule set and import it into Cisco Secure Firewall. With these tools and the documentation that you find on Cisco's site, it was pretty straightforward, and we had nearly no problems with the migration to Cisco Secure Firewall.

In terms of the deployment model, we have one high-availability cluster, and, of course, FMC to manage this cluster. These are physical clusters, and we have them on-prem in our data center.

For deployment, we worked with our partner who helped us a little bit with the migration. Our partner's engineer had good knowledge and supported us when we had questions. When we didn't know how to do something, they helped us with that.

The licensing models that are available for Cisco Secure Firewall are okay. You have nearly every option that you need. You can pick filtering, advanced malware protection, or all the available features. It's sufficient.

In terms of pricing, there are, for sure, some cheaper vendors, but overall, it's nearly the same. It has a fair price.

To those evaluating Cisco Secure Firewall, I'd advise thinking about what are your use cases and what's your goal to achieve with this product. It's also a good idea to talk to other customers or a partner and ask them what's their experience and what they think about it, and if it's suitable for this use case or not. And, of course, it's also a good idea to do a proof of concept or something like that.

At the moment, I'd rate Cisco Secure Firewall a six out of ten. The reason for that is that we are having some problems with the stability and functionality of the product, but there are also features, such as VPN, that are working from day one without a problem. So, there are good parts, and there are parts that are not working as well as we would like them to, but we and Cisco TAC will solve this in the future, and then the rating will go up.

We use WSA proxy and Cisco Firepowers with the FMC suite and Cisco Umbrella. We mainly use WSAP for on-premises data centers to get traffic outbound to the internet. Cisco Umbrella is for our endpoints, and Cisco firewalls are to protect our perimeter but also internal choke points to secure segments on our LAN.

Currently, we don't have any integrations between the three of them. They all run in isolation. 

Our external partner does the day-to-day management. We are not using it on a day-to-day basis. We position the products from within my team, but the detection mechanism is different per platform. We mainly trust the policy, and our security department is checking logs for anomalies in the patterns.

In terms of cost savings, we've been using this mechanism for years on end, so we haven't been able to see a real cost reduction between using our own personnel versus our external partner for management. It has been like that for 10 years or so.

In terms of time savings, it doesn't put too much burden on day-to-day activities to go over the details. The policies are rather straightforward, and anything not configured is not allowed. In that sense, it's easy.

Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging. 

If WSAP remains to be an active product, it might be an idea to integrate the configuration policy logic between Umbrella and WSAP. There should be one platform to manage both.

The integration between the on-prem proxy world and the cloud proxy would benefit us. One single policy setting would make sense.

That's great. Sometimes, you need to be clear on the severity levels, but once determined, we have a good experience with tech support.

Positive

That was long ago, but we had Blue Coat proxies before. We switched because of our strategy to go for Cisco as an ecosystem.

We chose Cisco products because we have a Cisco-first strategy. We typically check first with the Cisco product portfolio and then make up our minds. Historically speaking, it serves our interests best.

I am not involved firsthand in its deployment. We have an oversight role within our company, so we ask our external supplier to do the implementation, and when needed, to have it validated via Cisco, but I've no real hands-on experience.

I would expect that we have seen an ROI because our sourcing department would make sure we get the best price for the solution.

Licensing is quite difficult to get your head around. My biggest challenge is to understand the details, the inner relations. Luckily, to some extent, we have enterprise agreements, but licensing for me is a real black box.

I'd rate it an eight out of ten.

As a manufacturing company, we have to use many different concepts of firewalls. That's one reason we had to use a trusted firewall for security and trust reasons.

We use a top-down architectural level mostly. For this reason, Cisco Secure Firewall is the top product for us.

I would say that this solution has saved our organization's time because we are certified engineers and experts. It helps us to connect quite well with our customers on a professional level.

The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.

I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box.

I have been using this solution for around seven or eight years.

I've used different concepts of solutions before Cisco. Cisco is much better than Juniper, Brocade, or Foundry, as it is much easier to use and get directions from. It is also easier to integrate Cisco if you compare it with other customer concepts, such as Juniper, Brocade, or Aruba.

I am not involved in all Cisco firewall deployments. We also have an architectural team. We deploy based on a top-down level architecture and implementation structure.

When it comes to pricing, quality is important to us. When looking at products, we prefer quality over speed. Cisco is on that quality side mostly.

We are currently using the Cisco Firepower firewall, which is dependent on the situations in the data center and regional data center concepts. 

The way that this solution helps secure our infrastructure end-to-end is by enabling us to easily integrate all end-to-ends for monitoring.

Whether this solution saves us time depends on the situation. We use highly secure networks on the national security level and that's why it helps to use different products as Cisco is one of the best.

Overall, I would rate this solution a nine, on a scale from one to ten, with one being the worst and ten being the best.