Cisco Secure Firewall Reviews

I implemented the product which provides end-to-end networking and security features. It starts with secure tunneling, and I performed micro-segmentation in the firewall specific to a particular customer environment. It offers comprehensive security as well as networking features that I have enabled.

The software was mainly the highlight. Most firewalls have a challenge of identifying keywords and providing restricted access, which I encountered. However, Cisco Firewall has very good features, like trusted applications and restricted access for users based on keywords. I could access it appropriately, unlike some firewalls where this is a challenge. Essentially, the restricted access to websites has been exceptional. I was in the life science industry, focusing heavily on compliance. This product meets compliance requirements, and the security process has improved. Stability and consistent performance are critical components of Cisco's product.

The integration, especially for APIs or with other firewall products, is a challenge for me. In some satellite sites where large firewalls are not involved, I used Cisco Meraki. The integration between Cisco products themselves presents difficulties, such as SD-WAN configuration. Managing centralized networking with Cisco is challenging for me in terms of integration with other firewall products.

I have used the solution for almost four years.

The solution is stable and performs well.

Scalability presents a challenge. There is commercial involvement and several factors, making it complex for me. I would rate scalability seven out of ten.

Technical support is unsatisfactory for me. There might be restructuring within Cisco India or with the partner's capability. Whenever I encounter a technical support challenge, it is not an easy process. Even with premium support, it is a struggle. I have to provide many logs, yet problems remain unresolved, often requiring workarounds rather than solutions.

Neutral

The initial setup is not simple as it is all based on my requirements. If the requirement or site is predominantly complex, specialist involvement is necessary. However, for a vanilla installation, it is fine - just not easy.

I have assessed and decided to move on to Sophos. Sophos's support is excellent compared to Cisco and other products, with their technical support team based in South India. I have received a lot of good feedback about it.

Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. 

However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk.

I rate the overall solution six out of ten.

The solution is used in a normal enterprise-level configuration. It has effectively worked as a perimeter firewall. Our VPN was also configured on it.

The threat prevention is better than FortiGate, but it is less effective than Palo Alto. The VPN functionality is consistent, and the performance is good.

Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps. Compared to Palo Alto and FortiGate, it is not as effective. Cisco Firewalls require FMC for management. 

If you have a small to medium-sized office with only a few firewalls, you can deploy and manage them without FMC. However, without FMC, it is not fully functional, limiting the features available. You cannot use the asterisk value in address objects in Cisco. 

In other firewalls, hovering over an object displays details like the IP address. With Cisco, you need to access the object to see inside details. Cisco should improve this aspect. The NAT process is handled differently, which I do not like. Obtaining support is challenging compared to FortiGate and Palo Alto. 

Although knowledge-wise they are good, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

I have used the solution for almost two years.

The scalable performance is good, however, the voice communication is not effective. Compared to FortiGate and Palo Alto, it lags in configuration and other aspects.

Knowledge-wise, they are good, however, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

Negative

The deployment was a normal activity, similar to how enterprises operate. It worked as a perimeter firewall, and our VPN was configured on it. The installation took approximately half a day.

For mid-sized organizations, I do not recommend it. For ISPs or data centers, I would recommend it due to its good performance and hardware capabilities. Their hardware can handle substantial amounts of data without causing latency. I recommend it for ISP or data center. For enterprise purposes, I do not recommend it. 

I rate the overall solution seven out of ten.

I am a system engineer, and I've been looking for some details and competitive information regarding the standards of this firewall and similar technologies.

There is a good relationship between real throughput, meaning the root performance, and the data sheet performance. When comparing it to other vendors, the data sheet performance is often more than expected and more than the real performance. It includes features like IPS, malware protection, and other security features.

The management usability and security of Cisco Firewall are based on Firepower Management Center, which is quite out of date compared to other vendors.

I have used this solution for more than ten years.

The SLA is great, and the escalation process is also great. For example, if I have a priority one case, I am able to call the manager to raise the severity, etc. So the SLA is very good.

Neutral

When compared with other competitors like Palo Alto or Fortinet, Cisco stands in a good position regarding the firewall environment. Compared to Fortinet, Cisco is a bit higher. When comparing with Palata and Juniper, Cisco has the same price level.

I am well prepared, and it is quite easy. Cisco has really great documentation, like a deployment guide and a quick start guide, etc.

If engineers are well prepared, it is good to note that Cisco has really great documentation. I have been working with AI features in the Cisco environment with Cisco Firewall, etc. I have been hearing and reading a lot about the integration of AI capabilities into Cisco devices, but I have not worked with that yet.

Overall, I would rate this an eight out of ten.

Our primary use case is filtering as we have a filtering strategy. We are trying to filter a destination and do not have a centralized filtering strategy. So we have MX and on the other end filtering on the firewalls, but not in the middle. This means that both ends of the connectivity do all the security on the firewalls.

The most valuable MX features are the ease of deployment and a great dashboard. The most valuable Cisco Secure Firewall features are options, features, and ease of deployment because it's an appliance.

Cisco Secure Firewall's integration with cloud providers has room for improvement. We could do more in terms of integration, for example, if we had a tag on an instance. 

I would also like to see tag rules with cloud objects. This would be a great improvement for Cisco Secure Firewall. 

As far as MX is concerned, I would like to see more interconnection. We would also like to be able to do BGP.

Our organization has been using this solution for about 10 years.

We had MX when it was launched initially and it was not as stable as it is now. The stability of the solution has improved. 

I would rate the stability of this solution three years ago a 3 and today's stability an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I think that their tech support is quite good. I would rate them an eight, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

We have used different types of solutions. We had Cisco ASA for about 10 years, and then we switched to an on-site firewall to MX from Meraki, Cisco. For our cloud, we have Cisco Services Routers.

The migration to the cloud has been a lot of work. Not all of our systems were compliant with being on the cloud so we had to work on some applications and delete some of them. For the old systems, we had to do extra work but for the newer systems, it was fine. The migration took around 18 months to migrate 99%.

We had more than 2,000 on-prem firewall sites.

Cisco helped with the migration to the cloud with the migration tool. Migrating MX was really easy and the tools helped us to migrate from the old ASA we had to the new MX. The cloud, firewalling, and CSR helped us from the data center on-premise approach to the cloud because at the time we didn't have a lot of experience with the cloud. It was easy to use the Cisco appliances in that space.

I think that this solution has saved our IT staff time because of the ease of deployment. When I first started as a network engineer, it took a whole day to configure a firewall because of all the particularities you could potentially have at a site.

I think that this solution saved our organization's time because security saves money because. At the end of the day, firewalls block threats.

This solution helped with the consolidation of tools as we had all the observability tools in the solutions. Some 10 years ago we all had third-party solutions doing the observability. Now, we have the whole package and not only the firewall.

We choose Cisco 10 or 20 years ago mostly because it was a market-leading solution. I also think it's because of MX's user-friendly solution that you can get on board easily. As far as CSA goes, I believe it's because you have a lot of features on the firewalls and it's the stability of course.

I've deployed them in a number of different use cases. I've deployed them at the internet edge. I've used those VPN concentrators, and I've deployed them at the data center core, segmenting VLANs.

We've seen a lot of improvements in terms of cybersecurity resilience and securing our infrastructure from end to end so that we can detect and remediate threats. The visibility with FMC is excellent. Being able to have, for instance, a data center core firewall, an internet edge firewall, and a VPN concentrator device managed by the same FMC and being able to take all of that information and see it in one place is very beneficial from the security posture standpoint. It's a time saver because it makes things easy. I can log in and very easily see what my detected threats are, what's been happening over the last 24 hours, or if there's anything I need to be concerned about. Being able to see who's logging into the VPN, but also what traffic are they sending, what are they bringing back, and being able to have all that in one place is really nice. The integration between the FMC and endpoints is a nice feature and a big time saver in terms of remediating threats and remediating malware and other malicious software.

FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent.

The policies module in FMC specifically isn't the most user-friendly. Coming from Cisco ASA, Cisco ASA is a little bit easier to use. When you get into particularly complex deployments where you have a lot of different interfaces and all that kind of stuff, it's a little bit tricky. Some usability improvements there would be nice. 

For scalability, they could support a little bit more diverse deployments around clustering and high availability. Currently, it's very active standby, and being able to do a three firewall cluster or four or five firewall cluster would suit some of my deployments a little bit better. It would also help to keep the cost down for the customer because you're buying smaller devices and clustering them versus larger devices.

I've been using Cisco firewalls for fifteen years at least. I've been using them in some form or another, such as from ASAs and now FTDs and Firepower.

Its stability is excellent. In the last six months, I've probably deployed about 14 Cisco Secure Firewall devices, and I am yet to get a callback. I deploy them, and then the customer takes ownership of the device, and they're off to the races and ready to go. They've been stable, which is good. I don't like devices that break the week after I install them and make me look bad.

I've implemented them anywhere from a 500 MB throughput device up to a 20 GB throughput device. Particularly around scalability, some improvements in terms of clustering would be good.

I've called Cisco TAC many times throughout my career, and I never hesitate to do it. They've always been fantastic for me. I'd rate them a ten out of ten.

Positive

I've used a number of other competitive devices. I've customers running SonicWall, I've customers running Palo Alto, and I've customers running Fortinet. Cisco Secure Firewalls are excellent.

Cisco is at a really good place, especially with a lot of the recent updates that have happened. Compared to Palo Alto and Fortinet specifically, I find FMC is way easier to use. Specifically in the realm of cybersecurity resilience, it's for sure a much more effective tool than Palo Alto. Having come from Palo Alto, the way FMC surfaces threats and enables response to set threats is vastly easier for me and my team to work with, so we're seeing a lot more resiliency. We're seeing a lot quicker response to threats. We're seeing a lot quicker identification of threats. From that perspective, it's far and away better.

Cisco Secure Firewall is the best in the market right now. Palo Alto is okay, but Cisco is better. In terms of resiliency and providing actionable intelligence to a security team, I find Cisco products to be way better. Fortinet is also fairly easy to use. They have a lot of the same strengths. However, Fortinet's technical support is terrible. Cisco has a nice package of devices. It's easy to use. It's easy to integrate for the security team. It gives you a lot of actionable intelligence in your network. Having that kind of company and technical support to be able to back that up and be able to support the customers is very useful.

I've deployed them countless times, and I find it very easy. I did a high availability pair of internet edge firewalls for a 2,000 users organization migrating from Palo Alto, and I moved them over with AnyConnect, Umbrella, and Duo from Palo Alto in a week and a half with no downtime. I do a lot on-prem just because of my verticals. I work a lot in law enforcement. I work a lot in government, and those end up being very on-prem heavy. 

It's pretty competitive. If they could make it cheaper, it would be great. You always want cheaper, but relative to the performance capabilities of the firewall and relative to what you get, it's fair.

It's not the cheapest in the world, but you get an excellent product for that price. The onus is on us as a customer to look at what we're buying and establish not just the price but the value. You need to look at what you're getting for your dollars there. Cisco has a very good proposition there.

Its licensing is pretty good. It's not very complex. There are not a million different SKUs. I had a Palo Alto deployment where the customer had asked for a license for integration with their Cortex XDR, and they didn't include it. It was eight more SKUs and eighty thousand dollars more. It was a real disaster, and it can put a customer off from using Palo Alto. Cisco's licensing model is easy to understand whether it's apps or VPN. The way that they handle the subscriptions is very easy to understand. It's very fair.

To someone researching this solution who wants to improve cybersecurity in their organization, I'd say that the main thing to look for is usability. Find something that you can understand and that provides you with actionable intelligence because a security device that's not administered and monitored properly isn't going to do much for you. It's not going to be very effective. So, you want a device that's easy to use and that gives you a lot of that visibility and makes your job as a security administrator easy. It should make identifying and responding to threats as seamless as humanly possible because the quicker you can respond, the more security you're able to keep in your organization.

Cisco Talos is an excellent product. I've been using Cisco Talos since Cisco introduced it. In fact, I was a Sourcefire customer before Cisco acquired them, so I'm very familiar with the roots of that team and where it's from. I've been all in on them since day one.

Overall, I'd rate Cisco Secure Firewall a nine out of ten. There's always room for improvement, especially in security because the security world is changing on a daily basis. We're always looking for what can we do better and how can we improve, but what Cisco has done since the Sourcefire acquisition and where they've taken it, I'm very excited for the future.

Our use case is mostly for the data center. We are introducing a security zone in the data center, and Cisco is helping us to identify the traffic that is coming from north to south or from outside the data center to inside the data center. It helps us to manage the traffic and ensure that it's secure and allowed to go inside the data center. We have almost completed the project. We are currently tuning the access policies to only allow what's allowed to go inside.

We are using all the firewall models for the data center. AMP, detection, and prevention are a part of the solution.

It was a requirement from our security and compliance team that any traffic going to the data center needs to be checked and secured. We are almost at the final stage of this project to allow only secure access to the data center. We are almost there. We haven't yet completed the project, but it will definitely be a very critical service for us. Our data center is huge with more than 1,000 applications. It will protect and secure our services.

We are using Cisco firewalls not only in the data center but also on the internet edge. We also have it on the OT system or OT network. We are using most of the products from Cisco, and it was easy to integrate with other services. We have the Cisco ACI solution in the data center. We could integrate Cisco ACI with our firewall. We also have Cisco Stealthwatch and Cisco ISE. We can easily integrate different technologies.

Integration and troubleshooting are the main challenges of having multiple vendors. Having an end-to-end solution from one vendor makes life a lot easier because there is an ease of integration. We don't need a third party. It is also easy in terms of support. One engineer from the same vendor can help us with various technologies. We don't need engineers from different vendors, and we also avoid that common scenario where they start to blame the other one for the issue.

Having an end-to-end solution from the same vendor simplifies the implementation. We are able to have centralized management of different products. We were able to integrate and centrally manage even the older versions of Cisco firewalls.

I'm not a security person. I'm a planner, and we were interested in the advanced features of the firewall to allow us to manage the traffic. At the current stage of implementation, their help in implementing a policy has been valuable. It simplified the implementation. Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.

Its implementation was not straightforward. It was mainly because we were running two projects together. In terms of features, at this stage, I don't have inputs for the area of improvement. We are still in the implementation stage of our project. After we have the solution ready and we test it, we can go to phase two and see how to enhance the solution in the future. We can then see which features will allow us to do that. After we implement it, the next stages will be to maintain it, tune it, and build on it. We will then see how flexible it is.

I've been using Cisco firewalls for about 20 years. The last model we bought for the data center is 9300.

Cisco is always there to support customers and their businesses. They are there 24/7. Whenever you have an issue or challenge, they are always there. For us, a good thing about Cisco is that there is a Cisco office in Oman. Our colleagues coordinate and communicate with them almost daily. They are always there to support us through any challenge or issue. All vendors are not available in Oman, so having a trusted partner who would always help us was a key factor for investing in Cisco. 

When we open a ticket with Cisco support, we always get someone to help us. We have a dedicated engineer who knows our infrastructure and can help us and track the issues. We are a big organization, and we have critical services. We are the biggest oil producer in Oman, which is the main economy of the country. We can't afford any interruptions. We are trying our best, and Cisco always supports us. They handle our cases in an urgent manner because they know the criticality.

For the data center, we didn't have a security zone previously. It was one of the key requirements to come up with the security zone. We chose Cisco firewalls because we were implementing ACI in the data center, and we thought that having one vendor for both activities will reduce our time of implementation, which didn't turn out to be true.

It was not a straightforward implementation. The main challenge was that we were running two projects together, so we ended up doing the same activity twice. We had two requirements: refresh the data center devices and secure them because there was no security zone. We went for the ACI implementation, which was new for us and required a lot of discussions, and when we tried to introduce the firewall, we again had a lot of discussions with Cisco about whether to go with clustering or active standby.

We discovered that our ACI was not compatible with the firewall that we are introducing. So, we ended up upgrading our ACI. That was a big activity because we had to interrupt our data center. It should have been a seamless upgrade, but because some of our services didn't have dual links, we had to do some maintenance for that. After that, we also ended up upgrading our switches because they were not supporting 40 gigs, which is what the firewall interface supported. That was another challenge that we had. After that, going to active-standby or clustering was another challenge because the switch fabric didn't work well with our design. So, we ended up going with active-standby.

It was a journey, but in the end, we managed to overcome those challenges and implemented our solution.

We've definitely seen an ROI. It was a requirement, and looking at the way it went, especially in terms of coming up with the policy and securing our data center, there has been a value-add. We now have a security zone, and we have policies. We can manage and monitor the traffic coming in and going out.

In addition, we have the flexibility of sending any traffic to the firewall, even internally from the data center. Whenever we have a doubt about any application or traffic to any application, we can just send it to the firewall and let it check and monitor. We have this visibility that we didn't have before. We can see any traffic that comes in. 

We bought a three-year license as a part of the enterprise agreement, which includes help with implementation and troubleshooting. We have a big data center with many applications, so implementation was not straightforward. We had to put effort into it. It wasn't an easy or straightforward implementation. The support that we got from Cisco engineers with the three-year premium license was helpful. The enterprise agreement helped to consume the licenses in a practical and faster way and streamline the implementation.

We are very pleased with Cisco for the automation they did to help us in coming up with a policy. That was a big challenge because we didn't have any policy in place. It was a big help for us that they came up with a policy or at least proposed a policy for us.

Our engineers are familiar with Cisco firewalls, and they are not new to them. However, things are changing and technology is changing, and new features are getting added. Automation will be the main challenge for us. Some of our engineers are not yet very good at scripting. They're still learning. The way forward would be to have people do some amount of programming to come up with useful information to enhance the solution in the future.

I'd rate Cisco Secure Firewall a seven out of ten.

I use it every day. It's something that's part of my daily tasks every day. I log in, look at logs, and do some firewall rule updates. 

We have a managed services team. I'm not part of that team, I use it for our company. I look at why things are being dropped or allowed. 

I'm using an older version. They got rid of EIGRP out of FlexConfig, which was nice. Now there's policy-based routing, which is something that I have to update my firewalls or my FMC so I can utilize that product.

Right now I use the Cisco-recommended version of FMC which is 7.0.5.

I like the GUI base of Secure Firepower Management Center. Coming from an ASA where it was the ASDM, I like the FMC where you can see everything is managed through one pane of glass. 

It's a single pane of glass, we have multiple firewalls. I can click and be on to the next firewall in a few seconds, really. 

As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end. 

We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure. 

Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.  

I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire. 

It runs forever. I haven't had any problems with any Secure Firewall. It just runs. You don't have to worry about it crashing. All Cisco products run forever. They run themselves. You need to update them. 

I'm a team of two. Either I'm looking at it, the other guy's looking at it, or no one's looking at it. It's part of my daily routine as I get in there and I make sure that I have the status quo before I move on to other projects or other tickets for the day. It's a daily process. They log the information right in.

I'll find out about scalability in a few weeks. I need to change out some firewalls that are a lower model to a higher model because of the VPN limitations. I'm going to have to do some more work and see how long it takes. 

They're awesome. I talked to the guys here, I had a couple of problems that keep me up at night. I was able to come here and they're going to help me out with some different ideas. Anybody I talk to has a solution, and the problem is fixed. So it's nice. I've never had any problem with TAC. They're awesome.

I wouldn't give them a ten. Nobody is perfect. I'll give them a nine because they help me with any issues I've had. I could put a ticket in a day, and then it gets taken care of in a speedy, efficient manner, and then I'm able to move on to other things that I need to worry about.

Positive

Palo Alto seems clumsy to me. I don't like it. It shouldn't be a guessing game to know where stuff is. Cisco is laid out in front of you with your devices, your policies, and logging. You point and click and you are where you need to be. 

I haven't used Check Point in a while. It's been some time but it's an okay product.

For deployment, we have different locations on the east coast, on-prem, and in the data centers. We introduced a couple of firewalls, AWS, and Azure and we're implementing those in the cloud.  

On-prem is pretty easy to implement. I could lab up an FTD on my own time. It's super easy to download and install. You get 90 days to mess around in a lab environment. I'm new to the cloud stuff. I've built firewalls there, but there were other limitations. I didn't quite understand that I have to get some practice and learn about the load balancers.  

We're a Cisco partner, so we get 80% off. That's a big discount and companies are always looking at ways to save money these days.

I don't really look at Talos. It's in the background. I don't really look at it. It's there and it works. 

Nothing is perfect so I would rate Cisco Secure Firewall a 9.2 out of ten. I love the product. It's part of my daily routine. I'll hopefully use it until I retire. 

We are a Cisco partner and we are currently using Cisco Firepower for our internet edge, intrusion prevention systems, and filtering.

We use virtual appliances in the cloud and hardware appliances on-premises.

Cisco Secure Firewall has improved usability in our environment.

The application visibility and control are great. Cisco Secure Firewall provides us with visibility into the users and the applications that are being used.

We are capable of securing our infrastructure from end to end, enabling us to detect and address threats. We have excellent visibility into the traffic flows, including those within the DMZs.

Cisco Secure Firewall has helped save our IT staff a couple of hours per month of their time because it is much easier to use the GUI instead of attempting to manage things through the CLI, which we have to access from the CRM.

We have several clients who had larger security stacks that they were able to consolidate because they were using separate products for IPS or URL filtering. With Firepower, we were able to consolidate all of those into a single solution.

The ability of Cisco Secure Firewalls to consolidate tools or applications has had a significant impact on our security infrastructure by enabling us to eliminate all the additional tools and utilize a single product.

Cisco Talos helps us keep on top of our security operations.

Cisco Secure Firewall has helped our organization enhance its cybersecurity resilience. We can generate periodic reports that are shared with the security teams to keep them informed.

The ASA has seen significant improvement due to the IPS. 

The ability to troubleshoot more easily through the gate is valuable.

The integration with all the necessary products needs improvement. Managing various product integrations, such as Umbrella, is challenging.

I have been using Cisco Secure Firewall for four years. My organization has been using Cisco Secure Firewall for a much longer period of time. 

We experienced stability issues when transitioning to version 7.2, particularly related to operating Snort from Snort Two to Snort Three. In some cases, the firewalls necessitated a reboot, but we ultimately reverted back to using Snort Two.

The technical support is responsive. In most cases where I've opened a ticket, they have promptly worked on figuring out the actual problem and assisting me in resolving it.

Positive

We have had clients who switched to Cisco Secure Firewall from Check Point, Palo Alto, and WatchGuard due to the features and support that Cisco offers.

The initial setup is straightforward. Since we were transitioning from ASA to Firepower, a significant portion of our work involved transferring the access control lists to the power values in the GUI. After that, we began adding additional features, such as IPS.

The pricing and licensing structure of the firewall is fair and reasonable.

The closest competitor that matches Cisco Firepower is Palo Alto, and the feature sets are quite comparable for both of them. One issue I have noticed with Cisco's product is the SSL decryption when used by clients connecting from inside to outside the Internet. 

Cisco lacks the ability to check CRLs or OCSP certificate status unless we manually upload them, which is impractical for a large number of items like emails. On the other hand, Palo Alto lacks the ability to inspect the traffic within the firewall tunnel, which is a useful feature to have. 

I rate Cisco Secure Firewall eight out of ten.

I recommend taking advantage of the trial by downloading virtual next-gen firewalls provided by OBA, deploying them in a virtual environment, and testing their performance to evaluate their effectiveness. This is a crucial step.