Cisco Secure Firewall Reviews

We use Cisco Secure Firewall for our servers, protecting data centers, and limiting the ports and threats. We have various web servers hosted in our data center, and to protect them from external threats, we use the firewall.

The most valuable features of Cisco Secure Firewall include the next-generation firewall and its strong anti-malware capabilities. These features protect internal servers from external threats, such as denial of service threats, viruses, and malware. Additionally, Cisco checks and stops traffic containing new threats, taking steps to mitigate them. When our servers are secure, their speed is very good using Cisco Secure Firewall. We do not face any kind of delay or issues, allowing more users to connect seamlessly.

Cisco Secure Firewall is difficult to manage as it lacks a web interface for management, requiring installation of management center software on a dedicated computer or server. Should the management software be removed, it needs to be reinstalled, consuming time and resources. Moreover, the configuration commands are not user-friendly, especially when compared to Fortinet's interface. The process of licensing is complicated, involving many steps to obtain and enter the license key. This process should be simplified.

We have been working with Cisco Secure Firewall for about five to six years.

The technical support is not very good because when support is requested, assistance often takes a few days to arrive as they are quite busy.

We previously used software firewalls running on Linux. We switched because they were not next-generation firewalls and did not provide antivirus and malware protection.

The licensing process for Cisco Secure Firewall is convoluted, involving many steps to request and enter a license key. In contrast, Fortinet or other firewalls offer a simpler process where you just need to enter the key quickly.

Cisco Secure Firewall could improve in areas like user-friendliness and cost-effectiveness, as it is very costly and difficult to manage. I would rate it seven out of ten, but I would recommend other firewalls due to its high cost and complexity.

On-premises

The solution is used in a normal enterprise-level configuration. It has effectively worked as a perimeter firewall. Our VPN was also configured on it.

The threat prevention is better than FortiGate, but it is less effective than Palo Alto. The VPN functionality is consistent, and the performance is good.

Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps. Compared to Palo Alto and FortiGate, it is not as effective. Cisco Firewalls require FMC for management. 

If you have a small to medium-sized office with only a few firewalls, you can deploy and manage them without FMC. However, without FMC, it is not fully functional, limiting the features available. You cannot use the asterisk value in address objects in Cisco. 

In other firewalls, hovering over an object displays details like the IP address. With Cisco, you need to access the object to see inside details. Cisco should improve this aspect. The NAT process is handled differently, which I do not like. Obtaining support is challenging compared to FortiGate and Palo Alto. 

Although knowledge-wise they are good, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

I have used the solution for almost two years.

The scalable performance is good, however, the voice communication is not effective. Compared to FortiGate and Palo Alto, it lags in configuration and other aspects.

Knowledge-wise, they are good, however, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

Negative

The deployment was a normal activity, similar to how enterprises operate. It worked as a perimeter firewall, and our VPN was configured on it. The installation took approximately half a day.

For mid-sized organizations, I do not recommend it. For ISPs or data centers, I would recommend it due to its good performance and hardware capabilities. Their hardware can handle substantial amounts of data without causing latency. I recommend it for ISP or data center. For enterprise purposes, I do not recommend it. 

I rate the overall solution seven out of ten.

On-premises

Our primary use case for Cisco Secure Firewall is for enterprise customers. We primarily work on Cisco Meraki switching and wireless. We also engage with Cisco Secure Firewall for threat prevention and information security.

The Cisco Secure Firewall appliances are primarily ASIC-based, which makes them fast and purpose-built. They stand out because they are not Intel-based systems, and in terms of performance and stability, they are among the best. Scalability is another strong point, as I have not encountered any issues in terms of scalability. Everything is in a cluster and can operate in active standby, active-active, or active-passive mode. Additionally, Cisco's support is excellent, which adds further value to their solutions.

The configuration might be slightly difficult compared to other players in the market like Fortinet or WatchGuard. It can be challenging for someone who is not used to using an application to configure the firewall, but with experience, it becomes manageable.

I have been working with Cisco Secure Firewall for four, five, six years or more.

There have been no issues with deployment.

Cisco Secure Firewall offers exceptional performance and stability. They are among the best in terms of stability.

I have not come across any issues with scalability. Everything scales very well.

Customer service and support are excellent. I would rate their support 10 out of 10. I have been working with them on firewalls, wireless, switching, and routing, and the support is the best.

Positive

For someone like me who has been working on firewalls for quite some time, I do not see any problems with the initial setup. However, for someone trying to configure it for the first time with little experience, it may present a challenge.

Return on investment depends on the customer. While some may see it as an expense, others view it as an investment based on their understanding of Cisco.

The pricing is slightly more expensive than other products in the market. It's considered a premium, but people pay that price for Cisco.

I have been working with Palo Alto, Fortinet, SonicWALL, and WatchGuard.

I would definitely recommend Cisco Secure Firewall for its architecture, performance, stability, and exceptional support. When choosing a product, consider features delivery, stability, scalability, and customer support. On a scale of one to ten, I rate their firewalls eight to eight and a half.

On-premises

I am a system engineer, and I've been looking for some details and competitive information regarding the standards of this firewall and similar technologies.

There is a good relationship between real throughput, meaning the root performance, and the data sheet performance. When comparing it to other vendors, the data sheet performance is often more than expected and more than the real performance. It includes features like IPS, malware protection, and other security features.

The management usability and security of Cisco Firewall are based on Firepower Management Center, which is quite out of date compared to other vendors.

I have used this solution for more than ten years.

The SLA is great, and the escalation process is also great. For example, if I have a priority one case, I am able to call the manager to raise the severity, etc. So the SLA is very good.

Neutral

When compared with other competitors like Palo Alto or Fortinet, Cisco stands in a good position regarding the firewall environment. Compared to Fortinet, Cisco is a bit higher. When comparing with Palata and Juniper, Cisco has the same price level.

I am well prepared, and it is quite easy. Cisco has really great documentation, like a deployment guide and a quick start guide, etc.

If engineers are well prepared, it is good to note that Cisco has really great documentation. I have been working with AI features in the Cisco environment with Cisco Firewall, etc. I have been hearing and reading a lot about the integration of AI capabilities into Cisco devices, but I have not worked with that yet.

Overall, I would rate this an eight out of ten.

I've deployed them in a number of different use cases. I've deployed them at the internet edge. I've used those VPN concentrators, and I've deployed them at the data center core, segmenting VLANs.

We've seen a lot of improvements in terms of cybersecurity resilience and securing our infrastructure from end to end so that we can detect and remediate threats. The visibility with FMC is excellent. Being able to have, for instance, a data center core firewall, an internet edge firewall, and a VPN concentrator device managed by the same FMC and being able to take all of that information and see it in one place is very beneficial from the security posture standpoint. It's a time saver because it makes things easy. I can log in and very easily see what my detected threats are, what's been happening over the last 24 hours, or if there's anything I need to be concerned about. Being able to see who's logging into the VPN, but also what traffic are they sending, what are they bringing back, and being able to have all that in one place is really nice. The integration between the FMC and endpoints is a nice feature and a big time saver in terms of remediating threats and remediating malware and other malicious software.

FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent.

The policies module in FMC specifically isn't the most user-friendly. Coming from Cisco ASA, Cisco ASA is a little bit easier to use. When you get into particularly complex deployments where you have a lot of different interfaces and all that kind of stuff, it's a little bit tricky. Some usability improvements there would be nice. 

For scalability, they could support a little bit more diverse deployments around clustering and high availability. Currently, it's very active standby, and being able to do a three firewall cluster or four or five firewall cluster would suit some of my deployments a little bit better. It would also help to keep the cost down for the customer because you're buying smaller devices and clustering them versus larger devices.

I've been using Cisco firewalls for fifteen years at least. I've been using them in some form or another, such as from ASAs and now FTDs and Firepower.

Its stability is excellent. In the last six months, I've probably deployed about 14 Cisco Secure Firewall devices, and I am yet to get a callback. I deploy them, and then the customer takes ownership of the device, and they're off to the races and ready to go. They've been stable, which is good. I don't like devices that break the week after I install them and make me look bad.

I've implemented them anywhere from a 500 MB throughput device up to a 20 GB throughput device. Particularly around scalability, some improvements in terms of clustering would be good.

I've called Cisco TAC many times throughout my career, and I never hesitate to do it. They've always been fantastic for me. I'd rate them a ten out of ten.

Positive

I've used a number of other competitive devices. I've customers running SonicWall, I've customers running Palo Alto, and I've customers running Fortinet. Cisco Secure Firewalls are excellent.

Cisco is at a really good place, especially with a lot of the recent updates that have happened. Compared to Palo Alto and Fortinet specifically, I find FMC is way easier to use. Specifically in the realm of cybersecurity resilience, it's for sure a much more effective tool than Palo Alto. Having come from Palo Alto, the way FMC surfaces threats and enables response to set threats is vastly easier for me and my team to work with, so we're seeing a lot more resiliency. We're seeing a lot quicker response to threats. We're seeing a lot quicker identification of threats. From that perspective, it's far and away better.

Cisco Secure Firewall is the best in the market right now. Palo Alto is okay, but Cisco is better. In terms of resiliency and providing actionable intelligence to a security team, I find Cisco products to be way better. Fortinet is also fairly easy to use. They have a lot of the same strengths. However, Fortinet's technical support is terrible. Cisco has a nice package of devices. It's easy to use. It's easy to integrate for the security team. It gives you a lot of actionable intelligence in your network. Having that kind of company and technical support to be able to back that up and be able to support the customers is very useful.

I've deployed them countless times, and I find it very easy. I did a high availability pair of internet edge firewalls for a 2,000 users organization migrating from Palo Alto, and I moved them over with AnyConnect, Umbrella, and Duo from Palo Alto in a week and a half with no downtime. I do a lot on-prem just because of my verticals. I work a lot in law enforcement. I work a lot in government, and those end up being very on-prem heavy. 

It's pretty competitive. If they could make it cheaper, it would be great. You always want cheaper, but relative to the performance capabilities of the firewall and relative to what you get, it's fair.

It's not the cheapest in the world, but you get an excellent product for that price. The onus is on us as a customer to look at what we're buying and establish not just the price but the value. You need to look at what you're getting for your dollars there. Cisco has a very good proposition there.

Its licensing is pretty good. It's not very complex. There are not a million different SKUs. I had a Palo Alto deployment where the customer had asked for a license for integration with their Cortex XDR, and they didn't include it. It was eight more SKUs and eighty thousand dollars more. It was a real disaster, and it can put a customer off from using Palo Alto. Cisco's licensing model is easy to understand whether it's apps or VPN. The way that they handle the subscriptions is very easy to understand. It's very fair.

To someone researching this solution who wants to improve cybersecurity in their organization, I'd say that the main thing to look for is usability. Find something that you can understand and that provides you with actionable intelligence because a security device that's not administered and monitored properly isn't going to do much for you. It's not going to be very effective. So, you want a device that's easy to use and that gives you a lot of that visibility and makes your job as a security administrator easy. It should make identifying and responding to threats as seamless as humanly possible because the quicker you can respond, the more security you're able to keep in your organization.

Cisco Talos is an excellent product. I've been using Cisco Talos since Cisco introduced it. In fact, I was a Sourcefire customer before Cisco acquired them, so I'm very familiar with the roots of that team and where it's from. I've been all in on them since day one.

Overall, I'd rate Cisco Secure Firewall a nine out of ten. There's always room for improvement, especially in security because the security world is changing on a daily basis. We're always looking for what can we do better and how can we improve, but what Cisco has done since the Sourcefire acquisition and where they've taken it, I'm very excited for the future.

On-premises

We use Cisco Secure Firewalls to secure our business.

Cisco Secure Firewall is a Layer 7 next-generation firewall, providing us with a significant amount of visibility into our traffic patterns and the traffic passing through the firewall. It informs us about the zones that facilitate a smooth data flow, where the data is being directed, and covers ingress and egress all the way up to layer seven. Therefore, I believe the visibility it offers is excellent.

Cisco Secure Firewall is effective in securing our infrastructure from end to end, enabling us to detect and remediate threats. However, the way we currently utilize it may not be the most optimal approach to fully leverage its end-to-end capabilities. Nonetheless, considering its purpose within our usage, it effectively fulfills its intended role.

The ability of Cisco Secure Firewall to enhance our organization's cybersecurity posture and resilience is commendable. Cisco Secure Firewall serves as our primary line of defense, deployed at the Internet edge of every site across the globe.

The most valuable feature is zone segmentation, which we utilize through the Firepower management console. This allows for centralized management, which proves highly useful. In the past, when using Cisco Firewalls, we had to manage them independently. However, now we have a single unified interface to manage all our Cisco Firewalls worldwide.

The Cisco Firewall UI could be improved. While having a centralized management console is a significant improvement, I believe there are several enhancements that could be made to the UI to enhance its user-friendliness and improve the overall flow. This is particularly important during troubleshooting, as we want to avoid wasting time navigating through different sections and excessive clicking. It would be beneficial to have everything readily accessible and a smoother flow to quickly reach the desired locations.

I believe Cisco needs to make the appliance more automated in order to provide us with additional time. This would eliminate the need for us to manually go through the firewall, search, find, and troubleshoot everything. It would be beneficial if the appliance had some form of AI integrated to generate such information, enabling us to quickly identify the problem. If necessary, we could then delve deeper into the issue.

I have been using Cisco Secure Firewall for 19 years.

Cisco Secure Firewall is stable.

The scalability of Cisco Secure Firewall depends on the different models available, as each model may have a fixed scalability level. Therefore, the scalability we obtain will vary depending on the specific model we utilize.

The quality of technical support varies. We occasionally receive excellent technicians, while other times we do not. Consequently, I believe it is preferable to rely more on the competent ones rather than the subpar ones.

Neutral

We had previously used Check Point but decided to switch to Cisco Secure Firewall. The reason for this switch was the lower cost and our company's desire to remove Check Point from our environment. It was an excellent deal, and the technology was on par. We did not lose any functionality or experience any drawbacks by choosing Cisco over Check Point. In fact, I believe we gained additional features, and Cisco is more widely adopted and supported compared to Check Point. Therefore, I am confident that we made the right decision.

The initial setup was complex. Firstly, we were migrating from a completely different platform and vendor to Cisco. Therefore, the ruleset migration was not only complex but also tedious because there was no suitable migration tool available for transitioning from Check Point to Cisco Firepower. The second part involved a complete change in our design, as we opted for a more zone-based approach where our checkpoints are more streamlined. This complexity was a result of our own decision-making.

We utilized our partner, ConvergeOne, for the integration, and they were exceptional. They demonstrated sharp skills, and together we successfully completed the job. The entire process took us a year during which we managed to cover every site within our company.

We have witnessed a return on investment through the capabilities of Cisco Secure Firewall itself, along with its numerous threat defense technologies. As a result, we do not need to purchase additional tools to enhance the firewall; everything is already integrated. Therefore, I believe this was a significant victory for us.

The pricing structure for Cisco Secure Firewall can be challenging to manage. It involves separate line items that need to be carefully tracked, such as SmartNet, FCD licenses, and other license features. This complexity adds to the difficulty of dealing with the pricing.

I rate Cisco Secure Firewall an eight out of ten.

Cisco Secure Firewall has not helped consolidate any of our applications or tools.

We use Cisco Talos to pull the signatures for everything we download. However, we don't rely on Cisco Talos for our day-to-day operations. 

Cisco Secure Firewall is a commendable product and holds a leadership position in the industry. While there are other competitors available, it is certainly worth considering, particularly for organizations that already utilize Cisco switching, routing, and related infrastructure. Cisco Secure Firewall can seamlessly integrate into the existing ecosystem, making it an appealing option to explore.

Having in-house expertise in Cisco and its products is indeed valuable when making a decision to go with Cisco Secure Firewall. The fact that our team already had a lot of expertise and experience with Cisco products played a significant role in the decision-making process.

On-premises

I use it every day. It's something that's part of my daily tasks every day. I log in, look at logs, and do some firewall rule updates. 

We have a managed services team. I'm not part of that team, I use it for our company. I look at why things are being dropped or allowed. 

I'm using an older version. They got rid of EIGRP out of FlexConfig, which was nice. Now there's policy-based routing, which is something that I have to update my firewalls or my FMC so I can utilize that product.

Right now I use the Cisco-recommended version of FMC which is 7.0.5.

I like the GUI base of Secure Firepower Management Center. Coming from an ASA where it was the ASDM, I like the FMC where you can see everything is managed through one pane of glass. 

It's a single pane of glass, we have multiple firewalls. I can click and be on to the next firewall in a few seconds, really. 

As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end. 

We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure. 

Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.  

I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire. 

It runs forever. I haven't had any problems with any Secure Firewall. It just runs. You don't have to worry about it crashing. All Cisco products run forever. They run themselves. You need to update them. 

I'm a team of two. Either I'm looking at it, the other guy's looking at it, or no one's looking at it. It's part of my daily routine as I get in there and I make sure that I have the status quo before I move on to other projects or other tickets for the day. It's a daily process. They log the information right in.

I'll find out about scalability in a few weeks. I need to change out some firewalls that are a lower model to a higher model because of the VPN limitations. I'm going to have to do some more work and see how long it takes. 

They're awesome. I talked to the guys here, I had a couple of problems that keep me up at night. I was able to come here and they're going to help me out with some different ideas. Anybody I talk to has a solution, and the problem is fixed. So it's nice. I've never had any problem with TAC. They're awesome.

I wouldn't give them a ten. Nobody is perfect. I'll give them a nine because they help me with any issues I've had. I could put a ticket in a day, and then it gets taken care of in a speedy, efficient manner, and then I'm able to move on to other things that I need to worry about.

Positive

Palo Alto seems clumsy to me. I don't like it. It shouldn't be a guessing game to know where stuff is. Cisco is laid out in front of you with your devices, your policies, and logging. You point and click and you are where you need to be. 

I haven't used Check Point in a while. It's been some time but it's an okay product.

For deployment, we have different locations on the east coast, on-prem, and in the data centers. We introduced a couple of firewalls, AWS, and Azure and we're implementing those in the cloud.  

On-prem is pretty easy to implement. I could lab up an FTD on my own time. It's super easy to download and install. You get 90 days to mess around in a lab environment. I'm new to the cloud stuff. I've built firewalls there, but there were other limitations. I didn't quite understand that I have to get some practice and learn about the load balancers.  

We're a Cisco partner, so we get 80% off. That's a big discount and companies are always looking at ways to save money these days.

I don't really look at Talos. It's in the background. I don't really look at it. It's there and it works. 

Nothing is perfect so I would rate Cisco Secure Firewall a 9.2 out of ten. I love the product. It's part of my daily routine. I'll hopefully use it until I retire. 

We are a Cisco partner and we are currently using Cisco Firepower for our internet edge, intrusion prevention systems, and filtering.

We use virtual appliances in the cloud and hardware appliances on-premises.

Cisco Secure Firewall has improved usability in our environment.

The application visibility and control are great. Cisco Secure Firewall provides us with visibility into the users and the applications that are being used.

We are capable of securing our infrastructure from end to end, enabling us to detect and address threats. We have excellent visibility into the traffic flows, including those within the DMZs.

Cisco Secure Firewall has helped save our IT staff a couple of hours per month of their time because it is much easier to use the GUI instead of attempting to manage things through the CLI, which we have to access from the CRM.

We have several clients who had larger security stacks that they were able to consolidate because they were using separate products for IPS or URL filtering. With Firepower, we were able to consolidate all of those into a single solution.

The ability of Cisco Secure Firewalls to consolidate tools or applications has had a significant impact on our security infrastructure by enabling us to eliminate all the additional tools and utilize a single product.

Cisco Talos helps us keep on top of our security operations.

Cisco Secure Firewall has helped our organization enhance its cybersecurity resilience. We can generate periodic reports that are shared with the security teams to keep them informed.

The ASA has seen significant improvement due to the IPS. 

The ability to troubleshoot more easily through the gate is valuable.

The integration with all the necessary products needs improvement. Managing various product integrations, such as Umbrella, is challenging.

I have been using Cisco Secure Firewall for four years. My organization has been using Cisco Secure Firewall for a much longer period of time. 

We experienced stability issues when transitioning to version 7.2, particularly related to operating Snort from Snort Two to Snort Three. In some cases, the firewalls necessitated a reboot, but we ultimately reverted back to using Snort Two.

The technical support is responsive. In most cases where I've opened a ticket, they have promptly worked on figuring out the actual problem and assisting me in resolving it.

Positive

We have had clients who switched to Cisco Secure Firewall from Check Point, Palo Alto, and WatchGuard due to the features and support that Cisco offers.

The initial setup is straightforward. Since we were transitioning from ASA to Firepower, a significant portion of our work involved transferring the access control lists to the power values in the GUI. After that, we began adding additional features, such as IPS.

The pricing and licensing structure of the firewall is fair and reasonable.

The closest competitor that matches Cisco Firepower is Palo Alto, and the feature sets are quite comparable for both of them. One issue I have noticed with Cisco's product is the SSL decryption when used by clients connecting from inside to outside the Internet. 

Cisco lacks the ability to check CRLs or OCSP certificate status unless we manually upload them, which is impractical for a large number of items like emails. On the other hand, Palo Alto lacks the ability to inspect the traffic within the firewall tunnel, which is a useful feature to have. 

I rate Cisco Secure Firewall eight out of ten.

I recommend taking advantage of the trial by downloading virtual next-gen firewalls provided by OBA, deploying them in a virtual environment, and testing their performance to evaluate their effectiveness. This is a crucial step.

Hybrid Cloud