Cisco Secure Firewall Reviews

Our use for Cisco Secure is for the firewall. 

Network segmentation is the most valuable feature.

The dashboard can be improved. 

I have been using Cisco Secure Firewall for seven years. 

It is stable.

It is scalable. A thousand-plus users are using the solution in my company. 

The initial setup is straightforward. 

Pricing is high.

Overall, I rate the product an eight out of ten. 

We had implemented our Cisco API and Cisco Stealthwatch. We use the Cisco Secure Firewall for easy integration that can collaborate with all these Cisco solutions. My operations will also have less maintenance and the same existing team.

Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.

The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us.

The solution's graphical user interface could be made more user-friendly, and the configuration can be simple.

I have been using Cisco Secure Firewall for five years.

Cisco Secure Firewall is a stable solution.

I rate Cisco Secure Firewall ten out of ten for stability.

Cisco Secure Firewall is a scalable solution. Around 400 users are using the solution in our organization.

I rate Cisco Secure Firewall a nine out of ten for scalability.

The solution’s technical support is good.

Positive

The solution’s initial setup is complex and requires Cisco-certified people.

Two engineers were involved in the solution's deployment, which took one week.

We have seen a return on investment with Cisco Secure Firewall because it provides advanced malware protection and seamless integration with my existing solutions.

Cisco Secure Firewall is a moderately priced solution. We have to pay a yearly licensing fee for the solution.

The solution’s maintenance is very easy, and one person can do it.

Overall, I rate Cisco Secure Firewall an eight out of ten.

We use Cisco Secure Firewall for traditional firewall use cases, like VPN, segmenting of traffic, and creating PPSs.

We need reliable communication to do what we do, and that's very important. The solution does what we need to do and when we need to do it. It has a great reputation for the support that we need because if things don't work within the Department of Defense, people don't survive. Communication and keeping the adversary out are key components of our work. So we need a robust, reliable, and secure product, and that's what Cisco provides us.

Cisco Secure Firewall is robust and reliable.

The process of procuring modern-day technology within the DOD needs to improve.

I've spent quite a few years with Cisco Secure Firewall.

Cisco Secure Firewall is a very stable solution.

Cisco Secure Firewall is a very scalable solution.

Cisco Secure Firewall's technical support is great, reliable, and responsive.

Positive

We have seen a return on investment from using Cisco Secure Firewall. From the DOD's perspective, we need a reliable and robust solution that has to be reliable in real-time. Cisco Secure Firewall is a reliable solution that works when needed.

Cisco Secure Firewall is a great scalable, secure, and robust product.

There is a dedicated team designed to handle firewalls.

I have a good impression of Cisco Talos and its effects on our security operations. They have a great reputation for doing a lot of great things.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience.

Overall, I rate Cisco Secure Firewall nine out of ten.

The primary use case is as one-layer protection of our OT network. The way we're set up is that we have our OT network behind the commercial network, and we do dual firewalls. We've Cisco firewalls on the commercial network side and a different vendor and a different management group on the OT network side.

It's a good solution. It's in some ways a reactive solution where we have it sitting in a whitelist mode rather than a blacklist mode. So, we are blocking everything and permitting specific things, and it seems to work fairly well for us.

It hasn't necessarily freed up the time, but it has helped in securing the infrastructure and the OT network behind it. The intent of this particular solution is not time-saving. It's not a cost solution. It's meant to isolate and control access to and from a specific set of infrastructure.

It allows us to get access. We're seeing more and more that business systems like SAP are looking to get access to OT systems, and this is how our systems get that.

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls.

We've been using Cisco firewalls for 10 years or more.

It has been a very stable solution. If you keep it up to date and do sensible management on it, it's a very stable solution.

So far, in this use case, it has met our scalability requirements in terms of traffic and management.

We have an excellent account team, and they go to bat for us inside of Cisco. We also have access to TAC and things like Smart Net, and all that seems to go very well. It's a good team. I'd rate them a nine out of ten.

Positive

We weren't using anything similar in this particular use case. We chose Cisco because they originally came on the recommendation of our networking partner. They came in with a strong recommendation from a strong partner.

I wasn't involved in its deployment. That was before I started working in this space.

In this specific use case, the biggest return on investment is that we do not have incidents, and this ultimately, in some of our factories, ends up being a health and human-safety use case.

We've gone to all smart licensing, so that works well. 

Understand what you're trying to protect and what you're trying to protect it from, and then also understand how the solution is managed.

I'd rate Cisco Secure Firewall a nine out of ten.

We have consulting engineers at the backend. We have our own SOC. We leverage Cisco solutions, and we add our services on top of them.

We also sell FTDs and Cisco firewalls ranging from the old models to the new models. We have Firepower from series 1000 to 4000.

A client of ours has a campus network. They're running all of their offices, branches, and multiple sites. They are managing all of their traffic through one point, and that point is secured.

It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers.

It's a great intelligent platform where we can pull all the security insights.

The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco. Usually, the case I see with my customers is that they always have a multi-vendor setup for security. They have many products. When they have multiple products, each product does something very specific standalone, but there is always a challenge in how to correlate all these solutions or make them as one framework for securing the network.

Their support is perfect. When I used to be an engineer, Cisco's tech support was such a great help. Everything is well-defined in terms of services and SLAs as compared to other vendors. Cisco is doing a great job across all portfolios. This is what makes Cisco stand out as a vendor as compared to the rest. I'd rate their support a nine out of ten.

Positive

We had another product previously. All the vendors are doing a great job in security, but Cisco has such a big portfolio, and as a reseller, it's easy for us to be a one-stop shop for the customer covering wired and wireless networks, endpoint security, and so on. That's the main advantage of Cisco nowadays.

These firewalls are deployed on-premises. We offer all the latest versions. We always advise customers to be updated with the latest technology. That's the aim of our business, but I have not been a part of the deployment.

My role is mainly technical, but on the business side, there would be an ROI in terms of seeing the clients happy.

Our clients are happy. They always get an update about the roadmap and the features that Cisco is releasing down the road. Cisco is always ahead of others not only in terms of security but also in terms of portfolio.

Everything comes with a price. Security is something on which you cannot compromise because the loss could be massive. I see CTOs and CSOs spending a lot on that. Cisco is not really cheap, but there is great technology behind it.

The main value we add as Cisco resellers is our consulting services. We have consulting engineers on the backend and we have our own SOC. We leverage Cisco, and on top of that, we add our services, which makes it a great collaboration between every successful system integrator, reseller, and vendor.

I'd advise asking for a demo and getting involved or engaged with the product to see its value. Don't just read about it.

Overall, I'd rate Cisco Secure Firewall a nine out of ten.

Our customers for the most part use this solution in data centers. 

The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs. 

We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs. 

We have been using Cisco Secure Firewall for almost a decade. 

Cisco's support is much better than other vendors' support. In my opinion, this is a big advantage for Cisco. The support Cisco offers is upper-level. 

Positive

We previously sold Fortinet devices. However, many of our clients switched over to Cisco because of the price as they are quite cheap. 

We are in the middle of a migration plan to Cisco right now in our company. I am not directly involved. We are working with a Cisco partner but I have been communicating our needs to them. However, I believe the migration process will be smooth for our company. It is crucial to have a solid migration plan in place because we are a core data center, so we have to be careful. 

We are deploying with the help of a partner. 

We do see a lot of ROI from Cisco Secure Firewall. We are in the process of migrating a lot of end-of-support devices with some new ones and the return on investment is there.

Price is a big selling point for Cisco Secure Firewall. They are quite affordable and many clients chose them precisely for this reason. 

This solution helped my clients save money and time. My clients save 50% on time thanks to automation and processing brought on by this solution. 

I have only good things to say about Cisco Talos. It has been quite helpful to our customers.

We use ASA Firewall to protect 250 to 300 devices, including workspaces and servers.

All the rules are secure and we haven't had a significant malware attack in the five years that we've been using ASA Firewall. It is a tremendous improvement for our network. However, I can't quantify the benefits in monetary terms. 

I like the ease of administration and the overall speed of processing web traffic. The modules help protect and administer web traffic. ASA Firewall's deep packet inspection gives me visibility regardless of whether I have the agent installed on all the workstations. I can see incoming web traffic and control access to suspicious or dangerous sites. I can apply a filter or make rules to restrict categories of websites.

Setting firewall network rules should be more straightforward with a clearer graphical representation. The rule-setting method seems old-fashioned. The firewall and network rules are separate from the Firepower and web access rules. You can access the firewall rules through the Cisco ASDM application, not the web client. I'm using an older version, and I'm sure this issue will improve in the next edition.

Micro-segmentation is somewhat complex. It's not easy, but it's not too difficult, either, so it's somewhere in the middle. I used micro-segmentation for 10 or 15 VLANs, and ASA Firewall acts as a router for those VLANs. The visibility offered by micro-segmentation is pretty poor. It's not deep enough. 

I have been using ASA Firewall for five years.

ASA Firewall is a stable solution.

I don't think ASA Firewall is very scalable. It depends on the models and the license. However, it's pretty simple to update and upgrade the models, so I would say it's moderately scalable. 

I worked with Cisco's technical support from the beginning and it was excellent. I rate Cisco support 10 out of 10. 

Positive

Previously, I used some Linux Servers with a software firewall for 20 years.
It was a Microsoft firewall, but I don't remember the name. It was a server that I had to install on the gateway.

Deploying ASA Firewall was complex because I needed to install an ESXi machine to implement the Firepower module. That was relatively complicated, and it took two or three days to complete the installation and verification.

I worked with a consultant who sold me the product and helped me with minor issues as needed. 

In the past, the company experienced multiple ransomware attacks, but we haven't seen any since installing ASA Firewall. It was a huge improvement. It's hard to quantify that in financial terms, but we had 40 or 50 machines damaged. 

I'm not sure precisely how much ASA Firewall costs, but I know it's a little more expensive than other solutions. I rate it seven out of ten for affordability. 

I learned about Fortinet and Palo Alto firewalls. I think FortiGate is easier to set up and manage. At the same time, Cisco firewalls are pretty secure and reliable. I think the ASA Firewall is in the top five.

I rate Cisco ASA Firewall eight out of ten. 

We're a partner so we work with all sorts of different end-users to deploy them for their use cases, including a lot of internet edge, some data center segmentation, east-west firewalls, and not so much in the cloud, but mostly on-prem today.

We use them for securing the internet perimeter and preventing malware from coming into the environment, as well as providing content filtering for CIPA compliance or other sorts of compliance out there. That's a big use case with our customers. 

The integration with the other Cisco products is something that a lot of our customers are looking forward to, with SecureX and ISE and Secure Endpoint. Things like that are a lot of the use cases that customers bring to us to help them solve. It integrates really well.

It's allowed them (our clients) to feel or know that their network is secure, and to put those guidelines in place, or those controls in place, to prevent their users from going out and unintentionally doing something dumb by clicking on the wrong link. It's able to prevent malware. And the Umbrella integration prevents them from getting to those websites if they do happen to be too busy and click on a phishing link or something like that.

As far as metrics or examples, I don't have any that I can specifically say off the top of my head. I will say I definitely have lots of happy customers that are running it and they feel it's a stable solution and one that they can rely on.

I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool.

From the Firepower solution, all the features that you would think of when you're thinking about a Firewall [are valuable], including some that I stated: content filtering, the IPS, IDS, and malware prevention. All of those are big use cases and great features that work well.

I've been using Cisco Firewalls and Cisco Firepower for at least 10 years.

It's stable. I have multiple clients that run it. There are always going to be some bugs and issues that we run into, but that's where their TAC definitely jumps in and helps and recommends code versions and things like that. Overall, the stability is pretty good.

In terms of scalability, they've got all different sizes of firewalls for different scales. Being able to understand how to size the firewalls appropriately is definitely key in that. That's where a partner can help, or even the customer Cisco account team can help with the scalability. They have the big multi-instance 9300 chassis down to the small 1000 series. There's a lot of scalability within the portfolio.

Cisco has a huge TAC organization. Experiences can differ. Sometimes it's really good, sometimes you get a newer TAC engineer who needs to start at step one to investigate the issue. But they're always there. They always pick up the phone and there's always a person, a TAC engineer to escalate to, who can provide really good support. You know that they've got someone in there. It's a matter of getting to the right individual.

They could improve by having more skilled, high-level engineers that are available around the clock. I know that's an easy thing to say and a hard thing to do. 

We have engineers that do the deployments. They're very skilled and have done many Firepower deployments. The methodology that Cisco has, the documentation they have out there on how to install it and how to configure it, are top-notch. That really helps us install it for a customer and get the customer up to speed on how well it works. A firewall is never a super simple thing to install and configure, but Cisco does a really good job with some of their automation tools and the documentation.

Usually, we assign a single engineer to a firewall deployment project and he's able to complete that. The amount of time it takes to deploy will vary. A small branch, may be several hours' worth of work to deploy a firewall. A large corporate site, obviously, that's going to be much more time-consuming, with lots of policies to configure and talk through with the customers and things like that. It varies depending on the size and application.

In terms of return on investment, I have multiple clients that have been through multiple generations of ASA to Firepower to the next generation of Firepower. They definitely find the return on investment there. They find it's a valuable product to have in their network. It definitely checks that ROI box for them.

Cisco is known as a premier product and it comes with a premier price point sometimes. Sometimes that makes it challenging for some customers to bite off. They see the value when we get into a proof-of-value scenario. Price points can tend to be high, but the new line of the 3000 series Firepowers definitely solves that issue and it's very attractive.

In terms of improving it, they're doing a really good job in a competitive landscape against some of the other vendors out there. The new Firepower 3000 series was a great addition to the portfolio and really stacks up, price-wise, well against some of the other vendors out there. A year ago, that was one thing that I would've commented on, but they've done a pretty good job of filling that niche.

There are some other good solutions out there. There are a lot of other successful firewall vendors. But when I compare a Palo Alto, or a Fortinet, or SonicWall, or something like that against Cisco, it's a tough comparison. Cisco has the ecosystem of security products that all tie in together, integrate really well together. There are lots of good dashboards and observability built into the product. That's where they've got a leg up on their competition. 

My advice for others looking to use the solution is to get [together] with a good partner, someone who's got engineers and architects that know the product well, and get their thoughts on it. We can always help compare and contrast against other options out there in the market. My job is knowing the market landscape and being able to help differentiate.

And always take advantage of a proof of value. It's always best to get that box into your network, see how it works with your particular traffic mix and your set of policies. I would always put a PoC/PoV as a checkbox in a buying decision.

I would rate the product somewhere between a seven or eight out of 10. Sometimes there are stability issues, as I referenced before, or just the general TAC support, while good, could be better. There's always room for improvement there. But I feel like it's a really good product that Cisco has definitely improved as time has gone on.