Cisco Secure Firewall Reviews

We started with the old ASA 5510 and migrated to Firepower, first using ASA as the basic operating system. Lately, we've been using FTD because it simplifies operations a lot. We are a very small networking team, and being able to push one policy to many firewalls eases our workload.

We are a global company, and we don't always have IT staff in all corners of the world. Therefore, having one place to do everything is very nice.

Cisco Secure Firewall has made it easier so that more than one person can handle things. We are able to have a bigger team that can handle simple tasks and have a smaller team focus on the deep-dive needs.

We have the same basic policies everywhere now, which makes it more flexible for us to manage.

I like the central management and IPS features. Having everything in one place is very valuable.

Cisco Secure Firewall is very good at detecting threats. We see a lot getting blocked by the IPS in our DMZ, that is, our internet-facing web service.

It helped free up IT staff time. Before, we would have to manually configure every single firewall. Every time we configure something on a firewall, it takes five to ten minutes, and we have more than 50 firewalls around the globe. We do changes every week, and the automated policy and upgrades saved us a lot of time.

In terms of the organization, we have been able to save time by getting things out faster. However, the only downside is that the policy push takes quite a while. Thus, a quick fix still takes at least 15 minutes, and troubleshooting can take time as well.

Some of our problems are related to software updates in remote sites where the internet connection is not stable. Sometimes, the image push just gets disrupted and fails.

The most annoying thing is having to replace the hardware so often. It's very difficult for us to do.

The integration between different tools could be improved. For example, with SecureX, I am yet to find out how to forward security events to different tools such as Microsoft Sentinel, which is what we use for log detection.

We've been using Cisco Secure Firewalls for a very long time.

We had to get in touch with technical support a few times, and our experience was good. I would give them a rating of nine out of ten. 

Positive

The initial deployment is easy, and I have not had any issues.

The solution is deployed on-premises. We have an on-premises FMC that connects everything.

The cost of the firewalls versus the ROI is okay.

We are quite Cisco-centric because of the performance we get for the price range. We have a lot of smaller sites, and we are not a very big organization. The price fits us perfectly.

Overall, I would rate Cisco Secure Firewall at nine on a scale from one to ten.

Our primary use case for this solution is to use it as a firewall. This product secures the internet from internal and public users.

Cisco Secure Firewall helped add to my organization's value. It is a selling product for us here. They have great support and documentation, which makes the solution easy to sell to customers. The Cisco name has a lot of value and high brand awareness.

We are selected partners now but are looking to grow to become a primary partner for Egypt. 

Cisco Secure Firewall definitely saved us time. However, security is never 100% with any product, even Cisco. So, you will have to spend some time securing your IT regardless of which solution you use.

I would say that it helped my company cut time by 50%.

The solution cautions us against threats via email notifications and internally in the web interface of the product itself on the dashboard.

What I found the most valuable about Cisco Secure Firewall is that if a client is educated about the solution, it can help him or her avoid many problems and mistakes. 

I think Cisco would benefit from comparing its solutions to other products. There is a lot to learn from solutions like Palo Alto or FortiGate. These are top security products. For example, Palo Alto has better inspection visibility than Cisco. When we ask customers about Palo Alto, they say "I like Palo Alto. It helps me see problems on time. I can audit everything through it." Cisco could improve in this regard. Cisco's inspection visibility could be better. 

I have been using this solution for a long time; since the PIX version in 2003. This adds up to almost 20 years now. I have had a plethora of experiences with this solution as both just an employee using it and also as the owner of a company. We also have a range of customers using the solution. 

We did not use any other solutions. Our strategy from the beginning has been to grow with Cisco. However, our customers have the final say in which solutions they choose and sometimes that's not Cisco. That has much to do with their previous beliefs and brand loyalty and trust. The customer's opinion matters and if the customer is loyal to Palo Alto, we are going to have a hard time getting them to make the switch. 

I am not involved in the deployment of the product. I have a sub that deploys Cisco Secure Firewall. I'm involved in guiding the deployment on the management side and making sure it's done in line with the customer's wishes. 

I did evaluate other options but ultimately went with Cisco because of the support they offer. You can reach their tech support engineers at any time. That's important. Their documentation is great as well. Their site is wonderful. 

I rate the solution a seven out of ten.

Cisco Secure Firewall should be consolidated with routers, switches, or VOIP.

I work for an engineering company that has multiple sites located in different locations, overseas and domestically in Pakistan. There are 30 to 35 sites connected to our network. We restrict the website at these locations using the Cisco Firepower module.

The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly. 

Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing. 

There are some other issues related to their reports where we want to extract some kind of user activity. When a user tries to connect to our website, we are unable to read its logs in a proper manner and the report is not per our requirement. These are two things that we are facing.

Per my requirements, this product needs improvement. For example, I want to use and integrate with Active Directory groups. 

We have been using it since last year.

It is a stable product.

I haven't tried to work with Cisco support.

In the last 10 years, we were using the Barracuda Web Security. Compared with that product, I would give this solution six or seven out of 10 when compared to Barracuda. Barracuda has one of the best web security features, giving access to users by deploying a web agent on client computers at different sites. 

Barracuda Web Security's hardware was obsolete so our management never tried to renew its license. That is why we are trying to use the Cisco Firepower module. We want to understand their web security gateways, web security logs, what it provides, and the kind of reporting it has. We are currently doing research and development regarding what features and facilities it provides us compared to our requirements.

I am happy with the web security. However, I am not happy with the groups, reports, and integration with Active Directory.

We are using the web security, and only the web security feature. Therefore, if someone asked me to give them advice about the Cisco product, then I will definitely not recommend it since it is not fulfilling our requirement. We have different sites located domestically and at overseas sites, which is about 30 to 35 sites. It is not locating any of the clients. This is compared to the Barracuda web agent on the client computer, which is always connected to Barracuda with live IP addresses, pushing and pulling all the procedures and policies to that client and computer. This is why I will not recommend the product to anyone who has a similar situation to ours. .

I would love to use the product in the future, if my requirements are met.

I would rate the product as four out of 10.

I am using Cisco ASA 5525 for netting, routing, and site-to-site VPN. We have two sites. I am using Cisco ASA Firewall on one site and Check Point Next-Generation Firewall on another site.

We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

We have been using this solution for one and a half years.

It is stable and reliable. If you are looking for security from Layer 1 to Layer 4, Cisco ASA is good, but if you are looking for Layer 7 security, deep security, and malware detection, this is not the right product. You have to use some other product.

We have more than 400 employees. We are currently not thinking of increasing its usage because we need more security, and Cisco ASA is not good for Layer 5 to Layer 7 security.

The biggest advantage of a Cisco product is technical support. They provide 24/7 support on 365 days. Their technical support is one of the best. I would rate them a ten out of ten.

Cisco ASA is very not complex. It is a very simple firewall. If you are configuring it through CLI, it is easy. If you configuring it through ASDM, it will be more difficult for a beginner engineer.

It takes around two to three days to cover all the parameters. It is very easy to deploy in an existing network, which is one of the main advantages of Cisco ASA.

We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS.

I considered pfSense, but when I checked the reviews, pfSense's reviews were really bad, so we purchased Cisco ASA.

I am very happy with this product in terms of netting, routing, and VPN functionalities. If you are a small organization with around 100 people and you are not thinking of Layer 7 security, deep security, and malware detection, Cisco ASA would be very useful and cost-effective for you.

I would rate Cisco ASA Firewall an eight out of ten.

We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.

It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.

The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.

There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.

I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.

They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal. 

It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.

Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.

Positive

Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.

We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.

I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.

Things are changing and the ASAs are becoming dated. People want content filtering and so on now.

We use them for site-to-site VPN solutions as well as other VPN activities, and for general application security.

We needed a good VPN solution and, as our network grew, we had more applications that were virtualized and that can be spun up. We needed a solution that would keep us ahead.

Cisco ASA provides great security for our applications.

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.

Also, the ASAs need to be improved a little bit to keep up with the demand for high bandwidth and session count applications.

I've been using Cisco ASAs for about 11 years.

It's reliable. It doesn't have all the features of some of the newer firewalls, but it's very reliable. It doesn't break. It's pretty rock-solid.

We have at least a pair in every one of our data centers. We gateway our applications around the firewall system, meaning all application data goes through firewalls.

We have good support from Cisco for the ASAs. That helps us out a lot. Some of our ASAs are pretty old and technically not supported anymore, but TAC always helps us out.

The initial one, for me, was a little bit complex because I hadn't done it before. It was inline and an active/standby pair, so it involved a little bit more than just deploying one firewall. 

We had some documentation written and we tested it in the lab and then the deployment took about four hours.

We deployed it alongside different solutions and then we cut over to it when it wouldn't impact the customers.

The maintenance involves doing code upgrades periodically to keep up with the security environment requirements. One person handles that.

We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.

From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.

The licensing is straightforward and simple, so we don't have to keep relicensing every year as we do with other applications.

We use Juniper as well.

We are using it for our VPN. We have a remote VPN and then a VPLS connection. Overall, it is a pretty big design.

We were looking for an opportunity to integrate our Firepower with Cisco ASA.

We mainly have these appliances on the data center side and in our headquarters.

It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that. 

The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.

With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.

The most valuable features are the remote VPN and site-to-site VPN tunnels.

I use the solution to write policies and analyze the data coming in via the firewalls.

It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.

I would like to see more identity awareness.

I have been using it for over six years.

The stability is pretty good. They are keeping up the good work and making updates to the current platform. 

The support is good. They have been there every time that we need them. I would rate them as nine out of 10.

Positive

We have used Check Point and Palo Alto. We are still using those but for more internal stuff. For external use, we are using the Cisco client.

The initial deployment was straightforward. We have worldwide data centers. For one data center, it took three days from design to implementation. 

It was a self-deployment. It took eight people to deploy.

It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this.

We also evaluated Zscaler, which is more cloud-based. It was pretty new and has a lack of support on the system side.

They have been keeping up by adding more features to the next-gen and cooperating with other vendors.

I would rate this solution as nine out of 10. It is pretty good compared to its competitors. Cisco is doing well. They have kept up their old traditional routing and fiber policies while bringing on new next-gen features.

This solution is a next-generation firewall. We use it to inspect our traffic going through the internet edges. This solution blocks Tor nodes or botnets that try to invade the system using various methods for intrusion. 

This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization. We can complete a layer 7 inspection and take a deep dive into the packets and block the traffic accordingly.

It took approximately six months to a year to realize the benefits of deploying this solution. It's an arduous process that is still ongoing.

This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.

Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.

The application detection feature of this solution could be improved as well as its integration with other solutions. 

I have been using this solution for five years. 

There is room for improvement when it comes to stability. We have encountered a lot of bugs using this solution.

This is a scalable solution. 

I would rate the customer support for this solution an eight out of ten. 

Positive

We previously used Check Point. We had an option to connect all of our security products from the endpoint to the firewalls to SASE-based solutions. This is why we changed solutions.

The initial setup is straightforward because it is supported by good documentation. We did not experience many issues and deployment took a couple of months.

We first deployed the solution in monitoring mode before moving into protection mode. We required four or five engineers for this. It takes a lot of time to do any maintenance or upgrades. This is one of my key pain points for this product.

Maintenance requires two people; one to focus on the upgrade and one to monitor the traffic.

We have experienced a return on investment in terms of security that has added value. 

This solution offers smart licensing that is comparable to other solutions on the market. 

I would rate this solution a seven out of ten. 

There are multiple data planes that run within this solution. My advice is to unify those data planes into a single data plane, so that traffic is sectioned and can be handled effectively. If you need a next-generation firewall, this is a good product.