Cisco Secure Firewall Reviews

I use the solution in my company for some internal testing purposes, so I don't use it in a real environment. I use it in my dummy lab environment.

The product's user interface is an area with certain shortcomings where improvements are required.

From an improvement perspective, the product's price needs to be lowered.

I have been using Cisco Secure Firewall for three years. I am a customer of Cisco.

I have faced no issues with the stability of the product. Stability-wise, I rate the solution an eight out of ten.

The product offers good scalability.

I rate the technical support a nine out of ten.

Positive

I have experience with Sophos.

The product's initial setup phase is a little difficult.

The product's deployment phase is a good and easy process.

The solution is deployed on the cloud.

The product is expensive.

I can't describe a particular scenario where the product has improved security, but I can say that the devices from Cisco are much more trustworthy and reliable compared to other devices in the market.

The most effective feature of the product for threat prevention stems from the granularity of the control that the devices from Cisco provide to its users.

The product offers great integration capabilities.

For our company's daily operations, the user interface provided by Sophos is much better and interactive compared to the one offered by Cisco.

You can choose Sophos if you want a low-budget or budget-friendly product. You can choose Cisco if you want a high-end and highly scalable tool with great integration capabilities, especially if budget is not an issue.

I rate the overall tool an eight out of ten.

I use the solution mostly to separate internal networks.

Being able to create and apply new policies to the firewall has been helpful. It is an object-oriented way of doing things that helps a lot because we can build and apply new policies. We can also test it and revert to the old one if it doesn't work.

The monitoring dashboard is valuable to us for troubleshooting. It lets us see if the packets get from the source to the destination correctly.

With the new FTD, there is a little bit of a learning curve. The learning curve could probably be simplified a little bit. I've come around that learning curve, and I'm able to get around it.

I have been using the solution for 15 years.

Cisco is known for its general stability.

The solution’s scalability is excellent. I don't know if the scalability has a downside or even a limit.

The support is really good. I have a good team that supports us, and I'm able to always reach out to them. It's nice to have somebody on the cell phone and just be able to reach out to them.

Positive

Years ago, I used different firewalls like Juniper, but mostly, it's been fixed to ASA and FTD. We switched to Cisco because our customers were using Cisco.

The initial setup had a little bit of a learning curve, especially because I came from ASA. I needed some help from Cisco. However, I knew what I was doing once it was set up, especially with FMC and Firepower.

We used Cisco’s support to deploy the product.

In general, we have seen an ROI on the product. Using it, applying policies, setting it up, and leaving it alone is helpful. It helps save resources.

I don't use the product for application visibility and control. I tend to worry more about blocking or allowing certain things versus looking deep into the servers and applications and how they work.

The product is great for securing our infrastructure from end to end. I'd like to be able to test out some of the other products, like dashboards and IPS/IDS, that work with it. For the most part, I set up a firewall, and I set up the rules. If things don't work, I monitor it through the monitoring dashboard and try to figure it out.

Cisco Secure Firewall has helped free up a lot of time for our IT staff. Apart from monitoring, unless somebody needs a firewall rule change or anything like that, there's no need to mess with it. Once we set it up, it just runs.

The solution has helped our organization to improve its cybersecurity resilience. Being a firewall, by definition of the term, the product has improved our organization’s security.

People should always evaluate other products. If you’re looking for a solid firewall, Cisco makes the choice so much simpler, especially now with FMC. We are able to apply policies easily and control different firewalls at the same time.

Overall, I rate the solution a nine out of ten.

We are currently utilizing the Cisco Secure Firewall, partially due to its historical relevance and partly because Cisco continues to maintain a prominent position in providing client VPN access.

We have employed Cisco Firepower and ASA on Firepower to facilitate client VPN access and to enforce fundamental layer four security policies.

We utilize security products in central locations to provide VPN access for clients throughout Europe.

The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.

Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.

The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.

The overall licensing structure could improve to make the solution better.

I have been using Cisco Secure Firewall for approximately 15 years.

My experiences with the Cisco Secure Firewall support have varied. Since we access it through a partner, some issues are quickly resolved, while others require more time and effort.

I rate the support from Cisco Secure Firewall a six out of ten.

Neutral

While I have not personally utilized other security products, our organization also employs FortiGate devices and applications for security purposes alongside Cisco Secure Firewall.

Acquiring licensing for Cisco Secure Firewall can be a bit cumbersome, therefore a more straightforward licensing process would be preferable. 

The licensing process can be frustrating, as it requires selecting between on-box or per-client options and other related considerations. Simplifying this process would be beneficial.

We are using access switches, routers, catalysts, and ISR products. Additionally, we are using Cisco as a platform, which is somewhat old, and Cisco ASA on Firepower devices.

I would advise others to thoroughly evaluate their requirements before selecting a security solution. While some products may seem like an obvious choice, it is important to take the time to assess the available options and determine which one best suits your specific needs. This approach is wise and can ultimately lead to a more effective security solution.

I rate Cisco Secure Firewall a seven out of ten.

We use them for some of our border firewalls in our data centers and also as our VPN concentrator. 

It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.

I don't have any specific improvements to recommend. However, when you compare the throughput of a Cisco firewall to the competitors, especially Fortinet, what you find is that Cisco has lagged a little bit behind in terms of firewall throughput, especially for the price that you pay for that throughput.

We've been using Cisco firewalls for probably 10 years.

We have 105,000 users, and they all have access to use a VPN to connect back into our network. We found that it works very well for us, and it's very scalable to the number of users that we have. That's why we continue using it.

It's very good. Cisco has excellent support. It's better than most of our vendors. I'd rate their support a ten out of ten. 

Positive

I don't believe so. We've used Cisco, at least for this specific use case, for a long time.

The enterprise agreement that we have has helped with the pricing because it allows us to consume licensing in more of a consumption model versus a per-user type model. That has helped us a lot.

I don't know. I wasn't with the organization then.

We don't use Cisco Secure for securing our infrastructure from end to end to be able to detect and mediate threats. We have other products that serve as our endpoint detection and especially for the end-to-end side of things. That's not really our strongest use case for it. Cisco Secure hasn't helped save our organization any time or operations expenditure because we have other products that we use for that.

Overall, I'd rate Cisco Secure Firewall a ten out of ten.

We are one of our Swedish municipalities. We use this solution to support our environment and keep it safe and secure.

At the moment, Cisco SecureX is just for the monitoring part. We are migrating servers from an old infrastructure to a new one. It monitors how they're behaving on the network.

We have 500 sites using it. It's a mix of remote sites and connected sites. We have a lot of devices. We are a Swedish municipality, so we do everything from healthcare to taking care of the roads. We have a wide spectrum of users, so we have to supply everyone with what they need. So, we have a lot of devices in our network.

Cisco SecureX is doing a good job for us in terms of securing our infrastructure from end to end so that we can detect and remediate threats. It's detecting what we want it to detect, and it's protecting us from what we want to be protected against. So, it does its job. That's our need at the moment.

It has saved us time. Attackers are constantly trying to get hold of our environment. We've had around 20 to 30 breach attempts to get ahold of our environment. It protects us from that. It also protects us when an attempt is underway. We can see them starting to get into our network, so we can prevent it in time. The time saved varies. It can be days of work.

Its efficiency and security are the most important. We are more efficient and more secure.

We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.

There should be more integration with Microsoft Identity.

We get customer support through ITEA for a bunch of solutions. We get the help we need. I'd rate them a nine out of ten. You can always do better.

We haven't used any other solution for a long time. We have been a Cisco customer for a long period.

I was involved in its design. Some parts of the initial setup were quite easy and some parts were quite complex. We were quite early adopters of some parts of the Cisco brand, so we had some challenges, but overall, it was quite straightforward.

For some parts, we took the help of a third party called ITEA. Our experience with them was good.

We haven't calculated the overall ROI. There are different areas we use it for. For some management areas, we can calculate ROI, but in some areas, we can't.

You get what you pay for. It's always priced based on what you get and what it can handle. It's acceptable.

To those evaluating this solution, I'd advise finding out what you want to use it for. Our usage is quite basic. Overall, I am quite satisfied with what we are using it for.

Overall, I'd rate it a nine out of ten.

I'm working as a Solution Architect for an energy provider in Austria. We have approximately 1,500 people working in Austria and also in some neighboring countries.

We are using Cisco Secure Firewall. We started with Cisco ASA long ago, and now, we have Cisco Firepower or Cisco Secure Firewall. We are using the product as a perimeter firewall and for remote access VPN and site-to-site VPN tunnels with other partner companies. So, the primary use case of Cisco Secure Firewall is to secure our perimeter, but it's also for the remote access VPN for employees in the home office or if they are outside the company.

The benefit of using Cisco Secure Firewall is that there is a lot of integration with other Cisco products like Cisco ISE or even with third-party systems. It's important to have these integrations with other systems. On one hand, you get more visibility, and on the other hand, you can also use the information that you have from the firewall in other systems, such as a SIEM or other similar things. You overall get better visibility and better security.

In terms of securing our infrastructure from end to end so that we can detect and remediate threats. When it comes to detection, it's pretty good because you have the background of Cisco Talos. I can't say if it's the truth, but they probably are one of the top players in threat hunting, so it's pretty good at detecting known things that are outside.

The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.

There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement. In the past, we had problems with new releases. 

Also, from the beginning, some functionalities or features have not worked properly. There are bugs. Every product has such problems, but sometimes, there are more problems than other products, so it's definitely something that can be improved, but Cisco seems to be working on it.

There is room for improvement in the stability of the product.

I know that there are several models for every type of scale that you need. For small branches up to the data center or even for the cloud, there are models, but so far, we only have one cluster. Among all these different types, we found the perfect matching size for our company.

The Cisco support with Cisco TAC is pretty good. With the TAC Connect Bot that you have with WebEx, you can easily open a case or escalate the case through the WebEx app. That's pretty cool. Also, the engineers that are working for Cisco TAC are really good. Among all the vendors that we have in place, it's the best support that we have experienced. I'd rate them a 10 out of 10 because compared to the other vendors that we have in place, it's definitely the best support.

Positive

We have a multi-vendor strategy for the firewall so that if there is some security issue in the software or something like that, you are not directly impacted, and there is another vendor in between. If I compare Cisco Secure Firewall with the other vendor that we have in place, the pro for Cisco Secure Firewall is that detection is better with the database of Talos. The con that comes to my mind is the deployment time when you deploy a change. With the other vendor, the change is more or less deployed immediately, whereas, with Cisco Secure Firewall, you have to wait for a few minutes until the change is deployed. This is one of the biggest cons on this side because if there's a misconfiguration, you are not able to correct the issue as fast as with the other vendor.

We migrated from Cisco ASA to Cisco Firepower, and it was straightforward because there were some migration tools to export the old ASA rule set and import it into Cisco Secure Firewall. With these tools and the documentation that you find on Cisco's site, it was pretty straightforward, and we had nearly no problems with the migration to Cisco Secure Firewall.

In terms of the deployment model, we have one high-availability cluster, and, of course, FMC to manage this cluster. These are physical clusters, and we have them on-prem in our data center.

For deployment, we worked with our partner who helped us a little bit with the migration. Our partner's engineer had good knowledge and supported us when we had questions. When we didn't know how to do something, they helped us with that.

The licensing models that are available for Cisco Secure Firewall are okay. You have nearly every option that you need. You can pick filtering, advanced malware protection, or all the available features. It's sufficient.

In terms of pricing, there are, for sure, some cheaper vendors, but overall, it's nearly the same. It has a fair price.

To those evaluating Cisco Secure Firewall, I'd advise thinking about what are your use cases and what's your goal to achieve with this product. It's also a good idea to talk to other customers or a partner and ask them what's their experience and what they think about it, and if it's suitable for this use case or not. And, of course, it's also a good idea to do a proof of concept or something like that.

At the moment, I'd rate Cisco Secure Firewall a six out of ten. The reason for that is that we are having some problems with the stability and functionality of the product, but there are also features, such as VPN, that are working from day one without a problem. So, there are good parts, and there are parts that are not working as well as we would like them to, but we and Cisco TAC will solve this in the future, and then the rating will go up.

We use WSA proxy and Cisco Firepowers with the FMC suite and Cisco Umbrella. We mainly use WSAP for on-premises data centers to get traffic outbound to the internet. Cisco Umbrella is for our endpoints, and Cisco firewalls are to protect our perimeter but also internal choke points to secure segments on our LAN.

Currently, we don't have any integrations between the three of them. They all run in isolation. 

Our external partner does the day-to-day management. We are not using it on a day-to-day basis. We position the products from within my team, but the detection mechanism is different per platform. We mainly trust the policy, and our security department is checking logs for anomalies in the patterns.

In terms of cost savings, we've been using this mechanism for years on end, so we haven't been able to see a real cost reduction between using our own personnel versus our external partner for management. It has been like that for 10 years or so.

In terms of time savings, it doesn't put too much burden on day-to-day activities to go over the details. The policies are rather straightforward, and anything not configured is not allowed. In that sense, it's easy.

Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging. 

If WSAP remains to be an active product, it might be an idea to integrate the configuration policy logic between Umbrella and WSAP. There should be one platform to manage both.

The integration between the on-prem proxy world and the cloud proxy would benefit us. One single policy setting would make sense.

That's great. Sometimes, you need to be clear on the severity levels, but once determined, we have a good experience with tech support.

Positive

That was long ago, but we had Blue Coat proxies before. We switched because of our strategy to go for Cisco as an ecosystem.

We chose Cisco products because we have a Cisco-first strategy. We typically check first with the Cisco product portfolio and then make up our minds. Historically speaking, it serves our interests best.

I am not involved firsthand in its deployment. We have an oversight role within our company, so we ask our external supplier to do the implementation, and when needed, to have it validated via Cisco, but I've no real hands-on experience.

I would expect that we have seen an ROI because our sourcing department would make sure we get the best price for the solution.

Licensing is quite difficult to get your head around. My biggest challenge is to understand the details, the inner relations. Luckily, to some extent, we have enterprise agreements, but licensing for me is a real black box.

I'd rate it an eight out of ten.

The main use cases are firewalling, routing, site-to-site VPN, and remote access. We have some older 5585-X ASAs in place. We do have Firepower 2000 Series and 4000 Series. 

For most setups, we do have high availability in place. We've at least two devices in active-active or active-standby. If it's a highly secure setup, we sometimes have two firewalls.

Cisco has a huge variety of products and features. It's a benefit to have the knowledge of all those things and also put it in the firewalling products. The knowledge that comes from other products or solutions that Cisco is selling is finding a place in security as well, and that's one of the key benefits.

There are time savings when you have a good solution in place for stopping or preventing security risks. In general, it isn't saving me time on a daily basis, but there is peace of mind knowing that you are being protected.

Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.

One con of Cisco Secure Firewalls is that Java is used a lot for the older generation of these firewalls. Java is used for the ASA and the ASDM tool for administration. It's an outdated way of administering, and it's also a security risk to use this kind of solution. This is a pro of Firepower or the newer generation of firewalls because they are using HTML for administration.

In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless. It should be bundled together in one solution.

I have been using this solution for six to seven years.

They have been very stable. I did not have any cases where a network was down due to firewalling. Fortunately, I did not have any hacker attacks, but that's being lucky. It's not something I would point out to firewalling or configuration. It's just that sometimes you're lucky and sometimes you're not.

It's very scalable. Cisco is for mid to large businesses. For small businesses, there are solutions that are cheaper, but that's not the main focus. 

A large environment comprises several thousand users. We have small to large size environments, but we mostly have mid to large.

Cisco's tech support is good in general. It varies and depends on with whom you're speaking and how the knowledge on the other side is. That's basically the same for our company. I'd rate them an eight out of ten. A ten would be perfect, and no one is perfect. You can reach maybe a nine, but no one can reach a ten.

Positive

For more security, we sometimes have two firewalls. We have other vendors in place, such as FortiGate or Palo Alto. We have Cisco at the front or at the end, and another vendor on the other side so that there is more security, and if there is a security breach in one solution, we still have the other one. These firewalls differ mostly in administration and how you configure things but not so much in terms of features. They may differ in small things, but in the end, they are all doing the same things.

I deploy and manage them afterward. I'm not only in the designing and implementing; I'm also in the operational business. Its deployment is not more complicated than other solutions. It's fine. When it comes to documentation, in general, Cisco is very good.

We mostly try to do it ourselves. Our approach is to have knowledge or any certification of the topic we are trying to take.

I'm not a salesperson. I'm more from the technical perspective, and I don't know if there are any savings at the end, but I believe that all that was bought in the past was used the way we wanted it to use. So, the money was well spent.

Licensing is not only for Secure Firewalls, and it's too complicated.

To someone evaluating or considering Cisco Secure Firewall, I'd advise having a good greenfield approach regarding what component to use. If there is no greenfield, you should evaluate what solutions you need and what type of use case you have and then decide based on that.

I'd rate Cisco Secure Firewall an eight out of ten. Cisco is a big player in networking and security, and that's basically the pro on their side.