Cisco Secure Firewall Reviews

We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.

It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.

The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.

There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.

I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.

They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal. 

It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.

Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.

Positive

Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.

We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.

I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.

Things are changing and the ASAs are becoming dated. People want content filtering and so on now.

We use them for site-to-site VPN solutions as well as other VPN activities, and for general application security.

We needed a good VPN solution and, as our network grew, we had more applications that were virtualized and that can be spun up. We needed a solution that would keep us ahead.

Cisco ASA provides great security for our applications.

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.

Also, the ASAs need to be improved a little bit to keep up with the demand for high bandwidth and session count applications.

I've been using Cisco ASAs for about 11 years.

It's reliable. It doesn't have all the features of some of the newer firewalls, but it's very reliable. It doesn't break. It's pretty rock-solid.

We have at least a pair in every one of our data centers. We gateway our applications around the firewall system, meaning all application data goes through firewalls.

We have good support from Cisco for the ASAs. That helps us out a lot. Some of our ASAs are pretty old and technically not supported anymore, but TAC always helps us out.

The initial one, for me, was a little bit complex because I hadn't done it before. It was inline and an active/standby pair, so it involved a little bit more than just deploying one firewall. 

We had some documentation written and we tested it in the lab and then the deployment took about four hours.

We deployed it alongside different solutions and then we cut over to it when it wouldn't impact the customers.

The maintenance involves doing code upgrades periodically to keep up with the security environment requirements. One person handles that.

We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.

From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.

The licensing is straightforward and simple, so we don't have to keep relicensing every year as we do with other applications.

We use Juniper as well.

We use Cisco IronPort, Firepower, Secure Firewall, Email, and Secure Connect.

As with most products, integration could be better where needed. Sometimes, for example, the Cisco Secure Firewall and IronPort are in a class of their own. When it comes to management and logging, there's room for improvement.

Most of the products aren't configured on their own, but they are related together. There should be some sort of management. We would need a supervisor to manage it before using all of the solutions together.

They address services that belong together. For example, the Secure Client provides remote access. Authentication and multiple-factor authentication are two different products that belong together. There should be a link between both products and between both management interfaces to see, for example, troubleshooting or reporting so that you have both sources together.

It would be great to have all the data correlated to have an overview and one point of administration. 

The grouping of the solutions helps save time. If you have a problem and you have a high-level overview of the system, you can easily dig deeper into the problem. For example, I can check to see why ASA isn't working but the reason for the outage is actually because of Duo. I can spend a lot of time working in the wrong direction because I didn't have an overview.

IronPort stuff looks at first a little bit outdated. It's not a fancy-colored view, but it does its job and is extremely helpful. Debugging on this platform is very easy. 

Firepower's implementation and reliability need room for improvement. 

We address our problems with the relevant people. Some of the quality of their support has dropped. If your problem gets escalated, there are many skilled people who are absolute pleasures to work with. They are brilliant at what they do. 

If you talk to someone who solves the problem within five minutes you can't do any better. But on the other hand, the other end of the range needs improvement.

You can have a case that lasts 15 months in which you have to talk to 20 people to resolve. 

Neutral

The complexity of the installation depends. It's not so easy to install. Each topic needs one management interface. So you end up with 20 to 40 different management platforms. All of them use a tremendous amount of resources. If you're willing to install it, you need a huge pile of hardware. It is not clear what everything does. Some consolidation there would be helpful. Other vendors face the same problem.

We have seen ROI from using Cisco.

I chose Cisco because I've been working with them for 23 years. I choose it for its stability and because they have the right range of products. Most of our IT staff is happy with it.

I would rate it a nine out of ten. 

We are using it for our VPN. We have a remote VPN and then a VPLS connection. Overall, it is a pretty big design.

We were looking for an opportunity to integrate our Firepower with Cisco ASA.

We mainly have these appliances on the data center side and in our headquarters.

It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that. 

The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.

With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.

The most valuable features are the remote VPN and site-to-site VPN tunnels.

I use the solution to write policies and analyze the data coming in via the firewalls.

It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.

I would like to see more identity awareness.

I have been using it for over six years.

The stability is pretty good. They are keeping up the good work and making updates to the current platform. 

The support is good. They have been there every time that we need them. I would rate them as nine out of 10.

Positive

We have used Check Point and Palo Alto. We are still using those but for more internal stuff. For external use, we are using the Cisco client.

The initial deployment was straightforward. We have worldwide data centers. For one data center, it took three days from design to implementation. 

It was a self-deployment. It took eight people to deploy.

It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this.

We also evaluated Zscaler, which is more cloud-based. It was pretty new and has a lack of support on the system side.

They have been keeping up by adding more features to the next-gen and cooperating with other vendors.

I would rate this solution as nine out of 10. It is pretty good compared to its competitors. Cisco is doing well. They have kept up their old traditional routing and fiber policies while bringing on new next-gen features.

We are currently utilizing the Cisco Secure Firewall, partially due to its historical relevance and partly because Cisco continues to maintain a prominent position in providing client VPN access.

We have employed Cisco Firepower and ASA on Firepower to facilitate client VPN access and to enforce fundamental layer four security policies.

We utilize security products in central locations to provide VPN access for clients throughout Europe.

The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.

Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.

The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.

The overall licensing structure could improve to make the solution better.

I have been using Cisco Secure Firewall for approximately 15 years.

My experiences with the Cisco Secure Firewall support have varied. Since we access it through a partner, some issues are quickly resolved, while others require more time and effort.

I rate the support from Cisco Secure Firewall a six out of ten.

Neutral

While I have not personally utilized other security products, our organization also employs FortiGate devices and applications for security purposes alongside Cisco Secure Firewall.

Acquiring licensing for Cisco Secure Firewall can be a bit cumbersome, therefore a more straightforward licensing process would be preferable. 

The licensing process can be frustrating, as it requires selecting between on-box or per-client options and other related considerations. Simplifying this process would be beneficial.

We are using access switches, routers, catalysts, and ISR products. Additionally, we are using Cisco as a platform, which is somewhat old, and Cisco ASA on Firepower devices.

I would advise others to thoroughly evaluate their requirements before selecting a security solution. While some products may seem like an obvious choice, it is important to take the time to assess the available options and determine which one best suits your specific needs. This approach is wise and can ultimately lead to a more effective security solution.

I rate Cisco Secure Firewall a seven out of ten.

This solution is a next-generation firewall. We use it to inspect our traffic going through the internet edges. This solution blocks Tor nodes or botnets that try to invade the system using various methods for intrusion. 

This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization. We can complete a layer 7 inspection and take a deep dive into the packets and block the traffic accordingly.

It took approximately six months to a year to realize the benefits of deploying this solution. It's an arduous process that is still ongoing.

This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.

Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.

The application detection feature of this solution could be improved as well as its integration with other solutions. 

I have been using this solution for five years. 

There is room for improvement when it comes to stability. We have encountered a lot of bugs using this solution.

This is a scalable solution. 

I would rate the customer support for this solution an eight out of ten. 

Positive

We previously used Check Point. We had an option to connect all of our security products from the endpoint to the firewalls to SASE-based solutions. This is why we changed solutions.

The initial setup is straightforward because it is supported by good documentation. We did not experience many issues and deployment took a couple of months.

We first deployed the solution in monitoring mode before moving into protection mode. We required four or five engineers for this. It takes a lot of time to do any maintenance or upgrades. This is one of my key pain points for this product.

Maintenance requires two people; one to focus on the upgrade and one to monitor the traffic.

We have experienced a return on investment in terms of security that has added value. 

This solution offers smart licensing that is comparable to other solutions on the market. 

I would rate this solution a seven out of ten. 

There are multiple data planes that run within this solution. My advice is to unify those data planes into a single data plane, so that traffic is sectioned and can be handled effectively. If you need a next-generation firewall, this is a good product.

We mainly use it in the data center. We are obliged to use a firewall. It's a necessity.

It has helped in securing our infrastructure from end to end so that we can detect and remediate threats. There is another office in my company that does threat detection, but it has been helpful.

It hasn't freed up any time. We still have to manage the firewall. It's something we have to do.

All the features except IPS are valuable. IPS is not a part of my job.

It's already pretty good. In terms of functionality, there isn't much to improve. There could be more bandwidth and better interface speed.

I've been using Cisco firewalls for 20 years.

Its stability is very good.

It's better to have a higher speed. I'd rate it an eight out of ten in terms of scalability.

We have multiple locations and multiple departments. We are a big company, and we have a lot of remote sites. We have about 6,000 of them.

They are very good. From time to time, Cisco employees come to us and provide information about the latest features and new products. I'd rate them a ten out of ten.

Positive

We have other firewalls, and it hasn't helped to consolidate other solutions. We have to use the Cisco firewall and other vendors because of internal law. We have to use two firewalls, one from vendor A and the other one from vendor B.

We went for Cisco because it's affordable. It's something you can trust. It's something you know. It's a valued product. 

I've been involved in configuring it and assessing and ensuring that the configuration is up to date and there are no bugs, etc.

Its initial setup is not at all complex. I've been working with Cisco firewalls for 20 years, so I know them very well. It's not complicated for me.

We have all deployment models. We have on-premises and cloud deployments. We have everything. I belong to a big organization.

We had a consultant for integrating the product. Our experience with the consultant was good.

The number of people required for deployment varies, but one person can deploy the solution. It's quite easy to implement. It doesn't require a lot of staff.

It requires normal maintenance.

It's affordable.

Try it. You will be happy. 

I'd rate Cisco Secure Firewall a ten out of ten.

Previously, our customers had to always utilize hand-to-hand delivery. Now, they are able to move completely to a secure digital method. They use a strictly dark fiber optics connection from a central location to the endpoint.

Our clients have been able to consolidate infrastructure products such as Talus for hardware encryption and Dell EMC for D2D de-duplication and backup.

FMC could be improved because management with FMC is quite difficult compared to using Firepower web-based management.

We've been selling Cisco Firepower for a year.

Our clients feel that Cisco has proven stability in enterprise networking, routers, and ASA firewall security.

We are very confident with Cisco's technical support and would give them a ten out of ten.

Positive

Previously, we sold Check Point and Palo Alto.

We choose to sell Cisco because it has been approved by NATO. Our clients use a strictly offline infrastructure, and there were significant issues with Check Point. In addition, we have good support from the local Cisco office, and they also suggested that the end user goes with Cisco.

As a Cisco Secure Firewall reseller, the value we bring is very good support. You will not get the same level of support from some other vendors. For instance,  Palo Alto and Check Point don't have direct support like Cisco. They have third-party support. Thus, you may get a response only when you escalate the issue to the third tier of the service level. With Cisco, everything is resolved within a day.

The initial setup is straightforward because most network engineers have worked with Cisco. Cisco invested in universities, and as a result, 40% of the network experience of students is with Cisco.

Our clients are mostly financial institutions and have strict policies that do not allow personal data on external clouds outside the country. As a result, they mostly use an on-premises or hybrid cloud deployment model.

We are currently having our customers switch from the 2000 to the 3000 series.

The price is not too high, but the subscription is a little bit high. We compared the activation of Cisco and Fortinet, and when we activated the whole portfolio of the UTM of Fortinet, the speed was reduced. We tested the same situation with the Cisco 2140 series, and there was no reduction in speed.

When you're evaluating the solution, take a look at the customer reviews.

We have had no issues with Cisco Secure Firewall, and I would rate it at nine on a scale from one to ten.