We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.
Network engineer at a government with 10,001+ employees
Keeps the outsiders on the outside and enables us to monitor content going out
Pros and Cons
- "The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current."
- "Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."
What is our primary use case?
How has it helped my organization?
It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.
What is most valuable?
The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.
What needs improvement?
Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.
There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.
Buyer's Guide
Cisco Secure Firewall
May 2023

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.
What do I think about the stability of the solution?
They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal.
What do I think about the scalability of the solution?
It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.
How are customer service and support?
Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.
Which other solutions did I evaluate?
We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.
What other advice do I have?
I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.
Things are changing and the ASAs are becoming dated. People want content filtering and so on now.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Data center design at a comms service provider with 10,001+ employees
Provides great security for our applications
Pros and Cons
- "One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI."
- "It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection."
What is our primary use case?
We use them for site-to-site VPN solutions as well as other VPN activities, and for general application security.
We needed a good VPN solution and, as our network grew, we had more applications that were virtualized and that can be spun up. We needed a solution that would keep us ahead.
How has it helped my organization?
Cisco ASA provides great security for our applications.
What is most valuable?
One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.
What needs improvement?
It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.
Also, the ASAs need to be improved a little bit to keep up with the demand for high bandwidth and session count applications.
For how long have I used the solution?
I've been using Cisco ASAs for about 11 years.
What do I think about the stability of the solution?
It's reliable. It doesn't have all the features of some of the newer firewalls, but it's very reliable. It doesn't break. It's pretty rock-solid.
What do I think about the scalability of the solution?
We have at least a pair in every one of our data centers. We gateway our applications around the firewall system, meaning all application data goes through firewalls.
How are customer service and support?
We have good support from Cisco for the ASAs. That helps us out a lot. Some of our ASAs are pretty old and technically not supported anymore, but TAC always helps us out.
How was the initial setup?
The initial one, for me, was a little bit complex because I hadn't done it before. It was inline and an active/standby pair, so it involved a little bit more than just deploying one firewall.
We had some documentation written and we tested it in the lab and then the deployment took about four hours.
We deployed it alongside different solutions and then we cut over to it when it wouldn't impact the customers.
The maintenance involves doing code upgrades periodically to keep up with the security environment requirements. One person handles that.
What about the implementation team?
We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.
From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.
What's my experience with pricing, setup cost, and licensing?
The licensing is straightforward and simple, so we don't have to keep relicensing every year as we do with other applications.
Which other solutions did I evaluate?
We use Juniper as well.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
May 2023

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
System Engineer at a computer software company with 201-500 employees
The grouping of the solutions helps save time
Pros and Cons
- "The grouping of the solutions helps save time. If you have a problem and you have a high-level overview of the system, you can easily dig deeper into the problem. For example, I can check to see why ASA isn't working but the reason for the outage is actually because of Duo. I can spend a lot of time working in the wrong direction because I didn't have an overview."
- "It would be great to have all the data correlated to have an overview and one point of administration."
What is our primary use case?
We use Cisco IronPort, Firepower, Secure Firewall, Email, and Secure Connect.
As with most products, integration could be better where needed. Sometimes, for example, the Cisco Secure Firewall and IronPort are in a class of their own. When it comes to management and logging, there's room for improvement.
Most of the products aren't configured on their own, but they are related together. There should be some sort of management. We would need a supervisor to manage it before using all of the solutions together.
How has it helped my organization?
They address services that belong together. For example, the Secure Client provides remote access. Authentication and multiple-factor authentication are two different products that belong together. There should be a link between both products and between both management interfaces to see, for example, troubleshooting or reporting so that you have both sources together.
It would be great to have all the data correlated to have an overview and one point of administration.
The grouping of the solutions helps save time. If you have a problem and you have a high-level overview of the system, you can easily dig deeper into the problem. For example, I can check to see why ASA isn't working but the reason for the outage is actually because of Duo. I can spend a lot of time working in the wrong direction because I didn't have an overview.
IronPort stuff looks at first a little bit outdated. It's not a fancy-colored view, but it does its job and is extremely helpful. Debugging on this platform is very easy.
What needs improvement?
Firepower's implementation and reliability need room for improvement.
How are customer service and support?
We address our problems with the relevant people. Some of the quality of their support has dropped. If your problem gets escalated, there are many skilled people who are absolute pleasures to work with. They are brilliant at what they do.
If you talk to someone who solves the problem within five minutes you can't do any better. But on the other hand, the other end of the range needs improvement.
You can have a case that lasts 15 months in which you have to talk to 20 people to resolve.
How would you rate customer service and support?
Neutral
How was the initial setup?
The complexity of the installation depends. It's not so easy to install. Each topic needs one management interface. So you end up with 20 to 40 different management platforms. All of them use a tremendous amount of resources. If you're willing to install it, you need a huge pile of hardware. It is not clear what everything does. Some consolidation there would be helpful. Other vendors face the same problem.
What was our ROI?
We have seen ROI from using Cisco.
What other advice do I have?
I chose Cisco because I've been working with them for 23 years. I choose it for its stability and because they have the right range of products. Most of our IT staff is happy with it.
I would rate it a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Apr 9, 2023
Flag as inappropriateAnalytical Engineer at a pharma/biotech company with 10,001+ employees
Keeps away threats trying to come into my organization
Pros and Cons
- "With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
- "It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices."
What is our primary use case?
We are using it for our VPN. We have a remote VPN and then a VPLS connection. Overall, it is a pretty big design.
We were looking for an opportunity to integrate our Firepower with Cisco ASA.
We mainly have these appliances on the data center side and in our headquarters.
How has it helped my organization?
It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that.
The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.
With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.
What is most valuable?
The most valuable features are the remote VPN and site-to-site VPN tunnels.
I use the solution to write policies and analyze the data coming in via the firewalls.
What needs improvement?
It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.
I would like to see more identity awareness.
For how long have I used the solution?
I have been using it for over six years.
What do I think about the stability of the solution?
The stability is pretty good. They are keeping up the good work and making updates to the current platform.
How are customer service and support?
The support is good. They have been there every time that we need them. I would rate them as nine out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used Check Point and Palo Alto. We are still using those but for more internal stuff. For external use, we are using the Cisco client.
How was the initial setup?
The initial deployment was straightforward. We have worldwide data centers. For one data center, it took three days from design to implementation.
What about the implementation team?
It was a self-deployment. It took eight people to deploy.
What's my experience with pricing, setup cost, and licensing?
It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this.
Which other solutions did I evaluate?
We also evaluated Zscaler, which is more cloud-based. It was pretty new and has a lack of support on the system side.
What other advice do I have?
They have been keeping up by adding more features to the next-gen and cooperating with other vendors.
I would rate this solution as nine out of 10. It is pretty good compared to its competitors. Cisco is doing well. They have kept up their old traditional routing and fiber policies while bringing on new next-gen features.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network specialist at a retailer with 10,001+ employees
Useful firewall component package, effective third-party devices integration, but licensing could improve
Pros and Cons
- "The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications."
- "The overall licensing structure could improve to make the solution better."
What is our primary use case?
We are currently utilizing the Cisco Secure Firewall, partially due to its historical relevance and partly because Cisco continues to maintain a prominent position in providing client VPN access.
We have employed Cisco Firepower and ASA on Firepower to facilitate client VPN access and to enforce fundamental layer four security policies.
We utilize security products in central locations to provide VPN access for clients throughout Europe.
How has it helped my organization?
The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.
Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.
What is most valuable?
The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.
What needs improvement?
The overall licensing structure could improve to make the solution better.
For how long have I used the solution?
I have been using Cisco Secure Firewall for approximately 15 years.
How are customer service and support?
My experiences with the Cisco Secure Firewall support have varied. Since we access it through a partner, some issues are quickly resolved, while others require more time and effort.
I rate the support from Cisco Secure Firewall a six out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
While I have not personally utilized other security products, our organization also employs FortiGate devices and applications for security purposes alongside Cisco Secure Firewall.
What's my experience with pricing, setup cost, and licensing?
Acquiring licensing for Cisco Secure Firewall can be a bit cumbersome, therefore a more straightforward licensing process would be preferable.
The licensing process can be frustrating, as it requires selecting between on-box or per-client options and other related considerations. Simplifying this process would be beneficial.
What other advice do I have?
We are using access switches, routers, catalysts, and ISR products. Additionally, we are using Cisco as a platform, which is somewhat old, and Cisco ASA on Firepower devices.
I would advise others to thoroughly evaluate their requirements before selecting a security solution. While some products may seem like an obvious choice, it is important to take the time to assess the available options and determine which one best suits your specific needs. This approach is wise and can ultimately lead to a more effective security solution.
I rate Cisco Secure Firewall a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Apr 9, 2023
Flag as inappropriateSecurity admin at a wholesaler/distributor with 10,001+ employees
Used to protect systems against various methods of intrusion
Pros and Cons
- "This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization."
- "The application detection feature of this solution could be improved as well as its integration with other solutions."
What is our primary use case?
This solution is a next-generation firewall. We use it to inspect our traffic going through the internet edges. This solution blocks Tor nodes or botnets that try to invade the system using various methods for intrusion.
How has it helped my organization?
This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization. We can complete a layer 7 inspection and take a deep dive into the packets and block the traffic accordingly.
It took approximately six months to a year to realize the benefits of deploying this solution. It's an arduous process that is still ongoing.
What is most valuable?
This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.
Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.
What needs improvement?
The application detection feature of this solution could be improved as well as its integration with other solutions.
For how long have I used the solution?
I have been using this solution for five years.
What do I think about the stability of the solution?
There is room for improvement when it comes to stability. We have encountered a lot of bugs using this solution.
What do I think about the scalability of the solution?
This is a scalable solution.
How are customer service and support?
I would rate the customer support for this solution an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Check Point. We had an option to connect all of our security products from the endpoint to the firewalls to SASE-based solutions. This is why we changed solutions.
How was the initial setup?
The initial setup is straightforward because it is supported by good documentation. We did not experience many issues and deployment took a couple of months.
We first deployed the solution in monitoring mode before moving into protection mode. We required four or five engineers for this. It takes a lot of time to do any maintenance or upgrades. This is one of my key pain points for this product.
Maintenance requires two people; one to focus on the upgrade and one to monitor the traffic.
What was our ROI?
We have experienced a return on investment in terms of security that has added value.
What's my experience with pricing, setup cost, and licensing?
This solution offers smart licensing that is comparable to other solutions on the market.
What other advice do I have?
I would rate this solution a seven out of ten.
There are multiple data planes that run within this solution. My advice is to unify those data planes into a single data plane, so that traffic is sectioned and can be handled effectively. If you need a next-generation firewall, this is a good product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a financial services firm with 10,001+ employees
Helped to secure our infrastructure from end to end so that we can detect and remediate threats
Pros and Cons
- "All the features except IPS are valuable. IPS is not a part of my job."
- "In terms of functionality, there isn't much to improve. There could be more bandwidth and better interface speed."
What is our primary use case?
We mainly use it in the data center. We are obliged to use a firewall. It's a necessity.
How has it helped my organization?
It has helped in securing our infrastructure from end to end so that we can detect and remediate threats. There is another office in my company that does threat detection, but it has been helpful.
It hasn't freed up any time. We still have to manage the firewall. It's something we have to do.
What is most valuable?
All the features except IPS are valuable. IPS is not a part of my job.
What needs improvement?
It's already pretty good. In terms of functionality, there isn't much to improve. There could be more bandwidth and better interface speed.
For how long have I used the solution?
I've been using Cisco firewalls for 20 years.
What do I think about the stability of the solution?
Its stability is very good.
What do I think about the scalability of the solution?
It's better to have a higher speed. I'd rate it an eight out of ten in terms of scalability.
We have multiple locations and multiple departments. We are a big company, and we have a lot of remote sites. We have about 6,000 of them.
How are customer service and support?
They are very good. From time to time, Cisco employees come to us and provide information about the latest features and new products. I'd rate them a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have other firewalls, and it hasn't helped to consolidate other solutions. We have to use the Cisco firewall and other vendors because of internal law. We have to use two firewalls, one from vendor A and the other one from vendor B.
We went for Cisco because it's affordable. It's something you can trust. It's something you know. It's a valued product.
How was the initial setup?
I've been involved in configuring it and assessing and ensuring that the configuration is up to date and there are no bugs, etc.
Its initial setup is not at all complex. I've been working with Cisco firewalls for 20 years, so I know them very well. It's not complicated for me.
We have all deployment models. We have on-premises and cloud deployments. We have everything. I belong to a big organization.
What about the implementation team?
We had a consultant for integrating the product. Our experience with the consultant was good.
The number of people required for deployment varies, but one person can deploy the solution. It's quite easy to implement. It doesn't require a lot of staff.
It requires normal maintenance.
What's my experience with pricing, setup cost, and licensing?
It's affordable.
What other advice do I have?
Try it. You will be happy.
I'd rate Cisco Secure Firewall a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 5, 2023
Flag as inappropriateCTO at a tech vendor with 1-10 employees
Helps consolidate infrastructure solutions and has a straightforward setup
Pros and Cons
- "Previously, our customers had to always utilize hand-to-hand delivery. Now, they are able to move completely to a secure digital method. They use a strictly dark fiber optics connection from a central location to the endpoint."
- "FMC could be improved because management with FMC is quite difficult compared to using Firepower web-based management."
What is our primary use case?
Previously, our customers had to always utilize hand-to-hand delivery. Now, they are able to move completely to a secure digital method. They use a strictly dark fiber optics connection from a central location to the endpoint.
What is most valuable?
Our clients have been able to consolidate infrastructure products such as Talus for hardware encryption and Dell EMC for D2D de-duplication and backup.
What needs improvement?
FMC could be improved because management with FMC is quite difficult compared to using Firepower web-based management.
For how long have I used the solution?
We've been selling Cisco Firepower for a year.
What do I think about the stability of the solution?
Our clients feel that Cisco has proven stability in enterprise networking, routers, and ASA firewall security.
How are customer service and support?
We are very confident with Cisco's technical support and would give them a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we sold Check Point and Palo Alto.
We choose to sell Cisco because it has been approved by NATO. Our clients use a strictly offline infrastructure, and there were significant issues with Check Point. In addition, we have good support from the local Cisco office, and they also suggested that the end user goes with Cisco.
As a Cisco Secure Firewall reseller, the value we bring is very good support. You will not get the same level of support from some other vendors. For instance, Palo Alto and Check Point don't have direct support like Cisco. They have third-party support. Thus, you may get a response only when you escalate the issue to the third tier of the service level. With Cisco, everything is resolved within a day.
How was the initial setup?
The initial setup is straightforward because most network engineers have worked with Cisco. Cisco invested in universities, and as a result, 40% of the network experience of students is with Cisco.
Our clients are mostly financial institutions and have strict policies that do not allow personal data on external clouds outside the country. As a result, they mostly use an on-premises or hybrid cloud deployment model.
We are currently having our customers switch from the 2000 to the 3000 series.
What's my experience with pricing, setup cost, and licensing?
The price is not too high, but the subscription is a little bit high. We compared the activation of Cisco and Fortinet, and when we activated the whole portfolio of the UTM of Fortinet, the speed was reduced. We tested the same situation with the Cisco 2140 series, and there was no reduction in speed.
What other advice do I have?
When you're evaluating the solution, take a look at the customer reviews.
We have had no issues with Cisco Secure Firewall, and I would rate it at nine on a scale from one to ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Mar 6, 2023
Flag as inappropriate
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: May 2023
Popular Comparisons
Fortinet FortiGate
Meraki MX
Palo Alto Networks WildFire
Juniper SRX Series Firewall
Sophos XG
Check Point NGFW
Azure Firewall
Palo Alto Networks NG Firewalls
Sophos UTM
SonicWall TZ
SonicWall NSa
WatchGuard Firebox
Palo Alto Networks VM-Series
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is better - Fortinet FortiGate or Cisco ASA Firewall?
- Which Cisco firewall model is the latest: ASA or NGFW?