What is our primary use case?
Our main use cases include segmenting different networks for IPS and IDS, using it for basic firewall purposes, controlling ACLs, and monitoring traffic to identify issues within the network.
What is most valuable?
Currently, I find the event viewer feature of Cisco Secure Firewall very useful as it visually displays what is being blocked or allowed by the ACL. I also appreciate the improved visual presentation of the ACL layout.
We have many different opportunities to share incidents with individuals on how traffic flows through the network, and we utilize Cisco Secure Firewall features such as network packet inspection to ensure that policies are applied correctly and to monitor traffic for what is blocked, allowed, or denied.
Cisco Secure Firewall's ability to unify policies across our environment is pretty good.
We can deploy different features and ACLs between various firewalls easily with the FMC, which has improved significantly from the initial deployment time, which was once poor and is now manageable for multiple firewalls.
We use the new AnyConnect or Secure Connect VPNs, which works pretty well. Although we haven't switched to the latest series to utilize the VPNs fully, I appreciate the deployment phase where we can track our deployment progress.
What stands out positively about Cisco is their training and support, which has effectively prepared engineers to work with their products. When hiring, I find it beneficial that most network engineers are familiar with Cisco, whereas I might question the expertise of those trained with Palo Alto or Fortinet.
Performance-wise, Cisco seems to be the best. For instance, my sister company uses Palo Alto and Juniper and reports a high RMA rate. In contrast, we have only RMAed one Cisco Secure Firewall in six years, indicating stability and dependability.
The interface of Cisco Secure Firewall works effectively once you become familiar with its layout, although hiring engineers requires training on the platform, especially as updates occur. They should prioritize adding to the existing product rather than overcomplicating it with new features that may not be necessary.
What needs improvement?
Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities.
Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI.
My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time.
For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface.
If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.
For how long have I used the solution?
I have been using Cisco Secure Firewall for about six years.
What do I think about the stability of the solution?
The process of expanding the usage was fairly smooth. My assessment of the stability and reliability of Cisco Secure Firewall is great from a hardware perspective, yet only okay from a software perspective.
I have experienced downtime crashes and performance issues. Specifically, the FTDs have had High Availability (HA) issues, which I struggle to understand, especially concerning switch connections and HA setups between firewalls.
We have often encountered split-brain scenarios during failover processes and code upgrades, which have been persistent problems for us. It seems that Cisco lacks enough skilled technical support engineers to quickly resolve these issues, often requiring escalation that takes too long.
What do I think about the scalability of the solution?
Cisco Secure Firewall scales incredibly well with our growing needs. We recently transitioned to the new 4100s and we have only just reached the firewall's limitations after five years, indicating that it has been able to build for our future success.
How are customer service and support?
I would rate customer service and technical support about a five out of ten, sometimes dipping to a four depending on the time of day. As in many support models, the quality depends on the region. Some TAC engineers are better in specific areas, such as India or South America. However, they often lack the skills to troubleshoot effectively, leading to repetitive troubleshooting sessions and unresolved issues.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Prior to adopting Cisco Secure Firewall, I used solutions such as SonicWall and Juniper firewalls. I didn't prefer Juniper and found Cisco Secure Firewall to be the most stable firewall I've worked with.
How was the initial setup?
The deployment time could be improved. The deployment was good, however, it could be sped up. There was a bit of a learning curve as well.
What works well is the interface. It's pretty good as far as knowing where to go and the layout. When hiring engineers, they need to know the platform. In terms of updates, sometimes they bolt on too much.
What was our ROI?
I have not seen ROI with Cisco Secure Firewall initially, however, over time, it has paid for itself as we scale our business.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup costs, and licensing was a nightmare. It is indeed challenging as Cisco has too many variations of support with no clear explanation of what you are actually getting.
Sales representatives try their best but often fall short, making it complicated for users to understand what licenses are included with the product, leading to confusion over various levels of support.
Which other solutions did I evaluate?
Before selecting Cisco Secure Firewall, I considered Fortinet and Palo Alto, and I even thought about sticking with ASAs. We still operate a couple of FTDs alongside ASAs, which creates internal competition. Fortinet, in particular, has remained a competitive option.
What other advice do I have?
We did not purchase this on the AWS Marketplace.
My advice to organizations considering Cisco Secure Firewall would be to recognize the tendency for Cisco to overcomplicate things. However, they are striving for simplification in their firewall products. If someone has experience with ASAs, they can adapt to FTDs as easily. Cisco should focus on learning from competitors to enhance its features and remain competitive in the market.
If you want a stable solution with fewer vulnerabilities, Cisco Secure Firewall is likely to meet your needs as it requires fewer upgrades compared to competitors.
On a scale of one to ten, I rate Cisco Secure Firewall a seven.
Which deployment model are you using for this solution?
On-premises
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
