Cisco Hybrid Mesh Firewall Reviews

Our main use cases for Cisco Hybrid Mesh Firewall stem from our client considering their data center refresh a year and a half ago, where they thought about what new platforms to adopt versus just buying a traditional switch. When we originally bought it, Cisco came to us saying there is not actually a use case they could articulate yet, but they knew this would be able to do a lot more than a traditional switch because of the DPU. This was in the N9300 that allows you to be able to do a hybrid mesh firewall. Over the year and a half of working with them, we found that Cisco Hybrid Mesh Firewall gives you the ability to have stateful inspection on your switch in the data center, which is a massive change instead of having to install a firewall.

We are enforcing security with our environment right now using Cisco Hybrid Mesh Firewall and the N9300. The thought process there is instead of sending our production traffic up to the firewall for inspection and hair-pinning up to that, the inspection is happening within the data center in the flow of the data already. We are applying security policy to the data center. Instead of traditional stateless ACLs requiring one direction going in and one coming in the other, you do not have to have ordered rules now, and it is more of what you would think of as a global interface instead of being one interface here and one interface there, creating rules around that.

Cisco does optimize the experience in a hybrid or distributed enterprise setup, and the ability to do stateful segmentation in your data center is huge. It reduces costs both from a physical perspective and from a labor cost standpoint for our engineers who would otherwise have to traffic engineer to segment through the firewall and then inspect traffic. Additionally, it is providing the ability for organizations that have not adopted segmentation due to costs, both manpower and monetary. The ability to segment at your switch as you need, without having to turn it on from day one, gives you the ability to ramp up according to your organization's maturity level.

The features I most appreciate about Cisco Hybrid Mesh Firewall are the ability to do stateful segmentation on a switch, which in my opinion is huge because of the cost savings and effort savings. Outside of that, there are really interesting features such as anti-DDoS, which is a capability within the DPU because of the N9300, that I am also excited about.

Examples of how those features benefit our company include a project we canceled for our client to move their traffic from their data center up to the firewall. That was a massive project, and we spent probably three months planning it. During the process of working with Cisco and plugging in directly with the Cisco BU to understand the N9300's capabilities, we realized we do not need to implement that project after all. We can save money and efforts by segmenting and applying policy directly in the data center. Part of what we are doing is using Cisco Cloud Control as the overseer, connecting into Cisco Hybrid Mesh Firewall policy, integrating what we would call the ISOvalen agent and the HyperShield policy. All of that gets brought in together under Cisco Cloud Control.

To improve Cisco Hybrid Mesh Firewall, I think right now awareness is the biggest area for improvement. Cisco should focus on raising awareness about what the firewall on the switch actually is and how policy has changed. That is a massive story that has not been emphasized enough regarding saving time and effort due to the combination of all these tools.

From a feature perspective, I am discovering new features as we deploy, so I do not know if there is a good answer yet because we are at the forefront of this technology. I can tell you that whenever we ask for a feature while working with Cisco, within a day, we get the feature added. For instance, understanding flow data is crucial. Within the N9300, to be able to apply the policy as we are discussing, you need to understand your network flow and what communicates with what. We were able to collaborate with the Cisco BU to refine how we consume that data and migrate old policies to the new structure necessary with Cisco Hybrid Mesh Firewall and HyperShield.

We have been using Cisco Hybrid Mesh Firewall with our client since probably the beginning of January. We have spent close to six months of time working with it.

I have not experienced any downtime or crashes with Cisco Hybrid Mesh Firewall. The biggest issue we encountered was a gap between expectations for features relating to the design team versus the coding team. We had to work through that gap regarding policy flows and converting those into the new way of thinking from old traditional stateless to stateful. There were growing pains since this technology is new, but we collaborated closely with the Cisco BU and were able to get solutions quickly without causing any issues for us.

Cisco Hybrid Mesh Firewall scales very well, and the scale-out experience has been excellent. Supporting throughput for East-West traffic has been huge. It has scaled out, starting with our data center for disaster recovery specifically, and we plan to take it into full production easily as well.

I would evaluate the customer service and technical support as a white-glove experience for sure. They have been responsive, even late in the evenings, around eleven PM, taking calls to address issues and helping us figure out how to make things work because it was not functioning as we expected. They demonstrate a high level of expertise and engagement.

Before selecting Cisco Hybrid Mesh Firewall, we considered the traditional Nexus platform, which represents what traditional switching for the data center would be. Additionally, we considered using Palo firewalls for stateful segmentation for East-West traffic. Those were the primary solutions we considered and subsequently moved away from. There is nothing quite this on the marketplace, so I do not know if I could compare it to a single-point product that I could have considered.

I have seen a return on investment with Cisco Hybrid Mesh Firewall, and two major wins stand out. The first is the firewall redesign we canceled completely, which was a huge win for us, both in terms of human capital for our team and a monetary win. This achievement was made possible by Cisco Hybrid Mesh Firewall capability and the N9300 in the data center.

The second big win relates to a feature called TCAM, which manages MAC addresses and more. In large environments, this requires significant pruning, and previously, we would have to manually clean up the TCAM once a quarter. With Cisco Hybrid Mesh Firewall, that need is completely eradicated. We no longer deal with TCAM attacks or manually cleaning out routes.

My experience with the pricing, setup cost, and licensing of Cisco Hybrid Mesh Firewall is that it was minimal compared to the cost difference between what traditional N9300 would have cost to empower this capability versus the traditional Nexus. The pricing difference was very minimal. While I cannot give specifics, I can tell you that when our client and we sat down to look at the numbers, we realized we cannot afford not to invest in it due to the small gap in cost. A year and a half after working with them, it has paid off tenfold, and we would not have been where we are now if we had gone with the traditional Nexus platform. Investing in the smart switch, particularly the N9300 smart switch to enable HyperShield and Cisco Hybrid Mesh Firewall, has empowered us to respond to emerging threats effectively. New threats come in, and we are able to react.

Prior to adopting Cisco Hybrid Mesh Firewall, I can confidently say there was nothing that was able to address what we are doing with it.

What is currently preventing us from expanding into additional security enforcement with Cisco Hybrid Mesh Firewall is definitely internal policy, more than anything. It is about making sure we get all the teams aligned. The organization size of who we are working with using Cisco Hybrid Mesh Firewall is just about getting the teams agreed on this approach moving forward. The manpower piece is also critical as we are doing things with AI Defense in tandem, and that is a whole other team running that with the client.

My advice for other companies considering Cisco Hybrid Mesh Firewall would be to carefully consider your goals. You do not have to adopt all these advanced features I have discussed right from day one. You can use it just from a traditional Nexus switch for as long as you need. You can adopt these new features, from moving from ACLs and stateless segmentation to stateful segmentation, at your own pace as your team and organization mature.

The applications we run are mostly monolithic; however, there are some distributed applications, but most of it is the data lake, which is massive, servicing everything out of that in the data center. I would rate this product a ten out of ten.

On-premises

Other

My main use cases for Cisco Hybrid Mesh Firewall include data center segmentation and north-south segmentation.

The most valuable feature is the integration with all of the other Cisco tools that we have, and its platform-first approach. The centralized management console has helped my organization streamline security policies by leading to faster troubleshooting and more informed troubleshooting. You have that information whether it's from ICE or CSW or Cisco Hybrid Mesh Firewall at your fingertips. From the engineering perspective, the significant advantage is that a lot of the external data, such as CVE scores, are readily available, which makes it easier to understand if there are current threats that need immediate attention.

I think that's evident in what it does for healthcare, providing a more secure environment for our users and patients, which is always beneficial.

Regarding how Cisco Hybrid Mesh Firewall can be improved, I would say pricing and discount structures could be enhanced.

I have been using Cisco Hybrid Mesh Firewall for almost a year.

I would assess the stability and reliability of Cisco Hybrid Mesh Firewall as strong. I have not experienced any downtime, crashes, or performance issues.

I would assess how well Cisco Hybrid Mesh Firewall scales with the growing needs of the organization as performing quite well.

I would evaluate my customer service and technical support experience as fantastic. On a scale from 1 being the worst to 10 being the best, I would rate the customer service and technical support overall as about an 8 to 9. There is always room for improvement, but so far we are in that range.

Prior to adopting Cisco Hybrid Mesh Firewall, I was using another solution to address similar needs. The factors that led me to consider a change include scalability because of the previous platform we were on. Other platforms required a full-blown chassis for similar capabilities, whereas Cisco's solution fits more compactly into a data center.

I would describe my experience with deploying Cisco Hybrid Mesh Firewall as involving the obvious transition from one platform to another. There is a small learning curve for engineers, but so far, it has been steady. Good account teams and sales teams have been available and engaged, providing continuous training and support.

In my deployment, the partnership with our account teams at Cisco has been phenomenal. They have always been available to help, answer questions, and provide ongoing support.

I have seen a return on investment with Cisco Hybrid Mesh Firewall, as operational efficiencies are tangible. The team is spending less time troubleshooting situations, reducing MTTR. Because of the integrated ecosystem, we are able to gain better insight and develop better controls around securing our system.

My experience with the pricing, setup costs, and licensing has been positive. The partnership with our account teams has been phenomenal. Pricing has been competitive, and any savings we make on infrastructure can be reinvested in patient experience, care, and safety. So far, things have been good.

Before selecting Cisco Hybrid Mesh Firewall, we explored a couple of other competitors because of the native integrations that we have with other tools. However, we went through three different other manufacturers before settling on Cisco due to its advantages, including integration and better scalability.

The advice I would give to another organization that is considering using Cisco Hybrid Mesh Firewall is that it is easier to convert over than you would think. Obviously, there are challenges, especially if you are not building out a greenfield. From a brownfield perspective, internal challenges including migration windows, team pace, application partnership, and change management might arise, but they are manageable.

I would rate this solution an 8.5 overall.

On-premises

Other

My main use cases for Cisco Hybrid Mesh Firewall are cloud and on-premises connectivity. I run various applications and assess the operational efficiency with Cisco Hybrid Mesh Firewall in my IT environment.

What I appreciate most about Cisco Hybrid Mesh Firewall is the visibility that I gain into the network. The end-to-end visibility from Cisco greatly affects my organization's troubleshooting capabilities, and I can provide examples of how these features have benefited my organization.

I believe Cisco Hybrid Mesh Firewall can be improved by including additional features in the next release. My experience with the pricing, setup costs, and licensing has been satisfactory.

I have been using Cisco Hybrid Mesh Firewall for five years.

I have experienced minimal downtime, crashes, or performance issues with Cisco Hybrid Mesh Firewall. I evaluate customer service and technical support as responsive.

My experience with deploying Cisco Hybrid Mesh Firewall has been effective, with certain challenges and successes. It scales well with the growing needs of my organization.

I evaluate customer service and technical support as responsive.

Prior to adopting Cisco Hybrid Mesh Firewall, I was using another solution to address similar needs. My deployment model for Cisco Hybrid Mesh Firewall is hybrid.

My experience with deploying Cisco Hybrid Mesh Firewall has been effective, with certain challenges and successes.

I have seen a return on investment through Cisco Hybrid Mesh Firewall. I considered other solutions before selecting it.

I believe Cisco Hybrid Mesh Firewall can be improved by including additional features in the next release. My experience with the pricing, setup costs, and licensing has been satisfactory.

I considered other solutions before selecting Cisco Hybrid Mesh Firewall.

If I am using a public or hybrid cloud, the cloud provider I use is reliable. My experience with the deployment has been overall positive.

I face specific challenges with hybrid or distributed enterprise networks that Cisco addresses. My impression of the end-to-end visibility offered by Cisco is positive. I am curious about how Cisco optimizes the experience in a hybrid or distributed enterprise setup.

What stood out in the evaluation process, both positive and negative, when comparing the options was noteworthy, particularly before selecting Cisco Hybrid Mesh Firewall. I would rate Cisco Hybrid Mesh Firewall overall as high, and my advice to another organization considering it would be to assess their specific needs and how the product addresses them.

I have expanded usage of Cisco Hybrid Mesh Firewall. I would assess the stability and reliability of the system as strong. I rate Cisco Hybrid Mesh Firewall overall as eight out of ten.

Hybrid Cloud

Other

My main use case for Cisco Hybrid Mesh Firewall is basic edge security.

The features I value most about Cisco Hybrid Mesh Firewall are the integration it has, allowing you to access the cloud and integrate other firewalls to build and manage policies.

The centralized management console has helped my organization streamline security policies because we have a single place to view logs, ingestion, and to correlate all logs and events from one dashboard.

We have utilized the advanced threat intelligence feature of Cisco Hybrid Mesh Firewall, and it helps significantly as it detects more threats that we encounter.

I assess the integration of machine learning in enhancing threat detection with Cisco Hybrid Mesh Firewall as excellent, especially with the anomaly detection based on machine learning that helps identify unusual activities even without pre-defined rules.

I cannot identify specific improvements for Cisco Hybrid Mesh Firewall, but integrating additional security products such as Cisco Umbrella might be beneficial for pulling information into the dashboard.

I have been using Cisco Hybrid Mesh Firewall since last year.

I assess the stability and reliability of Cisco Hybrid Mesh Firewall as strong, with no downtime or crashes experienced once it has been onboarded.

I find that Cisco Hybrid Mesh Firewall is well-prepared to scale with the growing needs of my organization, as it is designed with scalability in mind.

We have not expanded usage yet, but as more data becomes available and more people utilize it, there will inevitably be a need for expansion.

I evaluate the customer service and technical support as excellent, as the support provided by Cisco is superior to other companies I have dealt with across various products.

I would rate my experience with customer service and technical support an eight out of ten.

I give it an eight because they are generally quick to respond, but there are times during shift changes where I have to re-explain issues to new staff. While they track previous interactions well, starting over can be frustrating if an urgent case arises at the end of a shift.

Prior to adopting Cisco Hybrid Mesh Firewall, we were using older Cisco firewalls such as Cisco ASAs.

My experience deploying Cisco Hybrid Mesh Firewall is that it is fairly easy now compared to how it used to be, especially with the ease of cloud onboarding where you can start applying your policies right away.

Initially, I faced some challenges during deployment, such as failures to onboard, but many of those issues have been addressed in the last revisions, making it much better.

I believe there is a return on investment with Cisco Hybrid Mesh Firewall for every company that deploys it, as they typically see returns quickly, often within a few months, and the value measured is reasonable and comes back quickly.

I think the pricing and setup cost for Cisco Hybrid Mesh Firewall are fairly priced. While some vendors offer cheaper options, the real value lies in the technology and the support provided by Talos and TAC, justifying its price in comparison to other vendors.

Before selecting Cisco Hybrid Mesh Firewall, we considered different vendors such as Palo Alto and Fortinet. Customers often ask for options from other vendors, but many prefer Cisco due to the intelligence and support in the back end, which I value more than any specific feature some other vendors may excel in.

I review the insights provided by Cisco Hybrid Mesh Firewall for traffic patterns and vulnerabilities every day.

While the features of Cisco Hybrid Mesh Firewall have not specifically helped my organization, they have clearly benefited the companies we deploy it for by centralizing security and providing advanced intelligent threat detection with machine learning, which streamlines their security processes.

My advice to another organization considering Cisco Hybrid Mesh Firewall is to view security holistically, recognizing that it integrates multiple layers, allowing you to manage everything through a single dashboard without siloed information. I rate this solution an eight out of ten overall.

Hybrid Cloud

Other

My main use case for Cisco Hybrid Mesh Firewall is the consolidation of multiple tools into one management platform.

A specific example of how I use Cisco Hybrid Mesh Firewall for consolidation is that I previously managed many instances of Firepower Threat Defense and ASA firewalls across many different management panes, and all of those devices now roll up into Security Cloud Control.

The best features Cisco Hybrid Mesh Firewall offers are that the look and feel of the platform is consistent across all the different domains of the security platform, so whether I am working on Secure Network Analytics, Cisco Hybrid Mesh Firewall, or the endpoint, I get a unique and consistent feel across every different management pane.

The consistency offered by Cisco Hybrid Mesh Firewall helps me in my day-to-day work and improves my experience because having a similar look and feel allows me to be quicker in performing regular tasks such as managing rule sets and provisioning new devices. Previously, when all the tools looked differently, it was very difficult to remember where specific functions and features were, but now with a consistent UI and a consistent look and feel, I find that I can do common tasks quicker, more efficiently, and with fewer errors.

Cisco Hybrid Mesh Firewall has positively impacted my organization because many of us reflect very highly on the Cisco portfolio, and over the last few years, Cisco's security portfolio in particular has lost market share. For those of us who are very strong Cisco stakeholders, we have found this to be a risk to us personally, so having Cisco begin to increase its mind share and wallet share within the organization has helped us not only on the job security front but also helped us evangelize the solutions and technologies that we have spent most of our careers learning about.

Specific outcomes that show the positive impact of Cisco Hybrid Mesh Firewall include that, with a single management environment to perform many different network changes on, we find that we can aggregate different change requests through the change management program without having to split things up. We also have the ability to document changes and indeed have the ability to roll back failed changes in a much more expeditious manner with an audit trail, which ensures that both our network team and our security and compliance organizations are confident that we can not only effectively implement change, but we can also manage the risk that comes along with change.

Cisco Hybrid Mesh Firewall could be improved by refining the documentation around the migration path from Cisco Defense Orchestrator or Farsight Manager because when we were early adopters, the migration path was quite unset and very vague and ambiguous. I also feel that the third-party firewall management functionality could be better documented, such as managing Palo Alto or Fortinet firewalls under Security Cloud Control.

I have been using Cisco Hybrid Mesh Firewall for approximately one year.

Cisco Hybrid Mesh Firewall is stable right now.

The scalability of Cisco Hybrid Mesh Firewall is currently undetermined because we have not scaled out yet.

We have not needed to use customer support for Cisco Hybrid Mesh Firewall yet.

My experience with pricing, setup cost, and licensing for Cisco Hybrid Mesh Firewall is that it involves a very light touch because there was a very clear migration path from traditional management and traditional security tools into Cisco Hybrid Mesh Firewall platform, and there was very little lift for us.

It is too soon to tell today what the ROI with Cisco Hybrid Mesh Firewall would be, but now that we have everything managed under a single platform, we do have a better capability to gather those metrics, and we feel that we will gain better KPIs moving forward.

I did not evaluate other options before choosing Cisco Hybrid Mesh Firewall.

Regarding Cisco Hybrid Mesh Firewall's AI capabilities, having an AI-empowered solution around governance and security allows us to be much more expeditious in our research and our evaluation of rule sets, policies, and the implementation and health of the platform. Previously, we had to touch every log, touch every UI, and every report, which was not only time-consuming but prone to errors, especially considering many different people may perform the same job. Having AI and agents do that for us now provides a consistent look and feel and a consistent outcome, and we do not have to be at the risk of any individual's skill set or experience with the tool. Consistency is key.

Regarding Cisco Hybrid Mesh Firewall's AI capabilities, I think the accuracy and reliability of output will tell in time because I do not think we have had long enough to work with the tool. This is a very new and evolving area of the technology space, but I do have a great deal of confidence based on early feedback that we have gotten from the tool which indicates it will remain a highly valuable asset as part of our infrastructure.

Cisco Hybrid Mesh Firewall is deployed in my organization in a hybrid cloud setup, as hybrid cloud and on-premises are the same thing. We are a hybrid organization leveraging both cloud-powered assets as well as on-premise firewalls and sensors, and we have a truly hybrid multi-cloud architecture.

The cloud providers I use as part of my hybrid multi-cloud setup include AWS and GCP.

We did not purchase Cisco Hybrid Mesh Firewall through the AWS Marketplace; we deployed it ourselves.

The specific challenges I face with hybrid and distributed enterprise networks that Cisco addresses include having the ability to deploy the solution flexibly, which addresses our needs in this area. Being able to deploy it in any public cloud or in our own private cloud in our data center and on premises gives us the flexibility not only to have better high availability and resiliency of the platform, but it also gives us the flexibility, when the time comes, to move those workloads between cloud providers should we decide to move off of AWS or Azure in the future, which gives us a lot of comfort in knowing that we are not locked into one single cloud provider.

I believe Cisco optimizes the experience in a hybrid or distributed enterprise setup because the majority of Cisco's cloud and SaaS-based products are distributed in multi-cloud, and this results in a similar look and feel when we consume the solution that matches the original developer's intent.

The applications I run include a composite of many different types of solutions, some of which are traditional enterprise applications that are monolithic in nature, hosted out of our own data center, such as SAP and ERP applications, while we also have highly distributed microservices applications that are distributed across cloud and on-premise.

I enforce security within my environment by operating on the premise of least privilege and following Zero Trust architecture.

Currently, business drivers do not dictate that we need to expand into additional security enforcements today, but in the future, we would probably consider Cisco solutions to do that.

I would encourage others looking into using Cisco Hybrid Mesh Firewall to evaluate the solution and understand each of the elements within it, as there are many different discrete enforcement points and policy points that live within Cisco Hybrid Mesh Firewall solution, and I would encourage them to become familiar with all of those different touch points so that they can most effectively implement their security strategy. I rate this solution a ten out of ten.

The main use case involves traffic filtering, detection, NAT, and generic firewall policy implementation.

With Cisco Hybrid Mesh Firewall, I appreciate that the central control is very effective, and the throughput and volume of traffic we can push through them is impressive.

We enforce security within our environment with a dedicated security team that conducts proactive monitoring, establishes baseline security standards, and evaluates network activity through alerts and other monitoring mechanisms.

For improving Cisco Hybrid Mesh Firewall, licensing is always a pain point and represents the worst aspect of the solution. While I am not certain about additional features, it would be beneficial to have better interoperability and VXLAN integrations, along with more advanced networking features. More capabilities would be better, and although they are already implementing some features, additional ones would be valuable.

I have been using Cisco Hybrid Mesh Firewall for longer than my tenure with the organization.

The stability and reliability of Cisco Hybrid Mesh Firewall used to be poor but has improved significantly. The initial teething problems were severe, though overall the current state is acceptable and not particularly problematic.

Cisco Hybrid Mesh Firewall scales well with the growing needs of our organization, especially with the newer models that are impressive. I am satisfied with the scalability I am observing.

My experience with customer service and technical support has been positive overall. However, the new technical support model is somewhat concerning due to the fragmentation of support becoming more license-based, which I find unsatisfactory. I will monitor how this develops.

When choosing Cisco Firewall, multiple solutions were likely considered. We utilize other vendors as well, as we are not a single vendor shop, maintaining a diverse mix of different vendors.

Our pricing structure is unusual because we work through CDW, so we do not receive standard pricing available to other customers. This results in special pricing where pricing is rarely a concern for us.

Currently, visibility, time, and resources are preventing me from expanding into additional security enforcements. We would prefer to implement more security measures, but we have significant work to complete before reaching that goal.

We run multiple types of applications, both monolithic and distributed, with hundreds of applications total.

Cisco Hybrid Mesh Firewall optimizes the experience in a hybrid or distributed enterprise setup. It has improved considerably with centralized management enhancements, making the experience much better now.

The challenges I face with hybrid or distributed enterprise networks include typical obstacles such as legacy applications, visibility constraints, and the difficulty of determining how applications actually function versus how they are described to work.

I rate this solution an 8 out of 10.

On-premises

Other