Cisco Secure Firewall Reviews

I have mainly worked with Cisco Firewall, specifically FTD and FMC, controlling the Firewall Threat Defenses from FMC, using Talos and Cisco ISE for approximately two and a half to three years. I completed a comprehensive re-architecture and added different vendors for a company called Gaming Laboratories International, where I extensively used their products.

For a span of two years, I extensively used Cisco products, ranging from switching and routers to firewall solutions for Gaming Laboratories International. For the last year, I have mainly worked with Palo Alto and Cato products, transitioning toward SD-WAN and SASE solutions.

At Gaming Laboratories International, I inherited a poorly designed network architecture and completely re-architected the network using Cisco Secure Firewall FTD and FMC across 45 different offices around the globe, spanning 435 jurisdictions at that time. My team and I used Cisco Secure Firewall as our internal firewall, securing the internal perimeter and protecting our DMZ from the inside. On the outside, we implemented Palo Alto because Cisco Secure Firewall could not handle the capabilities we required, such as application identification, which Palo Alto truly excels at.

Cisco Secure Firewall is quite scalable, and I have found it relatively easy to set up high availability. I have truly enjoyed the flexibility, without the need to use StackWise cables but simple Ethernet cables.

The benefit of Cisco Secure Firewall lies in keeping it to the basics through hardware, which costs a bit more, but the real problem emerges when integrating other platforms and their licensing, which is quite expensive. When calculating the total costs, including ISE, DNA Center, and hardware maintenance, it becomes exorbitant for medium-sized enterprises. It may work for large enterprises already entrenched in Cisco products.

The biggest inefficiency with Cisco Secure Firewall, to be honest, is the licensing—too many licenses for too many different products. There is not a single platform, which is essential nowadays. Cisco Secure Firewall is a bit of a colossus where they add weight on top of it, and I believe it amounts to simply placing products next to each other, which is not a very good solution from the perspective of a network security engineer.

There are many features I would personally remove, amend, or create differently from an engineering perspective. The Frankenstein architecture needs to stop and focus on AI. Nowadays, with different products, it is essential to have a single platform for better data and line application control. Everything about AI is to control application usage and how users interact with your systems.

The process with FMC is quite a hurdle, and attempting to integrate it with DNA Center or ISE turns into a nightmare. There is a stark contrast with Palo Alto and Prisma—everything just flows.

When setting up Cisco Secure Firewall, I encounter significant challenges, especially with on-premise Next-Generation Firewalls. There is lacking clarity in documentation, particularly when changing internet service providers or external IP addresses. This lack of guidance often leads to being locked out or corrupting files within the Next-Generation Firewall, resulting in wasted time troubleshooting.

I worked with Cisco Secure Firewall more than a year ago, exactly eleven months, to be precise.

I am really happy with the performance and capabilities of Cisco Secure Firewall to manage heavy workloads. Although it performs well, integrating the software with existing systems often creates complications.

Cisco Secure Firewall is quite scalable, and I have found it relatively easy to set up high availability.

Cisco's customer service and technical support respond in a timely manner, which is good. However, they do not always come up with effective solutions. Many times, I need to dig deep to find solutions due to the complexity of the environments where I work, especially in game development.

I would rate Cisco technical support as a seven. They deserve a six or seven for their efforts, but I feel sympathy for them given the challenging circumstances they work under.

At the moment, I do not use Cisco Secure Firewall at all. For the last eleven months, I have been working solely with Palo Alto Next-Generation Firewall, Prisma Access, and Cato. I am primarily integrating Cato for companies, and I have witnessed its rise over Cisco Secure Firewall because of its simplicity, ease of management, and deployment cost and time efficiency.

When setting up Cisco Secure Firewall, I encounter significant challenges, especially with on-premise Next-Generation Firewalls. There is lacking clarity in documentation, particularly when changing internet service providers or external IP addresses.

For high traffic rates and heavy CPU consumption, Cisco Secure Firewall could fit well. However, security can lead to lock-out situations, so those considering Cisco Secure Firewall should thoroughly assess their needs. SASE solutions are dominating the market; I primarily work with Cato, which finds traction in eight out of ten meetings I have with customers, with Palo Alto depending on the desired security posture.

I suggested in the design, and that was approved to be moved internally because Palo Alto had better capabilities to handle security concerns. Cisco Secure Firewall overly relies on administrators to do the heavy lifting to connect those platforms with open-source or third-party solutions. Licensing is a recurring issue—it would be much easier if there were a package, but that is not the case.

When we do not talk about money, time has become the critical factor where Cato massively outperforms Cisco Secure Firewall. I would rate this review a five point five overall.

Cisco Secure Firewall provides intelligent devices that can manage security issues between IT and OT environments. IT is an information technology environment consisting of servers and data centers, while OT environment is operational technology related to PLC cabinets and machines. When integrating both to work in business processes, security issues between IT and OT must be managed, and Cisco provides excellent devices for managing this challenge.

I primarily use Cisco Secure Firewall in manufacturing fields rather than applications. In a small area, I integrated Cisco with RADIUS for authentication purposes and TACACS, applying security rules to external access for suppliers from Europe and the USA to our environments.

I use cloud-delivered firewall in parts of our business because we have multiple locations distributed across Egypt and Germany. I needed to use a firewall in the cloud to publish security policies remotely and manage separate locations with the same vendor like Cisco.

The biggest benefit of Cisco Secure Firewall and the features that stand out to me are its excellent integration with PLC and manufacturing devices. This option cannot be found on other devices such as Sophos or FortiGate.

The unification of policies is very important to me because without unified communication between devices with the same rule and security policy, managing everything with separate technology and separate vendors would be very difficult. Cisco excels at this.

The deployment of Cisco Secure Firewall was completed in-house.

Regarding implementing a zero-trust security model, I did not pursue this option because zero-trust is new technology with significant human impact on business operations. I use multi-factor authentication instead, with devices such as YubiKey, which is a USB device for trusting device authentication with hardware, but I have not implemented zero-trust at this time.

I do see some drawbacks with the authentication portions of Cisco, which are very legacy and have not been improved for a long time, such as using 802.1X switches. These aspects must be improved.

I have been using Cisco Secure Firewall for ten years.

For some period of time, we were a partner with Cisco, and after that, we began working as a customer.

I see some ROI through savings, including time and money savings. When evaluating Cisco over a longer period, I save money because the service renewal costs are substantial compared to alternatives. If I consider FortiGate, each module costs money and each renewal costs money. When comparing Cisco with other vendors, I believe Cisco's licensing is better.

Some differences from a technical standpoint are that Cisco is more professional in creating and applying rules on devices and integrating with other infrastructure, particularly routers. If I wanted to integrate access points and switches with Sophos or FortiGate, I would have to purchase the same brand name from those vendors and not integrate with others. This is a significant limitation. With Cisco, I do not have to purchase everything from a single partner and can mix between providers to take advantage of each product's benefits.

We are currently using Cisco Secure Firewall ASA and are planning to use Cisco Vision. Cisco provides many tools to have visibility of packets moving on the network and enables capturing certain packets for analysis, which others cannot do.

Cisco Secure Firewall is very fair according to the benefits it provides. When comparing Sophos, FortiGate, and Cisco in terms of benefits and stability, Cisco is excellent.

Cisco Secure Firewall has a degree of complexity, but I believe it is more professional in deployment because it operates at the data link layer and network layer rather than only at the application and web levels. I rate this review as a nine out of ten.

We are using Cisco Secure Firewall on the edge of the network in our enterprise. We use it as a firewall and as an IPS device to protect against threats and malware, URL filtering, phishing, access control, VPN terminator, and site-to-site tunnels. We use all these features provided by Cisco Secure Firewall. I have 1140 FTD Firewalls, specifically the 1140 FTD model.

The most valuable feature I experience in Cisco Secure Firewall is in the IPS, along with the IPsec for IPsec tunneling with outside customers. I consider these specific features valuable to my organization because we have experienced and see the value for protection against malware and URL threats. We see there are a lot of attack attempts and ransomware, and we see how this device is very efficient.

We see the high availability feature in Cisco Secure Firewall. We have clustering nodes and we see how smooth the switching between the nodes is in case an incident occurs from the first node to the second node or the third node. So we see it offers high availability and redundancy to maintain the service up and running. All these features in Cisco Secure Firewall increase the efficiency level because it is very highly available, stable, and secure.

I wish to have a single management dashboard for Cisco Secure Firewall. There is no need to switch to the command line and into the management console, and I wish to reach this point to have one consolidated dashboard for all management requirements.

I have hands-on experience with Cisco Secure Firewall for more than 20 years.

My experience is very good with Cisco technologies in my current field. We have encountered stability and reliability, and we were very satisfied with this solution from the perspective of security and protection against any threats.

Cisco Secure Firewall is scalable. If we make a design or sizing very well with consulting the Cisco engineer, or if we always return to the Cisco teams to provide us with Cisco Validated Designs, we will achieve the scalability part.

I have used Cisco support when deploying Cisco Secure Firewall. Sometimes I need support, and we have a local partner supporting us, along with our own experience and references to the Cisco support cases and open cases with tech engineers. All these factors help us with deployment.

I would evaluate Cisco's customer support for Cisco Secure Firewall as near to 10. My experience with Cisco is above 22 years, and I have opened hundreds of cases with Cisco. The response time and the professionalism of the tech engineers are very helpful and efficient.

Negative

Before implementing Cisco Secure Firewall, we were using another vendor for firewalls in the data center and on the edge, and we encountered issues with efficiency. Sometimes the dashboard or the datasheet is not accurate about the efficiency or the threshold for the throughput, and the datasheet regarding throughput is not accurate in some vendors. But we see that the datasheet for Cisco is near accurate.

Deploying Cisco Secure Firewall is effective because it is advanced technology. It needs some experience, training, self-study, and support from the tech engineer side.

Cisco Secure Firewall increased my efficiency by above 90 percent.

My experience with pricing and licensing of Cisco Secure Firewall is that it is not too expensive. I think it is within the range of the market, and it is acceptable.

Before implementing Cisco Secure Firewall, I evaluated other vendors.

I have visibility into the threats that I encounter. I recommend customers who have never experienced a Cisco device to check the POC with Cisco. I think they will be satisfied. I would rate this review as a 9 out of 10.

My main use cases for Cisco Secure Firewall include firewall protection and managing the ingress and egress of a fabric and cloud, involving private cloud tasks, inter-domain, and inter-tenant processes, as well as handling whatever comes in and exits the fabric.

The features from the Firewall have benefited my organization by providing more integration with the Firewall Management Center and other Cisco tools such as ACI, APEX, ISE, and several others such as PXGrid, helping to create an ecosystem of Cisco solutions.

The feature I appreciate the most about Cisco Secure Firewall is its speed, especially for a 40-gig network. 

Improving Cisco Secure Firewall could involve adding more functionality on the box without needing an FMC, as some features become less effective without it. I find it hard to think of anything else to add since there are so many features now that it's challenging to use and understand them all.

I have been using Cisco Secure Firewall since it came out, which was just a year or two ago.

Regarding the stability and reliability of Cisco Secure Firewall, the only issues I encounter are with the Secure Firewalls we have in HA. Sometimes, if they are reloaded improperly, junior staff may fail to see the HA pair, requiring physical resetting of the ports to link them together. Beyond that, I have never had a problem with a Cisco Firewall, FMC, or any of their next-generation firewalls, which speaks for itself.

I would evaluate customer service and technical support for Cisco Secure Firewall as excellent, as my Cisco team for the Army has been exceptional. I don't know how you can get better, and I don't have any complaints after ten years with the same team from Cisco.

Positive

I haven't really seen ROI on Cisco Secure Firewall yet, as we are not in a business that focuses on that. We just need the security functionality.

My experience with pricing, setup costs, and licensing for Cisco Secure Firewall is pretty good. There are a lot of in-place contracts for us that provide the benefit of discounts.

Before selecting Cisco Secure Firewall, I considered other solutions such as Palo Alto. That was about it. I was mainly looking at layer seven firewalls. 

When comparing Cisco Secure Firewall to Palo Alto, what stood out positively was the FMC, which you can buy as either a physical or virtual appliance, allowing for the tying of all your firewalls to it, whereas Palo Alto lacks such functionality or the availability to do deeper analysis such as snort, making it clear that Cisco Secure Firewall wasn't really a competition.

My advice for organizations considering Cisco Secure Firewall is to take advantage of Cisco's C-Pot program, where you can actually use their equipment in a practical setting. This allows for firsthand comparisons with other vendors, giving you clear insights into how everything works, making it worthwhile to get demo gear from our Cisco team to test before making any purchases.

I rate Cisco Secure Firewall a nine out of ten. 

It's not perfect, as nothing truly is, however, I don't know of anything that compares to it, with Palo Alto being the closest option, though their layer seven firewalls are not as effective as those of Cisco Secure Firewall.

I have two different perspectives about my use cases for Cisco Secure Firewall. The first one is the device frontier, creating all the connections between on-premise, cloud, on-premise to on-premise, VPNs, NAT and also rules for secure endpoints or user endpoints for downloading malicious files or visiting different websites.

The other use case was threat intelligence, which I mostly used Snort rules or created Snort rules on the firewall to understand or catch early attackers before they started the attack.

Snort is one of the features of Cisco Secure Firewall that I know is an open-source rule, but it is really cool that the firewall allows you to create your own rules using this protocol for threat intelligence.

The flow of Cisco Secure Firewall is something that I have a lot of experience creating policies with, but the way the policies work is unusual. For example, they are using every single policy that cascades between each other, and other vendors do not use that kind of flow. Other vendors allow you to create one rule for a specific thing without needing to iterate something from another policy. That is something I do not dislike, but it is hard to work with that kind of flow.

As I mentioned, Cisco Secure Firewall's flow is easier with Palo Alto to create things and configure things, also with the policies. But this vendor does not have the possibility for Snort, so I need to work with what the vendor gives to me and it is not really free to use. On the basic configurations and day-to-day tasks that we are having using this tool, it is much easier to use Palo Alto than Cisco Secure Firewall. Cisco has the feature that is Snort, but it is more easy to use Palo Alto in general.

Compared to the license of Cisco Secure Firewall, it was expensive. Right now compared with Palo Alto, Cisco Secure Firewall is kind of expensive. Basically, the license for the VPNs is for all the interfaces, and that is the thing that is really expensive compared with Palo Alto.

I am not using Cisco Secure Firewall too much now because I left my previous company, but in previous companies I worked with Cisco Secure Firewall for four to five years.

There was basically one downtime with Cisco Secure Firewall that was for a DDoS attack. I think that it was due to a bad configuration from our side. Without those configurations, there were no issues. I would say that the product is pretty much stable and the issue was our fault.

Cisco Secure Firewall is scalable, but if you have the money for the license, then it is scalable.

I have had to contact Cisco technical support two times. One time was to integrate the firewall with the WLC, Wireless LAN controller, for wireless issues, and the other time was for the license that was not activated due to something that happened with the payments.

The first case on the WLC for Cisco Secure Firewall was not very good because it took more than one week with the first call and emails back and forth to resolve the issue. The answers from the technical assistance center gave me the sense that they did not really know what we needed to do or what we needed for escalations. On the other hand, for the payment issues for the license, that team was really clear and resolved the issue in less than 12 hours.

With my experience with those two support cases, I would rate Cisco technical support a seven on a scale from one to ten.

I have experience with Cisco in two parts. I worked with Cisco as the SM for one of the companies in Colombia, and I have also worked with other customers that use Cisco. I have been on both sides.

There are two ways for the initial deployment of Cisco Secure Firewall. We have the on-premise device, when I was working in that company, and we also deployed one of the solutions for Threat Defense on Azure. I think that it is easier for on-premise because you have direct connections, and if something happens troubleshooting all the initial IPs is better that way. It is pretty smooth to update it or create that firewall on Azure. On AWS, it is easy. They have some troubles with the Linux instance, but on Azure, it is pretty smooth.

Cisco Secure Firewall is all about taking care for Cisco right now. Previously it was not, but right now it is.

Compared to the license of Cisco Secure Firewall, it was expensive. Right now compared with Palo Alto, Cisco Secure Firewall is kind of expensive. Basically, the license for the VPNs is for all the interfaces, and that is the thing that is really expensive compared with Palo Alto.

I have used Fortinet and Palo Alto as alternatives to Cisco Secure Firewall.

It is hard to say, but right now I have been working with Palo Alto. That is currently my best option and I learned a lot from this vendor compared to Cisco Secure Firewall.

I have experience with Cisco in two parts. I worked with Cisco as the SM for one of the companies in Colombia, and I have also worked with other customers that use Cisco. I have been on both sides.

The last time with Cisco I was a partner.

My overall review rating for Cisco Secure Firewall is nine out of ten.

We are running Cisco Secure Firewall firewalls as edge devices. It is very good to have FTD, a device like FTD and FMC for management of the devices.

I am Ahmed from Palestine, working with a service provider company for mobile and landlines. Our company, Jawwal, is a service provider for Palestine with about 3,000 employees serving all people in Palestine. We used to have Cisco devices and also other vendors because our security team always asks to have multiple vendors in our company. We are very happy to have Cisco Secure Firewall devices. Our favorite features are that it is the next-generation firewall, always providing an IPS capability and multi-homing for multiple devices, clustering, and similar functionalities. We also appreciate FMC for management. It is a very good and very strong device to have in our company. We use it as edge firewalls for our company. We have three data centers spread all around the country. We always use Cisco and try to bring Cisco devices to our company because we always have something new.

Cisco Secure Firewall has many features, so the most important thing in the next-generation firewall is an IPS and URL filtering. It is a very good experience to have FTD for IPS and URL filtering.

My favorite feature inside the firewall is an IPS integrated with Threat Defense. I would like to highlight some protection. I would like to mention something about the intelligence for the firewall. We are very much looking forward to having AI included in the firewalls from Cisco, and I am looking to know how I can get benefits from AI inside Cisco Secure Firewall devices. We are always looking for improvement for the devices, and Cisco is always doing that. The most benefit for the firewalls in our company, regarding protection, intrusion prevention, and URL filtering, is a very good feature to have.

We faced some issues, though they are not very big issues in the device. When managing these devices from FMC, we have some tricky points for the device flexibility regarding upgrade from one FMC to another FMC and bringing the devices inside to be managed by this FMC. This also applies regarding the flexibility for having the data or the device when upgrading from one hardware to another hardware. To make it more easily to have this configuration from this device to another device would be beneficial.

When upgrading, Cisco always makes something called end of life for the hardware devices. When going from one device to another device, it is very hard to have this configuration exported from this device and put it in another device. This affects our service continuity, potentially causing some interruption for our service provider because we are running in a very critical environment. This may affect our user experience.

The only bad experience is that exporting and importing from one device is problematic. If trying to make a scalable device to increase capability for the device, it is very hard to export the configuration from this device to another device. We have to do it manually. This is a very bad experience, but other things are very good.

We have been using this solution for more than seven years.

At IT, every time we may have something like this, but it is perhaps not related to the device itself. It depends on very wide other reasons. Sometimes, we have some downtimes because of something unknown, perhaps from the Linux kernel. Cisco engineers are always listening to us and contacting us for any improvement, which is why we love Cisco.

In the network world, there is nothing straightforward. We always have obstacles on our way. Cisco is very good regarding availability and the stability for the device. When something happens in the device, the failover happens very quickly without any interruption. This is our experience with Cisco, and we are looking forward to having more and more. It is not straightforward because of the complexity of the network. As a device, it is straightforward, but because of the complexity of the other things, we can find it not hard, but a little bit complex. It is not related to the device itself.

Cisco technical support is always doing a great job. While supporting us during our maintenance window for downtimes, it is very good. We are trying to have better support, and it is about financial issues because if going up with the support level, it becomes better and better. We need to make it more equitable.

Negative

Companies are always looking for security. If needing to have a secure firewall with high throughput and heavy-duty devices, we always have to choose Cisco devices because the reality of these devices may be better than any other vendor. Other vendors are very good also, but sometimes Cisco is more flexible than others.

We have to use solutions such as IPS and IDS also. It is in detection and IPS for prevention also, but it is a different device, so it may have added layers for our network and making problems around that experience we have with it. It is not because of the device or the vendor, but layers in the network making some delays and making some overhead on the network. Cisco is the vendor we use. When comparing devices financially, we can see that other devices have very advanced features and other vendors have very good advantages. Cisco always wins. Maybe it is financially good because we have very high features and there are real advantages and features. Regarding throughput, some other vendors say it is fake throughput, not like Cisco. Cisco, when they say one gig, it is one gig.

We have many models such as 2000, 2003, and 4005. We have about eight devices spread around the company. I would give Cisco Secure Firewall a rating of eight out of ten because we are always looking for improvement. Cisco is very stable. From my experience, Cisco Secure Firewall is very stable. Because of the many integrations with the ICE and SGT, it is very nice to have these features. We always can see improvements on Cisco. 

My main use cases for Cisco Secure Firewall are ensuring that the offices and the users are protected behind a firewall and that the segments on the network are created.

The feature I like the most about Cisco Secure Firewall is the management of it because I can remotely manage everything that I need to do, not only the firewall but also the access points, the switches, and other devices. When they call me, I can fix something remotely without needing to drive over there.

It is typically all in one dashboard, but if I go to Cisco Secure Access and Connect, then it becomes a little bit confusing related to what products I need to use and buy.

I think the aspect that can be improved in Cisco Secure Firewall solution is the marketing approach. As I mentioned before, it confuses me related to the umbrella portals for secure access, not the SSE part of it.

I am uncertain about how the end users go to the network and also to the internet. What was previously done in Meraki Secure Connect is now referred to with the marketing term Secure Access, which is confusing to me. I don't know which license I need. I don't know if I'm going to be transitioned or not, or if I'm supposed to migrate myself. This is confusing because I need to be in different portals nowadays still, and I don't know what the future will bring.

Even when I'm at Cisco, I ask around but they say to ask my partner to transition me, but it doesn't seem to be that simple.

I have been using Cisco Secure Firewall for two years.

I assess the stability and reliability of Cisco Secure Firewall solution as excellent. I don't have any crashes or downtime or anything like that, which is good.

I have also used Sophos, specifically Sophos firewalls, before.

The experience of deployment with Cisco Secure Firewall is very easy. I have been using Cisco Secure Firewall in the Meraki dashboard, which means I just need to connect them all and have my licenses ready. Deployment-wise, it is smooth and very straightforward.

I can say that it is always difficult to determine if I have seen a return on investment from having Cisco Secure Firewall solution. It is an insurance that I take, something I need to do, but I don't know if it has already prevented me from an attacker or anything like that.

My experience with the pricing, setup cost, and licensing is that it is all good. The initial price is good. The only issue is if I don't renew my licenses after three or five years, my box becomes useless and I can't do anything with it anymore. I need to have an active license to make sure that I can use the product. I understand that if I'm using it in a production environment, I need the support and the licenses.

However, from a sustainable point of view, if I don't have a license, I can't do anything with it anymore, even not on my local home server installation. I think that is a pity. I have never had anything without licenses, but I can imagine if I don't have a license, then it becomes like a brick.

Before choosing Cisco Secure Firewall, I considered another solution, specifically Fortinet, and I considered Cato Cloud or Cato Networks, along with other OT vendors as well, such as Moxa or Teltonika.

I chose Cisco first of all for the partner and then second of all for the pricing. The pricing was good enough to convince me to go ahead with Cisco because Cisco is a well-known brand all over the world, which I couldn't say from other OT vendors such as Moxa or Teltonika. That is why I chose Cisco.

I transitioned away from those systems with a hybrid approach. I still have small components on-site, but mostly everything is in the public cloud in Azure. Many SaaS services are also part of this.

In Azure, there is nothing for on-premises. There is nothing that the internal users are using. I have a website in AWS, but I am not using it actively, so it is outsourced.

I would give Cisco Secure Firewall more points if everything were all in one dashboard and they did not confuse me with marketing. Overall, I would rate this review an 8 out of 10.

Our main use cases include segmenting different networks for IPS and IDS, using it for basic firewall purposes, controlling ACLs, and monitoring traffic to identify issues within the network.

Currently, I find the event viewer feature of Cisco Secure Firewall very useful as it visually displays what is being blocked or allowed by the ACL. I also appreciate the improved visual presentation of the ACL layout. 

We have many different opportunities to share incidents with individuals on how traffic flows through the network, and we utilize Cisco Secure Firewall features such as network packet inspection to ensure that policies are applied correctly and to monitor traffic for what is blocked, allowed, or denied.

Cisco Secure Firewall's ability to unify policies across our environment is pretty good. 

We can deploy different features and ACLs between various firewalls easily with the FMC, which has improved significantly from the initial deployment time, which was once poor and is now manageable for multiple firewalls.

We use the new AnyConnect or Secure Connect VPNs, which works pretty well. Although we haven't switched to the latest series to utilize the VPNs fully, I appreciate the deployment phase where we can track our deployment progress.

What stands out positively about Cisco is their training and support, which has effectively prepared engineers to work with their products. When hiring, I find it beneficial that most network engineers are familiar with Cisco, whereas I might question the expertise of those trained with Palo Alto or Fortinet.

Performance-wise, Cisco seems to be the best. For instance, my sister company uses Palo Alto and Juniper and reports a high RMA rate. In contrast, we have only RMAed one Cisco Secure Firewall in six years, indicating stability and dependability.

The interface of Cisco Secure Firewall works effectively once you become familiar with its layout, although hiring engineers requires training on the platform, especially as updates occur. They should prioritize adding to the existing product rather than overcomplicating it with new features that may not be necessary.

Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities.

Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. 

My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time.

For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. 

If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.

I have been using Cisco Secure Firewall for about six years.

The process of expanding the usage was fairly smooth. My assessment of the stability and reliability of Cisco Secure Firewall is great from a hardware perspective, yet only okay from a software perspective. 

I have experienced downtime crashes and performance issues. Specifically, the FTDs have had High Availability (HA) issues, which I struggle to understand, especially concerning switch connections and HA setups between firewalls.

We have often encountered split-brain scenarios during failover processes and code upgrades, which have been persistent problems for us. It seems that Cisco lacks enough skilled technical support engineers to quickly resolve these issues, often requiring escalation that takes too long.

Cisco Secure Firewall scales incredibly well with our growing needs. We recently transitioned to the new 4100s and we have only just reached the firewall's limitations after five years, indicating that it has been able to build for our future success.

I would rate customer service and technical support about a five out of ten, sometimes dipping to a four depending on the time of day. As in many support models, the quality depends on the region. Some TAC engineers are better in specific areas, such as India or South America. However, they often lack the skills to troubleshoot effectively, leading to repetitive troubleshooting sessions and unresolved issues.

Neutral

Prior to adopting Cisco Secure Firewall, I used solutions such as SonicWall and Juniper firewalls. I didn't prefer Juniper and found Cisco Secure Firewall to be the most stable firewall I've worked with.

The deployment time could be improved. The deployment was good, however, it could be sped up. There was a bit of a learning curve as well. 

What works well is the interface. It's pretty good as far as knowing where to go and the layout. When hiring engineers, they need to know the platform. In terms of updates, sometimes they bolt on too much.

I have not seen ROI with Cisco Secure Firewall initially, however, over time, it has paid for itself as we scale our business.

My experience with pricing, setup costs, and licensing was a nightmare. It is indeed challenging as Cisco has too many variations of support with no clear explanation of what you are actually getting. 

Sales representatives try their best but often fall short, making it complicated for users to understand what licenses are included with the product, leading to confusion over various levels of support.

Before selecting Cisco Secure Firewall, I considered Fortinet and Palo Alto, and I even thought about sticking with ASAs. We still operate a couple of FTDs alongside ASAs, which creates internal competition. Fortinet, in particular, has remained a competitive option.

We did not purchase this on the AWS Marketplace. 

My advice to organizations considering Cisco Secure Firewall would be to recognize the tendency for Cisco to overcomplicate things. However, they are striving for simplification in their firewall products. If someone has experience with ASAs, they can adapt to FTDs as easily. Cisco should focus on learning from competitors to enhance its features and remain competitive in the market. 

If you want a stable solution with fewer vulnerabilities, Cisco Secure Firewall is likely to meet your needs as it requires fewer upgrades compared to competitors.

On a scale of one to ten, I rate Cisco Secure Firewall a seven.

My main use case for Cisco Secure Firewall is to secure a data center.

They help keep our environment more secure. 

The features I appreciate the most about Cisco Secure Firewall are the policies, ACLs, and traffic behavior analytics. These features have benefited my organization by keeping the environment more secure within the organization.

If I assess Cisco Secure Firewall's ability to unify policies across my environment on a scale of one to ten, it would be an eight. This is very important to my organization, as we work extensively with security because we are a bank, so we can keep the data safe.

I have not recently used any new features or functionalities in Cisco Secure Firewall, however, I would want to try more visibility and observability. My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is that it can improve. There is some traffic that is encrypted that needs to be decrypted to catch something and analyze and give some analytics, so that part needs to work more.

The dashboard needs to be more intuitive and easier to navigate. What stood out to me about Cisco Secure Firewall that made me choose to use it is that it is intuitive, but I feel it could be improved further in terms of intuitiveness. It could be improved to achieve easier configuration and more efficiency.

I have been using Cisco Secure Firewall for eight years.

I would evaluate the customer service and technical support on a scale of one to ten as a ten, as they have expertise and provide solutions for the most difficult problems, so we have had a very good experience.

Positive

We did have Fortinet previously. That had a more intuitive dashboard. 

We did consider other options, including Juniper.

I did not purchase via AWS Marketplace. 

At the moment, we are not using the cloud-delivered firewall. It could be better regarding encryption and encrypting traffic. I have not seen that part and we do not use it since we use it on Fortinet, however, that would be something that helps to keep the network more secure.

I would advise other organizations considering Cisco Secure Firewall that they can trust Cisco Secure Firewall and that they should provide training for their staff to achieve better and more efficient work.

On a scale of one to ten, I would rate Cisco Secure Firewall overall as an eight.

Cisco Secure Firewall can be used for perimeter security, IDS, IPS, and VPN purposes. When discussing secure access via Cisco Secure Firewall, it helps any roaming user, whether working from home, an airport, or in the office, to securely access any workload that could be located on a private cloud, public cloud, data center, or at the edge. It bypasses the on-premise firewall, but they offer firewall as a service, which is on the cloud and enables Secure Service Edge. Perimeter security is necessary and is part of their Secure Access offering, which is Firewall as a Service coming out of the cloud.

From Cisco Secure Firewall's security offering perspective, Cisco has a very comprehensive offering. Whether it is perimeter security in the form of firewall, user security for remote users for SASE, AI security, endpoint security, network security, or workload security, this fits very well into an overall security architecture proposed by Cisco, which is called a Security Reference Architecture. They have a very comprehensive range of products that integrate very well with their firewall. I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective.

Cisco Secure Firewall includes something called Secure Cloud Control, which provides single management for consolidating policy across multiple pieces of equipment, whether it is a SASE policy, firewall policy, or otherwise. Centralized policy management is possible within that firewall, and if you want to orchestrate the same policy across multiple security products, you can use Cisco Secure Cloud Control.

Different models exist for Cisco Secure Firewall. Every on-premise model has a limit to the throughput it can support, and up to that limit, it scales fine. After reaching that limit, you are supposed to replace the model. For on-premise solutions, this is the case. However, Firewall as a Service can scale to a very large extent because it is a cloud-based offering that can scale up to a very large number, which is not a problem.

Cisco Secure Firewall has been used and sold for at least three to four years.

Cisco Secure Firewall is quite stable. If I had to rate stability from zero to ten points for Cisco Secure Firewall, I would give it an eight.

Cloud-delivered firewall provides much better flexibility for an organization via Cisco Secure Firewall. First, you can ensure that any users coming from outside securely access any workload that the organization may be running either in a private cloud or public cloud on a hyperscaler. Second, it provides what is called local internet breakout, where any services not supposed to go through the firewall can do a local internet breakout. With Firewall as a Service, you can consume capacity as you grow, rather than trying to put one firewall for your peak load. This gives tremendous flexibility similar to the flexibility that exists in cloud consumption.

If I had to give points for technical support from Cisco, I would give it an eight. It is pretty good, and we do not face a challenge. The reason is that our own team is pretty capable technically, so we do not go back to Cisco for much support. Whenever we have requested support, they have been pretty responsive.

Positive

I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective. Cisco Secure Firewall helps with the Zero Trust Security Model. ZTNA is a concept that has to be implemented at every tier, including the firewall. You cannot implement zero trust without a firewall also supporting it. It is an important piece in building a zero trust architecture. The review rating for this product is an eight out of ten.