Cisco Secure Firewall Reviews

We primarily use it for our clients. We have one or more at each client site - or multiple locations if they have multiple locations.

Typically our clients are up to about 500 users. Most of them are smaller than that, but they go as large as 500. They're using the solution for the full next-gen firewall stacks - intrusion protection, URL filtering, advanced malware protection, or so-called AMP. Those are the three subscription services that Cisco sells. All of our clients have those subscription services enabled at their main location. Typically, they're just protecting users that are behind the firewall. We also use it for site-to-site VPN, and we use it for client-to-site VPN.

In terms of our clients, security is one of those things that, ideally, nobody notices. It improves the functioning in the sense that you don't get hacked. However, from a noticeable, management point of view, the URL filtering is a pretty significant enhancement. People are able to block access to various websites by category. It isn't revolutionary. Lots of products do this. However, it's a nice sort of add-on to a firewall product.

At the end of the day, the solution offers good productivity enhancement to a company.

Cisco's support is great. 

For experienced users, they are pretty much able do anything they want in the interface with few restrictions.

The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made." 

We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.

Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.

I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. It's too much if you don't know what you are looking for or trying to do.  

The GUI still uses Java, which feels out of date today. That said, it's an excellent GUI.

The biggest downside is that Cisco has multiple firewall lines. The ASA line which is what we sell, and we sell most of the latest versions of it, are kind of two families. One is a little older, one's a little newer. We mostly sell the newer family. Cisco is kind of de-emphasizing this particular line of products in their firewall stable. That's unfortunate. 

They have the ASA line, Meraki, which is a company they bought some years ago where all the management is sort of cloud interface that they provide rather than a kind of interface that you manage right on the box. They also bought Snort and they integrated the Snort intrusion detection into the ASA boxes. In the last couple of years, they've come out with a sort-of replacement to Snort, a line of firewalls that don't use IOS.

It's always been that the intrusion prevention and the based firewalling features had separate interfaces within IOS. They've eliminated IOS in this new product line and built it from the ground up. We haven't started using that product yet. They have higher performance numbers on that line, and that's clearly the future for them, but it hasn't reached feature parity yet with the ASA. 

The main downside is that it feels a little bit like a dead end at this point. One needs to decide to move to one of these other Cisco lines or a non-Cisco line, at some point. We haven't done the research or made the plunge yet.

What I would like to see is a more inexpensive logging solution. They should offer either the ability to maintain longer-term logs right on the firewall or an inexpensive server-based logging solution. Cisco has logging solutions, however, they're very high end.

We've been using the solution for 20 or more years. It's been well over two decades at this point.

The solution is solid. It's a big advantage of choosing Cisco. There are no worries about stability at all.

The scalability of the solution is good. Within our customer base, it is absolutely scalable. You can go very large with it. However, if you really want the highest speeds, you have to move off of the IOS ASA line and onto the newer stuff.

Typically our clients cap out at 500 employees.

Technical support is excellent. They are extremely knowledgeable and responsive. It'd rate the ten out of ten. We're quite satisfied with the level of support Cisco provides.

We did use Juniper's NetScreen product on and off for a while. We stopped using it about ten years ago now.

We had previous experience with the Cisco gear, so we were comfortable with it, and Juniper bought the NetScreen product and sunsetted it. You had to move into a different firewall product that was based on their equivalent of IOS, something called Juno OS, and we didn't like those products. Therefore, when they sunsetted the Juniper products, we looked around and settled on Cisco.

Due to the fact that we're experienced with it and we've scripted the command line, it's extremely simple for us. That said, I think it's complex for somebody that doesn't know the IOS platform.

We're Cisco resellers.

We're always on the latest version. I don't actually keep track of the version numbers myself, however, part of what the service that we provide for our clients is updating their firewalls to the latest version.

We use multiple deployment models. We use both on-premises and cloud versions. They are also all different sizes, according to the requirements of the company.

I'd advise other companies considering Cisco to be sure to factor in the cost of the ongoing security subscriptions and the ongoing SmartNet into the purchase price. Those things, over the years, represent more than the cost of the firewall itself - significantly more. However, I'd advise others to get the security subscriptions due to the fact that it really dramatically increases the security of the solution overall.

On a scale from one to ten, I'd rate them at an eight. We love the product, however, we feel like it's not Cisco's future direction, which is the only reason I would downgrade its score. To bring it up to a 10, they'd have to make it their main product line again, which they aren't going to do.

We are primarily using the solution to protect our network.

The security the solution offers is very good. Security-wise, it's the top in the world.

The product has excellent technical support.

The user interface is easy to navigate.

Everything is user friendly.

The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already very cheap and have less annual maintenance costs compared to Cisco.

I've been using the solution for a few years now.

The solution is reliable. We have been using it for more than a couple of years and we haven't had any problems. There's been no downtime and no hardware failures. It's pretty stable.

We've never tried to scale. We have a pretty small set up in our country. It's unlikely we will have to scale.

Currently, we have between 200 and 300 people on the solution.

The technical support has been very good. They are helpful and knowledgeable. We're quite satisfied with their level of service.

This is the first product of this nature that we have implemented. We didn't previously use a different solution.

Initially, the preliminary set up took us some time. However, we did have some local expertise in Pakistan. Once, when we were stuck on something, we could manage to get help from Cisco online. It wasn't that tricky or complex. In the end, it was straightforward.

We had some assistance with a local expert as well as Cisco.

There's an annual subscription. It's not cheap. It's quite pricey if you compare it to other competitors in Pakistan. There aren't any extra costs beyond the yearly licensing.

We pay about $200 yearly and we have two firewalls.

We are the customer. We are in the oil and gas business. We don't have a business relationship with Cisco.

I'd recommend the solution to others straight away. It's more or less a very standard option here in Pakistan.

Overall, on a scale from one to ten, I'd rate the solution at an eight.

We use Cisco ASAv as a firewall.

The best features are stability and scalability.

There are other solutions that are better such as Palo Alto.

The management test needs improvement. The ACM requires Java and you need to know which version of Java is compatible with your Cisco version. It needs a client.

The pricing could be reduced.

I would like to see the issue with the client resolved. You shouldn't have to use the ASDM to help manage the client. Also, it should be subscription-based similar to Palo Alto.

I have been working with Cisco ASAv for approximately eight years.

The stability is good, we have not had any issues.

Cisco ASAv is scalable.

We are satisfied with technical support. They are good.

We are also using Palo Alto. It's very easy to manage, especially the UI system. You can do anything you want.

Cisco is considered to be an expensive solution.

When comparing to other vendors, it's quite expensive.

I would rate Cisco ASAv a six out of ten.

Our primary use case for this solution is to improve network security. 

The maturity of our company's security implementation depends on our clients. Some of our clients really need a lot of work but some of them are advantaged. We are major implementors for Cisco. 

We implement it for our clients and we also use it internally. Our security maturity is advanced. We have been in IT business for over 75 years. We have major netowrk firewall experts in the company, so we know what to do. 

Our company uses more than thirty security tools. Ideally, we would use an end to end unified tool. But network security is far from that so we need to use multiple tools. 

Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality. 

The most valuable feature is the intelligence. It sends a warning for a potential attack, a zero-day attack. It sends us an advanced warning. We really like this feature. 

We use other Cisco tools for switches, routers, and AppDynamics. We also use their wireless tool. We are Cisco's biggest partner, so we use the majority of their solutions. This is one of the reasons people become a Cisco-shop, because of the integration. 

The integration between these products isn't perfect. 

Firepower provides us with application visibility and control. We have a standard evaluation procedure with around 136 criteria. We have a team that does the evaluation and there were viruses reported.

In terms of its ability to provide visibility into threats, we put a different application to be tested. We check how much we can see. What kind of network traffic goes through different devices. We know what's going on. If something went wrong, we see the attack, we know where and which attack. We put it into our testing center. You can never get 100% visibility. Sometimes we can't detect until the damage is done. That is the danger of being in the firewall business. You never know what kinds of tricks a hacker will use. It's endless work.

Talos is pretty decent. It offers smart intelligence. It helps my team detect what is going on. Without it, the ability of the power stations would be much less. Talos is one of the reasons that we go with Cisco. It is a big advantage.

We use automated policy application and enforcement. Any of the networks are very complex. It has freed up a lot of our time. Now, it's much better but it's still far from enough. We have saved 90% of our time due to the automation. 

Firepower has improved our enterprise defense ability by a lot. 

We use the whole suite of Cisco device management options. Compared to ten years ago, I have seen a lot of improvement, but it's still far from enough. I wish the intelligence will be improved. There is a big learning curve now. If a new gear comes into place, then the first three months aren't so accurate. With machine learning, it is getting better. The intelligence should be there from day one. But it will still need to learn the environment and which attack is the most common.

We are still trying to figure out the best practices for harmonizing policies and enforcement across heterogeneous networks. It's something new. More and more applications are going onto the cloud and we need the hybrid Firepower ability. 

The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.

There is a bit of an overlap in their offerings. Which causes clients to overpay for whatever they end up selecting. 

I have been using Firepower for 3 years. 

I see a lot of improvement in terms of stability but it's still not 100%. We still have bugs and things will go wrong that will cause the system to not function and we will have to reboot and restart. That is something that Cisco should fix. 

The scalability is reasonable and okay. 

One of the clients we have has 21,000,000 node. 

We use their support a lot. In my view, they need a lot of improvement. A lot of the representatives are far away and they don't have a lot of knowledge. You need to get to level two or three for them to be able to help. My team is very experienced so it takes a lot for us to make a call to technical support. We need to talk to the right person to work out the issue. The support structure is not able to reach the right level right away. This is a problem that Cisco needs to work a lot to improve one. 

We also use Palo Alto, Check Point, Fortinet, Juniper, and Microsoft. 

Cisco came into firewalls much later. I would say they're top ten but they're not number one yet. They need to do more work. Cisco does better than the smaller players. 

The best firewall option is Palo Alto. 

Considering the expertise and the way they detect an advanced attack, Palo Alto is better than Cisco. 

Compared to many years ago, the configuration is much more simplified. It is still not one button to get it all done. It's not easy enough. It hasn't reached the level where a junior staff member can get the job done. 

For my enterprise environment, the deployment goes wave by wave. It can take six to eight weeks. We do a rolling upgrade. It's not something that can be done in one action because the network is so huge and complex. 

We have a uniform implementation strategy. We have a standard upgrading proceeding. We do testing and verify and then we put it into production.  

We are the integrators and consultant team. 

18 months

Be careful

Yes

Get your homework done. Get to know in-depth what Cisco can do and compare it with Palo Alto. If you're happy with Cisco, go for it but Palo Alto is the safer choice. 

I would rate it an eight out of ten. 

We are a Cisco partner and we implement solutions for our customers who are generally in the banking sector and other private sectors.

They are using it as a data center firewall and to secure their internet connections. Our customers usually integrate the firewall with ISE, with a Firepower module for IPS, and there are some NAC solutions.

The solution enhances the performance of the network. It blocks most of the threats and it updates attack signatures so it protects customer data better. The loss of data would be a crisis for any customer. With the deep inspection and analysis and the threat updates, it gives you more protection and safety.

Our clients use automated policy application and enforcement. For example, when you have a very big deployment or a bank needs to deploy more branches, this saves a lot of time when doing the implementation. Similarly, when you add more users or you add more devices, when you create a profile of the policies, they will be available in a matter of minutes, regardless of the number of branches or users or applications. It reduces the time involved in that by 75 percent.

The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.

The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products.

Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco. 

It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat.

One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic.

In addition, Talos is an enhancement to Cisco firewalls, and provides a better view.

The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes.

When I deal with other firewalls like Palo Alto or Fortinet, I think there is some room for performance tuning and enhancement of the ASA. I'm not saying there is a performance issue with the product, but when compared to others, it seems the others perform a little bit better.

There could be enhancements to the cloud part of the solution. It's good now, but more enhancements would be helpful.

Finally, security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.

I have been using Cisco ASA NGFW for more than 10 years.

The ASA is stable. There may be some small stability issues, when compared to others, but it is a stable product. There could be enhancements to the ASA in this area when compared to other vendors, but it is not a problem with the product.

It is scalable, with virtualization and other features.

In terms of future-proofing our customers' security, we recommend the ASA. We have tested it in large environments and it's working well. The lesson I have learned from using Cisco ASA is that Cisco's research is continuous. They provide enhancements every day. It's a product for the future.

Technical support is a very strong point in Cisco's favor. I would rate it very highly. The support is excellent.

The setup is of medium difficulty. It is not very complex. Generally, when working in the security field, things are a little bit complex because you are integrating with many vendors and you are defending against a lot of different kinds of attacks.

The amount of time it takes to deploy the ASA depends on the complexity of the site where it is being set up. On average, it can take about a week. It could be that there are many policies that need to be migrated, and it depends on the integration. For the initial setup, it takes one day but the amount of time it takes beyond that depends on the security environment.

Our customers definitely see return on investment with Cisco ASA because when you protect your network there is ROI. If you lose your data you have a big loss. The ROI is in the security level and the protection of data.

The value of the pricing needs to be enhanced from Cisco because there are a lot of competitors in the market. There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.

My advice is to take care of and monitor your policies and be aware of the threats. You also have to be careful when changing policies. When you do, don't leave unused policies around, because that will affect performance. You should have audits of your firewall and its policies and follow the recommendations from Cisco support.

Among the things I have learned from using Cisco ASA is that integration is easy, especially with Cisco products. And the support helps you to integrate with anything, so you can integrate with products outside of the Cisco family as well.

We use the Cisco firewall for a number of things. We've got VPN tunnels, IPsec tunnels. We also use it for basic network layer filtering for our internal service, because we have a number of services that we offer out to clients, so that is the first device that they come across when they get into the network.

We have a network of six remote sites and we use proxy to go to the internet, and from the internet Cisco is the first line of defense. We have internet banking services that we offer to our clients, and that also makes use of the Cisco firewall as the first line of defense. And we've got a number of servers, a Hyper-V virtual environment, and we've got a disaster recovery site.

We had VAPT (vulnerability assessment and pen testing) done by external people to see our level of security from inside and outside and they managed to find some deficiencies inside. That's when they recommended that we should put in network access control. By integrating the ASA with Cisco ISE, that is what we are trying to achieve.

The whole idea is to make sure that any machines that are not on our domain should not be able to connect to the network. They should be blocked.

We also have Cisco switches deployed in our environment. All our active switches are Cisco. The ASA is integrated with them. This integration was done by a combination of our Cisco partner and in-house, because we did this at the time of setting up the infrastructure in 2016.

The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks. The VPN is also helpful.

Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed.

We have the ASA integrated with Cisco ISE for network access control. The integration was done by our local Cisco partner. It took them about a month to really get the solution up and running. I would like to believe that there was some level of complexity there in terms of the integration. It seems it was not very easy to integrate if the experts themselves took that long to really come up with a working solution. Sometimes we had to roll back during the process.

Initially, when we put it up, we were having issues where maybe it would be barring things from users completely, things that we wanted the users to access. So we went through fine tuning and now I think it's working as we expect.

We have been using Cisco ASA NGFW since 2016, when we launched.

The ASA is utilized 100 percent of the time. It's up all the time as it's a perimeter firewall. It's always up. It's our first line of defense. It's quite robust, we've never had issues with it. It's very stable.

We haven't maxed it out in terms of its capacity, and we've got up to about 200 users browsing the internet at any given time. In terms of throughput, we've got an ASA 5525 so it handles capacity pretty well. There aren't any issues there.

We have a Cisco partner, so if ever we did have issues we'd go through them, but up until now — this bank has been open for four years — we've never had an issue with the Cisco firewall.

We went with Cisco because it's a reputable brand and we also have CCNP engineers in our team as well. It's the brand of choice. We were also familiar with it from our past jobs.

The ROI is the fact that we haven't been attacked.

It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on FortiGate. That's where we really give Cisco firewalls the thumbs up.

From the point of view of total cost of ownership, the perpetual licensing works well in countries like ours, where we are facing challenges with foreign exchange. Trying to set up foreign payments has been a challenge in Zimbabwe, so the fact that we don't have to be subscribed and pay licenses on an annual basis works well. If you look at FortiGate, it's a good product, but we are always under pressure when renewal time comes.

Where Cisco falls a bit short is because of the fact that, if I want IPS, I have to buy another license. That's why I have my reservations with it. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges. That's unlike our next-gen FortiGate where everything comes out-of-the-box.

My advice is "go for it," 100 percent. If ever I was told to implement a network, ASA would definitely be part and parcel of the solution.

The biggest lesson we've learned from using the product is about the rapid growth of the product's offerings.

In terms of the maturity of our organization's security implementation, I would like to believe that we are about midway. We still need to harden our security. We need to conduct penetration testing every two years and, resources permitting, maybe yearly. The guys out there who do cyber security crimes are becoming more and more advanced, so there is a need for us to also upgrade our security.

We have a two-layer firewall setup, which is what is recommended as the standard for the payment card industry. We probably need solutions linked with cloud providers from the likes of Cisco, and to put in some bank-grade intrusion detection solutions. Because we have already adopted two technologies, Cisco and FortiGate, we might be looking at solutions from those two providers.

We're also looking at end-point security solutions. We've been using the one which comes with our Office 365 and Microsoft product, Windows Defender. We are going to be trialing their new end-point management solution. We are trying to balance things from a cost point of view and providing the right level of security.

In addition to Windows Defender and the firewalls — ASA and FortiGate — and the network access control, we also have SSL for the website.

As for application visibility and control, currently we're just using logging. We don't have the Firepower installed, so it's just general logging and scheduled checks here and there. As for threat visibility, for us the ASA is a perimeter firewall. Behind that firewall we have an IDS and an IPA. We actually have the license for Firepower but we haven't implemented it; it was just an issue of priorities at the time.

We have an offshore development center with around 1,400 users (in one location) where we have deployed this firewall.

The maturity of our organization’s security implementation is a four out of five (with five being high). We do have NOC and SOC environments along with in-built access to our systems. 

We use Acunetix as one of our major tools. We do have some open source. There are a couple of networks where we are using the Tenable tool. We have implemented an SIEM along with a Kaspersky at the cloud level. In the Cisco firewall, we installed Kaspersky in the firewall logs which upload to Kaspersky for us to review back.

Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.

The advance malware protection (AMP) is valuable because we didn't previously have this when we had an enterprise gateway. Depending on the end user, they could have EDR or antivirus. Now, we have enabled Cisco AMP, which give us more protection at the gateway level. 

The application visibility is also valuable. Previously, with each application, we would prepare and develop a report based on our knowledge. E.g., there are a couple business units using the SAS application, but we lacked visibility into the application layer and usage. We use to have to configure the IP or URL to give us information about usage. Now, we have visibility into concurrent SAS/Oracle sessions. This solution gives us more visibility into the inbound/outbound traffic being managed. This application visibility is something new for us and very effective because we are using Office 365 predominantly as our productivity tool. Therefore, when users are accessing any of the Office 365 apps, this is directly identified and we can see the usage pattern. It gives us more visibility into our operations, as I can see information in real-time on the dashboards.

The solution has positively affected our organization’s security posture. I would rate the effects as an eight (out of 10). There is still concern about the engagement between Cisco Firepower and Cisco ASA, which we have in other offices. We are missing the visibility between these two products.

We would like more application visibility and an anti-malware protection system, because we don't have this at the enterprise level.

The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.

Nearly a year.

So far, it has been stable.

We have around 32 people for maintenance. Our NOC team works 24/7. They are the team who manages the solution.

Scalability is one of our major business requirements. We are seeing 20 percent growth year-over-year. The plan is to keep this product for another four years.

We contacted Cisco directly when issues happened during the implementation, e.g., the management console was hacked.

We used Fortinet and that product was coming to end of life. We had been using it continuously for seven years, then we started to experience maintenance issues.

Also, we previously struggled to determine who were all our active users, especially since many were VPN users. We would have to manually determine who was an inactive user, where now the process is more automated. It also had difficult handling our load.

The initial setup was complex. We engaged NTT Dimension Data as there were a couple things that needed to be done for our requirements and validation. This took time to get signed off on by quality team. However, the configuration/implementation of the system did not take much time. It was a vanilla implementation.

We did face performance issues with the console during implementation. The console was hacked and we needed to reinstall the console in the virtual environment. 

We were engaged with a local vendor, NTT Dimension Data, who is a Cisco partner. They were more involved on the implementation and migration of the firewall. Some channels were reconfigured, along with some URL filtering and other policies that we used for configuration or migration to the new server.

Our experience with NTT Dimension Data has been good. We have been using them these past four to five years.

We have seen ROI. Our productivity has increased.

The change to Cisco Firepower has reduced the time it takes for our network guy to generate our monthly report. It use to take him many hours where he can now have it done in an hour.

Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.

There are additional implementation and validation costs.

We also evaluated Check Point, Palo Alto, Sophos, and Cisco ASA. In the beginning, we thought about going for Cisco ASA but were told that Firepower was the newest solution. We met with Cisco and they told us that they were giving more attention going forward to Firepower than the ASA product.

We did a small POC running in parallel with Fortinet. We evaluated reports, capability, and the people involved. Palo Alto was one of the closest competitors because they have threat intelligence report in their dashboard. However, we decided not to go with Palo Alto because of the price and support.

We are using Cisco at a global level. We have internally integrated this solution with Cisco Unified Communications Manager in a master and slave type of environment that we built. It uses a country code for each extension. Also, there is Jabber, which our laptop users utilize when connecting from home. They call through Jabber to connect with customers. Another tool that we use is Cisco Meraki. This is our all time favorite product for the office WiFi environment. However, we are not currently integrating our entire stack because then we would have to change everything. We may integrate the Cisco stack in the future. It should not be difficult to integrate since everything is a Cisco product. The only issue may be compliance since we have offices in the US and Europe.

We are now using a NGFW which helps us deep dive versus using a normal firewall.

Overall, I would rate Cisco Firepower as an eight (out of 10).

I protect my two servers with the help of Firepower. Both servers are connected to the Firepower and I monitor the traffic to both servers with it. I block traffic from all countries except the USA, for security purposes.

It meets my requirements regarding VPN, perimeter protection, and applications. I'm comfortable with what Firepower does for me. Firepower is the only security product deployed in my organization.

The Talos team is very expert and does a good job. It is a great achievement by Cisco for Firepower. It analyzes all the websites and viruses that could create vulnerabilities. Talos helps us by providing major protection. They maintain everything and we don't need any other security appliances. In the future, we may go for an email security appliance, but right now Firepower is enough for us. Without the Talos team, the Firepower might not fulfill our requirements.

For example, if I receive an email and it has a potentially malicious link, I can enter the link in the Talos website and it will provide me with all the details about the website link in the email, including which country and IP it is from. I always try to cross-check any potentially malicious links with Talos. It tells me whether I am vulnerable or not.

One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.

It also handles application vulnerabilities. I have blocked some applications in my Firepower. In addition, there are predefined policies that come with the Firepower and I have created my own policies as well.

We also use Cisco switches, the 2920 for Layer 2 and the 3560 for Layer 3. The Firepower is integrated with the 3560. I have configured a gateway on the 3560 and all our traffic goes through the switch and is then passed on to the Firepower. The integration between the two was very easy.

One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box.

I have been using Cisco Firepower for two years.

It's a very mature product and runs smoothly.

Before the Firepower I was using a traditional firewall, the ASA 5510. We went to the Firepower because the 5510 did not have port security, anti-malware protection, or IDS/IPS.

I have seen a lot of events using the Firepower: vulnerability events, countries, and IPs. As a result, I feel I am secure when compared with other firewalls. With my previous firewall, I didn't have the option of blocking a country, website, or IP.

I would advise using Firepower and not other products because other products do not have all the features available in Firepower.

We are looking to integrate with Cisco Umbrella next year and we will integrate our switches and Cisco Firepower with it.

It has been a good investment for my organization and I'm happy to be using it. All its features are good. It's a great firewall for a small business. But you really need to know what you are doing to get the most benefit from it. Overall, I don't think anybody can replace Firepower or Cisco.