Cisco Secure Firewall Reviews

We are using Cisco Secure Firewall on the edge of the network in our enterprise. We use it as a firewall and as an IPS device to protect against threats and malware, URL filtering, phishing, access control, VPN terminator, and site-to-site tunnels. We use all these features provided by Cisco Secure Firewall. I have 1140 FTD Firewalls, specifically the 1140 FTD model.

The most valuable feature I experience in Cisco Secure Firewall is in the IPS, along with the IPsec for IPsec tunneling with outside customers. I consider these specific features valuable to my organization because we have experienced and see the value for protection against malware and URL threats. We see there are a lot of attack attempts and ransomware, and we see how this device is very efficient.

We see the high availability feature in Cisco Secure Firewall. We have clustering nodes and we see how smooth the switching between the nodes is in case an incident occurs from the first node to the second node or the third node. So we see it offers high availability and redundancy to maintain the service up and running. All these features in Cisco Secure Firewall increase the efficiency level because it is very highly available, stable, and secure.

I wish to have a single management dashboard for Cisco Secure Firewall. There is no need to switch to the command line and into the management console, and I wish to reach this point to have one consolidated dashboard for all management requirements.

I have hands-on experience with Cisco Secure Firewall for more than 20 years.

My experience is very good with Cisco technologies in my current field. We have encountered stability and reliability, and we were very satisfied with this solution from the perspective of security and protection against any threats.

Cisco Secure Firewall is scalable. If we make a design or sizing very well with consulting the Cisco engineer, or if we always return to the Cisco teams to provide us with Cisco Validated Designs, we will achieve the scalability part.

I have used Cisco support when deploying Cisco Secure Firewall. Sometimes I need support, and we have a local partner supporting us, along with our own experience and references to the Cisco support cases and open cases with tech engineers. All these factors help us with deployment.

I would evaluate Cisco's customer support for Cisco Secure Firewall as near to 10. My experience with Cisco is above 22 years, and I have opened hundreds of cases with Cisco. The response time and the professionalism of the tech engineers are very helpful and efficient.

Before implementing Cisco Secure Firewall, we were using another vendor for firewalls in the data center and on the edge, and we encountered issues with efficiency. Sometimes the dashboard or the datasheet is not accurate about the efficiency or the threshold for the throughput, and the datasheet regarding throughput is not accurate in some vendors. But we see that the datasheet for Cisco is near accurate.

Deploying Cisco Secure Firewall is effective because it is advanced technology. It needs some experience, training, self-study, and support from the tech engineer side.

Cisco Secure Firewall increased my efficiency by above 90 percent.

My experience with pricing and licensing of Cisco Secure Firewall is that it is not too expensive. I think it is within the range of the market, and it is acceptable.

Before implementing Cisco Secure Firewall, I evaluated other vendors.

I have visibility into the threats that I encounter. I recommend customers who have never experienced a Cisco device to check the POC with Cisco. I think they will be satisfied. I would rate this review as a 9 out of 10.

We are running Cisco Secure Firewall firewalls as edge devices. It is very good to have FTD, a device like FTD and FMC for management of the devices.

I am Ahmed from Palestine, working with a service provider company for mobile and landlines. Our company, Jawwal, is a service provider for Palestine with about 3,000 employees serving all people in Palestine. We used to have Cisco devices and also other vendors because our security team always asks to have multiple vendors in our company. We are very happy to have Cisco Secure Firewall devices. Our favorite features are that it is the next-generation firewall, always providing an IPS capability and multi-homing for multiple devices, clustering, and similar functionalities. We also appreciate FMC for management. It is a very good and very strong device to have in our company. We use it as edge firewalls for our company. We have three data centers spread all around the country. We always use Cisco and try to bring Cisco devices to our company because we always have something new.

Cisco Secure Firewall has many features, so the most important thing in the next-generation firewall is an IPS and URL filtering. It is a very good experience to have FTD for IPS and URL filtering.

My favorite feature inside the firewall is an IPS integrated with Threat Defense. I would like to highlight some protection. I would like to mention something about the intelligence for the firewall. We are very much looking forward to having AI included in the firewalls from Cisco, and I am looking to know how I can get benefits from AI inside Cisco Secure Firewall devices. We are always looking for improvement for the devices, and Cisco is always doing that. The most benefit for the firewalls in our company, regarding protection, intrusion prevention, and URL filtering, is a very good feature to have.

We faced some issues, though they are not very big issues in the device. When managing these devices from FMC, we have some tricky points for the device flexibility regarding upgrade from one FMC to another FMC and bringing the devices inside to be managed by this FMC. This also applies regarding the flexibility for having the data or the device when upgrading from one hardware to another hardware. To make it more easily to have this configuration from this device to another device would be beneficial.

When upgrading, Cisco always makes something called end of life for the hardware devices. When going from one device to another device, it is very hard to have this configuration exported from this device and put it in another device. This affects our service continuity, potentially causing some interruption for our service provider because we are running in a very critical environment. This may affect our user experience.

The only bad experience is that exporting and importing from one device is problematic. If trying to make a scalable device to increase capability for the device, it is very hard to export the configuration from this device to another device. We have to do it manually. This is a very bad experience, but other things are very good.

We have been using this solution for more than seven years.

At IT, every time we may have something like this, but it is perhaps not related to the device itself. It depends on very wide other reasons. Sometimes, we have some downtimes because of something unknown, perhaps from the Linux kernel. Cisco engineers are always listening to us and contacting us for any improvement, which is why we love Cisco.

In the network world, there is nothing straightforward. We always have obstacles on our way. Cisco is very good regarding availability and the stability for the device. When something happens in the device, the failover happens very quickly without any interruption. This is our experience with Cisco, and we are looking forward to having more and more. It is not straightforward because of the complexity of the network. As a device, it is straightforward, but because of the complexity of the other things, we can find it not hard, but a little bit complex. It is not related to the device itself.

Cisco technical support is always doing a great job. While supporting us during our maintenance window for downtimes, it is very good. We are trying to have better support, and it is about financial issues because if going up with the support level, it becomes better and better. We need to make it more equitable.

Negative

Companies are always looking for security. If needing to have a secure firewall with high throughput and heavy-duty devices, we always have to choose Cisco devices because the reality of these devices may be better than any other vendor. Other vendors are very good also, but sometimes Cisco is more flexible than others.

We have to use solutions such as IPS and IDS also. It is in detection and IPS for prevention also, but it is a different device, so it may have added layers for our network and making problems around that experience we have with it. It is not because of the device or the vendor, but layers in the network making some delays and making some overhead on the network. Cisco is the vendor we use. When comparing devices financially, we can see that other devices have very advanced features and other vendors have very good advantages. Cisco always wins. Maybe it is financially good because we have very high features and there are real advantages and features. Regarding throughput, some other vendors say it is fake throughput, not like Cisco. Cisco, when they say one gig, it is one gig.

We have many models such as 2000, 2003, and 4005. We have about eight devices spread around the company. I would give Cisco Secure Firewall a rating of eight out of ten because we are always looking for improvement. Cisco is very stable. From my experience, Cisco Secure Firewall is very stable. Because of the many integrations with the ICE and SGT, it is very nice to have these features. We always can see improvements on Cisco. 

My main use cases for Cisco Secure Firewall are ensuring that the offices and the users are protected behind a firewall and that the segments on the network are created.

The feature I like the most about Cisco Secure Firewall is the management of it because I can remotely manage everything that I need to do, not only the firewall but also the access points, the switches, and other devices. When they call me, I can fix something remotely without needing to drive over there.

It is typically all in one dashboard, but if I go to Cisco Secure Access and Connect, then it becomes a little bit confusing related to what products I need to use and buy.

I think the aspect that can be improved in Cisco Secure Firewall solution is the marketing approach. As I mentioned before, it confuses me related to the umbrella portals for secure access, not the SSE part of it.

I am uncertain about how the end users go to the network and also to the internet. What was previously done in Meraki Secure Connect is now referred to with the marketing term Secure Access, which is confusing to me. I don't know which license I need. I don't know if I'm going to be transitioned or not, or if I'm supposed to migrate myself. This is confusing because I need to be in different portals nowadays still, and I don't know what the future will bring.

Even when I'm at Cisco, I ask around but they say to ask my partner to transition me, but it doesn't seem to be that simple.

I have been using Cisco Secure Firewall for two years.

I assess the stability and reliability of Cisco Secure Firewall solution as excellent. I don't have any crashes or downtime or anything like that, which is good.

I have also used Sophos, specifically Sophos firewalls, before.

The experience of deployment with Cisco Secure Firewall is very easy. I have been using Cisco Secure Firewall in the Meraki dashboard, which means I just need to connect them all and have my licenses ready. Deployment-wise, it is smooth and very straightforward.

I can say that it is always difficult to determine if I have seen a return on investment from having Cisco Secure Firewall solution. It is an insurance that I take, something I need to do, but I don't know if it has already prevented me from an attacker or anything like that.

My experience with the pricing, setup cost, and licensing is that it is all good. The initial price is good. The only issue is if I don't renew my licenses after three or five years, my box becomes useless and I can't do anything with it anymore. I need to have an active license to make sure that I can use the product. I understand that if I'm using it in a production environment, I need the support and the licenses.

However, from a sustainable point of view, if I don't have a license, I can't do anything with it anymore, even not on my local home server installation. I think that is a pity. I have never had anything without licenses, but I can imagine if I don't have a license, then it becomes like a brick.

Before choosing Cisco Secure Firewall, I considered another solution, specifically Fortinet, and I considered Cato Cloud or Cato Networks, along with other OT vendors as well, such as Moxa or Teltonika.

I chose Cisco first of all for the partner and then second of all for the pricing. The pricing was good enough to convince me to go ahead with Cisco because Cisco is a well-known brand all over the world, which I couldn't say from other OT vendors such as Moxa or Teltonika. That is why I chose Cisco.

I transitioned away from those systems with a hybrid approach. I still have small components on-site, but mostly everything is in the public cloud in Azure. Many SaaS services are also part of this.

In Azure, there is nothing for on-premises. There is nothing that the internal users are using. I have a website in AWS, but I am not using it actively, so it is outsourced.

I would give Cisco Secure Firewall more points if everything were all in one dashboard and they did not confuse me with marketing. Overall, I would rate this review an 8 out of 10.

My main use case for Cisco Secure Firewall is just control between outer boundary and inner boundaries.

The feature I appreciate the most about Cisco Secure Firewall is the FMC platform where it merges multiple firewalls into one management plane. An example of how features of Cisco Secure Firewall have benefited my organization is through easy deployment of access policies across a long array of devices. I assess Cisco Secure Firewall's ability to unify policies across my environment as a single pane of glass with the FMC. If I need to look up a policy or implement something, I just type in the name of the policy I made to see what objects apply to our policy. I appreciate that part.

Cisco Secure Firewall could be improved in several ways. I've noticed in different versions that some versions had packet caps and some didn't. The user interface could be improved, and maintaining a consistent version across the board would be beneficial. Ease-of-use is important, with the user-based interface and keeping plain language. In the next release of Cisco Secure Firewall, it should include features that utilize AI to speak plain language. For example, it could respond to, 'Hey, I want to do this thing,' and guide users accordingly. I know AI feedback is a hot topic, but I wonder how reliant that is on external connectivity. If it can work in an air-gap network, that would be significant.

I have been using Cisco Secure Firewall for at least a few years, maybe three or four years.

I evaluate the stability and reliability of Cisco Secure Firewall as quite strong since it's probably one of the few things that hasn't crashed on us. While I haven't experienced crashes with Cisco Secure Firewall, most of our issues don't come from it unless it's something we've blocked, preventing users from accessing areas. It's never been a device problem or related to the technical implementation of things.

I think Cisco Secure Firewall scales effectively with the growing needs of my organization because we work in boundary-level areas. Most of our users connect on the inside of the boundary and then egress out, making it easy for us to scale out to support thousands of users as long as they connect to that inner part.

My evaluation of customer service and technical support for Cisco is positive. TAC cases generally serve as a good option for anything we've had problems with Cisco devices, and the process is good. On a scale of one to ten, I would rate Cisco's customer service a 10.

Positive

Prior to adopting Cisco Secure Firewall, I was using Fortinet. The factor that led me to consider changing from Fortinet was its vulnerability problems. We scrapped that solution.

My experience with the deployment of Cisco Secure Firewall is pretty good.

Before selecting Cisco Secure Firewall, I considered a couple of other platforms, including some Palo Altos, for separate requirements that Cisco doesn't meet.

My experience with Cisco Secure Firewall is positive. I appreciate it because it has always been easy for me as an individual to navigate and manage anything Cisco-related.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is somewhat mixed. I have a concern about the GRE and the Snort inspection. Sometimes Snort would break GRE traffic when trying to tunnel from the outside in. Making a policy to allow GRE always breaks. But other than that, it's been straightforward.

This unified policy management is important to my organization because different functions in a network can apply to many other users. It allows us to see that from one pane of glass, and I can easily search it up by name or IP address. I use Cisco SecureX with Cisco Secure Firewall, mainly Firepower, and we integrate them in FMC.

The integration of Cisco SecureX with Cisco Secure Firewall doesn't really affect dwell time for my team. It just gives us the ability to filter out unwanted things from the outside. We don't use much cloud functionality, so I can't comment on the impact of the cloud-delivered firewall on our organization's security posture.

My evaluation of Cisco Secure Firewall in helping my organization implement a zero-trust security model is that we don't really use it for firewalls. We work with DNA center stuff and fabric-enabled technologies. We use the zero-trust model with 802.1X, but that's more unfirewall-related.

The process of using Cisco Secure Firewall is straightforward; you install it and decide whether to block or allow protocols. It's simple and easy. The language part makes it easy since a Cisco box is a Cisco box, and opening up TAC cases on the Cisco portal is straightforward.

My advice to other organizations considering Cisco Secure Firewall is to understand how a firewall works, know your network, and what you want to block and allow. Cisco has been good with their support level, so as long as they know Cisco, they should be fine. I rate Cisco Secure Firewall 10 out of 10.

My main use case for Cisco Secure Firewall is to secure a data center.

They help keep our environment more secure. 

The features I appreciate the most about Cisco Secure Firewall are the policies, ACLs, and traffic behavior analytics. These features have benefited my organization by keeping the environment more secure within the organization.

If I assess Cisco Secure Firewall's ability to unify policies across my environment on a scale of one to ten, it would be an eight. This is very important to my organization, as we work extensively with security because we are a bank, so we can keep the data safe.

I have not recently used any new features or functionalities in Cisco Secure Firewall, however, I would want to try more visibility and observability. My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is that it can improve. There is some traffic that is encrypted that needs to be decrypted to catch something and analyze and give some analytics, so that part needs to work more.

The dashboard needs to be more intuitive and easier to navigate. What stood out to me about Cisco Secure Firewall that made me choose to use it is that it is intuitive, but I feel it could be improved further in terms of intuitiveness. It could be improved to achieve easier configuration and more efficiency.

I have been using Cisco Secure Firewall for eight years.

I would evaluate the customer service and technical support on a scale of one to ten as a ten, as they have expertise and provide solutions for the most difficult problems, so we have had a very good experience.

Positive

We did have Fortinet previously. That had a more intuitive dashboard. 

We did consider other options, including Juniper.

I did not purchase via AWS Marketplace. 

At the moment, we are not using the cloud-delivered firewall. It could be better regarding encryption and encrypting traffic. I have not seen that part and we do not use it since we use it on Fortinet, however, that would be something that helps to keep the network more secure.

I would advise other organizations considering Cisco Secure Firewall that they can trust Cisco Secure Firewall and that they should provide training for their staff to achieve better and more efficient work.

On a scale of one to ten, I would rate Cisco Secure Firewall overall as an eight.

Cisco Secure Firewall's use case in our organization is justified because we operate in the financial industry where security best practices require multi-vendor products. We are running other vendors' solutions as well, and since Cisco is a prominent and one of the best vendors in the market, we opted for Cisco Secure Firewall. Both solutions serve our security requirements effectively.

The most valuable feature of Cisco Secure Firewall is the policy cleanup functionality. In the firewall, we have hundreds of policies deployed, and we often face a challenge regarding what to do with unused policies and how to remove them without impacting required access. Cisco Secure Firewall helps us identify the unused policies efficiently, and we are confident to remove them without any negative impact.

Cisco Secure Firewall helps our company overall because the firewall provides substantial capability when it comes to throughput, the number of policies, and the number of records. However, whenever traffic comes into the network, it must pass through all the policies and match the required ones, which takes considerable time. This solution helps us streamline our processes, streamline our information security requirements, and streamline our audit requirements to achieve our goals.

From the improvement perspective, I would identify automation as a key area. Whenever a requirement comes and needs to be deployed, there are individual rules to configure. When it comes to CLI, it was easy to create a script and copy-paste, but the GUI approach takes considerable time. Built-in automation would help significantly. Although there are options in the market such as Terraform or Ansible Tower with possible integration, having something built directly into Cisco Secure Firewall would be more beneficial.

I have been using Cisco Secure Firewall for a couple of years.

Cisco Secure Firewall is quite stable. While I experienced some issues when it was new in the market, the solution is stable now.

We are running other solutions as well, but being in the financial industry, we run multiple vendors and multiple firewalls. When I compare this solution with others, Cisco Secure Firewall is quite stable.

Cisco Secure Firewall is scalable and provides the required functionality and scalability from a throughput perspective and from a bandwidth perspective.

Regarding my experience with Cisco support for firewalls, we are using TAC support and partner support from Cisco. The experience is generally fine, but there is one area where we consistently face problems. Whenever we open a case, for example a P1 (severity one) case, an L2 engineer initially takes time to understand the requirement. Then the engineer mentions that their shift is going to finish and hands over to a new engineer, who takes additional time to get up to speed. This approach is not workable in our environment, especially in banking, where uptime is critical. This area requires improvement.

From the pricing and licensing perspective for Cisco Secure Firewall, we have multiple licenses covering threat intelligence, antivirus, and other security functionalities, and these come within the offering. This is satisfactory from that perspective. My overall review rating for Cisco Secure Firewall is 8 out of 10.

Cisco Secure Firewall can be used for perimeter security, IDS, IPS, and VPN purposes. When discussing secure access via Cisco Secure Firewall, it helps any roaming user, whether working from home, an airport, or in the office, to securely access any workload that could be located on a private cloud, public cloud, data center, or at the edge. It bypasses the on-premise firewall, but they offer firewall as a service, which is on the cloud and enables Secure Service Edge. Perimeter security is necessary and is part of their Secure Access offering, which is Firewall as a Service coming out of the cloud.

From Cisco Secure Firewall's security offering perspective, Cisco has a very comprehensive offering. Whether it is perimeter security in the form of firewall, user security for remote users for SASE, AI security, endpoint security, network security, or workload security, this fits very well into an overall security architecture proposed by Cisco, which is called a Security Reference Architecture. They have a very comprehensive range of products that integrate very well with their firewall. I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective.

Cisco Secure Firewall includes something called Secure Cloud Control, which provides single management for consolidating policy across multiple pieces of equipment, whether it is a SASE policy, firewall policy, or otherwise. Centralized policy management is possible within that firewall, and if you want to orchestrate the same policy across multiple security products, you can use Cisco Secure Cloud Control.

Different models exist for Cisco Secure Firewall. Every on-premise model has a limit to the throughput it can support, and up to that limit, it scales fine. After reaching that limit, you are supposed to replace the model. For on-premise solutions, this is the case. However, Firewall as a Service can scale to a very large extent because it is a cloud-based offering that can scale up to a very large number, which is not a problem.

Cisco Secure Firewall has been used and sold for at least three to four years.

Cisco Secure Firewall is quite stable. If I had to rate stability from zero to ten points for Cisco Secure Firewall, I would give it an eight.

Cloud-delivered firewall provides much better flexibility for an organization via Cisco Secure Firewall. First, you can ensure that any users coming from outside securely access any workload that the organization may be running either in a private cloud or public cloud on a hyperscaler. Second, it provides what is called local internet breakout, where any services not supposed to go through the firewall can do a local internet breakout. With Firewall as a Service, you can consume capacity as you grow, rather than trying to put one firewall for your peak load. This gives tremendous flexibility similar to the flexibility that exists in cloud consumption.

If I had to give points for technical support from Cisco, I would give it an eight. It is pretty good, and we do not face a challenge. The reason is that our own team is pretty capable technically, so we do not go back to Cisco for much support. Whenever we have requested support, they have been pretty responsive.

Positive

I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective. Cisco Secure Firewall helps with the Zero Trust Security Model. ZTNA is a concept that has to be implemented at every tier, including the firewall. You cannot implement zero trust without a firewall also supporting it. It is an important piece in building a zero trust architecture. The review rating for this product is an eight out of ten.

Cisco Secure Firewall is used to protect our edge network. We use site-to-site VPNs, VPN clients, and benefit from Next-Generation Firewall features including threat prevention, URL filtering, and application control.

I appreciate all of the features of Cisco Secure Firewall, but the most important ones are the URL filtering feature that gives control over what users try to browse or reach on the internet, along with the threat prevention that inspects all traffic going out of and incoming to our network, making them very powerful features.

For example, I want to restrict a group of employees from my area in a very secure department that is not allowed to reach the internet or browse any websites that might be malicious or harmful to our network. By applying URL filtering, I can restrict their access to only the allowed websites according to our policy, allowing them to use certain websites related to their work while restricting them from reaching other harmful websites.

With everyone discussing AI and threat intelligence, security is advancing further. In addition to the features we have, we might consider threat intelligence that uses AI for more investigation and analytics on malicious codes or access. If Cisco integrates Cisco Secure Firewall with the cloud using AI, which I am sure they are working on, that would be beneficial for customers.

The first Cisco firewall I used was the ASA back in 2008, which was a long time ago.

Cisco Secure Firewall is one of the best and most stable solutions I have encountered, with no crashes and a powerful, stable system that shows no degradation in performance.

So far, we have not had other sites to expand, but I am confident that with the current design and features from Cisco, it will be easily expandable. If I decide to put another firewall in a DR site or any HA site, it is simply an HA configuration that will integrate smoothly with the current firewall we have.

The Cisco team is a wonderful team, always helpful and ready to assist us anytime. Our local vendors and the Cisco TAC team provide support wherever we are and whenever we need it. I would rate the Cisco team a ten because they are very responsive and solve our issues. I have never been stuck on any cases, although some may take time depending on their complexity, but they are wonderful.

Positive

I have used firewalls including the Forcepoint firewall, which I found to be good, but it was complex in terms of user management, and my team suffered from the complexity of managing this firewall. I have also used FortiGate firewalls and Palo Alto firewalls.

All the mentioned products are Next-Generation Firewalls with similar features, but the main difference lies in how we use these features. The simplicity of using these features is the key point. The URL filtering and threat prevention features in Cisco Secure Firewall are very nice, simple, and easy to configure and apply to our network.

I find deploying Cisco Secure Firewall to be a little bit challenging, but once it is implemented on our network, it is stable with no problems or issues. It is not that complex, and if we know our network, the Cisco team is helpful in guiding us to achieve the best design and implementation.

Cisco is not a cheap product, but when discussing an excellent product, we should not expect it to be that cheap. We normally have agreements and get discounts because we have been a Cisco customer for a long time, so the prices are reasonable.

My advice to other companies considering Cisco Secure Firewall is to assess your network thoroughly and understand your security needs very well. I am confident that if you choose Cisco Secure Firewall from a technical point of view, it will meet all your requirements, and I highly recommend using it. I rate Cisco Secure Firewall a nine out of ten because I am expecting more from Cisco, and I am sure next time they will reach a ten.