Cisco Secure Firewall Reviews

Firewall and VPN.

I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.

Pro user-based firewall rules.

The solution that we have right now doesn't do what I want it to do. We don't have a ratified solution for all the things that I wanted to right across our business. We're doing similar functions using different technology and I want ratification. I want to be able to do more than what we are currently able to do with the existing service, all under the umbrella of improving security.

The product crashes. We have a cluster of firewalls and we regularly get failovers.

I have used technical support once, and they were superb.

When selecting a vendor, the most important criteria include:

• Security - the ability of the technology from a security perspective.
• The ability of the company to support the technology - knowledge of the product by the company. It may sound really silly to say that, but you'd be surprised how poor some companies' technical support is.
• The financial stability of the company.

I was involved in the initial setup. It was complex. 

Do your research, know what you want to achieve.

Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.

The primary use is to block incoming threats from the internet, at the edge of the network.

It's performing well. We check the report of blocked pages, blocked attacks, etc.

Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure.

All the features are good. The GUI is among the most valuable.

It is on multiple boxes so ISP load balancing, multiple network load balancing would be helpful.

Also a web-based portal for VPN. Earlier they had it in the ASA model, but currently, they don't have it. The user needs to just click on the link so he can work.

It is quite stable, it is able to detect. But the malware part should probably be upgraded. Performance-wise it is good and it has a long life.

It has limits. If your network is going beyond it, then you'll have to replace it with higher model.

Technical support is good.

We have been using Cisco for a long time, various models. We had PIX, then ASA. We were quite comfortable with the performance, it never failed. But our old solution was coming to end-of-life. Also, this is able to more block more threats from the application layer, etc.

The most important criteria when selecting a vendor are 

• reputation
• technology
• features
• cost.
  

The initial setup was a bit complex.

My advice would depend on what your comfort level is. If you have already used Cisco, I would recommend this, to evaluate it at least. Evaluate it and learn how useful it is.

It gives good performance, the technology is quite good, sufficient for our objectives, protecting our network, etc. The missing two points are because they have to do make more improvements.

This solution is involved in the protection of the network perimeter and the VPN gateway.

It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

• AnyConnect
• Double translations
• Independent IPS module
• High performance
• Various methods of organizing a VPN

• Simplify licensing
• Do not combine the IPS module with the main operating system.
• In new products, leave the CLI.

We offer publishing services. It depends on our business, but we use this solution for security.

ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

• Reliability
• Robustness
• Security features
• High encryption, hashing, and integrity support
• Support
• High performance

Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

The use case has been for the banking sector, for one of our banking customers. According to them, it's working perfectly.

Monitoring, of course - the dashboard. It enables you to see what is happening.

It's lacking one feature: VPN. That is a feature we're looking for. Otherwise, the new devices have very good support, and the performance is quite good.

Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good.

So far, since we installed it, there have been no issues.

In terms of scalability, it is really expensive. It is scalable, but when it comes to pricing, the upgrading is a bit high.

It's not straightforward. You need to know what you're doing, you need to be trained. I don't know for other vendors whether it's the same issue, but for Cisco you have to be trained on the system.

Check Point and Fortigate. Generally, our customers choose Firepower because they've seen the system work somewhere before, and they see it is stable and working perfectly. Those are the reasons they opt for Firepower.

There are other solutions, like Fortigate, which are very good solutions, and cheaper for the customer. Even the support via subscription is favorable, in terms of pricing. I would really advise the customer to do some research first and come up with the best solution for their needs

I rate Firepower as an eight out of 10. It is a good solution but it is expensive compared to other products, like Fortigate. Still, some of our customers do prefer Firepower over the others.