Cisco Secure Firewall Reviews

The primary use is to block incoming threats from the internet, at the edge of the network.

It's performing well. We check the report of blocked pages, blocked attacks, etc.

Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure.

All the features are good. The GUI is among the most valuable.

It is on multiple boxes so ISP load balancing, multiple network load balancing would be helpful.

Also a web-based portal for VPN. Earlier they had it in the ASA model, but currently, they don't have it. The user needs to just click on the link so he can work.

It is quite stable, it is able to detect. But the malware part should probably be upgraded. Performance-wise it is good and it has a long life.

It has limits. If your network is going beyond it, then you'll have to replace it with higher model.

Technical support is good.

We have been using Cisco for a long time, various models. We had PIX, then ASA. We were quite comfortable with the performance, it never failed. But our old solution was coming to end-of-life. Also, this is able to more block more threats from the application layer, etc.

The most important criteria when selecting a vendor are 

• reputation
• technology
• features
• cost.
  

The initial setup was a bit complex.

My advice would depend on what your comfort level is. If you have already used Cisco, I would recommend this, to evaluate it at least. Evaluate it and learn how useful it is.

It gives good performance, the technology is quite good, sufficient for our objectives, protecting our network, etc. The missing two points are because they have to do make more improvements.

This solution is involved in the protection of the network perimeter and the VPN gateway.

It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

• AnyConnect
• Double translations
• Independent IPS module
• High performance
• Various methods of organizing a VPN

• Simplify licensing
• Do not combine the IPS module with the main operating system.
• In new products, leave the CLI.

We offer publishing services. It depends on our business, but we use this solution for security.

ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

• Reliability
• Robustness
• Security features
• High encryption, hashing, and integrity support
• Support
• High performance

Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

The use case has been for the banking sector, for one of our banking customers. According to them, it's working perfectly.

Monitoring, of course - the dashboard. It enables you to see what is happening.

It's lacking one feature: VPN. That is a feature we're looking for. Otherwise, the new devices have very good support, and the performance is quite good.

Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good.

So far, since we installed it, there have been no issues.

In terms of scalability, it is really expensive. It is scalable, but when it comes to pricing, the upgrading is a bit high.

It's not straightforward. You need to know what you're doing, you need to be trained. I don't know for other vendors whether it's the same issue, but for Cisco you have to be trained on the system.

Check Point and Fortigate. Generally, our customers choose Firepower because they've seen the system work somewhere before, and they see it is stable and working perfectly. Those are the reasons they opt for Firepower.

There are other solutions, like Fortigate, which are very good solutions, and cheaper for the customer. Even the support via subscription is favorable, in terms of pricing. I would really advise the customer to do some research first and come up with the best solution for their needs

I rate Firepower as an eight out of 10. It is a good solution but it is expensive compared to other products, like Fortigate. Still, some of our customers do prefer Firepower over the others.

My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others. 

Antivirus features must be integrated for end user security. They must be increased in the next version along with audit and restriction for the incoming user. Security must be increased when a new user connects over the LAN and an alarm must be generated.