Cisco Secure Firewall Reviews

We use Cisco Secure Firewalls to secure our business.

Cisco Secure Firewall is a Layer 7 next-generation firewall, providing us with a significant amount of visibility into our traffic patterns and the traffic passing through the firewall. It informs us about the zones that facilitate a smooth data flow, where the data is being directed, and covers ingress and egress all the way up to layer seven. Therefore, I believe the visibility it offers is excellent.

Cisco Secure Firewall is effective in securing our infrastructure from end to end, enabling us to detect and remediate threats. However, the way we currently utilize it may not be the most optimal approach to fully leverage its end-to-end capabilities. Nonetheless, considering its purpose within our usage, it effectively fulfills its intended role.

The ability of Cisco Secure Firewall to enhance our organization's cybersecurity posture and resilience is commendable. Cisco Secure Firewall serves as our primary line of defense, deployed at the Internet edge of every site across the globe.

The most valuable feature is zone segmentation, which we utilize through the Firepower management console. This allows for centralized management, which proves highly useful. In the past, when using Cisco Firewalls, we had to manage them independently. However, now we have a single unified interface to manage all our Cisco Firewalls worldwide.

The Cisco Firewall UI could be improved. While having a centralized management console is a significant improvement, I believe there are several enhancements that could be made to the UI to enhance its user-friendliness and improve the overall flow. This is particularly important during troubleshooting, as we want to avoid wasting time navigating through different sections and excessive clicking. It would be beneficial to have everything readily accessible and a smoother flow to quickly reach the desired locations.

I believe Cisco needs to make the appliance more automated in order to provide us with additional time. This would eliminate the need for us to manually go through the firewall, search, find, and troubleshoot everything. It would be beneficial if the appliance had some form of AI integrated to generate such information, enabling us to quickly identify the problem. If necessary, we could then delve deeper into the issue.

I have been using Cisco Secure Firewall for 19 years.

Cisco Secure Firewall is stable.

The scalability of Cisco Secure Firewall depends on the different models available, as each model may have a fixed scalability level. Therefore, the scalability we obtain will vary depending on the specific model we utilize.

The quality of technical support varies. We occasionally receive excellent technicians, while other times we do not. Consequently, I believe it is preferable to rely more on the competent ones rather than the subpar ones.

Neutral

We had previously used Check Point but decided to switch to Cisco Secure Firewall. The reason for this switch was the lower cost and our company's desire to remove Check Point from our environment. It was an excellent deal, and the technology was on par. We did not lose any functionality or experience any drawbacks by choosing Cisco over Check Point. In fact, I believe we gained additional features, and Cisco is more widely adopted and supported compared to Check Point. Therefore, I am confident that we made the right decision.

The initial setup was complex. Firstly, we were migrating from a completely different platform and vendor to Cisco. Therefore, the ruleset migration was not only complex but also tedious because there was no suitable migration tool available for transitioning from Check Point to Cisco Firepower. The second part involved a complete change in our design, as we opted for a more zone-based approach where our checkpoints are more streamlined. This complexity was a result of our own decision-making.

We utilized our partner, ConvergeOne, for the integration, and they were exceptional. They demonstrated sharp skills, and together we successfully completed the job. The entire process took us a year during which we managed to cover every site within our company.

We have witnessed a return on investment through the capabilities of Cisco Secure Firewall itself, along with its numerous threat defense technologies. As a result, we do not need to purchase additional tools to enhance the firewall; everything is already integrated. Therefore, I believe this was a significant victory for us.

The pricing structure for Cisco Secure Firewall can be challenging to manage. It involves separate line items that need to be carefully tracked, such as SmartNet, FCD licenses, and other license features. This complexity adds to the difficulty of dealing with the pricing.

I rate Cisco Secure Firewall an eight out of ten.

Cisco Secure Firewall has not helped consolidate any of our applications or tools.

We use Cisco Talos to pull the signatures for everything we download. However, we don't rely on Cisco Talos for our day-to-day operations. 

Cisco Secure Firewall is a commendable product and holds a leadership position in the industry. While there are other competitors available, it is certainly worth considering, particularly for organizations that already utilize Cisco switching, routing, and related infrastructure. Cisco Secure Firewall can seamlessly integrate into the existing ecosystem, making it an appealing option to explore.

Having in-house expertise in Cisco and its products is indeed valuable when making a decision to go with Cisco Secure Firewall. The fact that our team already had a lot of expertise and experience with Cisco products played a significant role in the decision-making process.

We are Cisco partners. We have been selling Cisco products for more than 25 years, and we are a major player in various African markets, such as Morocco and French-speaking countries in Africa.

We have been offering a wide range of Cisco-branded security products. The most important ones were the ASA firewalls, and now, we have the next-generation ones, XDR, and all the applications or all hybrid security solutions offered by Cisco, including Umbrella, on-premise Identity Service Engine, and all the other third-party solutions.

Our main objective is to show customers the added value of Cisco products and how they can tackle all the security issues and all the threats or the cyber security issues rising on a daily basis nowadays. Cisco Talos, for instance, is something that we propose, and we also propose all the restrictions to be up-to-date. Cisco's ecosystem is very wide in security, so we have very good use cases. 

In the beginning, customers used to implement ASA firewalls mainly as the network firewall in data centers, branch offices, all locations, and also in the DMZ. Nowadays, the perspective has changed, and also with the design requirement, the nature of the cloud hybrid solutions leads us to use more sophisticated tools based in the cloud, but we still cover all the security aspects from the branch office to the data centers.

Cisco adds value by providing various solutions such as Umbrella and Duo. It's a combination. An existing firewall system only protects or controls flow on a daily basis in a normal production environment, but when it comes to security threats, we need to add more components. This is why Cisco is offering a wide range of products. Cisco is completely handling all the aspects from end to end with micro-segmentation, for instance. Identity Service Engine can handle the end-users' protection, and in the end, for the data center, we have different tools, and this is how we can cover end-to-end solutions.

The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks. We also have Umbrella with Secure DNS because all the threats nowadays are coming from email servers. We also have the DSA solution to limit the threats coming from ransomware. Combining all of these with Talos provides the best security solution.

It's a question of performance. When we talk about data centers, we are talking about 100 gig capacity or 400 gig capacity. When it comes to active-active solution clustering and resilience and performance, Cisco should look into these a little bit more.

We have been offering Cisco Security firewalls from the beginning of ASA, which was more than 20 years ago. We then started offering all types of firewalls, including the ones for data centers and then the next-generation firewalls.

The stability of the Cisco firewalls is the best in my opinion. We used to have ASA firewalls running for more than five years. Even when we did software upgrades, we had a very stable platform providing high performance without any outage, so customers can rely on Cisco firewall solutions.

For daily operations and projects, scalability is very important. Cisco provides a way of mixing and clustering firewalls to enhance scalability. We have many ways to scale, and as our clients grow, we can have the Cisco firewall solution grow as well.

We work with different vendors based on customer needs. We have a specification that we need to have a combination of different vendors, which is the best practice in the data center architecture and design. We cannot have one vendor at all levels, and we should have a combination. 

As a vendor, Cisco has a complete range of products to handle all the security aspects. When I look at the architecture design, the implementation of Cisco firewalls is the best. We have data centers based on Nexus for instance. We have routing components. All the compliance and architectural design requirements are met, and we can meet the customer needs according to the Cisco design guide and validation guide. When we look at the security aspect and the guidelines in terms of next-generation firewalls, in terms of redundancy on both sites or multi-sites, we have better performance with Cisco than other vendors in some cases.

Our customers use Cisco firewalls mainly in data centers, branch offices, and campus environments. They don't only use basic firewalls. They also use next-generation firewalls, which have email control, web filtering, and IPS. So, we have Cisco firewalling at all levels for providing the strongest protection policy.

The deployment of Cisco firewalls is very easy so far. We have the security expertise and all the knowledge that we need to deploy them and secure our customers' facilities. Networking and architecture are not really complicated, but you need a well-defined plan before doing implementation and going live.

Based on my 25 years of experience, 100% of our ROI expectations are met with Cisco products. The equipment is strong enough, stable, and well-developed. We have had the equipment running for more than five years without any outages, which leads to lesser costs of operations. There is also a reduction in cost in terms of upgrades or replacements, and this is why the ROI expectations have been met.

With the bundling mode with Duo licensing, it's now better. It's better to have one simplified global licensing mode, and this is what Cisco has done with bundling. The next-generation firewalls include a set of features such as filtering, emails, and IPS. This combination offers the best way for customers to manage their operating expenses.

One way to evaluate Cisco products is by looking at the experience. Gartner provides a good overview of Cisco products based on customer feedback, but the best way is by trying the product. Try-and-buy is a good model. Nowadays, all customers, enterprise service providers, and ISPs, are aware of Cisco solutions. They don't just purchase based on the technical specifications.

As a Cisco partner for over 25 years, we provide value by bringing our experience. We have worked so far with a different range of products, from the oldest Cisco firewall to the newest one, and we continue to promote them through design recommendation, capacity specification, deployment, engineering, high-level design, low-level design, migration, go-live, and maintenance and support. We cover the whole lifecycle of a product.

Our partnership with Cisco is a win-win partnership. Cisco provides us with the latest experiences and latest solutions, and on the other hand, we are doing business with our customers by using Cisco products, so it's a win-win relationship with Cisco, which leads to enhancing, promoting, and excelling in Cisco products. I would tell Cisco product managers to go fast with security platforms. Other vendors are going fast as well, and we need product managers to tackle the performance and capacity issues. It's not really an issue in itself, but it's something that can enhance and bring Cisco to the first place in security solutions.

I'd rate it an eight out of ten. The reason why I didn't give it a ten is that they have to make it better in terms of the capacity and performance for the 10 gig interface, 40 gig interface, and 100 gig interface, and in terms of how many ports and interfaces we have on appliances.

Our main use case for Cisco Secure Firewall is helping clients who want to upgrade from an old firewall and move to a next-generation firewall. We also get a lot of clients who have a next-generation firewall provider, but the firewall is not up to the task. It doesn't have all the feature sets that they need, and Cisco Secure Firewall ticks those boxes.

Cisco Secure Firewall has improved our customers' security posture because it offers Next-Gen features, granularity, and reporting on the back of it. You can see the amount of users accessing Office 365, for example, and whether they're having a good or bad experience. You can see the threats that come into your network. You can see anyone who is compromised from within your network.

If customers already have Cisco solutions such as Cisco ISE, Duo, Umbrella, and Endpoint, Cisco Secure Firewall will integrate well with all of them. Our clients will be able to get more data and automate tasks. They can have Secure Firewall automatically shut things down if a threat is detected.

Without a doubt, the best features are the reporting and analytics. Some vendors provide the same feature set, but their product won't give you the power to figure out what's going on in your network. Whereas with Cisco Secure Firewall, especially with the management platform on top, you can have all of the analytics and see exactly what is going on. You can see not only the source and destination but also the application, the URL, the type of policy it's hitting, the specific rule it's hitting, and the amount of data transferred from it. Apart from that, you get all of the risk reports. You can see how much bad stuff is coming into the network at present and whether there's anything you need to act on immediately. That data is at your fingertips, and it's by far the best feature and the best selling point of Cisco Secure Firewall.

Cisco Secure Firewall has reduced our clients' mean time to repair because they are able to find possible issues quickly. The power of the reporting, the dashboards, and all of the analytics in the background also helps to alert and quickly act on the threat.

My impression of Cisco Talos is that it's well-regarded in the industry. Cisco is so well regarded that we know their security intelligence is up-to-date. Our clients have peace of mind because they have Cisco Talos in the background and know that Cisco Secure Firewall is up-to-date with the latest threats. They can be sure that they're acting on the best available data.

I would like to see more configurable feature parity with Cisco ASA, which is the legacy product that Cisco is moving away from. When configuring remote access VPN, not all of the options are there. You have to download another tool, which means that the configuration takes a little bit longer with Cisco Secure Firewall. Though it's getting there, there are still some features lagging behind.

We've been offering Cisco Secure Firewall since its first iteration 10 years ago.

We are resellers, and the value we add to our customers as resellers is our knowledge. We have 10 years' worth of experience deploying Cisco Secure Firewall. We can deploy it the correct way. We also know whether you would need the management platform, the level of licensing you may require, and the number of VPN licenses you may need. We add value by knowing how the solution should be deployed and installed in a network.

Secure Firewall's stability is good. I think the management platform needs a little bit of work. It's not as robust from a stability point of view. Deployment times of configuration have got better over the years, but there's still some work needed so that it deploys every time when you click that button.

The scalability of Cisco Secure Firewall is really good. That's down to the management platform and the way it structures your access policies, what allows traffic in and what allows traffic out. You can easily add multiple regions, locations, and types of firewalls to the management platform. As soon as you do, they get all of those policies. Previously, you'd have had to configure each one time and time again. With this version, you import it, and it's ready to go. Thus, for scalability it's easy.

Cisco's technical support across all their products is always good and reliable. If someone says they're going to get back to you in four hours, they do. They're always there with the right level of support. If we need a Secure Firewall engineer, that's whom we'll get. We won't get someone who's never seen the product before. As far as vendors go, Cisco's technical support is probably the gold standard. I would rate them at ten out of ten.

Positive

Secure Firewall is more complex to deploy than previous Cisco Firewall products. However, it's not so complex that it's not achievable. There are some products out there that require a lot of reading to be able to deploy them. Cisco Secure Firewall has not reached that level yet, but it is a complex product.

Our clients' Secure Firewall deployment models are edge firewalls, internal firewalls, and, most often, perimeter firewalls. Sometimes, our clients ask us to help them with deployment because we have the experience.

We've used the Cisco Firewall migration tool quite a few times to migrate to Cisco Secure Firewall. It has come on a long way, and it's a lot better than it used to be. When it initially came in, there wasn't as much trust that the tool would give you everything you needed, but where it is now is great. If you've got a firewall that you want to migrate, you'll feel confident using the Cisco Firewall migration tool.

We spend a lot of time developing our consultants and our sales staff to know the product and learn how to sell the product. As a result, our ROI is that we get more clients deploying Cisco Secure Firewall.

The licensing is not as complicated as that for some other Cisco products. There are a couple of tiers of licensing, but the price point is a little too high for the market. There are other vendors that come in lower and offer more for fewer licensing options. They may offer URL filtering or malware filtering with a single license rather than requiring two or three licenses. I think Cisco could do a bit more in this area.

I deal with a lot of other vendors who also offer the same features, but Cisco Secure Firewall stands out on the analytics. It is the best for analytics and getting the reporting data.

If you're a client evaluating Cisco Secure Firewall, my advice would be to put real-world data through it to get useful data out of it. You can't see the benefits of the solution if you just turn it on and look at the device as it is. It's when you see the traffic going through it that you'll see the power of the analytics and reporting and the event data that comes through. A technical team member will understand how much easier it's going to be to troubleshoot with this platform compared to that with any other platform they've had before. With regard to reporting, a report on how many malware attacks have occurred in a particular month takes one click to generate. That data can be stored for a long time.

Overall, I would rate Cisco Secure Firewall an eight out of ten because of the feature parity. It's not quite there in terms of being able to do everything on the GUI platform. The price point is still a bit too high as well.

Our primary use case for Cisco Secure is through Cisco FMC, which we have automated using Cisco's Terraform provider for FMC. Our automation journey began with the Cisco ACI fabric, where we leveraged the Terraform provider for ACI. Eventually, we realized we could also automate firewalls and our HA clusters using the Terraform provider for FMC. This allowed us to create DMZ networks, specify IPS and IDS rules, and follow the infrastructure as a code concept. Our cross-common security team can review the repository in GitLab and approve it with a simple click of a button. This is the primary benefit we get from automation. Additionally, we can use the infrastructure as a code concept with the management center. Cisco FMC also has a great API, which makes it easy to integrate with our code, ACI, and other systems.

Cisco Security and Cisco Firewalls have been effective in protecting our organization from external threats, such as DDoS attacks.

We have several integrations. One of them is between Cisco ISE and FMC, which allows us to monitor and control our users. Additionally, we integrated Cisco ISE with FTDs to function as a remote VPN server and control the traffic and behavior in our VPN network. We also use ISE as a TACAC server and integrated it with Cisco ACI and all of our devices. Furthermore, we use NetBox as a source of truth for our ISE, which helps us track all of our devices from the network and ISE.

The primary benefits of using Cisco Secure solutions are time-saving, a robust API, and convenience for the security team. 

Cisco Secure Firewall could benefit from enhancements in its API, documentation, and automation tools. Additionally, we've noticed that the Terraform provider for FMC has only two stars, few contributors, and hasn't been updated in a year. It only has 15 to 20 resources, which limits our capabilities. We'd love to update it and add more resources. For example, we currently can't create sub-interfaces with the provider, so we have to add Python code to our Terraform provider and use local provisioners. Additionally, improvement in the API would be helpful so that we can create ACL on the GUI with a simple click, but at this time we cannot create requests via the API.

I have used Cisco Secure Firewall within the last 12 months.

Cisco TAC support is excellent. Having worked with other support companies in the past. Cisco TAC is much more helpful and friendly. They always seem eager to assist with any issues and are particularly responsive in urgent situations. For example, if there is a problem in my production zone, they are quick to reassure and assist. Overall, I have a great appreciation for their support.

I rate the support from Cisco Secure a ten out of ten.

Positive

In our business, we have implemented a number of Cisco Secure products in our network infrastructure, including Cisco ISE as a AAA server, Cisco FMC Management Center for our firewalls, and Cisco FTD for Firepower Threat Defenses. We also use a TACACS+ server for our hardware. Cisco products make up the entirety of our infrastructure, including Cisco Nexus Switches, Cisco ACI fabric for our data centers, Cisco ASR Routers, and Cisco Wireless Solutions, which include WLC controllers, access points, and other relevant hardware. In our organization, Cisco is strongly preferred.

There has been a positive return on investment observed with the implementation of Cisco Secure solutions. The use of these solutions as our primary security products has been beneficial in terms of cost and security measures.

In the past, I encountered several difficulties and misunderstandings with Cisco licensing, but now the situation has improved. The Cisco Smart Software portal is an excellent resource for keeping track of, upgrading, and researching information related to Smart Licensing and other relevant topics. It is extremely helpful. Unfortunately, since it is not my money and there is only one vendor, I am unable to provide any comments on the prices. Nevertheless, the system, along with its provision through the Cisco Smart Software portal, as well as the traditional license and subscription models, are excellent and highly beneficial.

I rate Cisco Secure a seven out of ten.

My rating of seven out of ten for the Cisco Secure is because it's not excellent, but not poor either. It was enjoyable and overall satisfactory.

We are specifically using 7.0 Firepower in several different areas. We have them as an IPS within the core, IPS on the edge, and we're also using the AnyConnect Client as our basis for VPN connection into corporate and other applications.

Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be. 

We were able to stop hundreds of threats. For killing threats, we were able to get several hundred now in comparison to the one-off that we used to be able to do.

Dynamic policies are very important for us because we do not have the manpower to really look at everything all the time. So having a dynamic way of really registering, looking at, and having certain actions tied to that are incredibly effective for us in slowing any kind of threat.

We're getting there as far as using the application, using it to go to the application level, we're at the infancy of that. We're looking at definitely tying that into our critical applications so that we can see exactly what they're doing, when they're doing it, and being able to track that.

Firepower's Snort 3.0 IPS allows us to maintain performance while running more rules with the advent of 3.0 comparatively to 2X, we have seen at least a 10 to 15% increase in speed where it seems to be more effective. The updates seem to be more effective in finding malicious information. We've definitely seen at least a 10 to 15% increase on tying policy to 3.0.

The features that we find the biggest bang for the buck are for Firepower overall. We're looking at AnyConnect, which is one of the big features. The other valuable features are IPS along with the Geotagging and the Geosync features, and of course the firewall, the basic subset of firewall infrastructure and policy management.

We've looked at other vendors, but Cisco by far has taken the lead with a holistic approach where we don't have to manage multiple different edges at one time. We can actually push policy out from our core out to the edge. The policy can be as granular as we need it to be. So the administration, also the upgradability of the edge is for us because we need to have it 24/7. The upgradability is also another piece of management, logging, and all the other little aspects of the monitoring part.

Using deep packet inspection, especially with 7.0, since it's just come out in 7.0, we're able to see much more granularly into the packet where before we could actually give a general overview using NetFlow. This gives us much more granularity into what is exactly happening on our network and snapping in the Cisco StealthWatch piece gives us the end-to-end way of monitoring our network and making sure that it's secure.

The overall ease of use when it comes to managing Cisco Secure Firewall is one of the reasons that we ended up going with Cisco because the ease of use, basically having one UI to be able to control all of our end devices, policy, geolocation, AnyConnect, all the different pieces of that in one area has been phenomenal.

Cisco Secure Firewall helped to reduce our firewall operational costs because previously if we were not using Cisco's Firepower, we would have had either Cisco ASA or another manufacturer, and we would have had those everywhere. We would have had still two at every site, several within our infrastructure, and the management of those is much more difficult because it's done by one-off.

As far as saving Adventist Health money, I would have to say that it's not necessarily the actual physical product, but the time, labor that we would have had to have to be able to monitor and administer that, and also the time to find malicious issues and security areas that we were unable to see before. So, it's tough to put a cost on that, but it would probably be several hundred thousand dollars overall if you're looking at whether we got hit with malware or with some of the other issues that we're seeing, especially within healthcare. If we were hacked, that would cost us millions.

One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.

The other part of that is that applying policy still takes longer than we expect. Every version that comes out, the speed is actually increased, but I would love to see that, even a little more as far as when we're actually deploying policy.

We have been using Firepower's series for at least the last six years.

We're staggered right now. The Firepower Management Console is at 7.0 and most of our Firepower units are at 6.6.

We have two areas for deployment. We have them as an edge at our markets, we term our hospitals as markets, but each one of the hospitals will have an HA Pair of the Firepower model. And we also have them in our core, within the ACI infrastructure. We use them as a core firewall along with an Edge firewall.

We've been using Firepower, the Threat Defense, and the Management Console for about six and a half years and I think we've had maybe two issues with it. And most of those were due to either our policy settings or something that we messed up. We've never had to return a box and we've never run into any major bugs that have actually hindered the actual security of the system.

Scalability so far has been fantastic because we started with four Firepower Threat Defense boxes, but really after that, now we have 14 and we're going to be pushing that to 44 to 46 devices. The implementation has been pretty seamless and pretty easy. It's been great.

We use it exclusively for edge and core for firewall and for policy and for IPS and AnyConnect. We plan on continuing to integrate that tighter. So in the future, we probably will not grow that many physical devices, but we plan on actually integrating those tighter into the system, tighter with integration, with Cisco's ISE, and tighter integration with our ACI infrastructure. So at the end of the day, we don't see us going any further away from using Firepower as our core security edge device.

My company has been using Cisco for many years. One of the huge pieces for us is, of course, the supportability and ongoing update, maintenance, and care. We've had a great relationship with Cisco. The tech is outstanding. Typically, we will open a tech case and they will know exactly what the issue is within two to three hours if it's a very difficult one. Typically they even know what it is when we actually open the case.

We've actually had a fantastic relationship working with Cisco. They've had a fast turnaround, great tech support, and we have not run into any issues thus far with the Firepower overall.

Prior to actually using Firepower, we were still a Cisco shop. We used Cisco ASA exclusively, and it was fantastic. But with the advent of Firepower, being able to manage, monitor, and upgrade has really cut back our time on those processes by less than half of what we had before. We were using the good old ASA for many years.

We found that the initial setup using Firepower products was actually very simple. The initial configuration for the Management Console was very straightforward. Adding devices usually takes a few minutes. And then once you've got them physically set up in your Management Console, it's streamlined. It's actually very simple.

One of the great features of having the Cisco Firepower Management Console is having the ability to group. So we have each one of our hospitals as a group, so we can actually do any device configuration within a group. They're HA so that when we do an upgrade, it is seamless because when it fires off the upgrade, it will actually force the HA over automatically as part of the upgrade. And the other part of that is policy management. We have several policies, but specifically, one for the general use at our hospitals has been phenomenal because you build out one policy and you can push that out to all of your end nodes with one push.

We require two staff members to actually implement and devise the initial configuration.

At my company, you have to be at least a senior or an architect in order to manage any type of firewalling, whether that's the IPS, the actual firewall itself, or AnyConnect. So we have senior network engineers that are assigned for that task.

We typically have one person that will actually rotate through the group for the maintenance. There's a senior network engineer that will maintain that on a daily basis. Typically, it doesn't take maintenance every day. The biggest maintenance for us comes to updating policy, verifying the geolocation information is correct, and any upgrades in the future. So typically that takes about one to two people.

We did not actually use any external authority as far as setting up, maintenance, and configuration. It all comes directly from Cisco because of our partnership with Cisco, we have had a fantastic cast of system engineers and techs when needed. We haven't had to go out of our partnership with Cisco to actually implement these, to upgrade, or update.

Cisco's pricing is actually pretty good. We get a decent discount, but when you look across the board, if you're looking at a Cisco firewall, Firepower device, a Palo Alto device, or a Juniper device, they're going to be pretty comparable. A lot of people say, "Oh, Cisco is so expensive." But when you boil it down, when you look at the licensing structure for Firepower, you look at the actual device cost and how much that costs over time, they pretty much are right in line, if not less, depending on what you're buying for Firepower. So we've actually had a great run with that, and we feel confident that we're getting the best price. I haven't seen anything better than the supportability of that.

We actually did look at another vendor when we were looking at initially grabbing Firepower, to bring in as our corporate firewall and our main inspection engine. So we did look at Palo Alto and we also looked at Juniper SRX series, but both of those didn't really have the overall manageability and tightness with the Cisco infrastructure as we would want it to. So there was nothing necessarily security-wise wrong with them, but they were not a good fit for our environment.

The biggest lesson that we've learned is in a couple of different ways. One is how to keep your policy clean. We've learned that we've really had to keep that from overextending what we want to do. It also has great feedback as you're building that out so that you can look at it and you figure out how you are going to be able to really implement this in a way that won't break something or that won't overshadow some other policy that you have. That's probably one of the biggest things that we've learned. The way that you build out your policy and the way that you use that on a daily basis is very intuitive. And it also gives you a lot of feedback as you're building that out.

The advice that I would give anybody looking at Firepower is to look at it from an overall standpoint. If you want something that you can monitor and administer well, that you can update very quickly, and that gives you all of the security aspects that anybody else can on the market, it's going to be really hard to beat because of the Management Console. With this, you've got one tool that you can actually do the device updates, device configuration and all the policy management in one area. So I would say, definitely take a look at it. It's got a great UI that is very straightforward to use. It is very intuitive and it works really well out-of-the-box. And it does not take math science to be able to implement it.

I would rate Firepower a nine out of ten. I can't think of anything that would be a 10. It's mature, it's effective and it's usable.

For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with.

It's not unexpected, but it's a common scenario where customers request dual layers of security. For instance, when dealing with regulatory compliance, especially in financial sectors regulated by entities like the Central Bank, having two distinct units is often mandated. If a client predominantly uses a solution like Palo Alto, they may need to incorporate another vendor such as Cisco or Forti. Importantly, there's a significant disparity in interfaces and management platforms between these vendors, necessitating careful consideration when integrating them into the overall security architecture.

I have been using Cisco Secure Firewall for the past ten years. 

The solution is extremely scalable and based on my experience, I would rate it 7 out of 10.

Cisco is a well-established company, and it offers accessible support, both locally and through online resources. The abundance of information makes it easy to find the necessary details and assistance.

Positive

The implementation timeline for our firewall is contingent on the readiness of the policy. If the policy is prepared, the deployment can occur within a day. However, if the policy is not finalized, a brief meeting is convened to gather the necessary data for rule establishment. Once the information is ready, the implementation on VMware proceeds. Notably, there is a requisite waiting period, such as fine-tuning for optimal rule configuration, as each customer has unique requirements. It's crucial to tailor the rules to fit the specific needs of each customer, as there is no one-size-fits-all best practice in this context.

It is extremely expensive compared to its competitors and I would rate it 2 out of 10. 

I would recommend this solution and rate it 8 out of 10.

I'm a Cybersecurity Designer working for a financial services company in London, England with about 4,500 employees. We've been using Cisco Secure Firewall for about a decade now.

Currently, our deployment is entirely on-premise. We do use a hybrid cloud, although we don't have any appliances in the cloud just yet, that is something that we're looking to do over the next five years. 

The primary use case is to provide the ability to silo components of our internal network. In the nature of our business, that means that we have secure enclaves within the network and we use Cisco Secure Firewall to protect those from other aspects of the network and to control access into those parts of the network. 

The greatest benefit that this has provided to our organization is that we've been able to adjust the time that it takes to implement firewall changes. It's gone from a week to less than half a day to implement a change, which means that our DevOps team can be much more agile, and there is much less overhead on the firewall team. 

I would say that the Cisco firewall has helped us to improve cyber resilience, particularly with node clustering. We're now much more confident that a firewall going offline or being subject to an attack won't impact a larger amount of the network anymore, it will be isolated to one particular element of the network. 

We use Cisco Talos to a limited extent. We are keen to explore ways that we could use more of the services that they offer. At the moment, the services that we do consume are mostly signatures for our Firepower systems, and that's proven invaluable. 

It sometimes gives us a heads-up of attacks that we might not have considered and would have written our own use cases for. But also the virtual patching function has been very helpful. When we look at Log4j, for example, it was very difficult to patch systems quickly, whereas having that intelligence built into our IDS and IPS meant that we could be confident that systems weren't being targeted. 

I would say the most valuable aspect of Cisco Secure Firewall is how scalable the solution is. If we need to spin up a new environment, we can very easily and quickly scale the number of firewall instances that are available for that environment. Using clustering, we just add a few nodes and away we go. 

In terms of time-saving or cost of ownership, the types of information that we can get out of the Cisco Secure Firewall suite of products means that our security responders and our security operations center are able to detect threats much faster and are able to respond to them in a much more comprehensive and speedy manner. 

In terms of application visibility, it's very good. There is still room for improvement, and we tend to complement the Cisco Secure Firewall with another tool link to help us do some application discovery. That said, with Firepower, we are able to do the introductory part of the discovery part natively. 

In terms of detecting and remediating threats, I would say on the whole, it is excellent. When we made the decision to go with the Cisco Secure Firewall compared to some other vendors, the integration with other third-party tools, and vulnerability management, for example, was a real benefit. It meant that we could have a single view of where those three threats were coming from and what type of threats would be realized on our network.

In recent years through the integration of Firepower threat defense to manage some of the firewalls. We were able to do away with some of our existing firewall management suite. We do still need to use some third-party tools, but that list is decreasing over time. 

In terms of ways that the firewall could be improved, third-party integration is already reasonable. We were able to integrate with our vulnerability management software, for example. 

However, I would say that when we're looking at full-stack visibility, it can be difficult to get the right information out of Firepower. For example, you may need to get a subset of it into your single pane of glass system and then refer back to Firepower, which can add time for an analyst to look at a threat or resolve a security incident. It would be nice if that integration was a little bit tighter. 

The stability of Cisco Secure Firewall was one of the primary reasons that we looked to Cisco when we were replacing our existing firewall estate. I would rate it very highly. We have not had any significant problems with outages. The systems are stable and very good. 

The scalability of the firewall is one of the main reasons why we looked to Cisco. The ability to add nodes and remove nodes from clusters has been hugely important, particularly in some of our more dynamic environments where we may need to speed up a few hundred machines just for a few days to test something and then tear it all back down again. 

Within our data centers, we have around 6,000 endpoints, and then our user estate is around 4,500 endpoints and all of that connectivity is controlled by Cisco Secure Firewall.

Tech support has been very good. There are occasions where it would be nice to be able to have a consistent engineer applied to our tickets, but on the whole, the service has been very good. We haven't had any real problems with the service. I would rate them an eight out of ten.

The areas that could be improved would be if we could have dedicated support, that would bring them up from an eight. 

Positive

Prior to using the Cisco Secure Firewall, we were using another vendor. The Secure Firewall was a big change for us. The legacy firewalls were very old and not particularly usable. We do still use another vendor's products as well. We believe in in-depth defense. 

Our perimeter firewall controls are a different vendor, and then our internal networks are the Cisco Secure Firewall. 

Comparing Cisco Secure Firewall to some other vendors, I would say that because we use a lot of other Cisco technologies, the integration piece is very good. We can get end-to-end visibility in terms of security. In terms of the cons, it can be quite difficult to manage firewall changes using the Cisco standard tools. So we do rely on third-party tools to manage that process for us. 

The firewall platform itself was not at all difficult to deploy in our environment. I would say that we do have a very complex set of requirements. So migrating the policy from our existing firewall estate to the new estate was quite difficult. The third parties helped us to achieve that. 

We've seen a good return on investment. The primary return that we have seen is fewer outages due to firewall issues, and also the time to detect and respond to security incidents has come down massively. That's been hugely useful to us. 

On a scale of one to ten, I would say Cisco Secure Firewall rates very highly. I'd give it an eight. There are still some places to improve. 

If we look at what some of the other vendors are doing, like Fortinet, for example, there are some next-gen features that it would be interesting to see introduced into the product suite. That said, there are other capabilities that other vendors do not have such as the Firepower IPS systems, which are very useful to us. On the whole, Cisco Secure Firewall is a great fit for us. 

If you were considering Cisco Secure Firewall, I would say your main considerations should be the size of your environment and how frequently it changes. If you're quite a dynamic environment that changes very frequently, then Cisco Secure Firewall is good, but you might want to consider complimenting it with some third-party tools to automate the policy distribution. 

Your other consideration should be around clustering and adding nodes quickly. If you have a dynamic environment, then it is quite hard to find a better product that can scale as quickly as the Cisco firewalls.

One of the most important roles of Cisco Secure Firewall is as a central firewall for the internet. We use it for segmentation of the outside network, DMZ networks, inside networks, and also as an intrusion prevention system for protecting our resources from the internet. All Access Control Lists are implemented on this firewall.

These days, it's normal to require that networks be more open because of the recent changes brought about by the COVID pandemic. The need for hybrid work environments and more collaborations has made securing the network more challenging. However, Cisco offers us monitoring and configuration, and with one platform, we are able to be more flexible and be able to control our security and our network.

The security features that protect our networks are the most valuable for me and my department, as we are responsible for the security of our network. We investigate cases and analyze traffic to see what's going on. These features are also very valuable when we are investigating communication between some services in the bank and what's happening in the network.

We are very satisfied with Cisco Secure Firewall for securing our infrastructure from end to end so we can detect and remediate threats. We have not seen a lot of false positives, and we haven't seen many situations when the traffic was interrupted without a proper cause. We are confident that the signatures that Cisco Secure Firewall uses are very good and reliable. For us, this is very important because we are a relatively small security team, and we don't have much manpower to be able to analyze every signature or event. By default, Cisco Secure Firewall is reliable, and that is the most important factor for us. Cisco is a large company that invests in security, and if it has reliable signatures and processes in intrusion detection, then that is very good for us.

Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network.

We have encountered problems when implementing new signatures and new versions on our firewall. Sometimes, there is a short outage of our services, and we have not been able to understand what's going on. This is an area for improvement, and it would be good to have a way to monitor and understand why there is an outage.

We use Cisco Secure Firewall and Cisco ISE.

In general, Cisco Secure Firewall is stable. We have had problems when we automatically deployed some signatures. There have been issues with the memory of the Firewall Management Center, and we've had to reload the system.

Our company has approximately 2,500 employees and 500 devices. In terms of scalability, Cisco Secure Firewall is sufficient for our needs.

We usually work with our local partner because it's much more convenient and faster. Because of their experience, they are able to solve some of our problems or issues without Cisco's technical support. For bigger problems such as bugs, we work with Cisco's technical support.

Because we mainly work with our local partner for technical support, I would rate them at ten out of ten.

Positive

The initial setup was relatively simple for us. During migration, we used the Cisco Firewall migration tool. From our point of view, the migration tool was okay.

We have a very reliable partner who helps us with Cisco products. They helped us to deploy Cisco Secure Firewall. I think it's important for every company to have local partners with enough knowledge and experience on whom they can rely. 

Our experience working with our partner was great. They have a lot of knowledge and experience with implementation.

We have always used Cisco firewalls. Cisco products have been the standard in networking in our company for many years. This has been beneficial because some of our core IT activities are connected with Cisco. Also, it has been proven that Cisco Secure Firewall is a reliable product that can help us have stable and reliable networks and services.

We have some experience with Check Point, which we started using recently. Cisco is more hardware-oriented, and Check Point is more application-orientated. The two vendors have a slightly different approach to the same problem.

On a scale from one to ten, I would rate Cisco Secure Firewall at eight because it's a very reliable product. We can use predefined signatures and don't have to do a lot of customization. However, we have had a few small issues with the deployment of some signatures and with the availability of Firewall Management Center.