Cisco Secure Firewall Reviews

Cisco Secure Firewall serves as our primary internet firewall.

I appreciate the ease of use most about Cisco Secure Firewall. The end-to-end visibility offered by Cisco Secure Firewall is excellent, and I have no issues with any of the products. I assess the operational efficiency of Cisco Secure Firewall in my IT environment as positive because I value Cisco products and advocate for them whenever I can.

The only area that can be improved is related to Cisco Secure Firewall Management Center, as certain versions are not always stable, which has been our only issue.

I have been using Cisco Secure Firewall for twenty years.

I assess the stability and reliability of Cisco Secure Firewall as good; it is rock solid for me.

I am uncertain about the specific challenges I face with hybrid distribution, especially regarding hybrid and distributed enterprise networks that Cisco Secure Firewall addresses.

I evaluate customer service and technical support at a ten on a scale of one to ten, with ten being the best.

I have used Cisco Secure Firewall throughout my career.

I would describe my experience with deploying Cisco Secure Firewall as positive because there is extensive documentation and support available, making the deployment very straightforward.

I have never considered anything other than Cisco Secure Firewall; I would never switch.

Our main use cases for Cisco Secure Firewall include firewall, IPS, and URL filtering.

The feature of Cisco Secure Firewall that I prefer the most is IPS. I appreciate the IPS feature because it's built in and I can control it using the FMC and push out the policy company-wide, making it centrally managed. The IPS benefits my company because that's one of the requirements; we used to have separate IPS. Now it's all integrated, providing ease of use for us. Cisco Secure Firewall has helped my company achieve its goals because it's a next-generation firewall. That's what we need to maintain certain compliance from the security side. Having IPS built in, firewall, URL filtering, everything is centrally managed, so we have more visibility and management.

Compared to the previous generation, the ASA, firewall rules appear differently in the ASDM and the previous generation firewall versus FTD, which I don't prefer as much. The ASA makes it easier to view those policies. There could be some improvement in the way FMC displays the policy.

I have been using Cisco Secure Firewall in my company for the last two years.

I haven't seen any breakdown or instability; the platform has been stable, and we haven't had any issues.

Cisco Secure Firewall scales with the growing needs of my company as we're going to implement clustering. I've used clustering in my past experience; it's very easy and straightforward. We had some minor issues with the clustering. I appreciate the clustering capability, though I haven't implemented it in my current job.

The customer service and technical support have been great; they've always been great.

Positive

I considered other solutions such as Palo Alto before choosing Cisco Secure Firewall. We were using Palo Alto, but we decided to go with Cisco because of its ease of use. We were a Cisco shop, and there's a micro facility where you can migrate all the ASA to the firewall.

The deployment process of Cisco Secure Firewall is simple enough. Out of the box, you perform the initial management configuration, specify the FMC location, join FMC, and then you can manage it from FMC. The process is straightforward and simple.

From my point of view, the biggest return on investment when using Cisco Secure Firewall is the single pane of glass, which is a huge plus for us. Having that visibility, managing all the alerts, IPS alerts, vulnerability management - everything is a huge plus.

My experience with the pricing, setup costs, and licensing is that it's consistent. I don't have much visibility on the licensing side, but I assume it remains the same.

There are differences between Palo Alto and Cisco, particularly on the cloud side. Palo Alto has Prisma Cloud and additional tools. I would say Cisco has room for improvement in that area for the future. We're not heavily in the cloud, so for us, it's not a significant concern.

We haven't used any new features or functionalities in Cisco Secure Firewall recently, but we plan to try file scanning, focusing more on the malware side, AMP and everything. That's something we want to try next.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is limited as we haven't tried SSL encryption yet. That's something we might explore in the future.

Regarding Cisco Secure Firewall's ability to unify policies across my environment, managing via FMC ensures accuracy. Unifying policies is essential for my company because it provides one pane of glass. Software pushes, policy implementation, traffic monitoring, and having all alerts in one place are crucial.

The impact of the cloud-delivered firewall on my company's security posture is significant. Having the same FTD running in the cloud, managed by FMC, is our future direction. We currently implement this with Azure.

Regarding zero trust security model implementation, we are exploring options with SD-WAN, both on-premises and in the cloud with firepower. I'm meeting with a Cisco engineer next week to discuss implementation strategies.

I don't see anything that needs improvement in Cisco Secure Firewall; we've been very satisfied with it. I've been using FTD for almost five to seven years now, including with a previous company, and heavily worked on migration from ASA to FTD.

From one to ten, I would rate Cisco Secure Firewall a ten.

I have worked with other solutions similar to Cisco Secure Firewall, and in the past, I worked with Pulse Secure VPN. My experience with Pulse Secure VPN was also good in the past. In the near past, I replaced a lot of Ivanti VPN with Cisco Secure Firewall. The migration to Cisco Secure Firewall was caused by many security incidents on the side of Ivanti.

From my point of view, the biggest return on investment when using Cisco Secure Firewall is that the end-users have a good experience with the remote access VPN, are happy to use it, and have to use it every day. That is very satisfying for the customer.

The scalability of Cisco Secure Firewall is sufficient to meet the growing needs of my clients.

My experience with the documentation is that sometimes it refers to Cisco ASA instead of Cisco Secure Firewall, and the screenshots are not accurate. That is sometimes confusing for my customers.

The stability and reliability of Cisco Secure Firewall is reliable. The high-availability function of Cisco Secure Firewall helps to minimize downtimes, which is why I find it reliable.

My clients have never tried to expand its usage, or there was not a need for it. It is always enough for them because we are good at planning, so they do not need to resize.

My experience with the customer service and technical support of Cisco Secure Firewall is mostly with the partner support and not with the TAC directly.

Negative

In the past, my installations of Cisco Secure Firewall were on-premise.

I would describe the deployment process for Cisco Secure Firewall as straightforward. The deployment process is very easy because Cisco Secure Firewall has a good setup in the Firepower Management Center.

I was not told about a return on investment, but my clients are happy to use the remote access VPN solution.

My experience with the price, the setup costs, and the licensing of Cisco Secure Firewall is that the price and the licenses are fair and competitive in the market.

I have worked with other solutions similar to Cisco Secure Firewall, and in the past, I worked with Pulse Secure VPN. My experience with Pulse Secure VPN was also good in the past. In the near past, I replaced a lot of Ivanti VPN with Cisco Secure Firewall. The migration to Cisco Secure Firewall was caused by many security incidents on the side of Ivanti.

One of the companies I'm working with is in the medical sector and medical vertical.

Some of the most valuable features of the Cisco Secure Firewall are that they are easy to deploy, which is a very important thing to highlight. Everybody says that about cloud, and I agree with that. If you have an account on AWS, for example, you can quickly deploy one of those devices. There are many benefits to that, and they don't require a lot of resources. They won't overwhelm your cloud, and they work very efficiently. I'm impressed with how they work on the cloud. They work as a real firewall. I don't see much difference.

The Cisco Secure Firewall product in general has room for improvement. I had a problem this weekend working with one of them, and I think it's very specific, though I'm going to be more general with my answer. Cisco has the FMC as a centralized tool, but sometimes they have too many dependencies. I faced a problem this weekend because while trying to solve an issue with one of the company's firewall management centers, I couldn't update or install an update on the platform due to a remote site being down. The device got stuck in my queue. I had to cancel my maintenance because of that.

Everyone was expecting me to fix many bugs, but because of one device, I had to cancel everything. Sometimes the ID is nice around Cisco, but another area they need to improve is the capability to manage multiple devices. The FMC manages many devices, but if I put too many, around 300 devices, it becomes very slow, and the system becomes heavy. When you compare that with solutions such as Palo Alto, Palo Alto can manage many more devices on the same type of platform.

Cisco is better at managing things such as RMAs. They do that exceptionally, even with the support. However, when we're talking about the FMC itself, sometimes they have some small issues; the platform is very slow and has too many bugs in the versions. We constantly need to update the platform to maintain stability.

I have at least 3 years of experience with the Cisco Secure Firewall.

If you have a problem and need to delete and re-add the device, it can cause an outage since it deletes all the configurations. There's no file generated for configurations, meaning you must screenshot everything and manually reconfigure that. I mention this because I do this often.

If I were to rate stability on a scale of 1 to 10, I would give it a 6.

As for scalability, I would rate it a 7. It's not that bad, but it could be better. My customer has many Cisco devices on the FMC. Cisco has various versions, from FMC 600 and 1600 to 4600s, but even with the highest one, the 4600, we still face issues, particularly when transitioning between screens; it becomes very slow, and it has difficulties managing all the logs and events.

I reach out to support frequently, and I think their support is good. The engineers are very well-trained, and I would give it an 8.

Cisco is always more expensive; it's actually more expensive than other brands. When you compare it to others such as Palo Alto or Fortinet, it's slightly more expensive.

Positive

Regarding the initial setup of the Cisco Secure Firewall, if we're discussing setting it up from scratch, it's not difficult. I think it's acceptable.

On a scale of 1 to 10 for ease of deploying FMC from scratch, I would rate it a 7. There's a wizard for the initial setup; you input the management IP, and that part is easy. Adding it to the FMC is also easy, but then you have to configure extensively from the graphical interface, and that's not very straightforward. You need to manually configure many items. They could allow more setup options in the wizard when connecting to the FMC. You can do things through APIs to facilitate, but if you're doing it manually, it can be challenging.

I would recommend the Cisco Secure Firewall to other businesses, but I suggest comparing it to other platforms. While I've been a Cisco specialist for a long time, experimenting with other platforms is valuable. Consider looking at Palo Alto or Fortinet, and make comparisons and benchmarks. If you have a full Cisco environment, it may be wise to go with Cisco due to benefits from enterprise agreements. But if you're starting anew, check out organizations such as Checkpoint or Palo Alto.

If that's not a blocker or a big deal, I would provide that advice. I rate the Cisco Secure Firewall a seven out of ten.

My main use cases for Cisco Secure Firewall include serving as a perimeter firewall between the data center and users, and as the firewall between the internet and users.

An example of how Cisco Secure Firewall benefits my organization is that we use it with Azure, along with Azure firewall and FTD, and it works very well.

Cisco Secure Firewall is highly performant and easy to manage. 

Cisco Secure Firewall handles this adequately, but a simpler licensing model would be beneficial, especially when using the firewall in the cloud, since on-premises performance is limited by the hardware being used.

I have been using Cisco Secure Firewall for approximately fifteen years, starting from Cisco PIX.

Cisco Secure Firewall has demonstrated good reliability and stability. Although we did not invest heavily, which results in limited performance due to our license being restricted to one gigabit, that is our constraint rather than a Cisco limitation. I have not experienced any crashes or downtime with Cisco Secure Firewall, and everything has operated smoothly.

Cisco Secure Firewall can scale with the growing needs of my organization.

I have not needed to use customer service.

Negative

Deploying Cisco Secure Firewall is very straightforward and uncomplicated, as the systems are simple to deploy and the graphic interface is user-friendly.

My experience with the pricing, setup cost, and licensing for Cisco Secure Firewall is positive.

Before choosing Cisco Secure Firewall, I considered some competitors, as we have other firewalls from different vendors. It is beneficial to use firewalls from different vendors because if someone can overcome one firewall, there is the other firewall for protection.

I selected Cisco Secure Firewall because it works well in the Azure environment. 

My main use case for Cisco Secure Firewall is just control between outer boundary and inner boundaries.

The feature I appreciate the most about Cisco Secure Firewall is the FMC platform where it merges multiple firewalls into one management plane. An example of how features of Cisco Secure Firewall have benefited my organization is through easy deployment of access policies across a long array of devices. I assess Cisco Secure Firewall's ability to unify policies across my environment as a single pane of glass with the FMC. If I need to look up a policy or implement something, I just type in the name of the policy I made to see what objects apply to our policy. I appreciate that part.

Cisco Secure Firewall could be improved in several ways. I've noticed in different versions that some versions had packet caps and some didn't. The user interface could be improved, and maintaining a consistent version across the board would be beneficial. Ease-of-use is important, with the user-based interface and keeping plain language. In the next release of Cisco Secure Firewall, it should include features that utilize AI to speak plain language. For example, it could respond to, 'Hey, I want to do this thing,' and guide users accordingly. I know AI feedback is a hot topic, but I wonder how reliant that is on external connectivity. If it can work in an air-gap network, that would be significant.

I have been using Cisco Secure Firewall for at least a few years, maybe three or four years.

I evaluate the stability and reliability of Cisco Secure Firewall as quite strong since it's probably one of the few things that hasn't crashed on us. While I haven't experienced crashes with Cisco Secure Firewall, most of our issues don't come from it unless it's something we've blocked, preventing users from accessing areas. It's never been a device problem or related to the technical implementation of things.

I think Cisco Secure Firewall scales effectively with the growing needs of my organization because we work in boundary-level areas. Most of our users connect on the inside of the boundary and then egress out, making it easy for us to scale out to support thousands of users as long as they connect to that inner part.

My evaluation of customer service and technical support for Cisco is positive. TAC cases generally serve as a good option for anything we've had problems with Cisco devices, and the process is good. On a scale of one to ten, I would rate Cisco's customer service a 10.

Positive

Prior to adopting Cisco Secure Firewall, I was using Fortinet. The factor that led me to consider changing from Fortinet was its vulnerability problems. We scrapped that solution.

My experience with the deployment of Cisco Secure Firewall is pretty good.

Before selecting Cisco Secure Firewall, I considered a couple of other platforms, including some Palo Altos, for separate requirements that Cisco doesn't meet.

My experience with Cisco Secure Firewall is positive. I appreciate it because it has always been easy for me as an individual to navigate and manage anything Cisco-related.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is somewhat mixed. I have a concern about the GRE and the Snort inspection. Sometimes Snort would break GRE traffic when trying to tunnel from the outside in. Making a policy to allow GRE always breaks. But other than that, it's been straightforward.

This unified policy management is important to my organization because different functions in a network can apply to many other users. It allows us to see that from one pane of glass, and I can easily search it up by name or IP address. I use Cisco SecureX with Cisco Secure Firewall, mainly Firepower, and we integrate them in FMC.

The integration of Cisco SecureX with Cisco Secure Firewall doesn't really affect dwell time for my team. It just gives us the ability to filter out unwanted things from the outside. We don't use much cloud functionality, so I can't comment on the impact of the cloud-delivered firewall on our organization's security posture.

My evaluation of Cisco Secure Firewall in helping my organization implement a zero-trust security model is that we don't really use it for firewalls. We work with DNA center stuff and fabric-enabled technologies. We use the zero-trust model with 802.1X, but that's more unfirewall-related.

The process of using Cisco Secure Firewall is straightforward; you install it and decide whether to block or allow protocols. It's simple and easy. The language part makes it easy since a Cisco box is a Cisco box, and opening up TAC cases on the Cisco portal is straightforward.

My advice to other organizations considering Cisco Secure Firewall is to understand how a firewall works, know your network, and what you want to block and allow. Cisco has been good with their support level, so as long as they know Cisco, they should be fine. I rate Cisco Secure Firewall 10 out of 10.

Our main use case for Cisco Secure Firewall is to protect the data center workloads and branch infrastructure.

Many features of Cisco Secure Firewall help us. One of the features is Cisco ISE to authenticate and authorize users and user devices, along with the data center switches and campus switches Catalyst, together with DNA Center.

For segmentation of our application workloads in the data center for East-West traffic, Cisco Secure Firewall is essential.

We primarily use Cisco Secure Firewall as a firewalling solution with basic ACL functionality.

I don't think there are things that could be improved or features that I would have in Cisco Secure Firewall.

We have been using Cisco Secure Firewall for five to six years.

We did not have any major issues with Cisco Secure Firewall. Sometimes some features are a bit buggy, but it doesn't really result in any major outages.

We have quite static infrastructure, so we did not have any growth requirements in the past with Cisco Secure Firewall, so I cannot provide information about that.

We use customer service for Cisco Secure Firewall. Sometimes the GUI is very laggy and slow, and it improves with every update we receive, but sometimes that is a small problem. My rating for customer service is 4.

Positive

Before having Cisco Secure Firewall, we used several solutions from different vendors.

We still use Check Point as well, even after changing to Cisco Secure Firewall.

You need some knowledge to set up Cisco Secure Firewall, but overall, there is good documentation and it was doable.

We do not currently have a dedicated implementation team for Cisco Secure Firewall.

It is hard to say if there was something we implemented with Cisco Secure Firewall that gives us a return on investment.

Regarding pricing, setup cost, and licensing for Cisco Secure Firewall, it is not that relevant, but from my experience, it can be very complex to oversee and to have a good view on the cost and licensing. It is a bit simpler with Cisco Smart, but it can be a challenge.

We did consider another solution before selecting Cisco Secure Firewall. However, we did not want to have that many vendors in the enterprise.

I prefer staying in the same Cisco ecosystem with one or two vendors maximum.

Check Point is one vendor on the firewall level that we still use.

We have to deploy the full feature set of Cisco Secure Firewall, so I cannot provide information about partial deployments.

We're using the solution as a firewall, for securing our whole network for students and staff throughout the whole school.

Cisco Secure Firewall's performance benefits my company by allowing us to shape the bandwidth and internet for staff with quality of service where it works better for them rather than students, or vice versa. When students are testing, you can adjust it for that too.

The performance part of Cisco Secure Firewall is pretty good. You can control the bandwidth and features such as bandwidth shaping and quality of service, and I appreciate that part. At our school, a lot of the kids use laptops, the staff use laptops, and they have Wi-Fi. 

I just tried the chat feature in Cisco Secure Firewall, and that was pretty cool; the AI worked pretty good when I tried it at home in the evening, so that was a nice feature.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are pretty good too, as our finance department uses it, so keeping that part secure for them works out well.

For our students, we have them in certain groups, and then our staff in certain groups, so with Cisco Secure Firewall, you can push out policies for each one.

Cisco Secure Firewall is important. You can control what students are looking at, and if they're looking at something inappropriate, you can control it. You can also see which device is taking up more bandwidth.

Regarding the zero-trust security model, Cisco Secure Firewall helps our company. Our students and staff have the ability to do whatever they need to do with their research. It helps them while keeping security top of mind.

I would like to see more about the pricing of Cisco Secure Firewall or maybe see it enhanced.

I have been using Cisco Secure Firewall for about ten years now.

The stability and reliability of the Cisco Secure Firewall have always been good; it never falls, never fails, and it's always backed up, which is always good too.

We have more kids and more staff coming in, so with Cisco Secure Firewall, just having that ability to add on more features is great. Currently, it appears we're barely using it, so we can add more with it, and we always have room for that, which is good.

Whenever I call about a problem with Cisco Secure Firewall, they're always helpful and very knowledgeable, getting me to the right solutions I need. They're always willing to help afterwards too and send me documentation, which is always good.

Positive

The deployment experience with Cisco Secure Firewall is easy, with a straightforward deployment.

From my point of view as an IT admin, the biggest return on investment when using Cisco Secure Firewall is seeing what kids are looking at, shaping what they're looking at, shaping the bandwidth, quality of service, and you can do all that with the firewall, too. It also helps in blocking kids from things and monitoring what staffers are looking at.

I work for a school, so getting licensing and getting the budget for Cisco Secure Firewall for certain products is a challenge. It's good to have them, however, it costs us a lot.

On a scale of one to ten, I rate Cisco Secure Firewall a ten.

My use case for Cisco Secure Firewall includes secure access into the network, remote access VPN, site-to-site VPN, NAT, and access control.

I believe the most valuable feature of having the FTD in Cisco Secure Firewall is that it is typically managed through FMC, which is a tool that allows you to manage multiple devices. The ability to manage, view, and push templates across multiple devices at one time is beneficial versus having to manually do it.

Cisco Secure Firewall helps organizations improve by making networking easier, as they have provided a graphical user interface for much of the functionality. I think people prefer the GUI and find it easier to navigate versus having to remember commands, making it excellent for both novice and senior engineers.

If I could improve Cisco Secure Firewall, I feel that even with my experience, I have difficulty navigating some of the logs and trying to find specific flows, whether it is the source address or the pre-NAT address. I find the filtering very difficult to navigate and determine exactly what field I have to put the criteria in, as there are too many fields.

I probably started using Cisco Secure Firewall at the beginning of the pandemic, around 2021, while I was using ASAs before that, which had been for approximately 10 years. I have used FTD and Firepower for approximately five years and ASA for approximately 10 years.

I believe Cisco Secure Firewall is stable because I have never seen it crash and I have never seen it fail to forward packets.

My experience with customer support for Cisco Secure Firewall is positive, as they are helpful. On a scale of one to ten, I would rate Cisco Secure Firewall customer support as a nine, with ten being best.

Positive

I have briefly looked at some marketing materials for other firewall solutions such as Palo Alto, Fortinet, and FortiGate to understand where they are in the market, but I have never really managed or configured those platforms.

The complexity of deploying Cisco Secure Firewall varies depending on how many you have deployed. When I first deployed it, I still had to refer to documentation and conduct some trial and error, as we had to reconfigure some elements because of the interesting environment where we had to port-channel separately instead of as one bundled channel in an HA cluster. The complexity really depends on the environment.

I have deployed Cisco Secure Firewall with some customers.

I believe the market space for firewall solutions is crowded, and these vendors need to be competitive. I find that they are all quite similar.

Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

Positive

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.