Cisco Secure Firewall Reviews

Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.

On-premises

I use Cisco Secure Firewall essentially as a firewall and for a secure access VPN solution. I need Cisco Secure Firewall to fulfill that role; I need it for secure access, and it performs the firewalling I need it to do in the network segment where it is located.

I have seen a return on investment with Cisco Secure Firewall. Generally, where it sits in my network, there are other vendors as well, but Cisco Secure Firewall is a better product and easier to manage than those alternatives. It does more of the features that I want it to do to be more secure, and I will move the other vendors into Cisco Secure Firewall.

The biggest challenge I have with Cisco Secure Firewall is that I often need to look in a few places to find what I want to do or I find myself searching for where a particular feature is located. I know what I want to accomplish, but I cannot always find it easily; it takes some time looking around. Because I do not use Cisco Secure Firewall as heavily as other vendors, I find it a little harder to navigate, though I would caveat that with the possibility that with more use, it would become easier for me to navigate and accomplish what I want to do. I am not sure how I would specifically improve that aspect, but it is probably the biggest day-to-day challenge I have with it.

I have been using Cisco Secure Firewall for about a year, maybe just over.

Stability of Cisco Secure Firewall is generally very good.

In terms of scalability, because it is there for the secure access solution as well, it was right-sized when it was put in, so I have not had any scalability challenges for what I do. My organization is fairly static in terms of scale, so users and that type of thing do not scale up and down quickly; it is more slow-moving in that regard.

I have not done a whole lot of customer support with Cisco Secure Firewall.

Before Cisco Secure Firewall, I used Juniper as a vendor; I have used them with other vendors as well, but where I am using Cisco Secure Firewall, they are sort of a direct competitor with Juniper.

It took a couple of months to deploy Cisco Secure Firewall; that was the same for secure access, as it was all part of the same rollout. What took those months to deploy was probably more internal change controls; it is just slower moving, as I have done a lot of testing deployments in lab environments, so it is less of a technology issue and more of the constraints of where I work that slow it down.

I did not implement Cisco Secure Firewall personally, but I was there for the implementation.

I have seen a return on investment with Cisco Secure Firewall. Generally, where it sits in my network, there are other vendors as well, but Cisco Secure Firewall is a better product and easier to manage than those alternatives. It does more of the features that I want it to do to be more secure, and I will move the other vendors into Cisco Secure Firewall.

Integration with other systems is fairly slow-moving and static in that way. I would rate this review an 8.

We are deploying Cisco Secure Firewall for customers in the cloud, on-premise, or all around, depending on the customer. We have small customers that are migrating to the cloud, so we have to deploy virtual firewalls as well as on-premise solutions for both large-scale and small-scale operations.

The best return on investment when using Cisco Secure Firewall is the visibility. From my point of view, the best return on investment is the visibility. With Firepower Management and the FMC, you are able to really see everything that's going on in your network.

From my point of view, the stability and reliability of the product is quite good. The firewall sensors and the management are quite stable. We are encountering some problems, but mostly when you implement the solution correctly, you don't have any problems besides hardware failure, which is really rare. 

Scalability for Cisco Secure Firewall is a good point. It's hard to say because mostly we are consulting and planning together with the customer. If they can see upfront or if they know when they have to scale big, then we can scale with them. I think the appliances are well scaled for the use of the customer.

I have a lot of experience with the customer service and technical support of Cisco. Recently, we managed to get one of the Cisco engineers to connect with us to solve some customer problems.

My experience with the customer service and technical support of Cisco is quite excellent. The engineers are top-notch and they know what they are doing. They are really experts in their field.

Regarding customer service, I'm not as familiar with that aspect. However, with the technical support, when you know the right people and when you really have problems which you can't solve on your own, they are behind you and they can help you mostly.

Negative

I have worked with other solutions in the past, different ones. The vibe which is in Cisco equipment caught me from the early days. When I started, the first security appliance I saw was Cisco PIX. I worked sometimes with Cisco ASA, and this was all before I came to Bechtle. Now I'm where I want to be.

Deploying Cisco Secure Firewall is getting easier, so I would describe the experience as straightforward. You are now able to preconfigure the appliances to send out, so you don't need engineers on site. In some cases, you can preconfigure and send it to the customer, and the customer is able to plug it in and it has access to WAN or to the internet. You are up and can run the system. I would rate Cisco Secure Firewall overall as an eight or a nine out of ten.

This is mostly the system I'm working with, so I do work with other solutions other than Cisco Secure Firewall, but we do have other teams working with other vendors. We are at a point where things are getting more and more complicated and you need more and more knowledge to do the implementation correctly. My goal is to do Cisco and to do it the best I can and do it properly.

I'm mostly on the implementation side, so pricing, the setup cost, and the licensing are not really my part in the business. I hear it's quite expensive, but the service you get is worth it. When you invest so much, you will get a lot of service. About licensing, I don't have experience with other vendors regarding licensing, so I would say the licensing is quite good. I'm not sure if there are any other downsides, so I consider it acceptable.

My main use cases for Cisco Secure Firewall are to safeguard our network, including the IPS and all the traffic, and to control the traffic.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are very good. I can implement all my certificates, so I can open the traffic and see everything.

Cisco Secure Firewall’s ability to unify policies across our environment is at a high level. This unification of policies into one system is important for my company. We are able to consolidate all the policies instead of spreading them across many security systems.

What I appreciate the most about Cisco Secure Firewall is that it can be very elastic, as it can be configured with all the flexibility of my network needs and complexity. The service I receive from the Cisco engineer helps me implement all my needs. 

Cisco Secure Firewall allows me to safeguard Layer 7 or Layer 3 and manage the security rules with the business needs of my organization. The firewall has benefited my company overall because it safeguards and finds and stops all the malicious traffic.

Cisco Secure Firewall can be improved by simplifying the GUI, as it shouldn't be so complex.

I have been using Cisco Secure Firewall for ten years.

It's very robust. We don't have any downtime or anything. We work with a cluster with high availability, so if something goes wrong, we have it functioning.

Cisco Secure Firewall helps with the growing needs of our company as it's scalable.

Customer service and technical support for Cisco Secure Firewall are very good. I would rate them a nine out of ten.

Positive

It was a little bit difficult.

We needed a good integrator to help us, and we contacted Cisco for some help with technical issues.

We are able to safeguard our assets.

It's acceptable and comparable to other products.

We did consider other solutions before choosing Cisco Secure Firewall. We considered all the big vendors such as Palo Alto, Check Point, Fortinet, and others. Cisco won because it has the best IPS model on it, and that's the reason why we chose this firewall.

I would rate Cisco Secure Firewall an eight out of ten. To make it a ten, the complexity of the configuration compared to other vendors needs to be addressed. Overall, we're very happy with the product.

On-premises

Our company's use case involves integration with Cisco Secure Firewall for our clients, typically for remote access VPN. The purpose of our remote access VPN integration is to connect with Duo. We also perform integration with Cisco ICE and integration directly with the firewall.

The most valuable feature of Cisco Secure Firewall for me relates to the remote access VPN, because companies need multi-factor authentication. The selling point of the product revolves around multi-factor authentication for VPNs. I have implemented this with Cisco firewall, Cisco ICE, and Palo Alto integration with Duo.

If I could improve the product in any way to make it better for my clients, that would be beneficial. For now, everything is fine from my perspective, although there may be room for improvement that I have not yet identified.

I have been using Duo for two years.

I find Cisco Secure Firewall to be stable and scalable. It is reliable. The solution has experienced downtime.

I have worked with Cisco support. My experience with Cisco support is fine. When I need to open a case, I have done so. I did not contact Duo support, but I did contact support for Cisco firewall and Cisco ICE. I did not work with an engineer for Duo.

They are responsive. In general, it takes them two to three hours to get back to me. When they need to search for something, it may take a day.

Negative

Deploying Duo is quite simple because Duo has very good documentation for all integrations. It typically takes a couple of days to deploy because we need to schedule meetings with our clients. When we gather all the information, we can integrate it, then test it and put it in production.

I have experience with the implementation.

The benefit of using this integration for our company is that clients want solutions from us. Our clients need to find a solution for multi-factor authentication, and we recommend them to use Cisco Secure Firewall with Duo. We integrate that with their firewalls or AAA servers. Cisco Secure Firewall integrates well. I am not involved with pricing and licensing concerns, as our company has a sales team who handles that. My company is a partner. I rate this product ten out of ten.

Our primary use case for Cisco Secure Firewall is for enterprise customers. We primarily work on Cisco Meraki switching and wireless. We also engage with Cisco Secure Firewall for threat prevention and information security.

The Cisco Secure Firewall appliances are primarily ASIC-based, which makes them fast and purpose-built. They stand out because they are not Intel-based systems, and in terms of performance and stability, they are among the best. Scalability is another strong point, as I have not encountered any issues in terms of scalability. Everything is in a cluster and can operate in active standby, active-active, or active-passive mode. Additionally, Cisco's support is excellent, which adds further value to their solutions.

The configuration might be slightly difficult compared to other players in the market like Fortinet or WatchGuard. It can be challenging for someone who is not used to using an application to configure the firewall, but with experience, it becomes manageable.

I have been working with Cisco Secure Firewall for four, five, six years or more.

There have been no issues with deployment.

Cisco Secure Firewall offers exceptional performance and stability. They are among the best in terms of stability.

I have not come across any issues with scalability. Everything scales very well.

Customer service and support are excellent. I would rate their support 10 out of 10. I have been working with them on firewalls, wireless, switching, and routing, and the support is the best.

Positive

For someone like me who has been working on firewalls for quite some time, I do not see any problems with the initial setup. However, for someone trying to configure it for the first time with little experience, it may present a challenge.

Return on investment depends on the customer. While some may see it as an expense, others view it as an investment based on their understanding of Cisco.

The pricing is slightly more expensive than other products in the market. It's considered a premium, but people pay that price for Cisco.

I have been working with Palo Alto, Fortinet, SonicWALL, and WatchGuard.

I would definitely recommend Cisco Secure Firewall for its architecture, performance, stability, and exceptional support. When choosing a product, consider features delivery, stability, scalability, and customer support. On a scale of one to ten, I rate their firewalls eight to eight and a half.

On-premises

We have two deployment models for the use case: one is a perimeter firewall and one is a data center firewall. If you have a perimeter, you will position Cisco Secure Firewall as a perimeter firewall; it fits more in data as a data center firewall because in a data center firewall, you are inspecting incoming traffic and you need a very good IPS, so Cisco Secure Firewall is very effective as a data center firewall.

The best feature in Cisco Secure Firewall is the stability; we have a stable product with no lagging or crashing, unlike others. Additionally, the IPS is the next-generation IPS from Cisco, which has many features and many signatures with updated signatures for my IPS.

I switched to Cisco Secure Firewall to get very good IPS signatures and next-generation IPS; that is a market leader from Cisco.

The stability is very good. I do not experience any downtime, crashes, or performance issues; that is the best feature from Cisco Secure Firewall.

Most of the time, Cisco provides features on some versions and the updated versions will move them; for example, we can do firewall policies based on users, which is from Active Directory. It should be from Cisco ISE, so it is a very bad drawback from Cisco Secure Firewall. Not all customers have Cisco ISE, and we need to integrate to make a policy on users, not just by IP, but with users also. We had integration before with LDAP and Active Directory, but on some versions, Cisco requires us to do it through Cisco ISE.

I have five years of experience with Cisco Secure Firewall overall.

The stability is very good. I do not experience any downtime, crashes, or performance issues; that is the best feature from Cisco Secure Firewall.

Cisco Secure Firewall is providing scalability. I rate the scalability as a number 10.

Positive

I rate the technical support a number 10.

Positive

Compared to Fortinet, we have a complex configuration, but we still have a stable product rather than Fortinet's product.

Cisco Secure Firewall requires maintenance. Maintaining it is slightly complex; it is not easy or very easy.

I am a customer. It was purchased through a partner. I was satisfied with my experience with the partner.

I have seen a return on investment of 50.

The pricing for Cisco Secure Firewall is very good, and we got many discounts from them.

Cisco Secure Firewall is deployed on-premises. We have a team of four users using the solution. I rate this review a 10.

One of the biggest use cases for Cisco Secure Firewall is Public Bank; they use it in Malaysia, but we implemented it in the Sri Lankan branches.

When a global company is using Cisco Secure Firewall, they would prefer to go with the same product with the same switching and firewall, making it an umbrella solution.

I think the UTM is the best feature of Cisco Secure Firewall.

The UTM features are indeed the best.

The reason why the UTM feature of Cisco Secure Firewall is the best is because the customer is more concerned with security; for a worldwide company, they need the most security, and I think it's very suitable for the most secure companies.

The centralized management console in Cisco Secure Firewall is effective and helpful.

Most of the partners are looking for AI-driven solutions now, so if Cisco improves more on the AI part than other products, it will be very good when they are trying to capture the market.

Cisco Secure Firewall has to enhance its AI part.

Customers using Cisco Secure Firewall are looking for UTM features, and some enhancements have to be done, such as when you block applications, more applications have to be able to be blocked and categorized.

I've been working with Cisco Secure Firewall for around 15 years as a partner.

Cisco Secure Firewall is stable, and there are no issues or challenges that my customers have faced with it.

Customers use Cisco Secure Firewall both on the cloud and on-premises, and it is a scalable solution and easy to scale.

My experience with Cisco support is good. I would rate the technical support of Cisco Secure Firewall eight out of ten.

Positive

The deployment of Cisco Secure Firewall takes one day.

Customers see a return on investment with Cisco Secure Firewall, and it is workable in terms of value for money.

Competitively, Checkpoint is the best, but considering pricing and everything else, Cisco Secure Firewall is also the best product.

Cisco Firewall is better in terms of cost and is cheaper; unlike other products, if the license expires, no features work, but Cisco isn't that way. Most of the time, they have perpetual licenses, so that's the best solution customers are looking for.

The threat intelligence functionalities in Cisco Secure Firewall are also good, but when considering Checkpoint and others, they have some enhanced features; there is some differentiation, but it's also good.

They need a global, one single vendor, which is why they see value for money with Cisco Secure Firewall.

I recommend Cisco Secure Firewall because it's a global vendor.

On a scale of 1-10, I rate Cisco Secure Firewall an 8.

On-premises

Other