Cisco Secure Firewall Reviews

• Hardware reliability
• Software stability
• Quick software updates for known bugs/vulnerabilities

These are very important in an enterprise environment.

It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

• License politics
• License price
• Precise vendor roadmap for this product

I have used Cisco ASA for five years.

We have not had stability issues.

I would give them a high rating.

We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
Cisco has good documentation and it is easy for Cisco certified engineers.

The initial setup was straightforward.

Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.

We did not evaluate any alternatives.

The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.

The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

It provides detection of zero day infections through FirePOWER AMP.

Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.

I have used the ASA portion for over eight years and the FirePOWER portion for about three years.

We did have stability issues with the FirePOWER software.

We did not have scalability issues with the high end devices.

I give technical support a rating of 5/10.

We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

The setup was reasonably straightforward.

Get a clear understanding of what the licensing entails before committing.

We checked out Check Point and FortiGate.

Plan very well in order to have a seamless project implementation and transition.

NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.

It is small, nobody knows where it is, nobody knows what it is, it works silently. So, as there is no issue, it is good for business and organization.

License politics, license price, precise vendor roadmap for this product.

Two years.

Yes, FirePower is not stable, because every new software version comes with many features that cause problems. Cisco has to do it because other vendors have already added these features.

No.

High.

3Com TippingPoint as IPS, Zyxel ZyWALL ZyXEL ZyWALLas VPN server. Cisco has good documentation and it is easy for Cisco certificated engineers.

Complex, because of non-ready Firepower service software setup.

The last years' experience showed that there is no full security, so why pay more. Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities and reliable hardware, is acceptable for an organization.

No.

Cisco's ASA product line will be replaced by Cisco FTD. And Cisco FTD software is not ready for production (lack of many basic NGFW features). So, maybe only high-performance Firepower 41xx/21xx/90xx Series is good as IPS.

Cisco doesn't have many features but only basic firewalls.

No improvement. My clients have been using this product and moving to other products.

This product should have moved towards making UTMs.

Eight years.

No.

No.

Technical support and documentation is great.

No, I worked with this product by working for a client.

It is easy to set up and implement.

Never worked on pricing and licensing.

I would always prefer to evaluate other products when I have been asked for advice on firewall solutions.

Evaluate other product before using this product.

Firewall, VPN and Single Sign On.

Remote Access and SSO Authentication.

One year.

No.

Not yet.

Good.

Watchguard Firewall. Switched due to license cost.

A bit complex compared to Watchguard Firewall.

Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

If so, which ones? Yes, Checkpoint, Juniper, Cyberoam.

Cisco is good. Look at your requirements and create a matrix to figure out the best option.

VPNs, reliability.

Connectivity with client Telcos works perfectly way and administration is simple.

I think it's the perfect Firewall for SME.

Five years.

No.

No.

10 out of 10.

Version 5515 is better than 5510 or 5505.

If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way
of configuring it with ease.

Go for the complete bundle, it's a one time investment only. Otherwise, in the future you will have to buy other tools as licenses for some add-on services.

FortiGate 100D.

I would go for bundle licenses and hire a Cisco engineer for implementation.

• Cisco IPSec VPn
• VPN Client
• Port Restrictions

We could connect data securely from outside the company.

I need application user-IP blocking, Intrusion Prevention, QoS; I can't do these with Cisco and have to change it.

Five years.

No.

No.

I have never needed support from Cisco.

I couldn’t meet all my needs with the Cisco 5505 so I changed it with a next-generation firewall.

Actually it was simple, making port based policies more simple than PA.

Cisco price-performance is very successful.

I evaluated Sophos UTM, Checkpoint, Cisco and PA. PA is the best fit for my company because Sophos acquired Cyberoam and their software wasn’t successful for domain user restrictions. Checkpoint was very slow for me and too many licences and it was complicated. Cisco acquired Sourcefire and they need to improve next-gen features. So I chose PA.

I know that Cisco acquired Sourcefire and they re-introduced next-generation firewall features and I think they’ll improve NX features.

Security, Routing and NAT.

Gives flexibility and several deployment options.

Some default inspection rules need better tuning. Focus development on CLI version.

11 years.

Rarely.

Yes, before Clustering was introduced.

Nine out of 10.

Yes. We changed for no special reason, just to mix things up.

Yes, but you need to read and understand how the device functions before deployment.

Like with all vendors, know what options you require and request the proper license accordingly. Prices are on the same level as competitors.

Not really, as all firewalls do most of what enterprises look for. What matters most is the after sales support.

Read, read, read and understand your requirements beforehand.