Cisco Secure Firewall Reviews

I love its CLI mode of working, it gives plenty of information with a single line of command.

This feature allows its administrator to perform advanced level tasks with much ease.

These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.

This product lacks in GUI format; that needs to be more mature and composed.

10 years +

No issues.

Rarely, due to software issues.

As of now, no.

Excellent but if non-Indian engineer is assigned.

We have almost 99% Cisco based infrastructure.

Pretty straightforward.

Usually yes. We did like Huawei and Juniper.

Cisco has done great job in introducing new features in their security product by acquiring specialized companies in the past. However, they still need to improve their unique feature products as they are in a challenger position, but not on top, at various product review portals.

It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

There were no problems in terms of scaling an existing solution, though very expensive.

I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

Choose it if you aim to have a stable environment.

The front page of device manager is the most valuable feature because it makes it easy to know the system status.

It’s hard to say because our equipment was EoS.

I have used Cisco ASA for three years.

We suffered an attack and the firewall was down repeatedly.

We have to buy more licenses to get more VPN connections.

I rate support 7/10.

We didn’t have a previous solution. I actually searched after another solution.

Setup was complex because we had not taken a course previously.

Sincerely, I prefer other products with no limit on licensing of VPNs, for example.

You have to find more confidentiality, integrity and availability.

Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.

It provides centralized management. I would also add that URL, Malware and IPS built-in has been a great help as well. Where we used to need several products for all these features, we now only need the ASAs with the additional licensing. So now, it is more a matter of license management over hardware and licensing management.

More centralization and simplification of product lines would help most engineers, but I think licensing is the key here. Most organizations won’t pay the money to have ELA licensing, so all the individual licenses for these products can be overwhelming. Plus, they never really synch for expiration time.

This is mainly due to reliance on other Cisco products and licensing. For example, Palo Alto includes several features in one whereas Cisco requires multiples. However, I still think Cisco offers great products but to get a "10" they might consolidate devices or simplify licensing.

I have used this for two years, but company has used Cisco solutions for many years.

We did somewhat have stability problems. Upgrading the ASA, ASDM, and SFR can be a pain if you have as many firewalls as we do (21). Once you can get them to fall under FPMC management it can be a little easier, but it is a battle to get to that point.

There have been no scalability issues from my point of view. I was handed the solution, so some of the initial work was done.

I rate support 10/10. TAC has always done a great job with answering my questions and providing remote support when needed.

Previously, I used ASAs without FirePower; and unsure what my company used prior to that.

For me, setup was half-and-half. In one update run I missed the step that discusses how the ASA and ASDM need to be on a specific patch prior to upgrading the SFR. FPMC attempted to push the new update to the devices regardless of this mismatch that caused FPMC to loose communication. I had to downgrade the SFR all the way back to v5.4.1 before I could install the latest version. You also have to step through several updates before you are done, so that can be tedious as well.

Read everything and track all your licenses. Research all options and maybe pick a few to PoC. It doesn’t hurt to trial others. Maybe they are a better fit for your environment.

We are moving forward with ELA 5.0 for all Cisco security devices. Prior to that decision, we did a PoC with Palo Alto 3020 and 220 firewalls and Panorama. Those are some great products, but we are so Cisco centric that the cost of ELA isn’t much more than we are spending now.

Do research. FPMC is great for us but it requires a lot of time and attention.

Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.

The product has helped organizations secure their infrastructure and data. Most organizations are happy to adopt the technology.

The equipment is too expensive compared with other firewall products.

I have used ASA for about three months. I just bought and configured it for a client.

Since I installed and configured it, the client has never called with complaints.

I have not had scalability issues at all. Maybe it is because I have not used it quite extensively.

I haven't had a chance to interact with the support team.

The previous product was limited in throughput and security.

The initial setup was quite complex.

As much as there is value for money, there is a need to make it affordable.

I tried Sophos.

It is a very good device to use for those who value their network security.

Class-based policing is the most important part of the ASA, and was its differentiator.

It gave us more organized DMZs and logical segments.

I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a case-by-case basis. This makes it difficult for people who want to study and trial new technologies and features.

I’ve been using ASA technology since it was PIX, so since 1999.

We have not had stability issues.

We have not had scalability issues.

Support with Cisco TAC, or with VARs like WWT and Trace3 is usually pretty good.

I have used both ASA and PAN. Different strokes for different folks.

Initial setup is straightforward. You can get as granular and complex as you want, but out of the box, ASAs provide a secure FW solution.

We evaluate all other options.

ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution. Documentation and use cases alone tend to make me a fan of Cisco's way of engineering, and they have come a long way over the last few years when it comes to integrating their solutions into comprehensive security communications platforms using tools like PRIME and ISE. FirePOWER and AMP make Cisco an even better overall contender for top FW status.

It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.

It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.

Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.

The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.

It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.

• The SSL VPN portal could be better.
• The ASAs support both IPSEC as an SSL VPN.
• For IPSEC you need a Cisco VPN client.
• You can only have two SSL VPN sessions.
• For more SSL sessions you have to pay (750 IPSEC sessions are included with an ASA).
• With SSL, you connect through a browser, so it is clientless. The SSL portal offers a few functionalities which you can offer a user. Configuring this portal is not an easy task.

We have been using the solution for almost five years.

We didn't encounter any issues with stability.

Scalability is limited depending on the chosen model.

I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.

We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.

The setup was easy with lots of documentation and configuration examples provided.

You have to negotiate well.

We did not evaluate any alternative options for stateful firewalling.

You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.

It is very robust, trustworthy and highly customizable.

Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.

It could have more functions for load balance on the internet.

We have been using the solution for two years.

We never had any stability issues. It is the most stable platform that I have used, and I have used several including Fortinet, Sophos, Hillstone, Cisco and D-Link.

We did not encounter any issues with scalability.

I would rate the technical support at 10/10. It is the best.

I implement solutions on several clients, Redneet is a technology integration company and I prefer Cisco ASA for my security solutions.

The setup is a little more complex than other solutions.

It is a bit more expensive than other solutions, but offers more customization and security than other solutions.

We evaluated Fortinet, Sophos, Palo Alto.

Use the best practice guides and online documentation. Cisco has more information online free that any other brand, so use it!!!