Cisco Secure Firewall Reviews

We use Cisco ASA and Firepower.

ASA is used for AnyConnect connections, that is, for users to connect to the office. It is very reliable and works fine.

We use Firepower in some sites as firewalls to control inbound/outbound access. We use it as a software protection layer. However, because most users are now working from home, few users need it in the office. As a result, in some places, we have switched to SD-WAN.

The network products help save time if they are well configured at the beginning. They help increase security and protect the company's data.

Firepower's user experience should be a little bit better.

I've been using Cisco Firepower for six months.

There are some hiccups here and there, but compared to the technical support from other vendors, I have had the best experience with Cisco's technical support. I would rate them at nine out of ten.

Positive

The initial setup was somewhat easy because we had previous experience with implementation. We copied that strategy or tried to align it to that implementation, but there were some challenges.

We have a hybrid cloud deployment. We have our own data centers and a lot of branches. In the data centers, most Cisco technologies start with ACI. With firewalls for big branches, we find that it's easier to break out to the internet globally rather than to use data centers.

Cisco's prices are more or less comparable to those of other products.

Compared to other vendors' firewalls, Cisco's firewalls are a bit behind. Overall, however, I would rate Cisco Firewall at eight on a scale from one to ten.

The main use cases are firewalling, routing, site-to-site VPN, and remote access. We have some older 5585-X ASAs in place. We do have Firepower 2000 Series and 4000 Series. 

For most setups, we do have high availability in place. We've at least two devices in active-active or active-standby. If it's a highly secure setup, we sometimes have two firewalls.

Cisco has a huge variety of products and features. It's a benefit to have the knowledge of all those things and also put it in the firewalling products. The knowledge that comes from other products or solutions that Cisco is selling is finding a place in security as well, and that's one of the key benefits.

There are time savings when you have a good solution in place for stopping or preventing security risks. In general, it isn't saving me time on a daily basis, but there is peace of mind knowing that you are being protected.

Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.

One con of Cisco Secure Firewalls is that Java is used a lot for the older generation of these firewalls. Java is used for the ASA and the ASDM tool for administration. It's an outdated way of administering, and it's also a security risk to use this kind of solution. This is a pro of Firepower or the newer generation of firewalls because they are using HTML for administration.

In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless. It should be bundled together in one solution.

I have been using this solution for six to seven years.

They have been very stable. I did not have any cases where a network was down due to firewalling. Fortunately, I did not have any hacker attacks, but that's being lucky. It's not something I would point out to firewalling or configuration. It's just that sometimes you're lucky and sometimes you're not.

It's very scalable. Cisco is for mid to large businesses. For small businesses, there are solutions that are cheaper, but that's not the main focus. 

A large environment comprises several thousand users. We have small to large size environments, but we mostly have mid to large.

Cisco's tech support is good in general. It varies and depends on with whom you're speaking and how the knowledge on the other side is. That's basically the same for our company. I'd rate them an eight out of ten. A ten would be perfect, and no one is perfect. You can reach maybe a nine, but no one can reach a ten.

Positive

For more security, we sometimes have two firewalls. We have other vendors in place, such as FortiGate or Palo Alto. We have Cisco at the front or at the end, and another vendor on the other side so that there is more security, and if there is a security breach in one solution, we still have the other one. These firewalls differ mostly in administration and how you configure things but not so much in terms of features. They may differ in small things, but in the end, they are all doing the same things.

I deploy and manage them afterward. I'm not only in the designing and implementing; I'm also in the operational business. Its deployment is not more complicated than other solutions. It's fine. When it comes to documentation, in general, Cisco is very good.

We mostly try to do it ourselves. Our approach is to have knowledge or any certification of the topic we are trying to take.

I'm not a salesperson. I'm more from the technical perspective, and I don't know if there are any savings at the end, but I believe that all that was bought in the past was used the way we wanted it to use. So, the money was well spent.

Licensing is not only for Secure Firewalls, and it's too complicated.

To someone evaluating or considering Cisco Secure Firewall, I'd advise having a good greenfield approach regarding what component to use. If there is no greenfield, you should evaluate what solutions you need and what type of use case you have and then decide based on that.

I'd rate Cisco Secure Firewall an eight out of ten. Cisco is a big player in networking and security, and that's basically the pro on their side.

Our primary use case for Cisco Secure Firewall is protection in our OT network. We have our OT network behind the commercial network and we do dual firewalls. The Cisco Secure Firewall is on the commercial network side and a different vendor and management group are on the OT network side.

Cisco Secure Firewall has not necessarily improved our organization as much as it has protected it against the impact of cyber threats. Our organization runs manufacturing plants that have hazardous material and we don't want that manufacturing process to be impacted by break-in exposure and cyber threats.

Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us.

It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage.

We have used Cisco Secure Firewall for probably 10 years.

Cisco Secure Firewall has been a very stable solution for us. In general, if you keep it up to date and do sensible management on it, it will be a very stable solution.

Cisco Secure Firewall has met our scalability requirements as far as traffic and management goes.

We have an excellent account team and they go to bat for us inside of Cisco. We have access to TAC and Smart Net and that all seems to be working out very well. Cisco has a good team in place.

We did not previously use a different solution for this particular use case. 

I was not involved in the initial deployment of the solution. 

In this specific use case, the biggest return on investment is that we do not have incidents. This ultimately – in some of our factories – ends up being a health and human-safety use case.

We have all smart licensing and that works well. 

We ultimately chose Cisco Secure Firewall because it came with a strong recommendation from one of our strong partners.

My advice to those evaluating the solution right now is this: understand what you're trying to protect and what you're trying to protect it from. Also, understand how the solution is managed.

Cisco Secure Firewall has not necessarily freed up our staff's time as much as it has secured the infrastructure and the OT network behind it. Cisco Secure Firewall was not built as a time-saver. It is not a cost solution. It is a solution meant to isolate and control access to and from a specific set of infrastructure.

Cisco Secure Firewall has not helped us consolidate tools and applications. It allows us to get access. What we're seeing more and more of is business systems like SAP looking to get access to OT systems and this is how our systems get that way.

Cisco Secure Firewall requires the sort of maintenance that any software product would: updates, asset management, etc. Worldwide, we probably have 30 to 40 people managing the solution on the OT side on the various sites and then probably 10 to 15 people on our account team with our outside partner.

Our use for Cisco Secure is for the firewall. 

Network segmentation is the most valuable feature.

The dashboard can be improved. 

I have been using Cisco Secure Firewall for seven years. 

It is stable.

It is scalable. A thousand-plus users are using the solution in my company. 

The initial setup is straightforward. 

Pricing is high.

Overall, I rate the product an eight out of ten. 

We use Cisco Secure Firewall for traditional firewall use cases, like VPN, segmenting of traffic, and creating PPSs.

We need reliable communication to do what we do, and that's very important. The solution does what we need to do and when we need to do it. It has a great reputation for the support that we need because if things don't work within the Department of Defense, people don't survive. Communication and keeping the adversary out are key components of our work. So we need a robust, reliable, and secure product, and that's what Cisco provides us.

Cisco Secure Firewall is robust and reliable.

The process of procuring modern-day technology within the DOD needs to improve.

I've spent quite a few years with Cisco Secure Firewall.

Cisco Secure Firewall is a very stable solution.

Cisco Secure Firewall is a very scalable solution.

Cisco Secure Firewall's technical support is great, reliable, and responsive.

Positive

We have seen a return on investment from using Cisco Secure Firewall. From the DOD's perspective, we need a reliable and robust solution that has to be reliable in real-time. Cisco Secure Firewall is a reliable solution that works when needed.

Cisco Secure Firewall is a great scalable, secure, and robust product.

There is a dedicated team designed to handle firewalls.

I have a good impression of Cisco Talos and its effects on our security operations. They have a great reputation for doing a lot of great things.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience.

Overall, I rate Cisco Secure Firewall nine out of ten.

I'm a design consultant. We primarily use the product to secure various client networks, major infrastructure, highways, and urban surveillance.

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

I would like to see an IE version of the solution where it is ruggedized. Most of what we do is infrastructure based on highways. Now that the product has a hardened switch, the only thing left in our hubs that isn't hardened is probably the firewall. It would be nice to pull the air conditioners out of the hubs.

I have been using the solution for 20 years.

I've never had a stability problem with firewalls.

The solution seems to be very scalable. I probably don't have much experience with scalability because, by the nature of how our networks work, we don't scale them; we just add another one.

Support is very good. I've never had a problem with any form of support.

Positive

I used only a couple of other products over the years due to client preference. In general, Cisco Secure Firewall is easier to deploy mostly because of the depth of personnel trained in it. Every other product seems to be a niche thing that two people know, but Cisco once again seems ubiquitous throughout the industry. Our customers choose Cisco for various reasons, from cost to a preference for Cisco. It meets the task that they need to meet. It's really the spectrum.

The deployment is pretty straightforward. It's the same as deploying any other Cisco equipment. If you know what you're doing, it's not a huge deal.

I believe our clients have seen an ROI. Their networks are more secure. Various agencies have tested a few of them to prove it, and they've proven okay. Since they weren't attacked, they have received an ROI.

The licensing is not so bad. The solution’s pricing could be lower. It's not horrible, though.

The application visibility and control are pretty good. It seems to do everything we've ever needed it to do. I've never asked the product to do something that it couldn't do. The solution has been pretty successful at securing our infrastructure from end to end. Most of our client’s staff have reported that the product is not as maintenance intensive as they would like. They never had to deal with maintenance before, but now they do. We deploy new systems for our clients.

I haven't had much experience with Cisco Talos directly. I know it's there, but I haven't really been involved. I haven't experienced it, which I believe is a good thing. It's doing its job if I don't have to get involved with it. The product has definitely helped improve our organization’s cybersecurity resilience. We weren't secure at all before, and we are a known target since we’re based in infrastructure. The solution has been very helpful in providing security.

It is a good product. I would definitely look into it. There is great value in going to a partner to a reseller to deploy the product. They understand the equipment and have expertise. Normally, they're local, so local knowledge is always useful. They have done deployments before, so sometimes they know tips or tricks that aren't in the manuals.

People evaluating the solution should give it a look. Definitely, it is worth taking a look at it.

Overall, I rate the product a nine out of ten.

The primary use case is as one-layer protection of our OT network. The way we're set up is that we have our OT network behind the commercial network, and we do dual firewalls. We've Cisco firewalls on the commercial network side and a different vendor and a different management group on the OT network side.

It's a good solution. It's in some ways a reactive solution where we have it sitting in a whitelist mode rather than a blacklist mode. So, we are blocking everything and permitting specific things, and it seems to work fairly well for us.

It hasn't necessarily freed up the time, but it has helped in securing the infrastructure and the OT network behind it. The intent of this particular solution is not time-saving. It's not a cost solution. It's meant to isolate and control access to and from a specific set of infrastructure.

It allows us to get access. We're seeing more and more that business systems like SAP are looking to get access to OT systems, and this is how our systems get that.

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls.

We've been using Cisco firewalls for 10 years or more.

It has been a very stable solution. If you keep it up to date and do sensible management on it, it's a very stable solution.

So far, in this use case, it has met our scalability requirements in terms of traffic and management.

We have an excellent account team, and they go to bat for us inside of Cisco. We also have access to TAC and things like Smart Net, and all that seems to go very well. It's a good team. I'd rate them a nine out of ten.

Positive

We weren't using anything similar in this particular use case. We chose Cisco because they originally came on the recommendation of our networking partner. They came in with a strong recommendation from a strong partner.

I wasn't involved in its deployment. That was before I started working in this space.

In this specific use case, the biggest return on investment is that we do not have incidents, and this ultimately, in some of our factories, ends up being a health and human-safety use case.

We've gone to all smart licensing, so that works well. 

Understand what you're trying to protect and what you're trying to protect it from, and then also understand how the solution is managed.

I'd rate Cisco Secure Firewall a nine out of ten.

We have consulting engineers at the backend. We have our own SOC. We leverage Cisco solutions, and we add our services on top of them.

We also sell FTDs and Cisco firewalls ranging from the old models to the new models. We have Firepower from series 1000 to 4000.

A client of ours has a campus network. They're running all of their offices, branches, and multiple sites. They are managing all of their traffic through one point, and that point is secured.

It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers.

It's a great intelligent platform where we can pull all the security insights.

The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco. Usually, the case I see with my customers is that they always have a multi-vendor setup for security. They have many products. When they have multiple products, each product does something very specific standalone, but there is always a challenge in how to correlate all these solutions or make them as one framework for securing the network.

Their support is perfect. When I used to be an engineer, Cisco's tech support was such a great help. Everything is well-defined in terms of services and SLAs as compared to other vendors. Cisco is doing a great job across all portfolios. This is what makes Cisco stand out as a vendor as compared to the rest. I'd rate their support a nine out of ten.

Positive

We had another product previously. All the vendors are doing a great job in security, but Cisco has such a big portfolio, and as a reseller, it's easy for us to be a one-stop shop for the customer covering wired and wireless networks, endpoint security, and so on. That's the main advantage of Cisco nowadays.

These firewalls are deployed on-premises. We offer all the latest versions. We always advise customers to be updated with the latest technology. That's the aim of our business, but I have not been a part of the deployment.

My role is mainly technical, but on the business side, there would be an ROI in terms of seeing the clients happy.

Our clients are happy. They always get an update about the roadmap and the features that Cisco is releasing down the road. Cisco is always ahead of others not only in terms of security but also in terms of portfolio.

Everything comes with a price. Security is something on which you cannot compromise because the loss could be massive. I see CTOs and CSOs spending a lot on that. Cisco is not really cheap, but there is great technology behind it.

The main value we add as Cisco resellers is our consulting services. We have consulting engineers on the backend and we have our own SOC. We leverage Cisco, and on top of that, we add our services, which makes it a great collaboration between every successful system integrator, reseller, and vendor.

I'd advise asking for a demo and getting involved or engaged with the product to see its value. Don't just read about it.

Overall, I'd rate Cisco Secure Firewall a nine out of ten.