Cisco Secure Firewall Reviews

Our use for Cisco Secure is for the firewall. 

Network segmentation is the most valuable feature.

The dashboard can be improved. 

I have been using Cisco Secure Firewall for seven years. 

It is stable.

It is scalable. A thousand-plus users are using the solution in my company. 

The initial setup is straightforward. 

Pricing is high.

Overall, I rate the product an eight out of ten. 

We use Cisco Secure Firewall for traditional firewall use cases, like VPN, segmenting of traffic, and creating PPSs.

We need reliable communication to do what we do, and that's very important. The solution does what we need to do and when we need to do it. It has a great reputation for the support that we need because if things don't work within the Department of Defense, people don't survive. Communication and keeping the adversary out are key components of our work. So we need a robust, reliable, and secure product, and that's what Cisco provides us.

Cisco Secure Firewall is robust and reliable.

The process of procuring modern-day technology within the DOD needs to improve.

I've spent quite a few years with Cisco Secure Firewall.

Cisco Secure Firewall is a very stable solution.

Cisco Secure Firewall is a very scalable solution.

Cisco Secure Firewall's technical support is great, reliable, and responsive.

Positive

We have seen a return on investment from using Cisco Secure Firewall. From the DOD's perspective, we need a reliable and robust solution that has to be reliable in real-time. Cisco Secure Firewall is a reliable solution that works when needed.

Cisco Secure Firewall is a great scalable, secure, and robust product.

There is a dedicated team designed to handle firewalls.

I have a good impression of Cisco Talos and its effects on our security operations. They have a great reputation for doing a lot of great things.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience.

Overall, I rate Cisco Secure Firewall nine out of ten.

I'm a design consultant. We primarily use the product to secure various client networks, major infrastructure, highways, and urban surveillance.

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

I would like to see an IE version of the solution where it is ruggedized. Most of what we do is infrastructure based on highways. Now that the product has a hardened switch, the only thing left in our hubs that isn't hardened is probably the firewall. It would be nice to pull the air conditioners out of the hubs.

I have been using the solution for 20 years.

I've never had a stability problem with firewalls.

The solution seems to be very scalable. I probably don't have much experience with scalability because, by the nature of how our networks work, we don't scale them; we just add another one.

Support is very good. I've never had a problem with any form of support.

Positive

I used only a couple of other products over the years due to client preference. In general, Cisco Secure Firewall is easier to deploy mostly because of the depth of personnel trained in it. Every other product seems to be a niche thing that two people know, but Cisco once again seems ubiquitous throughout the industry. Our customers choose Cisco for various reasons, from cost to a preference for Cisco. It meets the task that they need to meet. It's really the spectrum.

The deployment is pretty straightforward. It's the same as deploying any other Cisco equipment. If you know what you're doing, it's not a huge deal.

I believe our clients have seen an ROI. Their networks are more secure. Various agencies have tested a few of them to prove it, and they've proven okay. Since they weren't attacked, they have received an ROI.

The licensing is not so bad. The solution’s pricing could be lower. It's not horrible, though.

The application visibility and control are pretty good. It seems to do everything we've ever needed it to do. I've never asked the product to do something that it couldn't do. The solution has been pretty successful at securing our infrastructure from end to end. Most of our client’s staff have reported that the product is not as maintenance intensive as they would like. They never had to deal with maintenance before, but now they do. We deploy new systems for our clients.

I haven't had much experience with Cisco Talos directly. I know it's there, but I haven't really been involved. I haven't experienced it, which I believe is a good thing. It's doing its job if I don't have to get involved with it. The product has definitely helped improve our organization’s cybersecurity resilience. We weren't secure at all before, and we are a known target since we’re based in infrastructure. The solution has been very helpful in providing security.

It is a good product. I would definitely look into it. There is great value in going to a partner to a reseller to deploy the product. They understand the equipment and have expertise. Normally, they're local, so local knowledge is always useful. They have done deployments before, so sometimes they know tips or tricks that aren't in the manuals.

People evaluating the solution should give it a look. Definitely, it is worth taking a look at it.

Overall, I rate the product a nine out of ten.

The primary use case is as one-layer protection of our OT network. The way we're set up is that we have our OT network behind the commercial network, and we do dual firewalls. We've Cisco firewalls on the commercial network side and a different vendor and a different management group on the OT network side.

It's a good solution. It's in some ways a reactive solution where we have it sitting in a whitelist mode rather than a blacklist mode. So, we are blocking everything and permitting specific things, and it seems to work fairly well for us.

It hasn't necessarily freed up the time, but it has helped in securing the infrastructure and the OT network behind it. The intent of this particular solution is not time-saving. It's not a cost solution. It's meant to isolate and control access to and from a specific set of infrastructure.

It allows us to get access. We're seeing more and more that business systems like SAP are looking to get access to OT systems, and this is how our systems get that.

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls.

We've been using Cisco firewalls for 10 years or more.

It has been a very stable solution. If you keep it up to date and do sensible management on it, it's a very stable solution.

So far, in this use case, it has met our scalability requirements in terms of traffic and management.

We have an excellent account team, and they go to bat for us inside of Cisco. We also have access to TAC and things like Smart Net, and all that seems to go very well. It's a good team. I'd rate them a nine out of ten.

Positive

We weren't using anything similar in this particular use case. We chose Cisco because they originally came on the recommendation of our networking partner. They came in with a strong recommendation from a strong partner.

I wasn't involved in its deployment. That was before I started working in this space.

In this specific use case, the biggest return on investment is that we do not have incidents, and this ultimately, in some of our factories, ends up being a health and human-safety use case.

We've gone to all smart licensing, so that works well. 

Understand what you're trying to protect and what you're trying to protect it from, and then also understand how the solution is managed.

I'd rate Cisco Secure Firewall a nine out of ten.

We have consulting engineers at the backend. We have our own SOC. We leverage Cisco solutions, and we add our services on top of them.

We also sell FTDs and Cisco firewalls ranging from the old models to the new models. We have Firepower from series 1000 to 4000.

A client of ours has a campus network. They're running all of their offices, branches, and multiple sites. They are managing all of their traffic through one point, and that point is secured.

It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers.

It's a great intelligent platform where we can pull all the security insights.

The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco. Usually, the case I see with my customers is that they always have a multi-vendor setup for security. They have many products. When they have multiple products, each product does something very specific standalone, but there is always a challenge in how to correlate all these solutions or make them as one framework for securing the network.

Their support is perfect. When I used to be an engineer, Cisco's tech support was such a great help. Everything is well-defined in terms of services and SLAs as compared to other vendors. Cisco is doing a great job across all portfolios. This is what makes Cisco stand out as a vendor as compared to the rest. I'd rate their support a nine out of ten.

Positive

We had another product previously. All the vendors are doing a great job in security, but Cisco has such a big portfolio, and as a reseller, it's easy for us to be a one-stop shop for the customer covering wired and wireless networks, endpoint security, and so on. That's the main advantage of Cisco nowadays.

These firewalls are deployed on-premises. We offer all the latest versions. We always advise customers to be updated with the latest technology. That's the aim of our business, but I have not been a part of the deployment.

My role is mainly technical, but on the business side, there would be an ROI in terms of seeing the clients happy.

Our clients are happy. They always get an update about the roadmap and the features that Cisco is releasing down the road. Cisco is always ahead of others not only in terms of security but also in terms of portfolio.

Everything comes with a price. Security is something on which you cannot compromise because the loss could be massive. I see CTOs and CSOs spending a lot on that. Cisco is not really cheap, but there is great technology behind it.

The main value we add as Cisco resellers is our consulting services. We have consulting engineers on the backend and we have our own SOC. We leverage Cisco, and on top of that, we add our services, which makes it a great collaboration between every successful system integrator, reseller, and vendor.

I'd advise asking for a demo and getting involved or engaged with the product to see its value. Don't just read about it.

Overall, I'd rate Cisco Secure Firewall a nine out of ten.

Our customers for the most part use this solution in data centers. 

The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs. 

We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs. 

We have been using Cisco Secure Firewall for almost a decade. 

Cisco's support is much better than other vendors' support. In my opinion, this is a big advantage for Cisco. The support Cisco offers is upper-level. 

Positive

We previously sold Fortinet devices. However, many of our clients switched over to Cisco because of the price as they are quite cheap. 

We are in the middle of a migration plan to Cisco right now in our company. I am not directly involved. We are working with a Cisco partner but I have been communicating our needs to them. However, I believe the migration process will be smooth for our company. It is crucial to have a solid migration plan in place because we are a core data center, so we have to be careful. 

We are deploying with the help of a partner. 

We do see a lot of ROI from Cisco Secure Firewall. We are in the process of migrating a lot of end-of-support devices with some new ones and the return on investment is there.

Price is a big selling point for Cisco Secure Firewall. They are quite affordable and many clients chose them precisely for this reason. 

This solution helped my clients save money and time. My clients save 50% on time thanks to automation and processing brought on by this solution. 

I have only good things to say about Cisco Talos. It has been quite helpful to our customers.

This is an SSL that can decrypt and encrypt SSL traffic. 

The ability to encrypt and decrypt is great.

The dashboards are excellent.

We really like the reporting aspect of the product. 

It is stable. 

We found the initial setup to be easy.

Maybe the dashboard could be a bit better. There are some reports where we don't get it. We need a deep dive into a particular URL, however, it provides the URL and the IP address, and there is no more information that can show more details. Basically, the report models can be improved.

With their console, we have to build a separate VM. In some of the products, the management console comes along with the box itself. It'll be one solution to take the backup and keep it. Even if you want to build a DR, it'll be easy. However, the challenge we had is if that VM is down, my team may not able to access the Firepower remotely. Therefore, the management console itself should be built within the Firepower box itself, rather than expecting it to be built in a separate VM.

I've been using the solution for more than four years. 

We have not, as of now (touch wood) faced any issues. It's stable, and we don't face any performance issues as well. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

At this moment, we have not thought through scaling. The model which we use is less than 60%. What I heard from them is you can cascade it to another box, and scaling can be done.

We have between 400 to 450 concurrent users on a daily basis accessing this box. Overall, we have 2,000 devices that could be easily communicated via Firepower.

Technical support is good. We've found it to be quite good in general. 

Positive

The initial setup is great. It's very easy and quite straightforward. If you understand the process, it is very easy. I'd rate it a 4.5 out of five in terms of ease of implementation. 

I don't manage licensing. I can't speak to the actual cost of the product. 

We're a customer and end-user.

I'd recommend the solution to organizations that have around 1,500 people that need to access the solution. 

I would rate the solution a nine out of ten. 

We primarily use this firewall for IPS, IAM, threat defense, and NAT.

I am from the networking department.

We are using the Firepower Management Center (FMS) and the management capabilities are okay. I would not say that they are good. The current version is okay but the earlier versions had many issues. The deployment also takes a long time. It takes us hours and in some cases, it took us days. The latest version 6.6.1, is okay and the deployment was quick.

I have tried to compare application visibility and control against Fortinet FortiGate, but so far, I don't see much difference. As I try to determine what is good and what is bad, I am seeking third-party opinions.

The most valuable feature is the threat defense. This product works well for threat defense but for everything else, we use Cisco ASA.

This product has a lot of issues with it. We are using it in a limited capacity, where it protects our DR site only. It is not used in full production.

The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working. As a financial company, we have a lot of transactions and when the net suddenly stops working, it means that we lose transactions and it results in a huge loss.

We cannot research or test changes in advance because we don't have a spare firewall. If we had a spare then we would install the new firmware and test to see if it works, or not. The bottom line is that we shouldn't have to lose the network. If we upgrade the firmware then it should work but if you do upgrade it, some of the networks stop working. 

We have been using the Cisco Firepower NGFW Firewall for three years.

Cisco's technical support is the best and that's why everybody implements their products. But, when it comes to Firepower, we have had many delays with their support. For all of the other Cisco products, things are solved immediately.

Nowadays, they're doing well for Firepower also, but initially, there was no answer for some time and they used to tell us that things would be fixed in the next version. That said, when comparing with other vendors, the support from Cisco is good.

We use a variety of tools in the organization. There is a separate department for corporate security and they use tools such as RedSeal.

In the networking department, we use tools to analyze and report the details of the network. We also create dashboards that display things such as the UP/DOWN status.

We have also worked with Cisco ASA, and it is much better. Firepower has a lot of issues with it but ASA is a rock-solid platform. The reason we switched was that we needed to move to a next-generation firewall.

The initial setup was not easy and we were struggling with it.

In 2017, we bought the Firepower 2100 Series firewalls, but for a year, there was nothing that we could do with them. In 2018, we were able to deploy something and we had a lot of difficulties with it.

Finally, we converted to Cisco ASA. When we loaded ASA, there was a great difference and we put it into production. At the time, we left Firepower in the testing phase. In December 2018, we were able to deploy Firepower Threat Defense in production, and it was used only in our DR site.

We do our own maintenance and there are three or four of us that are responsible for it. I am one of the network administrators. We can also call Cisco if we need support.

From the perspective of return on investment, implementing the Firepower 2100 series is a bad decision.

Firepower has a very high cost and you have to pay for the standby as well, meaning that the cost is doubled. When you compare Fortinet, it is a single cost only, so Fortinet is cheaper.

Prior to Firepower, we were Cisco customers and did not look to other vendors.

Given the problems that we have had with Cisco, we are moving away from them. We are now trying to implement FortiGate and have started working with it. One thing that we have found is that the Fortinet technical support is very bad.

I would rate this solution a five out of ten.