Cisco IOS Security Reviews

We use Cisco IOS Security to segregate IT and OT environments.

Cisco IOS Security is very robust and works very well. Once set up and operational, very limited human interaction is required with the device to run it for years. We deployed the solution, activated certain features, and forgot about it. We didn't have the necessary tools to monitor and maintain the solution actively.

Cisco IOS Security's monitoring is rather rudimentary and could be improved.

I have been using Cisco IOS Security for around 15 years.

I rate Cisco IOS Security a ten out of ten for stability.

Less than fifty users were using Cisco IOS Security in my previous organization.

The initial setup for Cisco IOS Security is relatively straightforward compared to other firewalls. We had two people, including myself and a network specialist, for the deployment and maintenance of Cisco IOS Security.

We implemented the solution in-house.

Cisco IOS Security got the job done. The solution was secure and stable. So we got a decent return on investment.

I look at companies and what they specialize in, and Cisco never really specialized in security. Other companies have security as their core focus. I will not be deploying any Cisco security devices in the near future.

Overall, I rate Cisco IOS Security a seven out of ten.

Our company uses the solution as intrusion protection for customers. It fully integrates with the BMA and ISE. We manage all traffic in data centers to protect them from internal users and outside traffic.

The solution effectively integrates with Umbrella which has an intelligent background and is very helpful in tech analysis or discovery. 

The solution is not user friendly and it is hard to manage the GUI interface. This is an ongoing CISCO problem. 

The solution needs Active/Active firewalls to have good load balance with high availability. The firewalls should work simultaneously, not just as failovers. 

I have been using the solution for ten years. 

The solution is very stable if configured properly. I rate stability a nine out of ten. 

The solution is very highly scalable and other products really don't compete with its scalability. The solution can easily be used for small companies or big enterprises with thousands of users. I rate scalability an eight out of ten. 

Technical support does not have a broad knowledge base, so I rate them a six out of ten. 

Neutral

The setup is better than before but still not easy or clear like Palo Alto. If you want to configure the solution, then you need to study how to do it. 

The setup is difficult so I rate it a six out of ten. 

We implement the solution for customers on our own unless we have an issue or bug. It takes one expert staff person for deployment. Depending on the customer's policies and the network's complexity, deployment might take from three to seven days. 

Our process includes verifying the license and setting up the firewall, hardware, FMC, and the failover when there is more than one firewall. We then define or set up the configurable interfaces and the IP addresses. Finally, we define the VLAN of the customer and policies for each VLAN. 

The solution does not require ongoing maintenance if it is configured properly. 

Our ROI is that the solution saves time because it reduces attacks and helps with ongoing protection. The subscription model is also very helpful for ROI. 

I rate ROI at 1800%. 

The pricing is average and includes all features with support. I rate pricing a six out of ten. 

Palo Alto has a better GUI interface for handling all features and is easier to configure. 

I recommend the solution and rate it an eight out of ten. 

The solution is the core of our network to implement, for example, Cisco Eyes, since we have Cisco Eyes on our network. At the core and access layers, we also use the solution for all our configurations concerning admission control into the network.

The solution is easy to use. It provides hotkeys that help you remember commands you've forgotten about.

I would like upgrading iOS to be a bit easier. If you want the old version to continue running, that should be a bit easier. People have made many apps to do that online, but if Cisco could have that at the click of a button to quickly download or upload it, after which everything starts to work, that would be good. Sometimes, setting up your TFTB is difficult even though there are tools now. There should be something that would make it much easier where I just have to download, upload it into the iOS, and start it up.

I've used the solution for about eight to ten years.

The solution is very stable.

The solution is very scalable. We have about 500 users on this solution.

The solution is easy to set up if you know what to do. You can copy all the content and slam it into the switch if you have a configuration. After five to ten minutes at most, the switch is ready.

The initial setup is not much of a problem if you have an existing configuration. You just need to copy and paste. But if you're designing things, you might need a consultant.

We mostly need technical people for the solution to support users. Most of the issues we have are the Mac and our Cisco Eye. Sometimes, the user's password will expire, and the user must be called to connect them back. Sometimes, Eye does not allow the users to work, and we need to clear the ports and things like that. That's a bit of the experience where we have one challenge after another, but we are finding our way around it. Regarding the number of technical staff, we need a password administrator who does the configuration and then support guys who ensure that all the endpoints have access to the network.

You might need some level of support depending on what you're doing. Because even if it is in a cloud environment, as long as you understand the setup of what you want, you're good to go.

I rate the solution an eight out of ten. Before now, there were things that you could log in and get them to do for you. Because we have Smart Net for our devices, that's the way to go most of the time because you are sure that at the click of a button, Cisco will always be there to help.

The primary use case of the solution is firewall protection.

The most valuable feature is endpoint protection.

The security of the solution has room for improvement.

The solution is complex and can be more user-friendly.

The stability and scalability can be improved.

I have been using the solution for over one year.

The solution is not stable.

The solution doesn't have the proper bandwidth source to be scalable.

The initial setup is straightforward.

The deployment takes about two hours.

I give the solution a six out of ten.

We have over 1,000 people using the solution in our organization.

We require around ten people for the deployment and maintenance of the solution.

I do not recommend the solution because it is not secure and is complex.

My organization is an ISP using IOS Security to secure enterprise resources. We previously had it deployed on-premises, but we have switched to the cloud. We prefer AWS for latency purposes because it's based in South Africa. 

The VPN was valuable for us because more people are working from home. It has a lot of reporting and easy-to-use management tools.

The configuration and reporting interfaces need a lot of improvement. It needs to be more accessible forsolide without a strong technical background. If you had a simplified dashboard, the lower-level techs could manage the solution and provide services. Cisco IOS Security requires someone who is highly trained to operate it. 

There is central management, but reporting could be more centralized too. You can have a lab module. However, we need to see some es, and that will help you deploy without breaking the live system. There's no way for me to have a live system to test my new configuration. If it breaks, I have to deploy it and reverse it to the previous configuration. 

It would be nice if I could create an online lab on the fly to test for 10 minutes to an hour without messing anything up. That would be great, especially for things that we do on our live network appliance.

I've been using Cisco since the late 90s.

The stability is great. It takes a bit of time for them to introduce new features that I want. 

All Cisco products are scalable. The scalability is there, but the pricing model isn't straightforward. 

I rate Cisco support four out of 10. Dealing with Cisco support is complicated. First, there's a time difference because we are in the GMT+2 time zone. It sometimes takes a while for your ticket to be assigned. Today, I find that other cloud service providers respond much quicker than Cisco, even though they are smaller. They need to improve on response time.

Neutral

It was the first solution I've used, and I've stuck with it because I'm comfortable with it. I haven't used other products, but I'm evaluating some because Cisco is becoming more complicated in terms of licensing, features, and other stuff. 

I wouldn't say the deployment was complicated, but I wouldn't use the word "easy" either. It's straightforward if you know what you're doing. However, it can be complicated if you don't know what you're trying to do. You need a bit of training before touching it. By contrast, FortiGate is easier to get started, but Cisco solutions require training before you start messing with them. 

It wasn't much of a challenge for me because I've been working with Cisco for a while. Initially, there were some painful moments where you thought these things would break.

We were doing everything by ourselves at first, but we ended up using an integrator at some point.

In IT services, we don't calculate return on investment. It allows the business to grow, so we don't calculate the return. We just look at the IT cost. 

I rate IOS Security six out of 10 for pricing

I rate Cisco IOS Security six out of 10. For someone who wants something that works, they can be sure that Cisco will be there in the next five years. Cisco products have longevity because the company is secure, and you know the product will be supported for many years. 

There is longevity if you can afford it. At the same time, you'll need to invest in learning the product. The most vital aspect of Cisco is that it works, and the company is there for you. You are sure it'll be there tomorrow.

Our primary use is just as a firewall. That is pretty much it.  

We are able to filter a lot of traffic. The is especially effective when a lot of the traffic is in layer 7 — the internet aspect of security for application services.  

I think the multi-layered approach is valuable. Just the fact that it covers everything on the LSA (Local Security Authority) right up to layer 7, in-depth packet analysis, and all that. It covers everything we need it to without looking to secondary solutions.  

I think the user interface for IOS Security needs to be improved.  

I think the signature updates and all the other critical definitions need to be updated more frequently.  

We have only been using IOS (Internetwork Operating System) Security since about 2016. So we have worked with it for about four years.  

The stability of the product is okay. There were not really any bugs or glitches that I can remember.  

The scalability aspect of it is that it is one of those products where you have to incorporate additional hardware. It is a vertical scale, so you add on the boxes you need and bond them together. Of course, it costs more to scale that way than something that would be a software upgrade. You have got to pay to scale and to get more features.  

Our clients are generally small to medium-sized businesses. Cisco IOS is a pretty good fit for that range of clients.  

I have used the Cisco technical support and they were okay. Rating them out of ten, I would give them an eight or nine-out-of-ten. They have a pretty good system with decent response time and accuracy. They are good overall and in comparison to other services. They offer 24/7 service, which is a benefit.  

I was actually using Cisco products more in the past and use them as a consultant. Right now, Sophos is the only one I have been using. It just came about through one of those situations where we were able to partner up with Sophos. That is really the reason for the change.  

Setup and installation are pretty much straightforward. Comparing the installation to Fortinet or Sophos they are all the same.  

The pricing for IOS Security is okay. It is competitive. It costs more when you have got the need to pay for more features. You have to buy more boxes and tie them together to upgrade to the next level.  

I have used Fortinet in the past too as well as Sophos and other Cisco products. They are all similar and if you know how to use them they are virtually all the same.  

The advice that I would give to others looking into implementing this product is that I think they need to do their benchmarking. They should do due diligence beforehand in terms of their traffic.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as about an eight-out-of-ten. I do not know how they could realistically improve on that much. You never keep up with the hackers, they are always a step ahead of us when it comes to security.  

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

Cisco IOS Security is stable, very stable.  

The capabilities for scalability with this product are huge. It is very scalable.  

A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

I use Cisco IOS Security. We install it for people. We have a very small network station. We don't use Cisco IOS Security very often, but we install it for clients. 

We use Cisco IOS Security mostly for routers to route off the firewall. It's a next-generation device. With firewalls, we can connect the solution for the mail cloud. 

We've deployed with Fortinet FortiGate. We don't use it much. We use Cisco IOS Security to manage for enterprise clients.

Our primary use case for this solution is in the insurance industry.

Cisco IOS Security has not improved my organization. We use it for our clients. It helps their workers to be more secure in operations.

We interpret the additional protection to be very important now. Cisco IOS Security is used with client mobile devices on the firewall.

We don't love everything about the product. For now, it's what we're using. It's okay. It is difficult to set up. The training is okay. The pricing is standard.

It will be great if they can make it more easy to use the features. The interface is not user-friendly, but a normal IT technician can handle it.

Most of the features only work with Cisco equipment. It's about connectivity. Most of their features are meant for Cisco. You cannot integrate them with any other vendor.

Cisco needs to be more flexible with the integration of other solutions.

It's not stable if you don't have Cisco gear in your network. If you don't have Cisco equipment within your network, you cannot access powerful pieces of the software.

The scalability of Cisco IOS Security is good. It's very fast. It's not universal because most of the features require you to have Cisco equipment in your network. 

If you ask technical support on how to solve some issues, it does help. We do fine with Cisco support. It comes with the equipment.

We provide our clients with six months of in-house support. We pay Cisco for it. The support is okay.

The initial setup is straightforward, but when it comes to complex settings like the firewall, it is not easy. Most of the features that come with it work only with Cisco devices.

You have to have experience before you try to use it. You need to make sure you have it your router by Cisco. Some features only work with Cisco equipment.

What we do is we set up everything. We have to go on-site. It doesn't take time to deploy it. The time required to work on the project can take up to two weeks.

We did the setup mostly with our team. We are consultants. We worked with a reseller. Cisco has an integrator software team too.

Our licensing costs for the solution are on an annual basis. It should be every five years.

On a scale from 1 to 10, I would rate Cisco IOS Security at 9/10.