We primarily use the solution as a VPN concentrator. It's the main VPN concentrator for all remote connections.
Technical Lead at a tech services company with 10,001+ employees
Easy to use, easy to set up, and offers excellent technical support
Pros and Cons
- "The solution is very user-friendly and easy to deal with."
- "It would be ideal if the solution had more capacity."
What is our primary use case?
What is most valuable?
The compatibility is high with many open protocols. We use it for Radiant. We use it for any kind of network access protocols as well.
The solution is very user-friendly and easy to deal with. We find working with both the Command-Line and the Viewer very, very straightforward.
It's quite stable. We find it more stable than other options.
What needs improvement?
It would be ideal if the solution had more capacity. Right now, we are almost hitting the maximum capacity of the product. If they could provide more capacity for the same product, that would be great.
For how long have I used the solution?
I've been using the solution for over ten years. At more than a decade, it's been a long time.
Buyer's Guide
Cisco IOS Security
November 2024
Learn what your peers think about Cisco IOS Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is extremely stable. We find it much more stable than other options. It doesn't crash or freeze. There aren't issues with glitches. It is completely reliable.
What do I think about the scalability of the solution?
Currently, we have over 7,000 users that utilize this solution.
We do plan to increase usage in the future.
How are customer service and support?
Technical support is very, very good under Cisco. It's one of the other advantages of using their product. They are very helpful, responsive, and knowledgeable. We've very satisfied with the level of service they provide to us.
Which solution did I use previously and why did I switch?
We previously used Juniper. Juniper has improved a lot over the last little while, however, we still prefer Cisco.
How was the initial setup?
I was not part of the installation process. That was handled by another team entirely. That said, they didn't take a lot of time to get everything up and running. It was, if I recall correctly, less than one week to put it up and test it and make all the configuration adjustments. Deployment was fast and it's my understanding that the whole process from beginning to end was straightforward.
We only needed two people and they were able to handle both deployment and maintenance. They are engineers.
What's my experience with pricing, setup cost, and licensing?
I don't know the exact licensing costs. It's not something I deal with directly, and therefore I don't have any access to the information in regards to pricing and payments.
What other advice do I have?
We're just a customer and end-user. We don't have a business relationship with Cisco.
We're using the latest version of the solution in our organization right now.
We use both cloud and on-premises deployments, however, currently, we tend to use more on-premises deployments.
I would recommend the solution. Overall, I would rate it at an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Security and Enterprise Architect at a security firm with 11-50 employees
Reliable hardware, highly stable, and global technical support
Pros and Cons
- "One of the main features is that the hardware is extremely reliable."
- "I think they should bring back remote VPN for users."
What is most valuable?
One of the main features is that the hardware is extremely reliable.
What needs improvement?
I think they should bring back remote VPN for users. However, I understand the attempt is to have these functions inside the firewalls and not the routers or the IOS devices.
What do I think about the stability of the solution?
The stability of the solution is great. I feel very confident working with them because I have a customer that has a router running for almost 10 years and in other cases more than 10 years.
How are customer service and technical support?
The technical support has been impressive. I know there are no other brands that have the same good service.
Which solution did I use previously and why did I switch?
I have been working with Palo Alto Networks and Fortinet in the past but they do not have technical assistance centers around the globe as this solution does. However, Palo Alto solutions are more intuitive, the graphic user interface is better, and has higher performance. Cisco is catching up and closing the gap with new releases.
What's my experience with pricing, setup cost, and licensing?
Palo Alto networks are more expensive than this solution and this is why you will see more products like this one in Mexico.
I have been working with the next-generation firewalls by Palo Alto and the license tends to be better. For example, Palo Alto Wildfire, the licensing is more dynamic than Cisco products.
What other advice do I have?
I rate Cisco IOS Security an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco IOS Security
November 2024
Learn what your peers think about Cisco IOS Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Network Engineer at PART
Has good routing features and is easy to use
Pros and Cons
- "I've found their network routing to be very good."
- "I wish it would be more like the next generation firewall technology. There should be more selection between the application and filtering."
What is our primary use case?
We use Cisco IOS for security prevention. It enables us to check the network.
How has it helped my organization?
I didn't think that they would put servers in the DMZ. It also protects us from hackers; we haven't had any issues with them.
What is most valuable?
I've found their network routing to be very good.
It is also stable, has good scalability and is easy to use.
What needs improvement?
I wish it would be more like the next generation firewall technology. There should be more selection between the application and filtering.
I would appreciate updates to reporting, in terms of data entry.
For how long have I used the solution?
We have been using Cisco IOS for more than eight years.
What do I think about the stability of the solution?
We don't have any issues with stability. Cisco is always stable.
What do I think about the scalability of the solution?
Scalability is easy.
How are customer service and technical support?
We have a contract with the representative of DEO support, not just Cisco. So we have local support. If we have any issue, they respond to us directly by phone.
How was the initial setup?
The initial setup was easy. There are step-by-step instructions, like many of their other products.
What was our ROI?
The solution is definitely valuable for us.
What's my experience with pricing, setup cost, and licensing?
The licensing is on a subscription basis, and it is fairly costly. I would prefer a one-time payment.
What other advice do I have?
My advice is to take this firewall. It is really good. I would rate Cisco IOS as eight out of ten.
The next-generation firewalls, like UTM, have paper-thin single boxes. They should follow the same projects, like the next-generation firewall. They have everything like 40GBs in a single box, along with filtering applications, like VPN and SSN. They also have reporting features.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Security and Enterprise Architect at a security firm with 11-50 employees
Great security and automation with helpful technical assistance
Pros and Cons
- "Cisco Technical Assistance Center works on a follow-the-sun concept and gives real 24x7 customer support, which is a great advantage when you have a service contract with them."
- "There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time."
What is our primary use case?
The solution is used for enterprise and NAC connectivity.
This kind of technology has the advantage of being very flexible to any size organization. It is a cornerstone as a part of the basic network infrastructure.
It can be used as a simple switch to connect your network devices with security features embedded - such as port security, for example. This allows companies to limit to a fixed address per port, avoiding external or malicious assets for accessing the network.
For example, if you have a retail business, and you have a lot of small stores spread nationwide, you just need to connect some cameras and sales points to the network. iOS security solutions allow you to have a secure LAN and you could add a secure WAN connection through your Internet provider with LTE links as backups. You can set up on-demand VPN connections from store to store for voice/video calls, or do inventory queries direct to the HQ database.
How has it helped my organization?
As a Cisco partner/reseller, security has been a concern for many years. Cisco has a security concept that begins right when you try to connect to the network. Security is a complete system and is not just put on security devices at the perimeter or between tiers inside a data center.
iOS on routers is a mature solution, allowing easy setup of a traditional ISAKMP V1 or V2 VPN, and a very mature proprietary VPN flavor called DMVPN. DMVPN allows on-demand VPN establishment with minimal setup configuration and creates a pseudo full mesh avoiding bottlenecks.
Cisco Technical Assistance Center works on a follow-the-sun concept and gives real 24x7 customer support, which is a great advantage when you have a service contract with them.
What is most valuable?
The best features include the Auto Secure script, port security, spanning-tree root and loop guard, 802.1x, DMVPN, GET VPN, SD-Access, and Secure SD-WAN.
The software offers plenty of security solutions that can work in the most sophisticated enterprise but also works well for small/mid-range enterprises.
A simple switch is able to run basic security as port security, limiting the MAC addresses allowed on a port, or by running a script you can set up ACL and some control plane policies to protect control and management planes and basic DoS protection.
The same software is able to work with sophisticated security options going from the basic 802.1x to MACSEC, NAC, and trustsec, and can be integrated with automation tools in order to do auto onboarding tasks (for wired devices), profiling, and more interesting security tasks.
It allows for easy traditional ISAKMP V1 or V2 VPN setups and has a very mature proprietary VPN flavor called DMVPN. DMVPN allows on-demand VPN establishment with minimal setup configuration involved and creates a pseudo full mesh (avoiding bottlenecks as a hub-spoke topology does). Dynamic VPN establishment allows spoke-to-spoke traffic flow on-demand, optimizing VoIP/SIP calls setting up direct tunnels among spokes, reducing latency compared with a hub/spoke topology.
Switch and router iOS can be automated and orchestrated with secure SD-WAN and SD-Access Cisco solutions. Having the iOS software is relevant for small and large enterprises; it works fine for all size networks.
What needs improvement?
There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time.
Some additional features could be improved. For example, the licensing for DNA environments could be better. In some countries, the end-user does not want to go to orchestration/automation environments. They just want to have a small network for their small budget and they never will go to these environments. They consider it unfair that they have to pay for a license/subscription that will never be used.
For how long have I used the solution?
I've used the solution for ten or more years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
The product is very scalable.
How are customer service and support?
Technical support is great.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My customers have used other brands that just gave connectivity and did not offer security over LAN switches. The VPN scheme was limited to site-to-site over hub-and-spoke topologies.
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
We are the vendor team that handles implementations.
What's my experience with pricing, setup cost, and licensing?
Cisco is not a cost-effective brand, however, in the end, you get what you pay for. Regarding licensing, some customers will not use automation/orchestration environments and do not like to pay a subscription for something they will never use.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: I have 20+ years of experience working on cisco partners, but I do have Cisco Infrastruchture on my own company and the enunciated solutions are currently running as if I were another more customer too.
Networks Lead Engineer at a mining and metals company with 1,001-5,000 employees
Increased endpoint security but is overall a very complicated product
Pros and Cons
- "Previously, anyone in the organization would see any data point in the wall. They could just go and connect their machine with that data point and could access the network. But now, even if someone came and tried that, they will not be given access."
- "We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues."
What is our primary use case?
We use it for endpoint security, to control access to our edge level. Basically, Cisco IOS checks the identity of each endpoint (printers, etc.). There's a specific group allowing the printer to immediately connect to the network. Also, if there is a laptop, for example, then the IOS will tell you, okay this is a laptop, please add the user name and password to access the network. Once it gets authenticated with IOS, they will still do something like posturing, checking the compliance list. For example, if a laptop doesn't have an updated antivirus or updated patches - if it's non-compliant with any one of those things, the system will reject it and isolate it in a special network, so it cannot access our network.
How has it helped my organization?
Previously, anyone in the organization would see any data point in the wall. They could just go and connect their machine with that data point and could access the network. But now, even if someone came and tried that, they will not be given access. Because Cisco IOS will ask for the identity. So, you will now need to give your identity. If you are not part of the organization, you will not be given access.
What needs improvement?
I think it's a complicated product. It is very complicated, especially in the design. If in some way you mess up the logic and design, you can really mess up and you will hate your life. The dashboard is actually very complicated. There's a lot of options. They don't need to do this. They need to make it more simple. Going to the direct point, showing what to do, where to configure, how to make the policy. They need to simplify the dashboard management more. Also, they need to improve the dashboard statistics. We need to see the statistics in a more organized way and clear. Reporting features, I think are also missing. It should be there.
Maybe they need to add in posturing. Cisco is able to check if a device is updated or not. Taking action to isolate it outside the network, and then requesting automatically for the updates to that system would be helpful. It's something in automation they can improve.
For how long have I used the solution?
I have been using the solution for 1 year.
What do I think about the stability of the solution?
Initially, we faced some stability problems with the wifi systems. And sometimes it authenticates, sometimes it doesn't. But, overall, it's 90% stable. It's not causing many problems, because, no one is touching that. No one is touching that box.
How are customer service and technical support?
Their support was very bad. We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues. They keep asking about a lot of things. And they know that we are not expert in the system. So, we are wasting our time. And it takes time to respond. Sometimes one single issue will stay on the stack for three weeks, just to resolve it. The last ticket for me reached six weeks, not three weeks even. They are not like that in all products. Just this product.
How was the initial setup?
The initial setup was very complicated. For the initial setup, you need to configure the TAC servers and assigning the password, user name and the group for authenticating, etc. The deployment took more than three months.
What about the implementation team?
We used a vendor. We are not doing anything ourselves except for the basic things. We are using the vendors to do this. Not everything is handled by vendors; only, again, for the complicated products. We try to approach the integrators to do it.
Which other solutions did I evaluate?
I did not evaluate other options. I was thinking maybe Aruba might be a good option, but I did not switch over to it actually because Cisco's a big company and known in the market.
What other advice do I have?
Even now, we are not fully utilizing the features because it'll add complicated things. I would rate this solution 7 out of 10 because of both support and interface. After this experience, next time in any project we are going to go more secure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Commercial Manager at Natco Information technology
Excellent technical support, stable, and straightforward installation
Pros and Cons
- "The technical is excellent."
What is our primary use case?
We are using Cisco IOS Security for endpoint security. For example, spyware, firewall, database and application protection.
For how long have I used the solution?
I have been using the solution for approximately 10 years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
We have found the solution to be scalable.
We have approximately 20 customers using this solution.
How are customer service and technical support?
The technical is excellent.
How was the initial setup?
The installation is straightforward.
What about the implementation team?
We have two engineers that do the implementation and maintenance of the solution.
What's my experience with pricing, setup cost, and licensing?
The price of the solution should be cheaper, and the license is purchase annually.
What other advice do I have?
I recommend this solution to others and advise them to use the latest version.
I rate Cisco IOS Security an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Network Engineer at Banque des Mascareignes
Scalability suits all enterprise needs, but it could use a better interface
Pros and Cons
- "The VPN is the most valuable feature."
- "The routers, don't have like long-term tendency features, or higher availability features available for the IOS. It could also use a better user interface."
What is most valuable?
The VPN is the most valuable feature.
What needs improvement?
With Cisco IOS, especially the routers, don't have like long-term tendency features, or high availability features available for the IOS. Also, it could use a better user interface.
For how long have I used the solution?
I've been using the solution for 8 years.
What do I think about the stability of the solution?
The solution is extremely stable. It's one of the best. It's a stable solution.
What do I think about the scalability of the solution?
In terms of scalability, it definitely suits all enterprise needs. The product is all we need for today's enterprise, for the client. For me, in terms of scalability, Cisco has the full package.
How are customer service and technical support?
Technical support is very good.
Which solution did I use previously and why did I switch?
I have used FortiGate and Palo Alto.
How was the initial setup?
In terms of initial setup, it depends on the one doing it, but I never had any difficulties or struggled to integrate. For me, Cisco is always easy to set up. It's straightforward. Deployment is pretty fast, but sometimes it takes time to implement and to put into production. Deploying, confirmation, and then setting up the devices is straightforward. The most important part is migrating to production. This is sometimes the most important. Again, that depends on the criticality of the environment. It can be done in hours or sometimes weeks.
Under my supervision, for at least a hundred parts, one other person and I are needed for deployment. That's it. Two people.
What about the implementation team?
I implemented the solution myself. I am an integrator.
What's my experience with pricing, setup cost, and licensing?
The pricing is very expensive. Normally I do a yearly contract; I don't know the exact pricing, but it's around $75,000 USD per year. That's the standard licensing.
What other advice do I have?
Cisco is one of the greatest. The Cisco stack is the best. If you don't know it, don't go for the solution because it gets very complex. If you are new to the security, don't go for Cisco. But if you are experienced and you know how to do it, it's one of the greatest solutions.
I would rate this solution 7 out of 10. The solution is always stable, but there are many security features that Cisco is behind on today.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director at Nam Truong Son
Plenty of functionality, reliable, and good interface
Pros and Cons
- "The most valuable features of Cisco IOS Security are the plenty of functionality it provides, many people are IT certified the usage, and the user interface is good."
- "Cisco IOS Security could improve its security features. There are competitors that have some additional security features, such as Fortinet FortiGate. Additionally, there should be better synchronization with Cisco IOS Security and other vendors, and improved AI features would be beneficial."
What is most valuable?
The most valuable features of Cisco IOS Security are the plenty of functionality it provides, many people are IT certified the usage, and the user interface is good.
What needs improvement?
Cisco IOS Security could improve its security features. There are competitors that have some additional security features, such as Fortinet FortiGate. Additionally, there should be better synchronization with Cisco IOS Security and other vendors, and improved AI features would be beneficial.
For how long have I used the solution?
I have been using Cisco IOS Security for over 20 years.
What do I think about the stability of the solution?
Cisco IOS Security is stable.
What do I think about the scalability of the solution?
The scalability of Cisco IOS Security is good.
How are customer service and support?
The technical support from Cisco IOS Security is of an average level. They had some difficulties.
I rate the support from Cisco IOS Security a four out of five.
What's my experience with pricing, setup cost, and licensing?
Cisco IOS Security price could be reduced, it is more expensive than many of the other solutions, such as Sophos and Fortinet FortiGate.
What other advice do I have?
This solution has some advantages over competitors, but it has weaknesses too.
I rate Cisco IOS Security an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free Cisco IOS Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Juniper SRX Series Firewall
Fortinet FortiOS
KerioControl
Juniper vSRX
Buyer's Guide
Download our free Cisco IOS Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?
- If you could go back, would you change your decision to buy that firewall and why?
- Sophos XG vs Fortigate UTM
- Can you recommend a solution to replace Cyberoam 200ing Firewall?