Try our new research platform with insights from 80,000+ expert users
Cisco Secure Firewall Logo

Cisco Secure Firewall pros and cons

Vendor: Cisco
4.1 out of 5
Badge Leader
15K followers
Post review

Pros & Cons summary

Cisco Secure Firewall ensures reliable network protection with strong stability, high availability, and comprehensive VPN solutions like AnyConnect. Its integration with Cisco tools and features such as Firepower enhances threat security. Ease of deployment boosts efficiency, while clustering supports scalability. However, users face challenges with SSL VPN configuration and limited third-party integration. Important ASA command line usage and complex deployment may require troubleshooting for effective implementation. Route-based VPN support and graphical limitations are noted.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Cisco Secure Firewall offers comprehensive VPN solutions and exceptional threat detection capabilities, enhancing network security and remote access.
Its stability and high availability ensure uninterrupted service delivery, making it reliable for continuous operations.
Cisco Secure Firewall performs well in deep packet inspection and advanced threat protection, with features like IPS and AMP providing robust filtering and security.
Integration with other Cisco products boosts overall security posture and seamless device communication.
The efficient clustering architecture facilitates zero downtime upgrades, maintaining high uptime and productivity.

CONS

Cisco Secure Firewall is not user-friendly for administration and requires extensive command-line knowledge.
Integration with third-party devices needs improvement, as it primarily supports Cisco devices.
The initial setup can be complex, requiring separate configurations for ASA, SFR module, and FMC.
VPN support is limited and criticized for weak features like route-based VPNs.
Licensing is complex and often considered a headache for customers.
 

Cisco Secure Firewall Pros review quotes

reviewer1217634 - PeerSpot reviewer
Oct 28, 2019
With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful.
Read full review
MC
Sep 14, 2021
One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.
Read full review
MB
Feb 22, 2021
One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.
Read full review
Buyer's Guide
Cisco Secure Firewall
January 2025
Free Report: Cisco Secure Firewall Reviews and More
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
DOWNLOAD NOW
831,158 professionals have used our research since 2012.
reviewer1512729 - PeerSpot reviewer
Feb 17, 2021
We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.
Read full review
JT
Sep 27, 2019
The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.
Read full review
EV
Oct 24, 2019
The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites
Read full review
JV
Jul 5, 2021
The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.
Read full review
Mike Bulyk - PeerSpot reviewer
Feb 9, 2021
It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.
Read full review
EV
Aug 30, 2021
Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.
Read full review
DC
Sep 12, 2019
Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.
Read full review
Show 10 more reviews (out of 328)
 

Cisco Secure Firewall Cons review quotes

reviewer1217634 - PeerSpot reviewer
Oct 28, 2019
We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it.
Read full review
MC
Sep 14, 2021
The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.
Read full review
MB
Feb 22, 2021
FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.
Read full review
Buyer's Guide
Cisco Secure Firewall
January 2025
Free Report: Cisco Secure Firewall Reviews and More
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
DOWNLOAD NOW
831,158 professionals have used our research since 2012.
reviewer1512729 - PeerSpot reviewer
Feb 17, 2021
It would be great if some of the load times were faster.
Read full review
JT
Sep 27, 2019
The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.
Read full review
EV
Oct 24, 2019
The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes.
Read full review
JV
Jul 5, 2021
The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.
Read full review
Mike Bulyk - PeerSpot reviewer
Feb 9, 2021
There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.
Read full review
EV
Aug 30, 2021
One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.
Read full review
DC
Sep 12, 2019
In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.
Read full review
Show 10 more reviews (out of 326)

Product Categories

Product Categories
Firewalls
Cisco Security Portfolio
Next-Generation Firewall (NGFW)
Firewall Solutions for Enterprises

Popular Comparisons

Popular Comparisons
Fortinet FortiGate vs Cisco Secure Firewall Logo
Fortinet FortiGate vs Cisco Secure Firewall
Netgate pfSense vs Cisco Secure Firewall Logo
Netgate pfSense vs Cisco Secure Firewall
OPNsense vs Cisco Secure Firewall Logo
OPNsense vs Cisco Secure Firewall
Sophos XG vs Cisco Secure Firewall Logo
Sophos XG vs Cisco Secure Firewall
Palo Alto Networks NG Firewalls vs Cisco Secure Firewall Logo
Palo Alto Networks NG Firewalls vs Cisco Secure Firewall
Azure Firewall vs Cisco Secure Firewall Logo
Azure Firewall vs Cisco Secure Firewall
Check Point NGFW vs Cisco Secure Firewall Logo
Check Point NGFW vs Cisco Secure Firewall
WatchGuard Firebox vs Cisco Secure Firewall Logo
WatchGuard Firebox vs Cisco Secure Firewall
SonicWall TZ vs Cisco Secure Firewall Logo
SonicWall TZ vs Cisco Secure Firewall
Juniper SRX Series Firewall vs Cisco Secure Firewall Logo
Juniper SRX Series Firewall vs Cisco Secure Firewall
Fortinet FortiGate-VM vs Cisco Secure Firewall Logo
Fortinet FortiGate-VM vs Cisco Secure Firewall
Untangle NG Firewall vs Cisco Secure Firewall Logo
Untangle NG Firewall vs Cisco Secure Firewall
SonicWall NSa vs Cisco Secure Firewall Logo
SonicWall NSa vs Cisco Secure Firewall
Sophos XGS vs Cisco Secure Firewall Logo
Sophos XGS vs Cisco Secure Firewall
Fortinet FortiOS vs Cisco Secure Firewall Logo
Fortinet FortiOS vs Cisco Secure Firewall
See all alternatives

Product Categories

Product Categories
Firewalls
Cisco Security Portfolio
Next-Generation Firewall (NGFW)
Firewall Solutions for Enterprises

Popular Comparisons

Popular Comparisons
Fortinet FortiGate vs Cisco Secure Firewall Logo
Fortinet FortiGate vs Cisco Secure Firewall
Netgate pfSense vs Cisco Secure Firewall Logo
Netgate pfSense vs Cisco Secure Firewall
OPNsense vs Cisco Secure Firewall Logo
OPNsense vs Cisco Secure Firewall
Sophos XG vs Cisco Secure Firewall Logo
Sophos XG vs Cisco Secure Firewall
Palo Alto Networks NG Firewalls vs Cisco Secure Firewall Logo
Palo Alto Networks NG Firewalls vs Cisco Secure Firewall
Azure Firewall vs Cisco Secure Firewall Logo
Azure Firewall vs Cisco Secure Firewall
Check Point NGFW vs Cisco Secure Firewall Logo
Check Point NGFW vs Cisco Secure Firewall
WatchGuard Firebox vs Cisco Secure Firewall Logo
WatchGuard Firebox vs Cisco Secure Firewall
SonicWall TZ vs Cisco Secure Firewall Logo
SonicWall TZ vs Cisco Secure Firewall
Juniper SRX Series Firewall vs Cisco Secure Firewall Logo
Juniper SRX Series Firewall vs Cisco Secure Firewall
Fortinet FortiGate-VM vs Cisco Secure Firewall Logo
Fortinet FortiGate-VM vs Cisco Secure Firewall
Untangle NG Firewall vs Cisco Secure Firewall Logo
Untangle NG Firewall vs Cisco Secure Firewall
SonicWall NSa vs Cisco Secure Firewall Logo
SonicWall NSa vs Cisco Secure Firewall
Sophos XGS vs Cisco Secure Firewall Logo
Sophos XGS vs Cisco Secure Firewall
Fortinet FortiOS vs Cisco Secure Firewall Logo
Fortinet FortiOS vs Cisco Secure Firewall
See all alternatives
Related questions
  • 1,478
What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
  • 87
Cisco Firepower vs. FortiGate
  • 42
How do I convince a client that the most expensive firewall is not necessarily the best?
  • 291
What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
  • 1,446
What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
  • 248
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
  • 3,584
What are the main differences between Palo Alto and Cisco firewalls ?
  • 65
A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
  • 46
Which is the best IPS - Cisco Firepower or Palo Alto?
  • 45
Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?