We had implemented our Cisco API and Cisco Stealthwatch. We use the Cisco Secure Firewall for easy integration that can collaborate with all these Cisco solutions. My operations will also have less maintenance and the same existing team.
Senior Manager ICT & Innovations at Bangalore International Airport Limited
A highly stable solution that provides advanced malware protection and good DDoS communication
Pros and Cons
- "Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good."
- "The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us."
What is our primary use case?
What is most valuable?
Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.
What needs improvement?
The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us.
The solution's graphical user interface could be made more user-friendly, and the configuration can be simple.
For how long have I used the solution?
I have been using Cisco Secure Firewall for five years.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,190 professionals have used our research since 2012.
What do I think about the stability of the solution?
Cisco Secure Firewall is a stable solution.
I rate Cisco Secure Firewall ten out of ten for stability.
What do I think about the scalability of the solution?
Cisco Secure Firewall is a scalable solution. Around 400 users are using the solution in our organization.
I rate Cisco Secure Firewall a nine out of ten for scalability.
How are customer service and support?
The solution’s technical support is good.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup is complex and requires Cisco-certified people.
What about the implementation team?
Two engineers were involved in the solution's deployment, which took one week.
What was our ROI?
We have seen a return on investment with Cisco Secure Firewall because it provides advanced malware protection and seamless integration with my existing solutions.
What's my experience with pricing, setup cost, and licensing?
Cisco Secure Firewall is a moderately priced solution. We have to pay a yearly licensing fee for the solution.
What other advice do I have?
The solution’s maintenance is very easy, and one person can do it.
Overall, I rate Cisco Secure Firewall an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Network specialist at a retailer with 10,001+ employees
Useful firewall component package, effective third-party devices integration, but licensing could improve
Pros and Cons
- "The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications."
- "The overall licensing structure could improve to make the solution better."
What is our primary use case?
We are currently utilizing the Cisco Secure Firewall, partially due to its historical relevance and partly because Cisco continues to maintain a prominent position in providing client VPN access.
We have employed Cisco Firepower and ASA on Firepower to facilitate client VPN access and to enforce fundamental layer four security policies.
We utilize security products in central locations to provide VPN access for clients throughout Europe.
How has it helped my organization?
The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.
Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.
What is most valuable?
The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.
What needs improvement?
The overall licensing structure could improve to make the solution better.
For how long have I used the solution?
I have been using Cisco Secure Firewall for approximately 15 years.
How are customer service and support?
My experiences with the Cisco Secure Firewall support have varied. Since we access it through a partner, some issues are quickly resolved, while others require more time and effort.
I rate the support from Cisco Secure Firewall a six out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
While I have not personally utilized other security products, our organization also employs FortiGate devices and applications for security purposes alongside Cisco Secure Firewall.
What's my experience with pricing, setup cost, and licensing?
Acquiring licensing for Cisco Secure Firewall can be a bit cumbersome, therefore a more straightforward licensing process would be preferable.
The licensing process can be frustrating, as it requires selecting between on-box or per-client options and other related considerations. Simplifying this process would be beneficial.
What other advice do I have?
We are using access switches, routers, catalysts, and ISR products. Additionally, we are using Cisco as a platform, which is somewhat old, and Cisco ASA on Firepower devices.
I would advise others to thoroughly evaluate their requirements before selecting a security solution. While some products may seem like an obvious choice, it is important to take the time to assess the available options and determine which one best suits your specific needs. This approach is wise and can ultimately lead to a more effective security solution.
I rate Cisco Secure Firewall a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,190 professionals have used our research since 2012.
Solution Architect at a energy/utilities company with 1,001-5,000 employees
Video Review
Best support and good detection capabilities, but needs improvement in stability and functionality
Pros and Cons
- "The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc."
- "There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement."
What is our primary use case?
I'm working as a Solution Architect for an energy provider in Austria. We have approximately 1,500 people working in Austria and also in some neighboring countries.
We are using Cisco Secure Firewall. We started with Cisco ASA long ago, and now, we have Cisco Firepower or Cisco Secure Firewall. We are using the product as a perimeter firewall and for remote access VPN and site-to-site VPN tunnels with other partner companies. So, the primary use case of Cisco Secure Firewall is to secure our perimeter, but it's also for the remote access VPN for employees in the home office or if they are outside the company.
How has it helped my organization?
The benefit of using Cisco Secure Firewall is that there is a lot of integration with other Cisco products like Cisco ISE or even with third-party systems. It's important to have these integrations with other systems. On one hand, you get more visibility, and on the other hand, you can also use the information that you have from the firewall in other systems, such as a SIEM or other similar things. You overall get better visibility and better security.
In terms of securing our infrastructure from end to end so that we can detect and remediate threats. When it comes to detection, it's pretty good because you have the background of Cisco Talos. I can't say if it's the truth, but they probably are one of the top players in threat hunting, so it's pretty good at detecting known things that are outside.
What is most valuable?
The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.
What needs improvement?
There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement. In the past, we had problems with new releases.
Also, from the beginning, some functionalities or features have not worked properly. There are bugs. Every product has such problems, but sometimes, there are more problems than other products, so it's definitely something that can be improved, but Cisco seems to be working on it.
What do I think about the stability of the solution?
There is room for improvement in the stability of the product.
What do I think about the scalability of the solution?
I know that there are several models for every type of scale that you need. For small branches up to the data center or even for the cloud, there are models, but so far, we only have one cluster. Among all these different types, we found the perfect matching size for our company.
How are customer service and support?
The Cisco support with Cisco TAC is pretty good. With the TAC Connect Bot that you have with WebEx, you can easily open a case or escalate the case through the WebEx app. That's pretty cool. Also, the engineers that are working for Cisco TAC are really good. Among all the vendors that we have in place, it's the best support that we have experienced. I'd rate them a 10 out of 10 because compared to the other vendors that we have in place, it's definitely the best support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have a multi-vendor strategy for the firewall so that if there is some security issue in the software or something like that, you are not directly impacted, and there is another vendor in between. If I compare Cisco Secure Firewall with the other vendor that we have in place, the pro for Cisco Secure Firewall is that detection is better with the database of Talos. The con that comes to my mind is the deployment time when you deploy a change. With the other vendor, the change is more or less deployed immediately, whereas, with Cisco Secure Firewall, you have to wait for a few minutes until the change is deployed. This is one of the biggest cons on this side because if there's a misconfiguration, you are not able to correct the issue as fast as with the other vendor.
How was the initial setup?
We migrated from Cisco ASA to Cisco Firepower, and it was straightforward because there were some migration tools to export the old ASA rule set and import it into Cisco Secure Firewall. With these tools and the documentation that you find on Cisco's site, it was pretty straightforward, and we had nearly no problems with the migration to Cisco Secure Firewall.
In terms of the deployment model, we have one high-availability cluster, and, of course, FMC to manage this cluster. These are physical clusters, and we have them on-prem in our data center.
What about the implementation team?
For deployment, we worked with our partner who helped us a little bit with the migration. Our partner's engineer had good knowledge and supported us when we had questions. When we didn't know how to do something, they helped us with that.
What's my experience with pricing, setup cost, and licensing?
The licensing models that are available for Cisco Secure Firewall are okay. You have nearly every option that you need. You can pick filtering, advanced malware protection, or all the available features. It's sufficient.
In terms of pricing, there are, for sure, some cheaper vendors, but overall, it's nearly the same. It has a fair price.
What other advice do I have?
To those evaluating Cisco Secure Firewall, I'd advise thinking about what are your use cases and what's your goal to achieve with this product. It's also a good idea to talk to other customers or a partner and ask them what's their experience and what they think about it, and if it's suitable for this use case or not. And, of course, it's also a good idea to do a proof of concept or something like that.
At the moment, I'd rate Cisco Secure Firewall a six out of ten. The reason for that is that we are having some problems with the stability and functionality of the product, but there are also features, such as VPN, that are working from day one without a problem. So, there are good parts, and there are parts that are not working as well as we would like them to, but we and Cisco TAC will solve this in the future, and then the rating will go up.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Owner at a manufacturing company with 10,001+ employees
Protects our landscape, secures segments, and has good support
Pros and Cons
- "Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging."
- "The integration between the on-prem proxy world and the cloud proxy would benefit us. One single policy setting would make sense."
What is our primary use case?
We use WSA proxy and Cisco Firepowers with the FMC suite and Cisco Umbrella. We mainly use WSAP for on-premises data centers to get traffic outbound to the internet. Cisco Umbrella is for our endpoints, and Cisco firewalls are to protect our perimeter but also internal choke points to secure segments on our LAN.
Currently, we don't have any integrations between the three of them. They all run in isolation.
How has it helped my organization?
Our external partner does the day-to-day management. We are not using it on a day-to-day basis. We position the products from within my team, but the detection mechanism is different per platform. We mainly trust the policy, and our security department is checking logs for anomalies in the patterns.
In terms of cost savings, we've been using this mechanism for years on end, so we haven't been able to see a real cost reduction between using our own personnel versus our external partner for management. It has been like that for 10 years or so.
In terms of time savings, it doesn't put too much burden on day-to-day activities to go over the details. The policies are rather straightforward, and anything not configured is not allowed. In that sense, it's easy.
What is most valuable?
Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging.
What needs improvement?
If WSAP remains to be an active product, it might be an idea to integrate the configuration policy logic between Umbrella and WSAP. There should be one platform to manage both.
The integration between the on-prem proxy world and the cloud proxy would benefit us. One single policy setting would make sense.
How are customer service and support?
That's great. Sometimes, you need to be clear on the severity levels, but once determined, we have a good experience with tech support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
That was long ago, but we had Blue Coat proxies before. We switched because of our strategy to go for Cisco as an ecosystem.
We chose Cisco products because we have a Cisco-first strategy. We typically check first with the Cisco product portfolio and then make up our minds. Historically speaking, it serves our interests best.
How was the initial setup?
I am not involved firsthand in its deployment. We have an oversight role within our company, so we ask our external supplier to do the implementation, and when needed, to have it validated via Cisco, but I've no real hands-on experience.
What was our ROI?
I would expect that we have seen an ROI because our sourcing department would make sure we get the best price for the solution.
What's my experience with pricing, setup cost, and licensing?
Licensing is quite difficult to get your head around. My biggest challenge is to understand the details, the inner relations. Luckily, to some extent, we have enterprise agreements, but licensing for me is a real black box.
What other advice do I have?
I'd rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Network Expert at NXP Semiconductors Netherlands B.V. Internet EMEA
Quality product with a well-suited to top-down architectural level
Pros and Cons
- "The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI."
- "I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box."
What is our primary use case?
As a manufacturing company, we have to use many different concepts of firewalls. That's one reason we had to use a trusted firewall for security and trust reasons.
How has it helped my organization?
We use a top-down architectural level mostly. For this reason, Cisco Secure Firewall is the top product for us.
I would say that this solution has saved our organization's time because we are certified engineers and experts. It helps us to connect quite well with our customers on a professional level.
What is most valuable?
The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.
What needs improvement?
I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box.
For how long have I used the solution?
I have been using this solution for around seven or eight years.
Which solution did I use previously and why did I switch?
I've used different concepts of solutions before Cisco. Cisco is much better than Juniper, Brocade, or Foundry, as it is much easier to use and get directions from. It is also easier to integrate Cisco if you compare it with other customer concepts, such as Juniper, Brocade, or Aruba.
How was the initial setup?
I am not involved in all Cisco firewall deployments. We also have an architectural team. We deploy based on a top-down level architecture and implementation structure.
What's my experience with pricing, setup cost, and licensing?
When it comes to pricing, quality is important to us. When looking at products, we prefer quality over speed. Cisco is on that quality side mostly.
What other advice do I have?
We are currently using the Cisco Firepower firewall, which is dependent on the situations in the data center and regional data center concepts.
The way that this solution helps secure our infrastructure end-to-end is by enabling us to easily integrate all end-to-ends for monitoring.
Whether this solution saves us time depends on the situation. We use highly secure networks on the national security level and that's why it helps to use different products as Cisco is one of the best.
Overall, I would rate this solution a nine, on a scale from one to ten, with one being the worst and ten being the best.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Global Network Architect at a agriculture with 10,001+ employees
Prevents incidents and an average amount of maintenance required
Pros and Cons
- "Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us."
- "It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage."
What is our primary use case?
Our primary use case for Cisco Secure Firewall is protection in our OT network. We have our OT network behind the commercial network and we do dual firewalls. The Cisco Secure Firewall is on the commercial network side and a different vendor and management group are on the OT network side.
How has it helped my organization?
Cisco Secure Firewall has not necessarily improved our organization as much as it has protected it against the impact of cyber threats. Our organization runs manufacturing plants that have hazardous material and we don't want that manufacturing process to be impacted by break-in exposure and cyber threats.
Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us.
What needs improvement?
It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage.
For how long have I used the solution?
We have used Cisco Secure Firewall for probably 10 years.
What do I think about the stability of the solution?
Cisco Secure Firewall has been a very stable solution for us. In general, if you keep it up to date and do sensible management on it, it will be a very stable solution.
What do I think about the scalability of the solution?
Cisco Secure Firewall has met our scalability requirements as far as traffic and management goes.
How are customer service and support?
We have an excellent account team and they go to bat for us inside of Cisco. We have access to TAC and Smart Net and that all seems to be working out very well. Cisco has a good team in place.
Which solution did I use previously and why did I switch?
We did not previously use a different solution for this particular use case.
How was the initial setup?
I was not involved in the initial deployment of the solution.
What was our ROI?
In this specific use case, the biggest return on investment is that we do not have incidents. This ultimately – in some of our factories – ends up being a health and human-safety use case.
What's my experience with pricing, setup cost, and licensing?
We have all smart licensing and that works well.
Which other solutions did I evaluate?
We ultimately chose Cisco Secure Firewall because it came with a strong recommendation from one of our strong partners.
What other advice do I have?
My advice to those evaluating the solution right now is this: understand what you're trying to protect and what you're trying to protect it from. Also, understand how the solution is managed.
Cisco Secure Firewall has not necessarily freed up our staff's time as much as it has secured the infrastructure and the OT network behind it. Cisco Secure Firewall was not built as a time-saver. It is not a cost solution. It is a solution meant to isolate and control access to and from a specific set of infrastructure.
Cisco Secure Firewall has not helped us consolidate tools and applications. It allows us to get access. What we're seeing more and more of is business systems like SAP looking to get access to OT systems and this is how our systems get that way.
Cisco Secure Firewall requires the sort of maintenance that any software product would: updates, asset management, etc. Worldwide, we probably have 30 to 40 people managing the solution on the OT side on the various sites and then probably 10 to 15 people on our account team with our outside partner.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security engineer at a energy/utilities company with 10,001+ employees
We have more control over things going in and out of our network
Pros and Cons
- "We definitely feel more secure. We have more control over things going in and out of our network."
- "Third-party integrations could be improved."
What is our primary use case?
We mainly use it for ICS security.
How has it helped my organization?
We definitely feel more secure. We have more control over things going in and out of our network.
Cybersecurity has been our top priority because of the last few attacks on our peers in the oil and gas industry.
What is most valuable?
The IPS solution helps us to not only navigate north-south traffic, but also east-west traffic.
What needs improvement?
Third-party integrations could be improved.
Not everything works out-of-the-box. Sometimes, you have to customize it to your needs.
For how long have I used the solution?
I have been using it for two years.
What do I think about the stability of the solution?
It is stable for the most part.
There is maintenance needed for software, firmware, and updates. Three or four people keep up with the updates, etc.
What do I think about the scalability of the solution?
It is pretty scalable. We can add as many devices as we want.
How are customer service and support?
The technical support is good. I would rate them as 10 out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously had a different platform. We wanted to converge multiple platforms into one.
I switched companies. So, I have more experience with Palo Alto.
What was our ROI?
We saw immediate benefits after deployment from having more control and visibility.
What's my experience with pricing, setup cost, and licensing?
Pretty much everything is included in the price for what we are using.
Which other solutions did I evaluate?
We looked at Check Point, Palo Alto, Fortinet, and a bunch of others. The management and support for the CIsco product is better.
What other advice do I have?
Listen to your customers and see what their needs are.
The whole stack provided by Cisco is a holistic solution for cybersecurity experts, like myself, and companies who are looking to secure their network.
You should partner up with a good team to view all products available, which cater and are customized to your needs.
We haven't found any gaps where it is lacking.
I would rate this product as eight or nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Controls the traffic between our inside and outside networks
Pros and Cons
- "It is pretty stable. I haven't seen many issues during the past four years."
- "Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause."
What is our primary use case?
We use it to control the traffic between our inside and outside networks.
We use the same firewall for the vendor by creating an IPv6 HyperSec VPN between the company and the vendor.
It is a security solution. We needed to protect our traffic from the outside to inside. That is why we are using this firewall.
How has it helped my organization?
Cisco ASA is pretty good. We use it for Layer 3 and as our main firewall, protecting the entire organization. All our Internet traffic goes through it.
What is most valuable?
Their CLI is pretty good.
What needs improvement?
In order to do an upgrade, we need to upload the software to the firewall, then upgrade the secondary and do a failover. Uploading this software into the firewall is old technology. For example, if you look at the Cisco Meraki firewall, you can schedule the software upgrade. Whereas, here we can't.
Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause.
For how long have I used the solution?
I have been using the Cisco ASA firewall for the last four years.
What do I think about the stability of the solution?
It is pretty stable. I haven't seen many issues during the past four years.
What do I think about the scalability of the solution?
It has the scalability to replace the firewall with a higher model number.
The scalability meets our needs and future needs.
How are customer service and support?
The technical support is really good. If we open up a case, they are pretty good. As soon as we open up a case, they assign a case manager. Also, they have an engineer on call. I would rate them as nine out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
They had this firewall when I joined the company.
We also have Palo Alto that we use as a firewall for Layer 2.
What other advice do I have?
I haven't really used the GUI features that much.
We have not integrated with any other Cisco solutions yet, but we have been thinking about integrating with Cisco Umbrella.
I would rate the solution as eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?