Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Lead Network Security Engineer at TechnoCore LTD
Real User
Good evaluation period, support, and it has a powerful intrusion policy
Pros and Cons
  • "The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
  • "I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."

What is our primary use case?

My primary use case with Cisco Firepower NGFW is implementing, configuring, maintaining, and troubleshooting lab and customer devices in both lab and production environments.

Using best practices for configuration, as well as fine-tuning intrusion policies and utilizing as many of the features that the firewall has to offer, which are feasible in said environment.

Overall, I am confident to say that I have worked with every flavor of Cisco Firepower NGFW, be it their older IPS-only sensors, ASA with Firepower services, as well as the FTD sensor itself.

How has it helped my organization?

Cisco Firepower NGFW has improved our organization by giving us the opportunity to protect both our network and our customer's environments. Being able to work with the device in a lab environment and utilizing the whole feature set is really easy with the Evaluation licenses of 90 days on the FMC. The only thing that you need is an environment with enough resources to virtualize both the FMC and FTD sensors.

I would like to emphasize the easy-to-use evaluation period of the Cisco Firepower NGFW because many other firewall vendors lack this and it is a real pain having to test everything in production environments because you cannot build a good lab environment without paying for licenses.

What is most valuable?

The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. 

Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more.

All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update.

What needs improvement?

I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device. 

Also, they need to ensure that all of the implemented features are working as they should, and able to integrate with more third-party software in an easier manner.

As it stands currently, Cisco is doing this, but I am not confident enough to say that their QA team is doing as good a job as they should as there have been software releases that were immediately pulled back the same day as they were released.

Buyer's Guide
Cisco Secure Firewall
March 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,406 professionals have used our research since 2012.

For how long have I used the solution?

I have been working with Cisco NGFW for almost five years as of 2020.

What do I think about the stability of the solution?

I have seen devices working without any issues and/or without a reboot of the device for many years (although I do not recommend this) running on base versions of the software, and I have seen an out-of-the-box fresh install having many stability issues. However, overall my impression is that the most recent software versions are very stable without any evident underlying issues.

Keep your software up-to-date and the solution should be stable.

What do I think about the scalability of the solution?

Cisco Firepower NGFW has a large variety of devices that are able to accommodate every company's needs, be they small or large. Overall, the scalability of the devices is very good.

How are customer service and support?

Experience with Cisco TAC has been awesome almost always. The SLAs are kept every time, which is very hard to get from any of the other firewall vendors. I have not seen any other vendor get you a proficient engineer on the phone within 15 minutes.

Which solution did I use previously and why did I switch?

Cisco ASA and Firepower NGFW is the first firewall solution that I have and am still using.

How was the initial setup?

Once you deploy a few of these devices, the initial setup is really straightforward and easy to do unless the position of the firewall on the network needs you to do some connectivity magic in order for it to work.

What about the implementation team?

All of the implementations that we have done are with in-house teams, so I have no overview of the vendor team.

What's my experience with pricing, setup cost, and licensing?

Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed. In some cases, this may save you a lot of money or stress, which is why everyone who uses Cisco solutions loves them.

Which other solutions did I evaluate?

I have worked with many other firewall vendors in both production and lab environments such as CheckPoint, Palo Alto, Fortinet, Juniper, but to be honest I find Cisco's firewall solutions and Palo Alto's firewall solution to be the best.

What other advice do I have?

I believe that Cisco Firepower NGFW is the future leader in NGFW, with only maybe Palo Alto being the main competitor. This is very good, as we all know that having a rival is good for us, the users :) 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager, Infrastructure, Solution Architecture at ADCI Group
Real User
A trusted and reliable solution with a good interface and good technical support
Pros and Cons
  • "I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall."
  • "The Sandbox and the Web Censoring in this solution need to be improved."

What is our primary use case?

This solution is running behind the infrastructure and behind the hypervisor itself. We have two firewalls and two nodes in the cluster environment.

This solution is suitable for both cloud and hybrid-cloud deployments. I have implemented a cloud project, and one hybrid as well. The hybrid was between a public and a local cloud.

What is most valuable?

The Cisco security rules are very strict and very strong.

I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.

What needs improvement?

When comparing this solution to other products, the Fortinet UTM bundle has some better features in their most receive product. For example, there are better configuration features, the Sandbox is better, and so is the web censoring. These are currently in the Cisco solution, but they are better in Fortinet. The Sandbox and the Web Censoring in this solution need to be improved.

This solution has to be more secure from the cloud. The current trend is moving towards private cloud and hybrid cloud, so it is very important to consider the cloud security aspects when the solution is installed. This includes things such as IoT and the existence of user connectivity on the cloud.

For how long have I used the solution?

I have been using this solution for two years, but Cisco technology, generally, for more than eight years.

What do I think about the stability of the solution?

The stability of this solution is great. The Cisco name and hardware are enough. The product is used in tier four data centers, so it is very trusted and very dependable. If you compare Cisco to others, the high industry and high workload have gone to Cisco. Stability is very, very high.

What do I think about the scalability of the solution?

This is a scalable solution.

In terms of the number of users, it depends on the customer. A small customer may have less than twenty users. A larger customer can be complicated by having different branches with different users and different security rules. This means that you can reach up to the hundreds. 

How are customer service and technical support?

Technical support for this solution is good. Most of the technicians are technical people that have certifications such as CCNA, CCNP, CCIE, and CCISP. I think that they are well knowledged and well educated about the Cisco culture, industry, and products.

The Cisco distributors are everywhere, even if I'm speaking about the Middle East. I can find distributors everywhere in Dubai. Here in Dubai, the support is great, including for firmware updates, and even replacing the hardware when the firewalls crash.

How was the initial setup?

The initial setup of this solution is straightforward.

The deployment does not take much time. It is just a matter of installing the firewall and configuring the basic system to get it up and running. That's it.

There are, of course, different models of deployment, like deploying customers, that have to be considered. However, for the most part, deployment time is not an issue at all.

What's my experience with pricing, setup cost, and licensing?

The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology. If we compare Huawei or FortiGate or others then the prices are lower, but the higher Cisco price is acceptable because of the stability, trust, and reliability.

Which other solutions did I evaluate?

This is my first recommendation for firewalls, and my second recommendation is Fortinet FortiGate.

What other advice do I have?

This is the number one firewall product that I recommend.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
March 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,406 professionals have used our research since 2012.
IT Manager at Citizens Bank
Real User
Streamlines lockdown and the management of that aspect of security
Pros and Cons
    • "The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all."

    What is our primary use case?

    The primary use is that it manages all of our incoming and outgoing VOIP transmissions as well as data transmissions between our branches and our third-party bank processor. It has performed well.

    How has it helped my organization?

    The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

    What is most valuable?

    I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

    What needs improvement?

    The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all. 

    For how long have I used the solution?

    Three to five years.

    What do I think about the scalability of the solution?

    The scalability is very good. We use the 5600 models and the lower 5000s. We were able to upgrade as needed. We added a ton of VPN tunnels to them and they handled all that traffic quite well.

    How are customer service and technical support?

    Support has been very good, very professional, got right to the point. My third-party administrator got stuck on setting up some tunnels. We called ASA support and they walked him right through how to do it. That was good.

    How was the initial setup?

    The third-party did all of the setup. I told him what I wanted and he set everything up and got the tunnels for us as well.

    What's my experience with pricing, setup cost, and licensing?

    The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

    What other advice do I have?

    Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface.

    We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product.

    When selecting a vendor the most important factors are

    • Security - obviously that is number one because we are a financial institution
    • stability of the vendor
    • how the product is ranked in the market.

    In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier.

    I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Akshit Chhokar - PeerSpot reviewer
    Technical Solutions Specialist - Networking at Google
    MSP
    Top 5
    Offers good reliability and great integration capabilities
    Pros and Cons
    • "The product offers good scalability."
    • "The product's user interface is an area with certain shortcomings where improvements are required."

    What is our primary use case?

    I use the solution in my company for some internal testing purposes, so I don't use it in a real environment. I use it in my dummy lab environment.

    What needs improvement?

    The product's user interface is an area with certain shortcomings where improvements are required.

    From an improvement perspective, the product's price needs to be lowered.

    For how long have I used the solution?

    I have been using Cisco Secure Firewall for three years. I am a customer of Cisco.

    What do I think about the stability of the solution?

    I have faced no issues with the stability of the product. Stability-wise, I rate the solution an eight out of ten.

    What do I think about the scalability of the solution?

    The product offers good scalability.

    How are customer service and support?

    I rate the technical support a nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have experience with Sophos.

    How was the initial setup?

    The product's initial setup phase is a little difficult.

    The product's deployment phase is a good and easy process.

    The solution is deployed on the cloud.

    What's my experience with pricing, setup cost, and licensing?

    The product is expensive.

    What other advice do I have?

    I can't describe a particular scenario where the product has improved security, but I can say that the devices from Cisco are much more trustworthy and reliable compared to other devices in the market.

    The most effective feature of the product for threat prevention stems from the granularity of the control that the devices from Cisco provide to its users.

    The product offers great integration capabilities.

    For our company's daily operations, the user interface provided by Sophos is much better and interactive compared to the one offered by Cisco.

    You can choose Sophos if you want a low-budget or budget-friendly product. You can choose Cisco if you want a high-end and highly scalable tool with great integration capabilities, especially if budget is not an issue.

    I rate the overall tool an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Ibrahim Elmetwaly - PeerSpot reviewer
    Presales Manager at IT Valley
    Reseller
    Top 20
    Provides unified management, application control, intrusion prevention, URL filtering, and malware defense policies
    Pros and Cons
    • "For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with."
    • "It's not unexpected, but it's a common scenario where customers request dual layers of security. For instance, when dealing with regulatory compliance, especially in financial sectors regulated by entities like the Central Bank, having two distinct units is often mandated. If a client predominantly uses a solution like Palo Alto, they may need to incorporate another vendor such as Cisco or Forti. Importantly, there's a significant disparity in interfaces and management platforms between these vendors, necessitating careful consideration when integrating them into the overall security architecture"

    What is most valuable?

    For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with.

    What needs improvement?

    It's not unexpected, but it's a common scenario where customers request dual layers of security. For instance, when dealing with regulatory compliance, especially in financial sectors regulated by entities like the Central Bank, having two distinct units is often mandated. If a client predominantly uses a solution like Palo Alto, they may need to incorporate another vendor such as Cisco or Forti. Importantly, there's a significant disparity in interfaces and management platforms between these vendors, necessitating careful consideration when integrating them into the overall security architecture.

    For how long have I used the solution?

    I have been using Cisco Secure Firewall for the past ten years. 

    What do I think about the stability of the solution?


    Regarding stability, I would rate it as moderate. In my assessment, based on feedback from analytics scenarios, I would assign it a rating of approximately eight out of ten.

    What do I think about the scalability of the solution?

    The solution is extremely scalable and based on my experience, I would rate it 7 out of 10.

    How are customer service and support?

    Cisco is a well-established company, and it offers accessible support, both locally and through online resources. The abundance of information makes it easy to find the necessary details and assistance.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The implementation timeline for our firewall is contingent on the readiness of the policy. If the policy is prepared, the deployment can occur within a day. However, if the policy is not finalized, a brief meeting is convened to gather the necessary data for rule establishment. Once the information is ready, the implementation on VMware proceeds. Notably, there is a requisite waiting period, such as fine-tuning for optimal rule configuration, as each customer has unique requirements. It's crucial to tailor the rules to fit the specific needs of each customer, as there is no one-size-fits-all best practice in this context.

    What's my experience with pricing, setup cost, and licensing?

    It is extremely expensive compared to its competitors and I would rate it 2 out of 10. 

    What other advice do I have?

    I would recommend this solution and rate it 8 out of 10.


    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    PeerSpot user
    Ahmed Alsharafi - PeerSpot reviewer
    Solution Architect at Dimension Data
    MSP
    Excellent support, seamless integration, and great intelligence for security insights
    Pros and Cons
    • "It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers."
    • "We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco."

    What is our primary use case?

    We have consulting engineers at the backend. We have our own SOC. We leverage Cisco solutions, and we add our services on top of them.

    We also sell FTDs and Cisco firewalls ranging from the old models to the new models. We have Firepower from series 1000 to 4000.

    A client of ours has a campus network. They're running all of their offices, branches, and multiple sites. They are managing all of their traffic through one point, and that point is secured.

    How has it helped my organization?

    It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers.

    It's a great intelligent platform where we can pull all the security insights.

    What is most valuable?

    The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

    What needs improvement?

    We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco. Usually, the case I see with my customers is that they always have a multi-vendor setup for security. They have many products. When they have multiple products, each product does something very specific standalone, but there is always a challenge in how to correlate all these solutions or make them as one framework for securing the network.

    How are customer service and support?

    Their support is perfect. When I used to be an engineer, Cisco's tech support was such a great help. Everything is well-defined in terms of services and SLAs as compared to other vendors. Cisco is doing a great job across all portfolios. This is what makes Cisco stand out as a vendor as compared to the rest. I'd rate their support a nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had another product previously. All the vendors are doing a great job in security, but Cisco has such a big portfolio, and as a reseller, it's easy for us to be a one-stop shop for the customer covering wired and wireless networks, endpoint security, and so on. That's the main advantage of Cisco nowadays.

    How was the initial setup?

    These firewalls are deployed on-premises. We offer all the latest versions. We always advise customers to be updated with the latest technology. That's the aim of our business, but I have not been a part of the deployment.

    What was our ROI?

    My role is mainly technical, but on the business side, there would be an ROI in terms of seeing the clients happy.

    Our clients are happy. They always get an update about the roadmap and the features that Cisco is releasing down the road. Cisco is always ahead of others not only in terms of security but also in terms of portfolio.

    What's my experience with pricing, setup cost, and licensing?

    Everything comes with a price. Security is something on which you cannot compromise because the loss could be massive. I see CTOs and CSOs spending a lot on that. Cisco is not really cheap, but there is great technology behind it.

    What other advice do I have?

    The main value we add as Cisco resellers is our consulting services. We have consulting engineers on the backend and we have our own SOC. We leverage Cisco, and on top of that, we add our services, which makes it a great collaboration between every successful system integrator, reseller, and vendor.

    I'd advise asking for a demo and getting involved or engaged with the product to see its value. Don't just read about it.

    Overall, I'd rate Cisco Secure Firewall a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    reviewer1263240 - PeerSpot reviewer
    Data Analyst at a hospitality company with 201-500 employees
    Real User
    User-friendly, provides good access, and is fairly easy to implement
    Pros and Cons
    • "It is a very user-friendly product."
    • "I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."

    What is our primary use case?

    We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

    What is most valuable?

    In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

    The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

    From what I've already done with ASA, I've noted that it's a very simple solution. 

    It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

    What needs improvement?

    We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

    One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

    I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

    For how long have I used the solution?

    I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

    What do I think about the stability of the solution?

    The solution has been quite stable.

    Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

    What do I think about the scalability of the solution?

    I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

    How are customer service and technical support?

    I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

    Which solution did I use previously and why did I switch?

    In the past, I've worked with Check Point and Fortinet as well.

    How was the initial setup?

    I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

    On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

    We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

    What about the implementation team?

    We're handing the implementation via our own in-house team.

    What's my experience with pricing, setup cost, and licensing?

    I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

    That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

    What other advice do I have?

    Our company has a partnership with Cisco.

    We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

    Overall, I would rate the solution at a nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Vinay-Singh - PeerSpot reviewer
    Manager IT & Security at mCarbon Tech Innovations Pvt., Ltd.
    Real User
    Feature-rich VPN connection, scalable, stable, and has perfect support
    Pros and Cons
    • "I like all of the features."
    • "It is my understanding that they are in the process of discontinuing this device."

    What is our primary use case?

    We are using this solution for the site-to-site VPN tunnels and VPN Connections.

    What is most valuable?

    I like all of the features.

    What needs improvement?

    It is my understanding that they are in the process of discontinuing this device.

    They are in the process of shutting down this ASA series and will continue with Firepower.

    In the next release, it could be more secure.

    For how long have I used the solution?

    I have been using Cisco ASA Firewall for six years.

    We are not using the latest version.

    What do I think about the stability of the solution?

    It's a stable solution. I have not had any issues.

    What do I think about the scalability of the solution?

    This product is scalable. We have 100 users in our organization.

    We will not continue to use this solution. We will be upgrading to either Firepower or Check Point.

    How are customer service and technical support?

    Technical support is perfect.

    Which solution did I use previously and why did I switch?

    I was using Dell SonicWall before Cisco ASA Firewall.

    How was the initial setup?

    The initial setup was straightforward. 

    It's easy to install and it doesn't take a lot of time for the initial configuration.

    It took an hour to install.

    What about the implementation team?

    I completed the installation myself. We did not use a vendor or vendor team.

    What's my experience with pricing, setup cost, and licensing?

    There are licensing costs.

    What other advice do I have?

    I would not recommend this solution. The technology is old and they should move to Firepower or NextGen Firewall.

    I would rate the Cisco ASA Firewall an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.