Cisco Secure Firewall Reviews

I'm working as a Solution Architect for an energy provider in Austria. We have approximately 1,500 people working in Austria and also in some neighboring countries.

We are using Cisco Secure Firewall. We started with Cisco ASA long ago, and now, we have Cisco Firepower or Cisco Secure Firewall. We are using the product as a perimeter firewall and for remote access VPN and site-to-site VPN tunnels with other partner companies. So, the primary use case of Cisco Secure Firewall is to secure our perimeter, but it's also for the remote access VPN for employees in the home office or if they are outside the company.

The benefit of using Cisco Secure Firewall is that there is a lot of integration with other Cisco products like Cisco ISE or even with third-party systems. It's important to have these integrations with other systems. On one hand, you get more visibility, and on the other hand, you can also use the information that you have from the firewall in other systems, such as a SIEM or other similar things. You overall get better visibility and better security.

In terms of securing our infrastructure from end to end so that we can detect and remediate threats. When it comes to detection, it's pretty good because you have the background of Cisco Talos. I can't say if it's the truth, but they probably are one of the top players in threat hunting, so it's pretty good at detecting known things that are outside.

The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.

There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement. In the past, we had problems with new releases. 

Also, from the beginning, some functionalities or features have not worked properly. There are bugs. Every product has such problems, but sometimes, there are more problems than other products, so it's definitely something that can be improved, but Cisco seems to be working on it.

There is room for improvement in the stability of the product.

I know that there are several models for every type of scale that you need. For small branches up to the data center or even for the cloud, there are models, but so far, we only have one cluster. Among all these different types, we found the perfect matching size for our company.

The Cisco support with Cisco TAC is pretty good. With the TAC Connect Bot that you have with WebEx, you can easily open a case or escalate the case through the WebEx app. That's pretty cool. Also, the engineers that are working for Cisco TAC are really good. Among all the vendors that we have in place, it's the best support that we have experienced. I'd rate them a 10 out of 10 because compared to the other vendors that we have in place, it's definitely the best support.

We have a multi-vendor strategy for the firewall so that if there is some security issue in the software or something like that, you are not directly impacted, and there is another vendor in between. If I compare Cisco Secure Firewall with the other vendor that we have in place, the pro for Cisco Secure Firewall is that detection is better with the database of Talos. The con that comes to my mind is the deployment time when you deploy a change. With the other vendor, the change is more or less deployed immediately, whereas, with Cisco Secure Firewall, you have to wait for a few minutes until the change is deployed. This is one of the biggest cons on this side because if there's a misconfiguration, you are not able to correct the issue as fast as with the other vendor.

We migrated from Cisco ASA to Cisco Firepower, and it was straightforward because there were some migration tools to export the old ASA rule set and import it into Cisco Secure Firewall. With these tools and the documentation that you find on Cisco's site, it was pretty straightforward, and we had nearly no problems with the migration to Cisco Secure Firewall.

In terms of the deployment model, we have one high-availability cluster, and, of course, FMC to manage this cluster. These are physical clusters, and we have them on-prem in our data center.

For deployment, we worked with our partner who helped us a little bit with the migration. Our partner's engineer had good knowledge and supported us when we had questions. When we didn't know how to do something, they helped us with that.

The licensing models that are available for Cisco Secure Firewall are okay. You have nearly every option that you need. You can pick filtering, advanced malware protection, or all the available features. It's sufficient.

In terms of pricing, there are, for sure, some cheaper vendors, but overall, it's nearly the same. It has a fair price.

To those evaluating Cisco Secure Firewall, I'd advise thinking about what are your use cases and what's your goal to achieve with this product. It's also a good idea to talk to other customers or a partner and ask them what's their experience and what they think about it, and if it's suitable for this use case or not. And, of course, it's also a good idea to do a proof of concept or something like that.

At the moment, I'd rate Cisco Secure Firewall a six out of ten. The reason for that is that we are having some problems with the stability and functionality of the product, but there are also features, such as VPN, that are working from day one without a problem. So, there are good parts, and there are parts that are not working as well as we would like them to, but we and Cisco TAC will solve this in the future, and then the rating will go up.

Our main use case for Cisco Secure Firewall is helping clients who want to upgrade from an old firewall and move to a next-generation firewall. We also get a lot of clients who have a next-generation firewall provider, but the firewall is not up to the task. It doesn't have all the feature sets that they need, and Cisco Secure Firewall ticks those boxes.

Cisco Secure Firewall has improved our customers' security posture because it offers Next-Gen features, granularity, and reporting on the back of it. You can see the amount of users accessing Office 365, for example, and whether they're having a good or bad experience. You can see the threats that come into your network. You can see anyone who is compromised from within your network.

If customers already have Cisco solutions such as Cisco ISE, Duo, Umbrella, and Endpoint, Cisco Secure Firewall will integrate well with all of them. Our clients will be able to get more data and automate tasks. They can have Secure Firewall automatically shut things down if a threat is detected.

Without a doubt, the best features are the reporting and analytics. Some vendors provide the same feature set, but their product won't give you the power to figure out what's going on in your network. Whereas with Cisco Secure Firewall, especially with the management platform on top, you can have all of the analytics and see exactly what is going on. You can see not only the source and destination but also the application, the URL, the type of policy it's hitting, the specific rule it's hitting, and the amount of data transferred from it. Apart from that, you get all of the risk reports. You can see how much bad stuff is coming into the network at present and whether there's anything you need to act on immediately. That data is at your fingertips, and it's by far the best feature and the best selling point of Cisco Secure Firewall.

Cisco Secure Firewall has reduced our clients' mean time to repair because they are able to find possible issues quickly. The power of the reporting, the dashboards, and all of the analytics in the background also helps to alert and quickly act on the threat.

My impression of Cisco Talos is that it's well-regarded in the industry. Cisco is so well regarded that we know their security intelligence is up-to-date. Our clients have peace of mind because they have Cisco Talos in the background and know that Cisco Secure Firewall is up-to-date with the latest threats. They can be sure that they're acting on the best available data.

I would like to see more configurable feature parity with Cisco ASA, which is the legacy product that Cisco is moving away from. When configuring remote access VPN, not all of the options are there. You have to download another tool, which means that the configuration takes a little bit longer with Cisco Secure Firewall. Though it's getting there, there are still some features lagging behind.

We've been offering Cisco Secure Firewall since its first iteration 10 years ago.

We are resellers, and the value we add to our customers as resellers is our knowledge. We have 10 years' worth of experience deploying Cisco Secure Firewall. We can deploy it the correct way. We also know whether you would need the management platform, the level of licensing you may require, and the number of VPN licenses you may need. We add value by knowing how the solution should be deployed and installed in a network.

Secure Firewall's stability is good. I think the management platform needs a little bit of work. It's not as robust from a stability point of view. Deployment times of configuration have got better over the years, but there's still some work needed so that it deploys every time when you click that button.

The scalability of Cisco Secure Firewall is really good. That's down to the management platform and the way it structures your access policies, what allows traffic in and what allows traffic out. You can easily add multiple regions, locations, and types of firewalls to the management platform. As soon as you do, they get all of those policies. Previously, you'd have had to configure each one time and time again. With this version, you import it, and it's ready to go. Thus, for scalability it's easy.

Cisco's technical support across all their products is always good and reliable. If someone says they're going to get back to you in four hours, they do. They're always there with the right level of support. If we need a Secure Firewall engineer, that's whom we'll get. We won't get someone who's never seen the product before. As far as vendors go, Cisco's technical support is probably the gold standard. I would rate them at ten out of ten.

Positive

Secure Firewall is more complex to deploy than previous Cisco Firewall products. However, it's not so complex that it's not achievable. There are some products out there that require a lot of reading to be able to deploy them. Cisco Secure Firewall has not reached that level yet, but it is a complex product.

Our clients' Secure Firewall deployment models are edge firewalls, internal firewalls, and, most often, perimeter firewalls. Sometimes, our clients ask us to help them with deployment because we have the experience.

We've used the Cisco Firewall migration tool quite a few times to migrate to Cisco Secure Firewall. It has come on a long way, and it's a lot better than it used to be. When it initially came in, there wasn't as much trust that the tool would give you everything you needed, but where it is now is great. If you've got a firewall that you want to migrate, you'll feel confident using the Cisco Firewall migration tool.

We spend a lot of time developing our consultants and our sales staff to know the product and learn how to sell the product. As a result, our ROI is that we get more clients deploying Cisco Secure Firewall.

The licensing is not as complicated as that for some other Cisco products. There are a couple of tiers of licensing, but the price point is a little too high for the market. There are other vendors that come in lower and offer more for fewer licensing options. They may offer URL filtering or malware filtering with a single license rather than requiring two or three licenses. I think Cisco could do a bit more in this area.

I deal with a lot of other vendors who also offer the same features, but Cisco Secure Firewall stands out on the analytics. It is the best for analytics and getting the reporting data.

If you're a client evaluating Cisco Secure Firewall, my advice would be to put real-world data through it to get useful data out of it. You can't see the benefits of the solution if you just turn it on and look at the device as it is. It's when you see the traffic going through it that you'll see the power of the analytics and reporting and the event data that comes through. A technical team member will understand how much easier it's going to be to troubleshoot with this platform compared to that with any other platform they've had before. With regard to reporting, a report on how many malware attacks have occurred in a particular month takes one click to generate. That data can be stored for a long time.

Overall, I would rate Cisco Secure Firewall an eight out of ten because of the feature parity. It's not quite there in terms of being able to do everything on the GUI platform. The price point is still a bit too high as well.

Our primary use case for Cisco Secure is through Cisco FMC, which we have automated using Cisco's Terraform provider for FMC. Our automation journey began with the Cisco ACI fabric, where we leveraged the Terraform provider for ACI. Eventually, we realized we could also automate firewalls and our HA clusters using the Terraform provider for FMC. This allowed us to create DMZ networks, specify IPS and IDS rules, and follow the infrastructure as a code concept. Our cross-common security team can review the repository in GitLab and approve it with a simple click of a button. This is the primary benefit we get from automation. Additionally, we can use the infrastructure as a code concept with the management center. Cisco FMC also has a great API, which makes it easy to integrate with our code, ACI, and other systems.

Cisco Security and Cisco Firewalls have been effective in protecting our organization from external threats, such as DDoS attacks.

We have several integrations. One of them is between Cisco ISE and FMC, which allows us to monitor and control our users. Additionally, we integrated Cisco ISE with FTDs to function as a remote VPN server and control the traffic and behavior in our VPN network. We also use ISE as a TACAC server and integrated it with Cisco ACI and all of our devices. Furthermore, we use NetBox as a source of truth for our ISE, which helps us track all of our devices from the network and ISE.

The primary benefits of using Cisco Secure solutions are time-saving, a robust API, and convenience for the security team. 

Cisco Secure Firewall could benefit from enhancements in its API, documentation, and automation tools. Additionally, we've noticed that the Terraform provider for FMC has only two stars, few contributors, and hasn't been updated in a year. It only has 15 to 20 resources, which limits our capabilities. We'd love to update it and add more resources. For example, we currently can't create sub-interfaces with the provider, so we have to add Python code to our Terraform provider and use local provisioners. Additionally, improvement in the API would be helpful so that we can create ACL on the GUI with a simple click, but at this time we cannot create requests via the API.

I have used Cisco Secure Firewall within the last 12 months.

Cisco TAC support is excellent. Having worked with other support companies in the past. Cisco TAC is much more helpful and friendly. They always seem eager to assist with any issues and are particularly responsive in urgent situations. For example, if there is a problem in my production zone, they are quick to reassure and assist. Overall, I have a great appreciation for their support.

I rate the support from Cisco Secure a ten out of ten.

Positive

In our business, we have implemented a number of Cisco Secure products in our network infrastructure, including Cisco ISE as a AAA server, Cisco FMC Management Center for our firewalls, and Cisco FTD for Firepower Threat Defenses. We also use a TACACS+ server for our hardware. Cisco products make up the entirety of our infrastructure, including Cisco Nexus Switches, Cisco ACI fabric for our data centers, Cisco ASR Routers, and Cisco Wireless Solutions, which include WLC controllers, access points, and other relevant hardware. In our organization, Cisco is strongly preferred.

There has been a positive return on investment observed with the implementation of Cisco Secure solutions. The use of these solutions as our primary security products has been beneficial in terms of cost and security measures.

In the past, I encountered several difficulties and misunderstandings with Cisco licensing, but now the situation has improved. The Cisco Smart Software portal is an excellent resource for keeping track of, upgrading, and researching information related to Smart Licensing and other relevant topics. It is extremely helpful. Unfortunately, since it is not my money and there is only one vendor, I am unable to provide any comments on the prices. Nevertheless, the system, along with its provision through the Cisco Smart Software portal, as well as the traditional license and subscription models, are excellent and highly beneficial.

I rate Cisco Secure a seven out of ten.

My rating of seven out of ten for the Cisco Secure is because it's not excellent, but not poor either. It was enjoyable and overall satisfactory.

We use WSA proxy and Cisco Firepowers with the FMC suite and Cisco Umbrella. We mainly use WSAP for on-premises data centers to get traffic outbound to the internet. Cisco Umbrella is for our endpoints, and Cisco firewalls are to protect our perimeter but also internal choke points to secure segments on our LAN.

Currently, we don't have any integrations between the three of them. They all run in isolation. 

Our external partner does the day-to-day management. We are not using it on a day-to-day basis. We position the products from within my team, but the detection mechanism is different per platform. We mainly trust the policy, and our security department is checking logs for anomalies in the patterns.

In terms of cost savings, we've been using this mechanism for years on end, so we haven't been able to see a real cost reduction between using our own personnel versus our external partner for management. It has been like that for 10 years or so.

In terms of time savings, it doesn't put too much burden on day-to-day activities to go over the details. The policies are rather straightforward, and anything not configured is not allowed. In that sense, it's easy.

Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging. 

If WSAP remains to be an active product, it might be an idea to integrate the configuration policy logic between Umbrella and WSAP. There should be one platform to manage both.

The integration between the on-prem proxy world and the cloud proxy would benefit us. One single policy setting would make sense.

That's great. Sometimes, you need to be clear on the severity levels, but once determined, we have a good experience with tech support.

Positive

That was long ago, but we had Blue Coat proxies before. We switched because of our strategy to go for Cisco as an ecosystem.

We chose Cisco products because we have a Cisco-first strategy. We typically check first with the Cisco product portfolio and then make up our minds. Historically speaking, it serves our interests best.

I am not involved firsthand in its deployment. We have an oversight role within our company, so we ask our external supplier to do the implementation, and when needed, to have it validated via Cisco, but I've no real hands-on experience.

I would expect that we have seen an ROI because our sourcing department would make sure we get the best price for the solution.

Licensing is quite difficult to get your head around. My biggest challenge is to understand the details, the inner relations. Luckily, to some extent, we have enterprise agreements, but licensing for me is a real black box.

I'd rate it an eight out of ten.

We started with the old ASA 5510 and migrated to Firepower, first using ASA as the basic operating system. Lately, we've been using FTD because it simplifies operations a lot. We are a very small networking team, and being able to push one policy to many firewalls eases our workload.

We are a global company, and we don't always have IT staff in all corners of the world. Therefore, having one place to do everything is very nice.

Cisco Secure Firewall has made it easier so that more than one person can handle things. We are able to have a bigger team that can handle simple tasks and have a smaller team focus on the deep-dive needs.

We have the same basic policies everywhere now, which makes it more flexible for us to manage.

I like the central management and IPS features. Having everything in one place is very valuable.

Cisco Secure Firewall is very good at detecting threats. We see a lot getting blocked by the IPS in our DMZ, that is, our internet-facing web service.

It helped free up IT staff time. Before, we would have to manually configure every single firewall. Every time we configure something on a firewall, it takes five to ten minutes, and we have more than 50 firewalls around the globe. We do changes every week, and the automated policy and upgrades saved us a lot of time.

In terms of the organization, we have been able to save time by getting things out faster. However, the only downside is that the policy push takes quite a while. Thus, a quick fix still takes at least 15 minutes, and troubleshooting can take time as well.

Some of our problems are related to software updates in remote sites where the internet connection is not stable. Sometimes, the image push just gets disrupted and fails.

The most annoying thing is having to replace the hardware so often. It's very difficult for us to do.

The integration between different tools could be improved. For example, with SecureX, I am yet to find out how to forward security events to different tools such as Microsoft Sentinel, which is what we use for log detection.

We've been using Cisco Secure Firewalls for a very long time.

We had to get in touch with technical support a few times, and our experience was good. I would give them a rating of nine out of ten. 

Positive

The initial deployment is easy, and I have not had any issues.

The solution is deployed on-premises. We have an on-premises FMC that connects everything.

The cost of the firewalls versus the ROI is okay.

We are quite Cisco-centric because of the performance we get for the price range. We have a lot of smaller sites, and we are not a very big organization. The price fits us perfectly.

Overall, I would rate Cisco Secure Firewall at nine on a scale from one to ten.

We use Cisco ASA and Firepower.

ASA is used for AnyConnect connections, that is, for users to connect to the office. It is very reliable and works fine.

We use Firepower in some sites as firewalls to control inbound/outbound access. We use it as a software protection layer. However, because most users are now working from home, few users need it in the office. As a result, in some places, we have switched to SD-WAN.

The network products help save time if they are well configured at the beginning. They help increase security and protect the company's data.

Firepower's user experience should be a little bit better.

I've been using Cisco Firepower for six months.

There are some hiccups here and there, but compared to the technical support from other vendors, I have had the best experience with Cisco's technical support. I would rate them at nine out of ten.

Positive

The initial setup was somewhat easy because we had previous experience with implementation. We copied that strategy or tried to align it to that implementation, but there were some challenges.

We have a hybrid cloud deployment. We have our own data centers and a lot of branches. In the data centers, most Cisco technologies start with ACI. With firewalls for big branches, we find that it's easier to break out to the internet globally rather than to use data centers.

Cisco's prices are more or less comparable to those of other products.

Compared to other vendors' firewalls, Cisco's firewalls are a bit behind. Overall, however, I would rate Cisco Firewall at eight on a scale from one to ten.

The main use cases are firewalling, routing, site-to-site VPN, and remote access. We have some older 5585-X ASAs in place. We do have Firepower 2000 Series and 4000 Series. 

For most setups, we do have high availability in place. We've at least two devices in active-active or active-standby. If it's a highly secure setup, we sometimes have two firewalls.

Cisco has a huge variety of products and features. It's a benefit to have the knowledge of all those things and also put it in the firewalling products. The knowledge that comes from other products or solutions that Cisco is selling is finding a place in security as well, and that's one of the key benefits.

There are time savings when you have a good solution in place for stopping or preventing security risks. In general, it isn't saving me time on a daily basis, but there is peace of mind knowing that you are being protected.

Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.

One con of Cisco Secure Firewalls is that Java is used a lot for the older generation of these firewalls. Java is used for the ASA and the ASDM tool for administration. It's an outdated way of administering, and it's also a security risk to use this kind of solution. This is a pro of Firepower or the newer generation of firewalls because they are using HTML for administration.

In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless. It should be bundled together in one solution.

I have been using this solution for six to seven years.

They have been very stable. I did not have any cases where a network was down due to firewalling. Fortunately, I did not have any hacker attacks, but that's being lucky. It's not something I would point out to firewalling or configuration. It's just that sometimes you're lucky and sometimes you're not.

It's very scalable. Cisco is for mid to large businesses. For small businesses, there are solutions that are cheaper, but that's not the main focus. 

A large environment comprises several thousand users. We have small to large size environments, but we mostly have mid to large.

Cisco's tech support is good in general. It varies and depends on with whom you're speaking and how the knowledge on the other side is. That's basically the same for our company. I'd rate them an eight out of ten. A ten would be perfect, and no one is perfect. You can reach maybe a nine, but no one can reach a ten.

Positive

For more security, we sometimes have two firewalls. We have other vendors in place, such as FortiGate or Palo Alto. We have Cisco at the front or at the end, and another vendor on the other side so that there is more security, and if there is a security breach in one solution, we still have the other one. These firewalls differ mostly in administration and how you configure things but not so much in terms of features. They may differ in small things, but in the end, they are all doing the same things.

I deploy and manage them afterward. I'm not only in the designing and implementing; I'm also in the operational business. Its deployment is not more complicated than other solutions. It's fine. When it comes to documentation, in general, Cisco is very good.

We mostly try to do it ourselves. Our approach is to have knowledge or any certification of the topic we are trying to take.

I'm not a salesperson. I'm more from the technical perspective, and I don't know if there are any savings at the end, but I believe that all that was bought in the past was used the way we wanted it to use. So, the money was well spent.

Licensing is not only for Secure Firewalls, and it's too complicated.

To someone evaluating or considering Cisco Secure Firewall, I'd advise having a good greenfield approach regarding what component to use. If there is no greenfield, you should evaluate what solutions you need and what type of use case you have and then decide based on that.

I'd rate Cisco Secure Firewall an eight out of ten. Cisco is a big player in networking and security, and that's basically the pro on their side.

It is primarily our VPN solution. Initially, it was used in our firewalling. Then, we transitioned it into just our standalone VPN service for the company.

It is on-prem. We have it in two different data centers: our main data center and our backup data center.

With what is going on in the world, e.g., hybrid work and work from home, and everything that happened, VPN was everything to us. Without it, we wouldn't have been able to operate.

Typically, before COVID hit, we were a very much work-in-the-office type of environment with five to 10 people on our VPN solution. We quickly ramped up to 500 people when COVID happened, which is the majority of our full-time users. Onboarding our entire company onto this solution was pretty cool.

It is very good at what it does. It is a very dependable, long-standing product that you can trust. You know exactly how it works. It has been in the market for a lot longer than I have. So, it is great at its core functionality.

We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach.

I have been with the company for seven years, and we have had it the entire time. Cisco Advanced Services came in in 2013, which was two years before I joined. They did a deployment and installed it then.

There is your regular day-to-day maintenance, e.g., the patches and updates. Because it sits at the edge, it is exposed to the world. With threats always being of concern, you often have to patch and update. However, it is nothing more than regular maintenance

We have never had to ramp up more than a small- to medium-business use case. For that, it has been great. Limitation-wise, we would run into challenges if we ever hit 2,000 to 2,500 users. We would then have to move onto hardware. Its scalability is only limited by the size of the appliance. So, if you ever have to exceed that, then you just have to buy a new box.

ASA has always been great because it has been such a longstanding product. There is a lot of knowledge in-house with Cisco. I always know if we call to get help, it is great. I do wonder in the future, as the product gets close to the end of its life, if those people will move onto other things and it gets lost a bit. However, it has always been easy enough to find that help.

For the ASA specifically, probably nine.

Positive

We were just looking for a different feature set. We found that ASA was rock-solid as a VPN piece. We wanted to separate the VPN from our firewall policy management, so we just moved it over to VPN as a solution.

We had a partnership with Cisco. They came in and redid the entire environment. Before that, there was no Cisco environment whatsoever. So, they came in with the Nexus switching and Catalyst Wireless solution, then the VPN came with that as well as the ASA.

I have never found it hard to deploy. We didn't have a BCP solution set up as our secondary when COVID hit, which was something that we had to scramble to put together. However, it was something like a couple of days' work. It wasn't really a big deal or really complicated. It was a fairly straightforward system to separate and manage.

It brings us the ability to work from anywhere and has allowed us to work remotely without having to incur a lot of other costs. If we didn't have this type of solution, since we have so many on-prem services that are required, we would have likely lost money and been unable to deliver. We have a video services team who helped build the content for our sporting events. When you are watching a Leaf game and those swipes come by as well as the clips and things, those are all generated in-house. Without the ability to access our on-premise resources, we would have been dead in the water. So, the return on that is pretty impressive.

We integrate it with our ISE solution, TACACS+, etc. We have a Windows NPS server for MFA through Azure. We don't have any challenges with it. It has always worked well. I can't think of a time when we have ever had problems with either of those things. It has worked just fine.

I would rate the solution as nine out of 10.