No more typing reviews! Try our Samantha, our new voice AI agent.
Ahmet Orkun Kenber - PeerSpot reviewer
Technical Network Expert at NXP Semiconductors Netherlands B.V. Internet EMEA
Real User
Mar 6, 2023
Quality product with a well-suited to top-down architectural level
Pros and Cons
  • "The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI."
  • "I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box."

What is our primary use case?

As a manufacturing company, we have to use many different concepts of firewalls. That's one reason we had to use a trusted firewall for security and trust reasons.

How has it helped my organization?

We use a top-down architectural level mostly. For this reason, Cisco Secure Firewall is the top product for us.

I would say that this solution has saved our organization's time because we are certified engineers and experts. It helps us to connect quite well with our customers on a professional level.

What is most valuable?

The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.

What needs improvement?

I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box.

Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.

For how long have I used the solution?

I have been using this solution for around seven or eight years.

Which solution did I use previously and why did I switch?

I've used different concepts of solutions before Cisco. Cisco is much better than Juniper, Brocade, or Foundry, as it is much easier to use and get directions from. It is also easier to integrate Cisco if you compare it with other customer concepts, such as Juniper, Brocade, or Aruba.

How was the initial setup?

I am not involved in all Cisco firewall deployments. We also have an architectural team. We deploy based on a top-down level architecture and implementation structure.

What's my experience with pricing, setup cost, and licensing?

When it comes to pricing, quality is important to us. When looking at products, we prefer quality over speed. Cisco is on that quality side mostly.

What other advice do I have?

We are currently using the Cisco Firepower firewall, which is dependent on the situations in the data center and regional data center concepts. 

The way that this solution helps secure our infrastructure end-to-end is by enabling us to easily integrate all end-to-ends for monitoring.

Whether this solution saves us time depends on the situation. We use highly secure networks on the national security level and that's why it helps to use different products as Cisco is one of the best.

Overall, I would rate this solution a nine, on a scale from one to ten, with one being the worst and ten being the best.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2107434 - PeerSpot reviewer
Senior Network Administrator at a comms service provider with 201-500 employees
Real User
Mar 5, 2023
Good performance and good support
Pros and Cons
  • "Their performance is most valuable."
  • "The stability could be better because we have a lot of issues with the stability of Cisco Firepower."

What is our primary use case?

We use them for firewall purposes. We use the small ones with the partners for the services they need, such as VPN and security.

What is most valuable?

Their performance is most valuable.

What needs improvement?

The stability could be better because we have a lot of issues with the stability of Cisco Firepower.

For how long have I used the solution?

I've been using Cisco firewalls for 20 years.

What do I think about the stability of the solution?

We have a lot of issues with the stability of Cisco Firepower.

What do I think about the scalability of the solution?

It depends on the model. We are hitting some issues with scalability. It's getting very expensive to scale out.

How are customer service and support?

They sometimes take too long and don't fix the issue quickly, but eventually, it is fixed. I'd rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have been using different Cisco firewalls for a long time. We are currently using Cisco Firepower and Cisco ASA. Cisco Firepower is better than Cisco ASA, but stability is an issue.

How was the initial setup?

It's now easier than before. You can have virtual appliances.

We mostly have it on-prem, but some customers want on-prem virtual.

Which other solutions did I evaluate?

We considered using a different solution such as Check Point or Huawei. We chose to stay with Cisco because we're experienced with Cisco and because of the support.

What other advice do I have?

The old versions or models saved us time, but the newer ones take our time. Overall, I'd rate Cisco Secure Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
reviewer1667103 - PeerSpot reviewer
Global Network Architect at a agriculture with 10,001+ employees
Real User
Mar 5, 2023
Secures our infrastructure and the OT network very well, and meets our scalability requirements
Pros and Cons
  • "It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing."
  • "We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls."

What is our primary use case?

The primary use case is as one-layer protection of our OT network. The way we're set up is that we have our OT network behind the commercial network, and we do dual firewalls. We've Cisco firewalls on the commercial network side and a different vendor and a different management group on the OT network side.

How has it helped my organization?

It's a good solution. It's in some ways a reactive solution where we have it sitting in a whitelist mode rather than a blacklist mode. So, we are blocking everything and permitting specific things, and it seems to work fairly well for us.

It hasn't necessarily freed up the time, but it has helped in securing the infrastructure and the OT network behind it. The intent of this particular solution is not time-saving. It's not a cost solution. It's meant to isolate and control access to and from a specific set of infrastructure.

It allows us to get access. We're seeing more and more that business systems like SAP are looking to get access to OT systems, and this is how our systems get that.

What is most valuable?

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

What needs improvement?

We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls.

For how long have I used the solution?

We've been using Cisco firewalls for 10 years or more.

What do I think about the stability of the solution?

It has been a very stable solution. If you keep it up to date and do sensible management on it, it's a very stable solution.

What do I think about the scalability of the solution?

So far, in this use case, it has met our scalability requirements in terms of traffic and management.

How are customer service and support?

We have an excellent account team, and they go to bat for us inside of Cisco. We also have access to TAC and things like Smart Net, and all that seems to go very well. It's a good team. I'd rate them a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We weren't using anything similar in this particular use case. We chose Cisco because they originally came on the recommendation of our networking partner. They came in with a strong recommendation from a strong partner.

How was the initial setup?

I wasn't involved in its deployment. That was before I started working in this space.

What was our ROI?

In this specific use case, the biggest return on investment is that we do not have incidents, and this ultimately, in some of our factories, ends up being a health and human-safety use case.

What's my experience with pricing, setup cost, and licensing?

We've gone to all smart licensing, so that works well. 

What other advice do I have?

Understand what you're trying to protect and what you're trying to protect it from, and then also understand how the solution is managed.

I'd rate Cisco Secure Firewall a nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Ahmed Alsharafi - PeerSpot reviewer
Solution Architect at Dimension Data
Real User
Mar 2, 2023
Excellent support, seamless integration, and great intelligence for security insights
Pros and Cons
  • "It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers."
  • "We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco."

What is our primary use case?

We have consulting engineers at the backend. We have our own SOC. We leverage Cisco solutions, and we add our services on top of them.

We also sell FTDs and Cisco firewalls ranging from the old models to the new models. We have Firepower from series 1000 to 4000.

A client of ours has a campus network. They're running all of their offices, branches, and multiple sites. They are managing all of their traffic through one point, and that point is secured.

How has it helped my organization?

It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers.

It's a great intelligent platform where we can pull all the security insights.

What is most valuable?

The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

What needs improvement?

We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco. Usually, the case I see with my customers is that they always have a multi-vendor setup for security. They have many products. When they have multiple products, each product does something very specific standalone, but there is always a challenge in how to correlate all these solutions or make them as one framework for securing the network.

How are customer service and support?

Their support is perfect. When I used to be an engineer, Cisco's tech support was such a great help. Everything is well-defined in terms of services and SLAs as compared to other vendors. Cisco is doing a great job across all portfolios. This is what makes Cisco stand out as a vendor as compared to the rest. I'd rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had another product previously. All the vendors are doing a great job in security, but Cisco has such a big portfolio, and as a reseller, it's easy for us to be a one-stop shop for the customer covering wired and wireless networks, endpoint security, and so on. That's the main advantage of Cisco nowadays.

How was the initial setup?

These firewalls are deployed on-premises. We offer all the latest versions. We always advise customers to be updated with the latest technology. That's the aim of our business, but I have not been a part of the deployment.

What was our ROI?

My role is mainly technical, but on the business side, there would be an ROI in terms of seeing the clients happy.

Our clients are happy. They always get an update about the roadmap and the features that Cisco is releasing down the road. Cisco is always ahead of others not only in terms of security but also in terms of portfolio.

What's my experience with pricing, setup cost, and licensing?

Everything comes with a price. Security is something on which you cannot compromise because the loss could be massive. I see CTOs and CSOs spending a lot on that. Cisco is not really cheap, but there is great technology behind it.

What other advice do I have?

The main value we add as Cisco resellers is our consulting services. We have consulting engineers on the backend and we have our own SOC. We leverage Cisco, and on top of that, we add our services, which makes it a great collaboration between every successful system integrator, reseller, and vendor.

I'd advise asking for a demo and getting involved or engaged with the product to see its value. Don't just read about it.

Overall, I'd rate Cisco Secure Firewall a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
IT Service Technician at Scaltel AG
Reseller
Feb 27, 2023
Can easily segment the network but does not have direct access via web browsers
Pros and Cons
  • "The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic."
  • "Cisco Secure Firewall should be easier to handle. It uses ASDM, which is not easy to understand. It would be better if there was direct access via HTTPS."

What is our primary use case?

We use Cisco Secure Firewall in our own company for site-to-site VPN to access our customers and provide remote support.

We sell the solution to our customers as well. They use the ASA or FMC for dedicated networking, for example, the process network. That is, they dedicate the process network or ASA to the user network.

As a Cisco Secure reseller, I add value with my professional background, for example, in Cisco TAC, to my customers. We choose to sell Cisco Secure Firewall because of our partner status with Cisco.

What is most valuable?

The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic.

It also secures the internal network to allow specific client traffic or machine traffic.

Cisco Secure Firewall helped reduce our clients' meantime to repair by 40%. This is because they can easily segment the network. It's easy to troubleshoot because of micro-segmentation.

What needs improvement?

Cisco Secure Firewall should be easier to handle. It uses ASDM, which is not easy to understand. It would be better if there was direct access via HTTPS.

For how long have I used the solution?

I have used this solution for around five years, but my company has been using it for 30 years.

How are customer service and support?

Cisco's technical support for security is good. The support staff are professional and know what to do. I would give them an eight out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The deployment of the firewall is more difficult if you want to use all of the features. However, if you're using it only as a VPN, then it's a little bit easier to deploy.

What other advice do I have?

Compared to Cisco Secure Firewall, other firewall solutions are easier to handle because they do not use ASDM. They have direct access via web browsers.

If you're considering Cisco Secure Firewall, take a look at what you want to use the firewall for and what kind of handling you prefer. If you prefer easy handling via browsers, then you may need to use another solution because ASDM is no longer the state of the art.

Overall, I would rate Cisco Secure Firewall at seven on a scale from one to ten.

The I add as a reseller is the professional background.

Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Achilleas Katsaros - PeerSpot reviewer
Head of IT Network Fixed & Mobile at OTE Group
Reseller
Feb 27, 2023
Provides valuable exportability and smooth migrations
Pros and Cons
  • "The feature my customers find the most valuable is the exportability."
  • "We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs."

What is our primary use case?

Our customers for the most part use this solution in data centers. 

What is most valuable?

The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs. 

What needs improvement?

We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs. 

For how long have I used the solution?

We have been using Cisco Secure Firewall for almost a decade. 

How are customer service and support?

Cisco's support is much better than other vendors' support. In my opinion, this is a big advantage for Cisco. The support Cisco offers is upper-level. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously sold Fortinet devices. However, many of our clients switched over to Cisco because of the price as they are quite cheap. 

How was the initial setup?

We are in the middle of a migration plan to Cisco right now in our company. I am not directly involved. We are working with a Cisco partner but I have been communicating our needs to them. However, I believe the migration process will be smooth for our company. It is crucial to have a solid migration plan in place because we are a core data center, so we have to be careful. 

What about the implementation team?

We are deploying with the help of a partner. 

What was our ROI?

We do see a lot of ROI from Cisco Secure Firewall. We are in the process of migrating a lot of end-of-support devices with some new ones and the return on investment is there.

What's my experience with pricing, setup cost, and licensing?

Price is a big selling point for Cisco Secure Firewall. They are quite affordable and many clients chose them precisely for this reason. 

What other advice do I have?

This solution helped my clients save money and time. My clients save 50% on time thanks to automation and processing brought on by this solution. 

I have only good things to say about Cisco Talos. It has been quite helpful to our customers.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
reviewer1667103 - PeerSpot reviewer
Global Network Architect at a agriculture with 10,001+ employees
Real User
Feb 27, 2023
Prevents incidents and an average amount of maintenance required
Pros and Cons
  • "Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us."
  • "It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage."

What is our primary use case?

Our primary use case for Cisco Secure Firewall is protection in our OT network. We have our OT network behind the commercial network and we do dual firewalls. The Cisco Secure Firewall is on the commercial network side and a different vendor and management group are on the OT network side.

How has it helped my organization?

Cisco Secure Firewall has not necessarily improved our organization as much as it has protected it against the impact of cyber threats. Our organization runs manufacturing plants that have hazardous material and we don't want that manufacturing process to be impacted by break-in exposure and cyber threats.

Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us.

What needs improvement?

It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage.

For how long have I used the solution?

We have used Cisco Secure Firewall for probably 10 years.

What do I think about the stability of the solution?

Cisco Secure Firewall has been a very stable solution for us. In general, if you keep it up to date and do sensible management on it, it will be a very stable solution.

What do I think about the scalability of the solution?

Cisco Secure Firewall has met our scalability requirements as far as traffic and management goes.

How are customer service and support?

We have an excellent account team and they go to bat for us inside of Cisco. We have access to TAC and Smart Net and that all seems to be working out very well. Cisco has a good team in place.

Which solution did I use previously and why did I switch?

We did not previously use a different solution for this particular use case. 

How was the initial setup?

I was not involved in the initial deployment of the solution. 

What was our ROI?

In this specific use case, the biggest return on investment is that we do not have incidents. This ultimately – in some of our factories – ends up being a health and human-safety use case.

What's my experience with pricing, setup cost, and licensing?

We have all smart licensing and that works well. 

Which other solutions did I evaluate?

We ultimately chose Cisco Secure Firewall because it came with a strong recommendation from one of our strong partners.

What other advice do I have?

My advice to those evaluating the solution right now is this: understand what you're trying to protect and what you're trying to protect it from. Also, understand how the solution is managed.

Cisco Secure Firewall has not necessarily freed up our staff's time as much as it has secured the infrastructure and the OT network behind it. Cisco Secure Firewall was not built as a time-saver. It is not a cost solution. It is a solution meant to isolate and control access to and from a specific set of infrastructure.

Cisco Secure Firewall has not helped us consolidate tools and applications. It allows us to get access. What we're seeing more and more of is business systems like SAP looking to get access to OT systems and this is how our systems get that way.

Cisco Secure Firewall requires the sort of maintenance that any software product would: updates, asset management, etc. Worldwide, we probably have 30 to 40 people managing the solution on the OT side on the various sites and then probably 10 to 15 people on our account team with our outside partner.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Maharajan S - PeerSpot reviewer
VSO at a computer software company with 501-1,000 employees
Real User
Top 20
Sep 28, 2022
Good encryption and decryption with decent dashboards
Pros and Cons
  • "We found the initial setup to be easy."
  • "We have not, as of now (touch wood) faced any issues; it's stable, and we don't face any performance issues as well, it's reliable, there are no bugs or glitches, and it doesn't crash or freeze."
  • "Maybe the dashboard could be a bit better."

What is our primary use case?

This is an SSL that can decrypt and encrypt SSL traffic. 

What is most valuable?

The ability to encrypt and decrypt is great.

The dashboards are excellent.

We really like the reporting aspect of the product. 

It is stable. 

We found the initial setup to be easy.

What needs improvement?

Maybe the dashboard could be a bit better. There are some reports where we don't get it. We need a deep dive into a particular URL, however, it provides the URL and the IP address, and there is no more information that can show more details. Basically, the report models can be improved.

With their console, we have to build a separate VM. In some of the products, the management console comes along with the box itself. It'll be one solution to take the backup and keep it. Even if you want to build a DR, it'll be easy. However, the challenge we had is if that VM is down, my team may not able to access the Firepower remotely. Therefore, the management console itself should be built within the Firepower box itself, rather than expecting it to be built in a separate VM.

For how long have I used the solution?

I've been using the solution for more than four years. 

What do I think about the stability of the solution?

We have not, as of now (touch wood) faced any issues. It's stable, and we don't face any performance issues as well. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

At this moment, we have not thought through scaling. The model which we use is less than 60%. What I heard from them is you can cascade it to another box, and scaling can be done.

We have between 400 to 450 concurrent users on a daily basis accessing this box. Overall, we have 2,000 devices that could be easily communicated via Firepower.

How are customer service and support?

Technical support is good. We've found it to be quite good in general. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is great. It's very easy and quite straightforward. If you understand the process, it is very easy. I'd rate it a 4.5 out of five in terms of ease of implementation. 

What's my experience with pricing, setup cost, and licensing?

I don't manage licensing. I can't speak to the actual cost of the product. 

What other advice do I have?

We're a customer and end-user.

I'd recommend the solution to organizations that have around 1,500 people that need to access the solution. 

I would rate the solution a nine out of ten. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Ken Mohammed - PeerSpot reviewer
UC Solutions Engineer at Diversified
Video Review
Reseller
Aug 9, 2022
Enabled my client to have thousands of remote users connect seamlessly through VPN
Pros and Cons
  • "You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI based."
  • "It enabled my clients to have remote users, thousands of them, and they're able to connect seamlessly."
  • "I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies."
  • "Because I don't like the management tool that comes out-of-the-box with it, the FDM, I'll give the Firepower an eight out of 10. That was a real pain dealing with, until they said, "Okay, let's get him an FMC.""

What is our primary use case?

I typically deploy firewalls to set up VPNs for remote users, and, in general, for security. I have a number of use cases.

With theUI basedpandemic, the customer really didn't have a VPN solution for their remote users, so we had to go in and deploy a high-availability cluster with Firepower. And I set up single sign-on with SAML authentication and multi-factor authentication.

How has it helped my organization?

We deploy for other organizations. I don't work on our own corporate firewalls, but I do believe we have some. But it definitely improved things. It enabled my clients to have remote users, thousands of them, and they're able to connect seamlessly. They don't have to come into the office. They can go home, connect to the VPN, log on, and do what they need to do.

What is most valuable?

I like that you can get really granular, as far as your access lists and access control go. 

You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI-based.

What needs improvement?

I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it.

FDM is like Firepower for dummies. I found myself to be limited in what I can do configuration-wise, versus what I can do in the FMC. FMC is more when you have 100 firewalls to manage. They need to come out with something better to manage the firewall, versus the FDM that comes out-of-the-box with it, because that set me back about two weeks fooling around with it.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for two or three years now.

What do I think about the stability of the solution?

It's good. It's stable. I haven't heard anything [from my customer]. No news is good news.

What do I think about the scalability of the solution?

It scales because you can deploy a cluster. You could have up to 16 Firepowers in a cluster, from the class I [was learning] in yesterday. I only had two in that particular cluster. It scales up to 16. If you have a multi-tenant situation, or if you're offering SaaS, or cloud-based firewall services, it's great that it can scale up to 16.

How are customer service and support?

They're always great to me. They're responsive, they're very knowledgeable. They offer suggestions, tell you what you need to do going forward, [and give you] a lot of helpful hints. It was good because I had to work with them a lot on this past deployment. 

Now I can probably do it by myself, without TAC's help.

How would you rate customer service and support?

Positive

How was the initial setup?

The deployment was complex because that was my first time doing a Firepower. I did ASAs prior, no problem. I had to get used to the GUI and the different order of deploying things. I had to reset it to factory defaults several times because I messed something up. And then I had to get with Cisco TAC, for them to help me, and they said, "Okay, you need to default it and start over again".

But now, going forward, I know I need to deploy the FMC first, and then you deploy the Firepowers, and tell them where the FMC is, and then they connect, and then you can go in and configure it. I had it backward and it was a big thing. I had to keep resetting it. It was a good learning experience, though, and thankfully, I had a patient customer.

[In terms of maintenance] I've not heard anything back from my customer, so I'm assuming once it's in, it's in. It's not going to break. It's an HA pair. My customer doesn't really know too much about it. I don't know that they would know if one of them went down, because it fails over to the other one. I demonstrated to them, "Look, this is how it fails over. If I turn one off, it fails over." VPN doesn't disconnect, everything's good. Users don't know that the firewall failed over unless they're actually sitting there looking at AnyConnect. I don't think they know. So, I'll wait for them to call me and see if they know if something's broken or not.

What was our ROI?

As far as return on investment [goes], I would imagine there is some. For the users, as far as saving on commuting costs, they don't have to come into the office. They can stay home and work, and connect to the enterprise from anywhere in the world, essentially.

Which other solutions did I evaluate?

I've done a Palo Alto before, and a Juniper once, but mostly ASAs and Firepowers.

Naturally, I prefer Cisco stuff. [For the Palo Alto deployment] they just said, "Oh, you know, firewalls", and that's why the customer wanted Palos, so that's what I had to do. I had to figure it out. I learned something new, but my preference is Cisco firewalls.

I just like the granularity of the configuration [with Cisco]. I've never had any customers complain after I put it in, "Hey, we got hacked," or "There are some holes in the firewall," or any type of security vulnerabilities, malware, ransomware, or anything like that. You can tighten up the enterprise really well, security-wise.

Everything is GUI-based now, so to me, that's not really a difference. The Palos and the Junipers, I don't know what improvements they have made because [I worked on] those over five or six years ago. I can't even really speak to that.

What other advice do I have?

Because I don't like the management tool that comes out-of-the-box with it, the FDM, I'll give the Firepower an eight out of 10. That was a real pain dealing with, until they said, "Okay, let's get him an FMC." That was TAC's suggestion, actually. They said, "You really need FMC. The FDM is really trash."

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Tushar Gaba - PeerSpot reviewer
Technical Solutions Architect at NIL Data Communications
Video Review
Real User
Aug 7, 2022
Provides perimeter security, allowing/blocking of traffic, IPS, and port scans
Pros and Cons
  • "The return on investment is not going to be restricted to just the box... Now, these genres have been expanded to cyber, to third-party integrations, having integrated logging, having integrated micro and macro segmentations. The scope has been widened, so the ROI, eventually, has multiplied."
  • "The return on investment is not going to be restricted to just the box, because nowadays, if you look at the integrated security that Cisco has been heavily investing into, it's not just about ASA doing the firewalling functions."
  • "The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters."

What is our primary use case?

With [my company], NIL, it's cross-domain. It's just not ASA, but in particular we work with customers where we talk about the physical boxes or even the virtual appliances that we're deploying. The use cases can be multiple, but mostly what we have seen is perimeter security, looking at blocking [and] allowing of traffic before accessing the internet.

The majority of the challenges that we see across customers and partners is looking at the data, the integrity, security, [and] looking at various areas where they need to put in boxes or solutions which could secure their environments. It's not just about the data, but even looking at the endpoints, be it physical or virtual. That, in itself, makes the use case for putting in a box like ASA. 

And, of course, with the integrations nowadays that we have from a firewall, looking at multiple identity solutions or logging solutions you could integrate with, that in itself becomes a use case of expanding the genres of integrated security.

What is most valuable?

The best features would obviously be the ones that are most used: the perimeter security, allowing/blocking of traffic, NAT-ing, and routing, or making it easy as compared to a router. If you were to do the similar features on a router, it would be way more extensive and difficult as compared to a firewall. These are the majority of the features that anyone would begin with.

But of course, they expanded to other features like IPS or cyber security or looking at vulnerabilities or scanning, port scans. Those are the advanced things.

[In terms of overall performance] in the last decade or so, especially in the last three or four years, the scale of where the architecture has been—all the numbers, the stats, everything—has gone up exponentially. It's all because of the innovations that are always happening, and not just at the hardware level, but particularly at the software level. Of course, we can always look at the data sheets and talk about the numbers, but all I can say, in my experience, is that the numbers have really gone up, and the speed at which the numbers have gone up in the last couple of years or so, is really progressive. That's really good to see.

What needs improvement?

We're reaching [the point] where we want it to be. If you go 10 years back, we did miss the bus on bringing in the virtual versus the physical appliance, but now that we have had it, the ASAv, for a few years, I think we are doing the right things at the right place. 

The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters. That is where we, as partners, can also leverage our repos with our customers and making them aware that there might be some major changes that we may have to introduce in their networks in the near future.

For how long have I used the solution?

I started back in the days with ASA when I was [with] Cisco. I was [with] Cisco for 12 years. I started as a TAC engineer, and one of the teams I was leading was the ASA team, firewall, and across VPN, AAA. it became like a cross-border team or cross-architecture, and it's been long enough. I've been working with ASAs for about 12 or more years now.

What do I think about the stability of the solution?

From the stability standpoint, it's way better. Is there a scope for improvement? Of course. There always is. But I can just speak from my experience. What it was and what it is today, it is way better.

What do I think about the scalability of the solution?

We look at scalability for any product of Cisco. I cannot be confined to the ASAs. We have physical, virtual, and cloud deployments. Everything is possible, so scalability is no issue.

How are customer service and support?

Support, when you look at any product from Cisco, has been top-notch. I was a TAC guy myself for 10 years and I can vouch for it like anyone would do from TAC.

Support has always been extensive. There is great detail in root cause analysis. Going back into my Cisco TAC experience, it's always the story that if you know the product well, you know the things that you need to collect for TAC or for any other junior SME to work with you collectively, to get down to the solutions sooner. Otherwise, they have to let you know what you need to collect. It's better to know the product, get the right knowledge transfer, work towards those goals, and then, collectively, we can work as a great team.

How was the initial setup?

I have mostly been involved in the pre-sales stage, and then eventually the post-sales as well. But we do the groundwork of making sure that we have set the stage for the customer to get the initial onboarding. And at times, I do it with other engineers or other colleagues who take it over from there. In my experience, it has been pretty straightforward.

It's not just the implementation, but [it's] also managing or maintaining [the ASA]. It would depend on how complex a configuration is, a one-box versus cluster versus clusters at different sites. Depending on the amount of configuration complexity and the amount of nodes that you have, you would need to look at staff from there. It's hard to put a number [on it and] just say you need a couple of guys. It could be different for different use cases and environments.

[In terms of maintenance] it's about a journey: the journey from having the right knowledge transfer, knowing how to configure a product, knowing how to deploy it, and then how to manage it. Now, of course, from the manageability standpoint, there are some basic checks that you have to do, like firmware upgrades, or backup restores, or looking at the sizing—how much your customer needs: a single node versus multiple nodes, physical versus virtual, cloud versus on-prem. But once you are done with that, it also depends on how much the engineers or SMEs know about configuring the product, because if they know about configuring the product, that's when they would know if something has been configured incorrectly. That also comes in [regarding] maintenance [of] or troubleshooting the product. Knowledge transfer is the key, and making sure that you're up to date and you have your basic checks done. Then, [the] manageability is like any other product, it's going to be easy.

What was our ROI?

The return on investment is not going to be restricted to just the box, because nowadays, if you look at the integrated security that Cisco has been heavily investing into, it's not just about ASA doing the firewalling functions. Now, these genres have been expanded to cyber, to third-party integrations, having integrated logging, having integrated micro and macro segmentations. The scope has been widened, so the ROI, eventually, has multiplied.

What other advice do I have?

Being a partner, we work with customers who already have different vendor solutions as well. At times, there are a mix of small SMB sites, which could be, let's say, a grocery. There are smaller stores and there are bigger stores, and at times, they do local DIAs or local internet breakouts. [That's where] you do see some cloud-based or very small firewalls as well, but when you look at the headquarters or bigger enterprises, that is where we would probably position Cisco.

[My advice] would depend [on] if they are comfortable with a particular product, if they've been working with a particular vendor. If it's a Cisco shop, or if they've been working on Cisco, or the customers are quite comfortable with Cisco, I would say this is the way to go. Unless they have a mixed environment. It will still depend on the SME's expertise, how comfortable they are, and then looking at the use cases and which products would nullify or solve them. That is where we should position it.

My lessons are endless with ASA, but my lessons are mostly toward product knowledge. When you look at the deployment side of things, or for me, personally, when I was TAC, to know how things work internally within ASA—like an A to Z story, and there are 100 gaps between and you need to know those gaps—and then, eventually, you will get to the problem and solve it in minutes rather than hours.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.