Try our new research platform with insights from 80,000+ expert users
reviewer1884756 - PeerSpot reviewer
Data center design at a comms service provider with 10,001+ employees
Real User
Provides great security for our applications
Pros and Cons
  • "One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI."
  • "It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection."

What is our primary use case?

We use them for site-to-site VPN solutions as well as other VPN activities, and for general application security.

We needed a good VPN solution and, as our network grew, we had more applications that were virtualized and that can be spun up. We needed a solution that would keep us ahead.

How has it helped my organization?

Cisco ASA provides great security for our applications.

What is most valuable?

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

What needs improvement?

It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.

Also, the ASAs need to be improved a little bit to keep up with the demand for high bandwidth and session count applications.

Buyer's Guide
Cisco Secure Firewall
March 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

I've been using Cisco ASAs for about 11 years.

What do I think about the stability of the solution?

It's reliable. It doesn't have all the features of some of the newer firewalls, but it's very reliable. It doesn't break. It's pretty rock-solid.

What do I think about the scalability of the solution?

We have at least a pair in every one of our data centers. We gateway our applications around the firewall system, meaning all application data goes through firewalls.

How are customer service and support?

We have good support from Cisco for the ASAs. That helps us out a lot. Some of our ASAs are pretty old and technically not supported anymore, but TAC always helps us out.

How was the initial setup?

The initial one, for me, was a little bit complex because I hadn't done it before. It was inline and an active/standby pair, so it involved a little bit more than just deploying one firewall. 

We had some documentation written and we tested it in the lab and then the deployment took about four hours.

We deployed it alongside different solutions and then we cut over to it when it wouldn't impact the customers.

The maintenance involves doing code upgrades periodically to keep up with the security environment requirements. One person handles that.

What about the implementation team?

We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.

From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.

What's my experience with pricing, setup cost, and licensing?

The licensing is straightforward and simple, so we don't have to keep relicensing every year as we do with other applications.

Which other solutions did I evaluate?

We use Juniper as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Francisco Gaytan Magana - PeerSpot reviewer
Network Architecture Design Engineer at a comms service provider with 10,001+ employees
Real User
The stability is better than competitors and offers easy deployment
Pros and Cons
  • "The IP filter configuration for specific political and Static NAT has been most valuable."
  • "The access layer of this solution could be improved in terms of the way the devices interconnect with our network. We need to be able to analyze the traffic between the different interconnection in these areas."

What is our primary use case?

We started using this solution due to challenges with throughput. We needed devices with more quantity of throughput and bandwidth. We use this solution in different locations and different departments and we have around 2000 internal customers.

How has it helped my organization?

Cyber security resilience is really important for our organization. It is necessary for all the points for interconnections between LAN networks and WAN networks as we receive daily attacks.

What is most valuable?

The IP filter configuration for specific political and Static NAT has been most valuable.

What needs improvement?

The access layer of this solution could be improved in terms of the way the devices interconnect with our network. We need to be able to analyze the traffic between the different interconnections in these areas.

In a future release, we would like to have an IP analyzer to try to identify the specific comportment of the customers.

For how long have I used the solution?

I have been using this solution for seven years. 

What do I think about the stability of the solution?

This is a very stable solution. 

What do I think about the scalability of the solution?

This solution would need an adjustment to be scalable. 

How are customer service and support?

Our engineers usually fix the issues we have, depending on the issue. When we reached out to the technical support team, they were attentive and helped us. 

Which solution did I use previously and why did I switch?

We previously used Palo Alto, Fortinet, and Cisco Firepower. We switched because Cisco is more stable and offers easy deployment for the platform.

How was the initial setup?

This solution requires regular maintenance and I have 10 engineers that manage it.

What other advice do I have?

I would rate this solution a nine out of ten because it is a good product that is more stable than others on the market. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
March 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Simon Watkins - PeerSpot reviewer
Senior Network Architect at Prosperity247
MSP
Top 20
Usability of the GUI front end helps admins get to a diagnosis quickly
Pros and Cons
  • "One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important."
  • "One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes."

What is our primary use case?

Typically, we use them on the internet edge for protecting customer networks from the internet. It's a delimiter between the local area network and the wider internet. Other use cases include securing data centers or protecting certain areas within a network. It's not particularly internet-based, but it gives you that added layer of security between networks or between VLANs and your network, rather than using a Layer 3 switch.

Ultimately, it's about securing data. Data is like your crown jewels and you need to be able to secure it from different user groups. Obviously, you need to protect your data from the internet and that's why we generally deploy Cisco ASAs.

How has it helped my organization?

The usability, with the GUI front end, certainly helps and it means you don't have to be a command-line person. We have to get away from that now because if you put the typical IT admin in front of a CLI they might struggle. Having something graphical, where they can click in logs to see what's going through the firewall— what's been denied, what's being allowed—very quickly, helps to get to a diagnosis or know something has been blocked. And when it comes to making changes within the environment, that can be done very quickly as well. I've seen something be blocked within a couple of minutes, and any IT admin can make a change through the GUI.

What is most valuable?

One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important.

What needs improvement?

One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes. 

To have that kind of feature, it's more than likely there would need to be some kind of storage on the device, but those boxes were designed a number of years ago now. They weren't really designed to have that built-in. Having said that, if you do reflash into the FTD image, and you've got the Firepower Management Center to control those devices, then all that logging is kept within the Firepower Management Center.

For how long have I used the solution?

I've been using Cisco ASA Firewalls since they came out. Before ASA, I used Cisco PIX Firewalls. I've been using them since about 1999 or 2000.

I'm involved in the presale events as well as the implementation and post-sale support. We do everything. That is probably different from a lot of organizations. We are quite a small company, so we have to be involved at all levels. I see it from all angles.

How are customer service and support?

One of the reasons I've stuck with Cisco all these years is that you always get excellent support. If a network goes down due to major issues, I know I can raise a case with TAC and get through to subject matter experts very quickly.

Obviously, you need a SMARTnet contract. That means if a device has completely failed, you can get a box replaced according to the SLAs of that contract. That's very important for customers because if you have an internet edge failure and you just have a single device, you want to know that the replacement box is going to be onsite within four hours.

When a network goes down, you're going to know about it. You want to be safe in the knowledge that someone is going to be there for you and have your back. Cisco do have your back on those kinds of things.

Cisco support is a major selling point.

How would you rate customer service and support?

Positive

How was the initial setup?

In terms of deployment, a lot of organizations are moving to the cloud. People are looking at the ASAv image for deploying into the public cloud on Azure or AWS. But there are still a lot of organizations that use ASAs as their internet edge.

The on-prem and the cloud-based deployments are very similar. When you're designing a solution, you need to look at the customer's business requirements and what business outcomes they actually want from a solution. From there, you develop architecture. Then it's a matter of selecting the right kinds of kits to go into the architecture to deliver those business outcomes. We talk to customers to understand what they want and what they're trying to achieve, and we'll then develop a solution to hopefully exceed their requirements. 

Once we've gotten that far, we're down to creating a low-level design and fitting the components that we're going to deploy into that design, including the ASA firewalls and the switches, et cetera. We then deploy it for the customer.

What was our ROI?

Your investments are protected because of the innovations over time and the fact that you're able to migrate to the latest and greatest technology, through Cisco. 

There are also a lot of Cisco ASA skills out there in the marketplace, so if you have ASAs deployed and you get a new employee, it's more than likely they have had experience with ASAs and that means you're not having to retrain people.

Which other solutions did I evaluate?

We do deploy other manufacturers' equipment as well, but if I were to deploy a solution with firewalling, my number-one choice would probably be Cisco ASA or the FTD image or Cisco Meraki MX.

The flexibility you have in a Cisco ASA solution is generally much greater than that of others in the marketplace. 

For any Cisco environment, we choose Cisco because it comes down to support. If the network is Cisco, then you have one throat to choke. If there is a network issue, there's no way that Cisco can say, "It's the HP switch you've got down in the access layer."

What other advice do I have?

ASA morphed from being just a traditional firewall, when they introduced the Firepower Next-Generation Firewall side. There has also been progress because you can reflash your old ASAs and turn them into an FTD (Firepower Threat Defense) solution. So you've got everything from your traditional ASA to an ASA with Firepower.

Cisco ASA has been improved over time, from what it was originally to what it is now. Your investments are being protected by Cisco because it has moved from a traditional firewall through to being a next-gen firewall. I'm a fan of ASA.

I think ASAs are coming towards the end of their lifespan and will be replaced by the FTDs. It's only a matter of time. But there are still a lot of Cisco customers who use ASAs, so migrating that same level of knowledge those customers have of the ASA platform across to the FPR/FTD image, will be a challenge and will require investment.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner/reseller
PeerSpot user
Juan Carlos Saavedra - PeerSpot reviewer
Coordinador de Tecnología at a tech vendor with 1,001-5,000 employees
Reseller
Provides us visibility and information about our Internet usage. However, it is complex to operate the solution.
Pros and Cons
  • "The most valuable feature is the anti-malware protection. It protects the endpoints on my network."
  • "The ease of use needs improvement. It is complex to operate the solution. The user interface is not friendly."

What is our primary use case?

The primary use is as edge firewalls to the Internet.

We are only on-premise. There is still no cloud plan.

How has it helped my organization?

It provides visibility and information to the organization about what is being accessed on the Internet as well as the applications that it is protecting.

It is part of our security strategy.

What is most valuable?

  • Anti-malware protection
  • Web Filtering
  • VPN Remote-Access

The most valuable feature is the anti-malware protection. It protects the endpoints on my network.

We use the application visibility and control feature of Cisco firewalls.

What needs improvement?

The ease of use needs improvement. It is complex to operate the solution. The user interface is not friendly.

For how long have I used the solution?

I have been using it for eight to 10 years.

What do I think about the scalability of the solution?

We have 200 users using this solution.

How are customer service and support?

The technical support is good, but it could be better. I would rate them as six out of 10.

How would you rate customer service and support?

Neutral

How was the initial setup?

The setup is not too complex. We implemented it on all our ports.

What about the implementation team?

We have five people on our cybersecurity team.

Which other solutions did I evaluate?

The solution's ability to provide visibility into threats is fine, but the Fortinet and Check Point solutions have better dashboards and information about visibility.

What other advice do I have?

We are also using Cisco AnyConnect, Umbrella (as a cloud proxy), and ISE. We have between five or six antivirus, proxy, anti-malware, data loss prevention, VPN client, and firewall tools.

I would rate this Cisco product as six out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner & Reseller
PeerSpot user
Technology Associate at a financial services firm with 1-10 employees
Real User
The most valuable features are the IPsec VPN and web filtering. It seems very clunky and slow.
Pros and Cons
  • "The most valuable features are the IPsec VPN and web filtering."
  • "It seems very clunky and slow. I would like to be able to tune it to be a more efficient product."
  • "I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it."
  • "The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything."

What is our primary use case?

Our primary use case is as a firewall and using it for web filtering. We use IPsec VPN services on it, as well as the router.

I have been using the product for only a few months, but the company has been using it for a couple of years.

How has it helped my organization?

The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything. I don't think really highly of it, though.

What is most valuable?

The IPsec VPN and web filtering.

What needs improvement?

I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it. 

It seems very clunky and slow. I would like to be able to tune it to be a more efficient product.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It has generally been okay in terms of stability. We haven't had it go down, but we do have some interruptions. I don't know if it is the ISP or the firewall. We have more frequent network disruptions, and other branches call in telling us that they are unable to use their services to do their job. Unfortunately, we can't really do anything about it. It just clears up in about five or six minutes. In terms of stability, I would give it a seven and a half out of 10.

What do I think about the scalability of the solution?

I don't see it being very scalable. I don't have access to the actual interface on it. However, it is an older product, so it probably doesn't have high availability features. So, it's scalability is probably limited. I know that we kind of put it through the ringer with our fewer than a hundred connections into it.

How is customer service and technical support?

AT&T handles our technical support, since it's leased through them.

How was the initial setup?

I was not involved with the initial setup.

What's my experience with pricing, setup cost, and licensing?

We pay a lot of money for it.

For big organizations who are used to throwing around a lot of money for absolutely surety, this would probably be a good fit for them. For the average SME, this particular firewall system, as well as Cisco in general, this product would not be a good fit for them.

Which other solutions did I evaluate?

We are currently looking at WatchGuard, pfSense, and Fortinet FortiGate. Netgate would provide the hardware.

We have still got nine months left on our contract with AT&T before we can actually do anything. We are just trying to do as much research and ask as many questions as we can before we get to that point.

What other advice do I have?

We just don't have a lot of the control or customizability that we would like to have over the system. A lot of this has to do with how AT&T is handling the access to it. Also, the hardware is outdated. We would like to go with a product in which everything is very transparent, clear, organized, all in the same place, and we can monitor clearly. The reason that we are looking to change is price: We pay a lot for it. If we had more control over it, we would be better able to control the quality and performance of the network and services, as well as the budget.

The most important criteria when selecting a vendor:

  • IPsec VPN
  • Good stable connection
  • Failover support: We need to have dual-WAN, so we can get two WAN connections in there and have failover. 
  • Load balancing would be good, especially for those rough patches. 
  • Internal web filtering and blocking: We need to be able to control what our end users are looking at.
  • Monitoring: As much monitoring as we can get.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
OusaidAbaz - PeerSpot reviewer
Security Network Architect at Inmac
Real User
Top 5Leaderboard
Has an easy installation process, but the integration capabilities with various applications need improvement
Pros and Cons
  • "The advantage of using Cisco is its integration within the Cisco fabric, which allows for effective threat detection and mitigation."
  • "Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance."

What is our primary use case?

Cisco Secure Firewall is a next-generation firewall that can be used for various security applications. 

What is most valuable?

The advantage of using Cisco is its integration within the Cisco fabric, which allows for effective threat detection and mitigation.

What needs improvement?

Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance.

What do I think about the stability of the solution?

The product is stable with minimal glitches or latency issues.

How was the initial setup?

The solution is easy to install, requiring minimal expertise. Deployment time varies, but it can take about two days for a medium-sized company with 200-300 users to configure and install.

What was our ROI?

After five years of product usage, the high return on investment and low total cost of ownership can be observed.

What's my experience with pricing, setup cost, and licensing?

Pricing depends on partnerships and certifications. The engineering team's certifications can qualify it for seven to eight percent discounts.

What other advice do I have?

The platform's integration capabilities depend on the project context. In some cases, integrating Palo Alto may provide better performance, but Cisco can still be effective.

However, its classification in industry comparisons, such as those from Gartner, is lower than that of competitors like FortiGate and Palo Alto.

Overall, I rate it seven out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
WaleedAboda - PeerSpot reviewer
Senior Security Engineer at a financial services firm with 501-1,000 employees
Real User
Top 20
Provides IPS intrusion prevention, anti-malware, and anti-spam
Pros and Cons
  • "The important features are IPS intrusion prevention, anti-malware, and anti-spam."

    How has it helped my organization?

    Cisco Secure Firewall has impacted our cybersecurity cost efficiency.

    What is most valuable?

    The important features are IPS intrusion prevention, anti-malware, and anti-spam.

    What needs improvement?

    Cisco firewall needs experience with hardware. They should also enhance security antivirus, application detection, user detection, and ID detection. 

    For how long have I used the solution?

    I have been using Cisco Secure Firewall for three years.

    What do I think about the scalability of the solution?

    300 users are using this solution.

    How are customer service and support?

    The support is good.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is easy, but it takes some time to push the configurations. Also, it's a little complicated and not friendly to use. It is good only for IT and experienced people. 

    The deployment took two months and a team of two to three people.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is average.

    What other advice do I have?

    I recommend the solution to medium and enterprise customers since it is expensive. 

    Overall, I rate the solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    reviewer2107434 - PeerSpot reviewer
    Senior Network Administrator at a comms service provider with 201-500 employees
    Real User
    Good performance and good support
    Pros and Cons
    • "Their performance is most valuable."
    • "The stability could be better because we have a lot of issues with the stability of Cisco Firepower."

    What is our primary use case?

    We use them for firewall purposes. We use the small ones with the partners for the services they need, such as VPN and security.

    What is most valuable?

    Their performance is most valuable.

    What needs improvement?

    The stability could be better because we have a lot of issues with the stability of Cisco Firepower.

    For how long have I used the solution?

    I've been using Cisco firewalls for 20 years.

    What do I think about the stability of the solution?

    We have a lot of issues with the stability of Cisco Firepower.

    What do I think about the scalability of the solution?

    It depends on the model. We are hitting some issues with scalability. It's getting very expensive to scale out.

    How are customer service and support?

    They sometimes take too long and don't fix the issue quickly, but eventually, it is fixed. I'd rate their support a nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have been using different Cisco firewalls for a long time. We are currently using Cisco Firepower and Cisco ASA. Cisco Firepower is better than Cisco ASA, but stability is an issue.

    How was the initial setup?

    It's now easier than before. You can have virtual appliances.

    We mostly have it on-prem, but some customers want on-prem virtual.

    Which other solutions did I evaluate?

    We considered using a different solution such as Check Point or Huawei. We chose to stay with Cisco because we're experienced with Cisco and because of the support.

    What other advice do I have?

    The old versions or models saved us time, but the newer ones take our time. Overall, I'd rate Cisco Secure Firewall an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.