No more typing reviews! Try our Samantha, our new voice AI agent.
Deputy Manager at Star Tech Engineering Ltd
Reseller
Jul 11, 2021
Automated policy application and enforcement free up time for us
Pros and Cons
  • "The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
  • "The automated policy application and enforcement have freed up time for us, on the order of 30 percent."
  • "One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
  • "One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment."

What is our primary use case?

We use it for malware and IPS.

How has it helped my organization?

The automated policy application and enforcement have freed up time for us, on the order of 30 percent.

Also if one Cisco antivirus implementation is the subject of an attack, all other Cisco implementations get that information rapidly, in real time. All the other firewalls are in sync when it comes to malware attacks, through the update of the database. That is good.

The visibility it provides into threats is good. Every day we find lots of malware attacks targeting our network, but they don't get through to the network.

What is most valuable?

The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.

Cisco Talos is well known around the world and everyone trusts Talos for malware intelligence. It is number one. It is also the most secure for Snort rules. It is more secure than others because its real-time analysis is better.

In addition, Firepower Management Center is helpful. 

We also use Cisco ISE and the integration between it and Firepower is okay.

For how long have I used the solution?

I've been using Cisco Firepower NGFW Firewall for four or five years.

Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,871 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's a stable product.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and support?

Their technical support is good. When my NOC or my engineers have needed support the feedback I've had is that tech support has been good at critical moments. They have given us good service.

How was the initial setup?

There was no issue with the initial setup. It's straightforward because Cisco gives us lots of documentation. It's not a big deal, for me. In four or five years I have deployed 35 to 40 Firepowers for financial organizations and corporate offices.

Which other solutions did I evaluate?

We also use Palo Alto, Fortinet, Sophos, and Check Point.

One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.

The other issue is the upgrading process, with Cisco. Sometimes, if we use a standalone device we need to create maintenance windows at that time and we need to restart Firepower. But with other vendors, like Palo Alto, there is no need to update in that way.

If they mitigated these two things, Cisco would be number-one in the world in the security domain.

What other advice do I have?

We have not integrated Firepower with Cisco SecureX because it needs IOS 6.6. It's a limitation. If we have an external device, we would need downtime and in a financial organization, management will not allow us the downtime.

In my experience, the deployment procedure with Cisco is not the easiest, it's not plug-and-play. I hope that Cisco will give us that type of implementation.

Overall, I would rate Firepower at eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Senior Network Engineer at BCD Travel
Real User
Jun 29, 2021
User friendly and easy to use GUI, but stability and scalability need improvement
Pros and Cons
  • "If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI, as it has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network, and additionally, this solution is user-friendly."
  • "We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
  • "The solution is not stable."

What is our primary use case?

We are currently using this solution as a VPN and an internet firewall in some locations. In our data center, we are still using FortiGate as an internet firewall but we are evaluating other options.

What is most valuable?

If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.

What needs improvement?

We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for approximately three years.

What do I think about the stability of the solution?

The solution is not stable. There seems to be always some issues. This is not ideal when you are running a system in a data center environment.

What do I think about the scalability of the solution?

There is room for improvement in the scalability of this solution.

How are customer service and technical support?

I was satisfied with the support we received.

How was the initial setup?

When I did the installation three or four years ago it was challenging. 

What's my experience with pricing, setup cost, and licensing?

This solution is expensive and other solutions, such as FortiGate, are cheaper.

Which other solutions did I evaluate?

I have evaluated FortiGate firewalls and when comparing with this solution there is no clear better solution, they each have their pros and cons.

What other advice do I have?

I would recommend a Next-Generation firewall. FortiGate has a Next-Generation firewall but I have never used it. However, it would be similar to the Cisco Next-Generation FirePOWER, which has most of the capabilities, such as running all the BDP sessions and having security intelligence in one system. 

I would recommend everyone to use this solution.

I rate Cisco Firepower NGFW Firewall a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,871 professionals have used our research since 2012.
it_user1593717 - PeerSpot reviewer
Head of ICT Infrastructure and Security at City of Harare
Real User
Jun 21, 2021
Stable and reliable, requiring very little support
Pros and Cons
  • "The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
  • "Cisco ASA Firewall is very stable and very reliable."
  • "An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier."

What is our primary use case?

We use it for intrusion prevention and in our VPN that is connected to our head office. It provides protection and security and node clustering. It gives us all the security features that we need within our environment.

What is most valuable?

The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping.

What needs improvement?

An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier. Traditionally, Cisco products have been command-line-based.

For how long have I used the solution?

The Cisco ASA Firewall has been in our environment for the past seven years.

What do I think about the stability of the solution?

The product is very stable. We've not had any challenges with it in all this time. It performs very well.

What do I think about the scalability of the solution?

We have 2,000 users who connect through this product. We are planning to increase use as we go, toward the end of the year.

How are customer service and technical support?

The technical support has been excellent. When there have been any issues, they've always been there for us.

How was the initial setup?

The initial configurations were straightforward, not complex at all. It took us just two days to finalize things.

What about the implementation team?

We did most of the setup in-house, but we also had assistance from our partner.

What's my experience with pricing, setup cost, and licensing?

We pay annually and there are no costs in addition to the standard fees.

Which other solutions did I evaluate?

When you compare Cisco ASA Firewall with Sophos, they are more or less the same in terms of functionality.

What other advice do I have?

Cisco ASA Firewall is very stable and very reliable. It requires very minimal support, once you configure it and put it in your environment. You don't need to attend to faults or issues. Once you install it and plug it in, it is good to go.

We have been using the ASA Firewall for a long time, and it is an advanced product for our current use. In terms of improvement, there's not much that can be done to it. It is a solid product, very effective, and it does its job well.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Ramish Ali - PeerSpot reviewer
Assistant Director IT at Punjab Education Foundation
Real User
Top 5
Jun 14, 2021
Scalable and fast but the initial setup could be easier
Pros and Cons
  • "The product is quite robust and durable."
  • "Overall, the solution works very well."
  • "The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."
  • "The solution is quite expensive. Fortinet and other competitors are about half the price."

What is our primary use case?

We primarily use the solution as a firewall for our data centers. We have a medium-sized data center right now. It's about six or seven servers. We actually store the data for students and schools and need to protect it.

What is most valuable?

Overall, the solution works very well.

The solution is quite fast. We found that the speed was good and the throughput was good.

The stability has been very good.

The solution can scale as necessary.

The product is quite robust and durable. 

What needs improvement?

The solution lacks the abilities of an FTD type which are the abilities we need, and they are not in the firewall. We're looking for a next-generation firewall instead.

The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI.

The solution needs to be easier to use. Right now, it's overly complicated. 

The initial setup is a bit complex. 

The cost of the solution is very high.

The product should add free URL filtering. It's another product, or part of another product, however, it should be available as part of this offering as well.

For how long have I used the solution?

I've been using this solution for about seven or eight years at this point. It's been a while. 

What do I think about the stability of the solution?

The stability is excellent and the performance is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

The product can scale nicely. If a company would like to expand it, it can do so. 

We have about 10,000 schools use the solution in general, and 1,000 to 2,000 that use it simultaneously daily. 

How are customer service and technical support?

I don't directly deal with technical support. Typically, that's something that others on the team deal with. We have our own team within the company that, if I run into issues, I would reach out to first. I can't speak to how helpful or responsive they are. I've never had a chance to contact them. 

Which solution did I use previously and why did I switch?

I have not used other firewalls.

How was the initial setup?

The initial setup is not easy or straightforward. It's a bit complex and a little difficult.

We have three engineers on staff. They are capable of handling any maintenance.  

What's my experience with pricing, setup cost, and licensing?

The solution is quite expensive. Fortinet and other competitors are about half the price. Cisco is very expensive in comparison. They need to work to be more competitive.

Which other solutions did I evaluate?

We're currently looking into a new firewall - something that is Next Generation. We don't know what it will be yet, however, we are considering Cisco, Fortinet, or Palo Alto.

It's my understanding that Fortinet is better in graphics and has a better user experience than Cisco, however, I haven't had a chance to test anything out.

What other advice do I have?

We're just a customer and an end-user. 

We no longer have an SLA for this solution. We're potentially looking for something new.

I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey.

In general, I would rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1570647 - PeerSpot reviewer
Senior Information Security Analyst at a manufacturing company with 10,001+ employees
Real User
Jun 5, 2021
Useful access controls, reliable, and good support
Pros and Cons
  • "I have found the most valuable feature to be the access control and IPsec VPN."
  • "When comparing the graphical interface of this solution to other vendors it is more difficult to configure. There is a higher learning curve for administrators in this solution."

What is our primary use case?

I am using this solution for monitoring incoming and outgoing network traffic. This includes many types of traffic, such as VPN users.

What is most valuable?

I have found the most valuable feature to be the access control and IPsec VPN. There are a lot of people moving towards the next-generation versions of firewalls which have some advanced features such as this one. You can define rules based on the application instead of how they are traditionally are done. There are more general and traffic controls, and additional features for intrusion prevention for malware analysis.

What needs improvement?

When comparing the graphical interface of this solution to other vendors it is more difficult to configure. There is a higher learning curve for administrators in this solution.

A lot of vendors, such as Palo Alto, are going toward cloud-based systems and Cisco should follow.

For how long have I used the solution?

I have been using this solution for approximately two years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

Since this is a hardware solution it does not scale as well as cloud versions. We have approximately 20,000 people using this solution in my organization.

How are customer service and technical support?

The support of this solution is very good.

What about the implementation team?

We have security specialists to manage the solution.

Which other solutions did I evaluate?

I have previously used FortiGate and Palo Alto solutions. When comparing them to this solution they have more standard features in their normal firewall this one does not.

What other advice do I have?

My advice to those wanting to implement the solution is to look at their use case and see if it meets those requirements for what they are looking for. There are a lot of security features that people may not be aware of and do not use. Explore the solution and all its features which will help you understand the configurations.

I rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Director of Information Technology at a government with 501-1,000 employees
Real User
May 23, 2021
Provides us with application visibility and control
Pros and Cons
  • "When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
  • "We are very satisfied with the service and the product."
  • "The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."

What is our primary use case?

We are a large company in the country in which we operate. We are a government agency dealing with taxes and we provide services for all taxpayers within the country. We have services for internal users, as well as services for public users. The main reason we use these firewalls is to protect our environment and to provide our services efficiently so that we are up and running 24/7.

Our solution is deployed in a private cloud. Everything is hosted in our environment and provided as cloud services. We are in the process of moving our infrastructure from the previous environment to the new environment where Cisco firewalls are installed.

In terms of our security maturity as an organization, we are young. In fact, we are young as a country. We have been providing electronic services for more than 10 years for our clients. We have a huge number of clients, with over 120,000 users who subscribe to our system and who access our services on a daily basis or, at a minimum, three to four times per year.

We use a few tools for security in terms of management, both internal and external, but we are mainly relying on Cisco. Our network is based on Cisco, and we also protect our mail system with Cisco. Previously, and in parallel, we used Sophos next-generation firewalls.

What is most valuable?

The solution provides us with application visibility and control and, at this stage, we are happy with it. Similarly, we are very happy with Cisco Firepower Management Center. We're still at an early stage, but we haven't seen any problems with the Cisco products. We are still switching on features and looking at how they are working.

When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.

We also believe that Cisco is updated about all security issues and threats and efficient enough to provide us with the features and protection we need.

For how long have I used the solution?

We just installed them recently. We started installation at the end of 2020 and we completed it this month, April 2021.

What do I think about the stability of the solution?

It's still early, but we believe the stability is alright.

What do I think about the scalability of the solution?

The scalability of the solution is better than the other firewalls we have, due to technical features. Our technicians have realized that this is much more scalable compared to other solutions.

How are customer service and technical support?

So far, the technical support has been excellent.

How was the initial setup?

The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.

We did a proper implementation plan according to the complexity of our network and our requirements. Then we used the best method for implementing it while mitigating our risks and meeting our requirements. We found a good way to implement it.

The setup took us two calendar months, but in terms of the actual time required to configure it, it was not so long. The setup took approximately as long as for other firewalls we have used.

What was our ROI?

It's hard to talk about ROI when it comes to security, but security now is expensive. You have to pay for it.

What's my experience with pricing, setup cost, and licensing?

For us, the pricing was more economical than other products we used. There were no extra costs.

Which other solutions did I evaluate?

We evaluated a lot of the providers: Juniper, Palo Alto, Check Point, and Fortinet. Our technical team really researched things for a considerable amount of time, and they came up with a decision that this would be the best.

Cisco was chosen because there were many features according to assessments made by other users and as noted in technical data sheets we looked at during the research. They came up with a few features which are better than what other products have. 

Also, especially when you have been a long-time user of Cisco products and services, we found that from a budget perspective it was going to be much more preferable than the others.

What other advice do I have?

We are very satisfied with the service and the product. I don't think that any product would be better than Cisco when it comes to next-generation firewalls.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Co-Founder at Multitechservers
Real User
May 20, 2021
Great remote VPN features, easy to set up, and offers 24/7 access to support
Pros and Cons
  • "Cisco ASA provides us with very good application visibility and control."
  • "Cisco ASA Firewall is very secure."
  • "If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."

What is our primary use case?

We are primarily using the solution for VLAN implementations and also for remote VPN capability - basically it's used for connecting to remote offices securely.

How has it helped my organization?

After implementing tools, including Cisco ASA, unauthorized access comes down a lot. We are not facing asset issues as of now. We are not facing an issue related to malicious traffic or any bad activity in our network.

What is most valuable?

The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.

It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.

Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.

They are best-in-class.

The remote VPN feature is one of the best features we've found. 

We like that there is two-factor authentication on offer.  We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.

Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.

When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products. 

There are multiple features in a single appliance, which is quite beneficial to us.

Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.

We have not had any security breaches. 

They provide a helpful feature that allows us to configure email. 

We are getting a lot from the appliance in real-time.

What needs improvement?

There's an upgraded version of the 5500 that has come to the market. It offers the latest encryption that they have. If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve. The rest is good.

For how long have I used the solution?

We've been using the solution for about five or more years at this point. It's been a while. 

What do I think about the stability of the solution?

The stability and availability are very good. there are no bugs or glitches. It doesn't crash or freeze. it's a reliable solution. 

What do I think about the scalability of the solution?

We have it in our infrastructure for around 15 plus users, including Fortinet sites.

We have found that whenever the traffic spikes at peak times, the product automatically scales up to the requirement. We have also implemented the single sign-on it, and therefore, it automatically scales up. We haven't felt any limitations. Currently, we are using it for 1500 plus users. At any given time, there are around 700 plus users available in the office. It's a 24/7 infrastructure. We have tested it for up to 750 plus users, and it's perfectly fine.

How are customer service and technical support?

Technical support is excellent. they are always available, no matter the time of day, or day of the week. We are quite satisfied with their level of support. They are quite helpful and very responsive. I'd rate them at a ten out of ten. They deserve perfect marks.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. When the office was launched we implemented Cisco as a fresh product.

We are using a Cisco ASA Firewall, as well as Sophos at the remote sites. We are using another product is for log collecting. There are three solutions that basically cover us for security purposes. Those, at least, are the physical devices we are using as of now. The rest are cloud solutions such as Nexus. 

That said, I personally, have used Sophos XG as a firewall in the past. Sophos is good in terms of traffic blocking and identifying interruptions to the traffic. The features are better on Cisco's side. For example, there is two-factor authentication and a remote VPN. The only benefit I found in Sophos was the way it dealt with the traffic. 

How was the initial setup?

The initial setup was not overly complex or difficult. It was quite straightforward and very easy to implement. 

Deployment takes about 20 to 25 minutes. 

In terms of the implementation strategy, at first, we put up the appliances in the data center. After that, we connected it with the console. After connecting the console, we had an in-house engineer that assisted. Cisco provided us onboarding help and they configured our device for us. We have just provided them the IP address and which port we wanted up. Our initial configuration has been done by them.

What about the implementation team?

While most of the setup was handled in-house, we did have Cisco help us with the initial configurations.

What was our ROI?

The ROI we are getting from Cisco ASA is higher availability, which we are getting all the time. On top of that, it's good at blocking traffic and protecting us from cyber-crime issues.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty reasonable. it's standard and comparable to other solutions. The maximum difference between products might be $20 to $40. It's not much of a difference. 

Which other solutions did I evaluate?

We did not evaluate other solutions. We trust Cisco. It's a very good product and well known in the market.

What other advice do I have?

We are a customer and an end-user.

We are using physical Cisco appliances.

We use a lot of Cisco products, Cisco router (the 3900-series routers), and Cisco switches.

In the next quarter, we will implement SD-WAN. Once the SD-WAN is implemented, then we will go with an automated policy and DNS kinds of tools. We are in the process of upgrading to Cisco ASA Firepower in the next quarter. We have not integrated Cisco ASA with Cisco's SecureX solution.

I'd recommend the solution, especially for medium-sized or larger companies and those who are looking for long-term solutions (for example those with a user base of around 2,000 plus users in and around 20 plus applications). It's reliable and offers users a lot of features. This helps companies avoid having to rely on other third-party solutions.

If you are new to Cisco, you should take advantage of the education they have on offer. Cisco provides access to training and it's worth taking advantage of this.

Overall, I'd are the solution at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
it_user1577460 - PeerSpot reviewer
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
May 18, 2021
A simple and reliable firewall with best support and very good netting, routing, and VPN functionalities
Pros and Cons
  • "Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support."
  • "I am very happy with this product in terms of netting, routing, and VPN functionalities."
  • "Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."

What is our primary use case?

I am using Cisco ASA 5525 for netting, routing, and site-to-site VPN. We have two sites. I am using Cisco ASA Firewall on one site and Check Point Next-Generation Firewall on another site.

How has it helped my organization?

We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.

What is most valuable?

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

What needs improvement?

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

For how long have I used the solution?

We have been using this solution for one and a half years.

What do I think about the stability of the solution?

It is stable and reliable. If you are looking for security from Layer 1 to Layer 4, Cisco ASA is good, but if you are looking for Layer 7 security, deep security, and malware detection, this is not the right product. You have to use some other product.

What do I think about the scalability of the solution?

We have more than 400 employees. We are currently not thinking of increasing its usage because we need more security, and Cisco ASA is not good for Layer 5 to Layer 7 security.

How are customer service and technical support?

The biggest advantage of a Cisco product is technical support. They provide 24/7 support on 365 days. Their technical support is one of the best. I would rate them a ten out of ten.

How was the initial setup?

Cisco ASA is very not complex. It is a very simple firewall. If you are configuring it through CLI, it is easy. If you configuring it through ASDM, it will be more difficult for a beginner engineer.

It takes around two to three days to cover all the parameters. It is very easy to deploy in an existing network, which is one of the main advantages of Cisco ASA.

What's my experience with pricing, setup cost, and licensing?

We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS.

Which other solutions did I evaluate?

I considered pfSense, but when I checked the reviews, pfSense's reviews were really bad, so we purchased Cisco ASA.

What other advice do I have?

I am very happy with this product in terms of netting, routing, and VPN functionalities. If you are a small organization with around 100 people and you are not thinking of Layer 7 security, deep security, and malware detection, Cisco ASA would be very useful and cost-effective for you.

I would rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Network Administrator at Bodiva
Real User
May 7, 2021
Useful VPN, overall user friendly, but becoming outdated
Pros and Cons
  • "The most valuable feature we have found to be the VPN because we use it often."
  • "The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us."

What is our primary use case?

We currently have this solution hosted in a service provider's premises. They give us the link for our infrastructure and that is how we manage our equipment. We use the VPN feature to connect with our clients. 

What is most valuable?

The most valuable feature we have found to be the VPN because we use it often. Additionally, overall the solution is user-friendly and especially the ASDM GUI.

What needs improvement?

The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us.

In the future, it would be wonderful to have an antivirus, log analyzer, and PDF/Excel data exportation features build into the solution. The data export would be great to be able to look at the access list.

For how long have I used the solution?

I have been using the solution for four years.

What do I think about the stability of the solution?

The solution is stable up to a point. We have had some troubles making VPN connections with other technologies, such as Check Point. We have some of our clients that have Check Point equipment on their side, and sometimes the traffic ceases. We then are forced to reset the tunnel in order to get the traffic back.

What do I think about the scalability of the solution?

Currently, we have approximately 20 site-to-site VPNs operations.

How are customer service and technical support?

We have had no issues with technical support.

Which solution did I use previously and why did I switch?

We are currently using a Check Point solution because this solution lacks by not having an application layer.

How was the initial setup?

The initial setup is can be complicated if you are not familiar with the command line. There is documentation available by Cisco and once you are trained it is not difficult at all.

What about the implementation team?

We use implementation consultants for the full deployment and it took approximately two weeks to complete.

What other advice do I have?

My advice to those wanting to implement the solution would be that implementations sometimes do not go as planned. You need to do your research to be prepared. 

We are evaluating other solutions because this one is getting close to its expiration. There are no other technologies out there that offer better features than this ASA solution.

I rate Cisco ASA Firewall a six out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1512729 - PeerSpot reviewer
IT Administrator / Security Analyst at a healthcare company with 11-50 employees
Real User
Mar 20, 2021
Reliable, good support, good documentation makes it straightforward to set up
Pros and Cons
  • "We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
  • "In summary, I think what I can say about them is there's nothing I needed to do that I haven't been able to do."
  • "It would be great if some of the load times were faster."

What is our primary use case?

I am an IT administrator and my job is probably 80% security analyst. We are a HIPAA environment, so we're a regulated industry and my job is to keep us from being breached. It's extremely difficult and an ever-changing, evolving problem. As such, I spend a couple of hours a day just reading everything threat report from every source I can get. 

We have a pair of 2110 models, with high availability set up.

There are multiple licenses that you can get with this firewall, and we subscribe to all three. A few months ago, we made the decision to do an enterprise agreement just because of the amount of security software we have. We subscribe to the threat, the URL, and the malware licensing. We use it for IPS, URL blocking, IP blocking, and domain blocking.

We've embraced the Cisco ecosystem primarily because I think they made some very intelligent acquisitions. We talk about security and depth and they've really done a good job of targeting their acquisition of OpenDNS Umbrella. It's all part of our ecosystem.

I take the firewall information and using SecureX, Cisco Threat Response, AMP for Endpoints, and Umbrella, I'm able to aggregate all that data with what I'm getting from the firewalls and from our email security, all into one location. From my perspective, being a medium-sized organization, threat hunting can be extremely difficult.

How has it helped my organization?

This product enriches all of the threat data, which I am able to see in one place.

There's nothing I personally have needed to do that I haven't been able to do with the firewall. It integrates so tightly into how I spend the majority of my day, which is threat response.

Much of this depends on any given organization's use case, but because I was an early adapter of Cisco Threat Response and was able to start pulling that data into it, and aggregate that with all of my other data. As I'm doing threat hunting, rather than jump into the firewall and look in the firewall at events, I'm able to pull that directly into Threat Response.

The ability to see the correlation of different event types in one place, these firewalls have definitely enriched that. You have Umbrella, but there are so many different attack types that it's good to have the DNS inspection at the firewall on the edge level too. So, the ability to take all of that firewall data and ingest it directly via SecureX and into our SIEM, where I have other threat feeds, including third-party thread feeds, gives our SIEM the ability to look at the firewall data as well. It lends to the whole concept of layering, where you don't have to have all of your eggs in one basket.

With our Rapid7 solution, I'm able to take the firewall data and dump it into our SIEM. The SIEM is using its threat feeds, as well as the threat feeds that are coming from Cisco Talos. In fact, I have other ones coming into the SIEM as well. So, I'm able to also make sure that something's not missed on the Talos side because it's getting dumped into our SIEM at the same time. All of this is easy to set up and in fact, I can automate it because I can get the threat data from the firewall.

In terms of its ability to future-proof our security strategy, every update they've done makes sense. We've been using one flavor or another of Cisco firewall products for a long time. Although I have friends that live and die by Fortinet or Palo Alto, I've never personally felt that I'm wanting for features.

What is most valuable?

We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government. My experience with Talos has been, they're pretty on top of things. Another driving factor towards Cisco: We get feeds every hour, automatically refreshed, and updated into the firewall.

If I had to rely on one security intelligence, which I wouldn't, but if I had to, I'm sure it would be Talos. The fact that it gets hourly updates from Talos gives me some peace of mind.

The real strength for the Cisco next-generation firewall is it'll do pretty much anything you want it to do, although it requires expertise and proper implementation. It's not an off-the-shelf product. For instance, there are some firewalls that may be easier to set up because they don't have the complexity, but at the same time, they don't have the feature set that the Cisco firewall has.

The firewall does DNS inspection, and you can create policies there.

The firewall integrates seamlessly and fully with our SIEM. We use a Rapid7 SIEM inside IDR and it now integrates seamlessly with that. Cisco's doing a lot more with APIs and automation, which we've been leveraging.

In terms of application visibility and control, I used the firewall and I also use Umbrella, but it depends on what it is that I'm seeing. One component that I use is network discovery. When you configure the policy properly, it'll go out and do network discovery so you're not loading up a bunch of rules you don't necessarily need. Instead, you're targeting rules that Cisco will say, "Hey, because of network discovery, we found that with this bind to whichever version server, we recommend you apply this ruleset." This is something that's been very helpful. You don't necessarily have to download every rule set, depending on your environment.

I have used it for application control. Right now, we're in the midst of doing tighter integration with ISE and the integration is very good. This is something that we would expect, given that it's a Cisco product.

I use the automated policy application and enforcement every chance I get. Using an automation approach, I would rather have a machine isolated even if it's a false positive because that can happen much faster than I can get an alert and react to it. On my end, I'm trying to automate everything that I can, and I haven't experienced a false positive yet.

Anything that's machine learning-based with automation, that's where I'm focusing a fair amount of attention. Another advantage to having Cisco is that their installed base is so huge. With machine learning, you're benefiting from that large base because the bigger their reach is, the bigger and better the dataset is for machine learning.

At some point, you have to trust that the data set is good. What's impressed me about Cisco is with all of our Cisco products, whether it's AMP or whatever, they're really putting an emphasis on automation, including workflows. For someone like me, if I get an alert in the middle of the night and I see it at 6:00 AM, it is going to be a case of valuable time lost, so anything that I can do to make my life easier, I'll definitely do it.

What needs improvement?

It would be great if some of the load times were faster. My general sense is that it's probably related to them taking a couple of different technologies and marrying them together. We are using virtual, so the way that I handled that was to throw more RAM in it, which these days, is pretty cheap. I could see some improvement with the speed of deploying policies out, although it's not terrible by any means. One thing about Cisco is whatever they're doing, it keeps getting better.

The speed of deploying policies could be improved, although it is not terrible by any means.

Another legitimate criticism of Cisco that comes to mind is that you need to make sure you've got your licensing straightened out. I haven't had any problems in a long time, but I know people that haven't used Cisco products sometimes can run into issues because they haven't figured out so-called smart licensing. Depending on the Cisco person you're working with, make sure you have all that stuff all set to go before you start the implementation.

That's an area that Cisco has been working on, I know. But licensing is a common complaint about Cisco. I suggest making sure that you have that stuff in place and you've got all your licenses all ready to go. It seems like a dumb thing, but my most common complaint about Cisco before we entered into our enterprise agreement was licensing. When it's working, it's great, but God help you if you've got a licensing problem.

What do I think about the stability of the solution?

They've been very reliable for us and we haven't had one fail, so we've never had to failover. That has been generally my experience with Cisco products, which is one reason that we tend to lean on Cisco hardware for switching, too. The reliability of the hardware over the years has been very good.

What do I think about the scalability of the solution?

We have integrated these firewalls with other products, such as Cisco ISE, and it hasn't been a problem. ISE is a Cisco product so it would make sense that it integrates well, but ISE integrates with other firewalls as well.

Everything that I've done with these firewalls has been pretty seamless. We've had no downtime with them at all. They've been very rugged as we expanded usage through integration.

How are customer service and technical support?

People knock Cisco TAC but in my experience, they have been very good. I've always found them to be extremely helpful. Friends that I have made from inside Cisco say, "Hey, you want me to look at this or that?", which is very helpful.

Which solution did I use previously and why did I switch?

The big three solutions, Cisco, Fortinet, and Palo Alto, are all really good but I tend to lean on Cisco versus the others because one of their strengths, in general, is threat intelligence. When you put a bunch of security people in a room then you have a lot of consensuses, but like anything, you'll have a lot of disagreements, too.

Each of these products has its strengths and weaknesses. However, when you factor in AnyConnect, which most people will agree is state-of-the-art from a security standpoint in terms of VPN technology, especially when it's integrated with Umbrella, it plays into the firewall. But, it always comes back to configuration. Often, when you read about somebody having an attack, it's probably because they didn't set things up properly.

If you're a mom-and-pop shop, maybe you can get by with a pfSense or something like that, which I have in my house. But again, if you're in a regulated environment, you're looking at not just a firewall, you're looking at all sorts of things. The reality is, security is complicated.

How was the initial setup?

Cisco gives you lots of options, which means that it can be complicated to set up. You have to know what you're doing and it's good to have somebody double-check your work. But, on the other hand, it does everything from deep packet inspection and URL filtering to whatever you want it to do, with world-class integration. It integrates with Umbrella, AnyConnect, ISE, StealthWatch, and other products.

It is important to remember that a firewall is only as good as it's configured. Sometimes, people will forget to configure a policy, or they will create the rules but forget to apply them. It comes back to the fact that it's a professional product and it's only as good as the person who's using it.

I do some security consulting and I've seen many misconfigurations. People will write a Rule Set but forget to apply it to a policy, for example. There is no foolproof product and I think it is a challenge to say, "Wow, this firewall is better than that firewall." These things are complex, but Cisco has always, in my mind, set many kinds of standards. I don't know any serious security person that would argue that.

Especially AnyConnect with an Umbrella module attached, I think most people would argue it's state-of-the-art. I know that I would because it allows me to do a couple of things at once. It's not just the firewall; it's AnyConnect, and it's what you can do with AnyConnect given its functionality with Umbrella. It gets kind of complicated and it depends on the use case, and some people don't need that.

Again, what makes it difficult to say something about a firewall is, the configuration possibilities are so varied and endless. How people license them is different. Some people think, "I prefer the IPS License," or whatever. But again, I think to get the strength of a Cisco firewall is just that.

I found our setup straightforward, but you don't go into it blind. You have to be clear on your requirements and you need to take the setup step-by-step. Whenever I deploy a firewall, I have a couple of people to double-check my work. These are people who only work on Cisco firewalls and they act as my proofreaders whenever I am doing a new deployment.

Cisco's documentation is very good and it's always very thorough. However, it's not for a novice, so you wouldn't want a novice setting up the firewall for an enterprise. Personally, I've never had any issues with policies not deploying properly or any other such problems.

Talking about how long it takes to deploy, it's a good weekend if it's a new deployment. It's not just clicking and you're done. I haven't installed a Fortinet product, but I can't imagine any of them are easy to install. Essentially, I found it straightforward, but it is involved. You've got to take your time with it.

You need to make sure anything you do with your networking, that you have it planned out well in advance. But once you do that, you go through the steps, which are well-documented by Cisco.

What's my experience with pricing, setup cost, and licensing?

Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain. That's the way I look at it.

Which other solutions did I evaluate?

We also use Cisco Umbrella, and I may use features from that product, depending on where I am.

What other advice do I have?

Every firewall has its pluses and minuses, but because we've taken such a layered approach and we're not relying on one thing to keep us safe, I've never really gone, "Oh, I've had it." I've heard some complaints about Cisco TAC, but generally speaking, I've been able to configure them and do whatever I need to with the Cisco firewall. There's nothing in my experience with Cisco that leads me to believe that that's going to stop.

I've always felt comfortable with every Cisco purchase we've made and every improvement they've made to it. I think they keep moving in a positive direction and they're pretty good with updates and fixes. You can have 10 people, networking people or security people, and they'll all have different takes on it. That said, I've always been very comfortable. I don't stay up at night and worry about our firewalls.

One thing to remember about Cisco is that whatever they're doing, it just keeps getting better. In my experience with Cisco, I have yet to have a product of theirs that they haven't improved over time. For example, we bought into OpenDNS Umbrella before Cisco acquired them. At the time, I was wondering whether they were going to improve it or what was going to happen with it, because you can never be sure. Again, Cisco has done nothing but improve it. It's a far more mature product than when we picked it up five or six years ago.

While not directly related to the NGFW, it speaks to Cisco's overarching vision for security, which again, I'm always looking at layers. If you're thinking that you're going to secure an environment by buying a firewall, yes, that's a really important piece of it, but it's only one piece of it.

Cisco is a company that is really open about vulnerabilities, which some people could see that as a negative but I see as a positive. I do security all the time, so I'm always going to be paranoid. That said, I've spent so much time doing this stuff that I've developed a lot of trust in Cisco. Again, I think there are other great products out there, but Cisco has made it really easy to integrate stuff into this ecosystem where you have multiple layers of not perfect, but state-of-the-art enterprise security.

My advice for anybody who is implementing this solution is, first of all, to know what you're doing. If you're not sure then get somebody that does. However, I would say that's probably true of any firewall. If your business relies on it, have all of your information ready beforehand, it's just all the straightforward stuff that any security person needs.

In summary, I think what I can say about them is there's nothing I needed to do that I haven't been able to do. I have incredible visibility into everything that's happening. We continue to leverage more features, to use it in different ways, and we haven't run into any limitations. I cannot say that the product is perfect, however, and I would deduct a mark for the interface loading. It's not terrible but sometimes, especially when you're doing the setup, it can chug away for a while. Considering what the device does, I think that it's a small complaint.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.