Cisco Secure Firewall Reviews

We mainly use it in the data center. We are obliged to use a firewall. It's a necessity.

It has helped in securing our infrastructure from end to end so that we can detect and remediate threats. There is another office in my company that does threat detection, but it has been helpful.

It hasn't freed up any time. We still have to manage the firewall. It's something we have to do.

All the features except IPS are valuable. IPS is not a part of my job.

It's already pretty good. In terms of functionality, there isn't much to improve. There could be more bandwidth and better interface speed.

I've been using Cisco firewalls for 20 years.

Its stability is very good.

It's better to have a higher speed. I'd rate it an eight out of ten in terms of scalability.

We have multiple locations and multiple departments. We are a big company, and we have a lot of remote sites. We have about 6,000 of them.

They are very good. From time to time, Cisco employees come to us and provide information about the latest features and new products. I'd rate them a ten out of ten.

Positive

We have other firewalls, and it hasn't helped to consolidate other solutions. We have to use the Cisco firewall and other vendors because of internal law. We have to use two firewalls, one from vendor A and the other one from vendor B.

We went for Cisco because it's affordable. It's something you can trust. It's something you know. It's a valued product. 

I've been involved in configuring it and assessing and ensuring that the configuration is up to date and there are no bugs, etc.

Its initial setup is not at all complex. I've been working with Cisco firewalls for 20 years, so I know them very well. It's not complicated for me.

We have all deployment models. We have on-premises and cloud deployments. We have everything. I belong to a big organization.

We had a consultant for integrating the product. Our experience with the consultant was good.

The number of people required for deployment varies, but one person can deploy the solution. It's quite easy to implement. It doesn't require a lot of staff.

It requires normal maintenance.

It's affordable.

Try it. You will be happy. 

I'd rate Cisco Secure Firewall a ten out of ten.

We started using this solution due to challenges with throughput. We needed devices with more quantity of throughput and bandwidth. We use this solution in different locations and different departments and we have around 2000 internal customers.

Cyber security resilience is really important for our organization. It is necessary for all the points for interconnections between LAN networks and WAN networks as we receive daily attacks.

The IP filter configuration for specific political and Static NAT has been most valuable.

The access layer of this solution could be improved in terms of the way the devices interconnect with our network. We need to be able to analyze the traffic between the different interconnections in these areas.

In a future release, we would like to have an IP analyzer to try to identify the specific comportment of the customers.

I have been using this solution for seven years. 

This is a very stable solution. 

This solution would need an adjustment to be scalable. 

Our engineers usually fix the issues we have, depending on the issue. When we reached out to the technical support team, they were attentive and helped us. 

We previously used Palo Alto, Fortinet, and Cisco Firepower. We switched because Cisco is more stable and offers easy deployment for the platform.

This solution requires regular maintenance and I have 10 engineers that manage it.

I would rate this solution a nine out of ten because it is a good product that is more stable than others on the market. 

Typically, we use them on the internet edge for protecting customer networks from the internet. It's a delimiter between the local area network and the wider internet. Other use cases include securing data centers or protecting certain areas within a network. It's not particularly internet-based, but it gives you that added layer of security between networks or between VLANs and your network, rather than using a Layer 3 switch.

Ultimately, it's about securing data. Data is like your crown jewels and you need to be able to secure it from different user groups. Obviously, you need to protect your data from the internet and that's why we generally deploy Cisco ASAs.

The usability, with the GUI front end, certainly helps and it means you don't have to be a command-line person. We have to get away from that now because if you put the typical IT admin in front of a CLI they might struggle. Having something graphical, where they can click in logs to see what's going through the firewall— what's been denied, what's being allowed—very quickly, helps to get to a diagnosis or know something has been blocked. And when it comes to making changes within the environment, that can be done very quickly as well. I've seen something be blocked within a couple of minutes, and any IT admin can make a change through the GUI.

One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important.

One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes. 

To have that kind of feature, it's more than likely there would need to be some kind of storage on the device, but those boxes were designed a number of years ago now. They weren't really designed to have that built-in. Having said that, if you do reflash into the FTD image, and you've got the Firepower Management Center to control those devices, then all that logging is kept within the Firepower Management Center.

I've been using Cisco ASA Firewalls since they came out. Before ASA, I used Cisco PIX Firewalls. I've been using them since about 1999 or 2000.

I'm involved in the presale events as well as the implementation and post-sale support. We do everything. That is probably different from a lot of organizations. We are quite a small company, so we have to be involved at all levels. I see it from all angles.

One of the reasons I've stuck with Cisco all these years is that you always get excellent support. If a network goes down due to major issues, I know I can raise a case with TAC and get through to subject matter experts very quickly.

Obviously, you need a SMARTnet contract. That means if a device has completely failed, you can get a box replaced according to the SLAs of that contract. That's very important for customers because if you have an internet edge failure and you just have a single device, you want to know that the replacement box is going to be onsite within four hours.

When a network goes down, you're going to know about it. You want to be safe in the knowledge that someone is going to be there for you and have your back. Cisco do have your back on those kinds of things.

Cisco support is a major selling point.

Positive

In terms of deployment, a lot of organizations are moving to the cloud. People are looking at the ASAv image for deploying into the public cloud on Azure or AWS. But there are still a lot of organizations that use ASAs as their internet edge.

The on-prem and the cloud-based deployments are very similar. When you're designing a solution, you need to look at the customer's business requirements and what business outcomes they actually want from a solution. From there, you develop architecture. Then it's a matter of selecting the right kinds of kits to go into the architecture to deliver those business outcomes. We talk to customers to understand what they want and what they're trying to achieve, and we'll then develop a solution to hopefully exceed their requirements. 

Once we've gotten that far, we're down to creating a low-level design and fitting the components that we're going to deploy into that design, including the ASA firewalls and the switches, et cetera. We then deploy it for the customer.

Your investments are protected because of the innovations over time and the fact that you're able to migrate to the latest and greatest technology, through Cisco. 

There are also a lot of Cisco ASA skills out there in the marketplace, so if you have ASAs deployed and you get a new employee, it's more than likely they have had experience with ASAs and that means you're not having to retrain people.

We do deploy other manufacturers' equipment as well, but if I were to deploy a solution with firewalling, my number-one choice would probably be Cisco ASA or the FTD image or Cisco Meraki MX.

The flexibility you have in a Cisco ASA solution is generally much greater than that of others in the marketplace. 

For any Cisco environment, we choose Cisco because it comes down to support. If the network is Cisco, then you have one throat to choke. If there is a network issue, there's no way that Cisco can say, "It's the HP switch you've got down in the access layer."

ASA morphed from being just a traditional firewall, when they introduced the Firepower Next-Generation Firewall side. There has also been progress because you can reflash your old ASAs and turn them into an FTD (Firepower Threat Defense) solution. So you've got everything from your traditional ASA to an ASA with Firepower.

Cisco ASA has been improved over time, from what it was originally to what it is now. Your investments are being protected by Cisco because it has moved from a traditional firewall through to being a next-gen firewall. I'm a fan of ASA.

I think ASAs are coming towards the end of their lifespan and will be replaced by the FTDs. It's only a matter of time. But there are still a lot of Cisco customers who use ASAs, so migrating that same level of knowledge those customers have of the ASA platform across to the FPR/FTD image, will be a challenge and will require investment.

The primary use is as edge firewalls to the Internet.

We are only on-premise. There is still no cloud plan.

It provides visibility and information to the organization about what is being accessed on the Internet as well as the applications that it is protecting.

It is part of our security strategy.

• Anti-malware protection
• Web Filtering
• VPN Remote-Access

The most valuable feature is the anti-malware protection. It protects the endpoints on my network.

We use the application visibility and control feature of Cisco firewalls.

The ease of use needs improvement. It is complex to operate the solution. The user interface is not friendly.

I have been using it for eight to 10 years.

We have 200 users using this solution.

The technical support is good, but it could be better. I would rate them as six out of 10.

Neutral

The setup is not too complex. We implemented it on all our ports.

We have five people on our cybersecurity team.

The solution's ability to provide visibility into threats is fine, but the Fortinet and Check Point solutions have better dashboards and information about visibility.

We are also using Cisco AnyConnect, Umbrella (as a cloud proxy), and ISE. We have between five or six antivirus, proxy, anti-malware, data loss prevention, VPN client, and firewall tools.

I would rate this Cisco product as six out of 10.

Our primary use case is as a firewall and using it for web filtering. We use IPsec VPN services on it, as well as the router.

I have been using the product for only a few months, but the company has been using it for a couple of years.

The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything. I don't think really highly of it, though.

The IPsec VPN and web filtering.

I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it. 

It seems very clunky and slow. I would like to be able to tune it to be a more efficient product.

It has generally been okay in terms of stability. We haven't had it go down, but we do have some interruptions. I don't know if it is the ISP or the firewall. We have more frequent network disruptions, and other branches call in telling us that they are unable to use their services to do their job. Unfortunately, we can't really do anything about it. It just clears up in about five or six minutes. In terms of stability, I would give it a seven and a half out of 10.

I don't see it being very scalable. I don't have access to the actual interface on it. However, it is an older product, so it probably doesn't have high availability features. So, it's scalability is probably limited. I know that we kind of put it through the ringer with our fewer than a hundred connections into it.

AT&T handles our technical support, since it's leased through them.

I was not involved with the initial setup.

We pay a lot of money for it.

For big organizations who are used to throwing around a lot of money for absolutely surety, this would probably be a good fit for them. For the average SME, this particular firewall system, as well as Cisco in general, this product would not be a good fit for them.

We are currently looking at WatchGuard, pfSense, and Fortinet FortiGate. Netgate would provide the hardware.

We have still got nine months left on our contract with AT&T before we can actually do anything. We are just trying to do as much research and ask as many questions as we can before we get to that point.

We just don't have a lot of the control or customizability that we would like to have over the system. A lot of this has to do with how AT&T is handling the access to it. Also, the hardware is outdated. We would like to go with a product in which everything is very transparent, clear, organized, all in the same place, and we can monitor clearly. The reason that we are looking to change is price: We pay a lot for it. If we had more control over it, we would be better able to control the quality and performance of the network and services, as well as the budget.

The most important criteria when selecting a vendor:

• IPsec VPN
• Good stable connection
• Failover support: We need to have dual-WAN, so we can get two WAN connections in there and have failover. 
• Load balancing would be good, especially for those rough patches. 
• Internal web filtering and blocking: We need to be able to control what our end users are looking at.
• Monitoring: As much monitoring as we can get.
  

Cisco Secure Firewall is a next-generation firewall that can be used for various security applications. 

The advantage of using Cisco is its integration within the Cisco fabric, which allows for effective threat detection and mitigation.

Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance.

The product is stable with minimal glitches or latency issues.

The solution is easy to install, requiring minimal expertise. Deployment time varies, but it can take about two days for a medium-sized company with 200-300 users to configure and install.

After five years of product usage, the high return on investment and low total cost of ownership can be observed.

Pricing depends on partnerships and certifications. The engineering team's certifications can qualify it for seven to eight percent discounts.

The platform's integration capabilities depend on the project context. In some cases, integrating Palo Alto may provide better performance, but Cisco can still be effective.

However, its classification in industry comparisons, such as those from Gartner, is lower than that of competitors like FortiGate and Palo Alto.

Overall, I rate it seven out of ten. 

Cisco Secure Firewall has impacted our cybersecurity cost efficiency.

The important features are IPS intrusion prevention, anti-malware, and anti-spam.

Cisco firewall needs experience with hardware. They should also enhance security antivirus, application detection, user detection, and ID detection. 

I have been using Cisco Secure Firewall for three years.

300 users are using this solution.

The support is good.

Positive

The initial setup is easy, but it takes some time to push the configurations. Also, it's a little complicated and not friendly to use. It is good only for IT and experienced people. 

The deployment took two months and a team of two to three people.

The pricing is average.

I recommend the solution to medium and enterprise customers since it is expensive. 

Overall, I rate the solution an eight out of ten.

We are using these firewalls for edge security or different zones of security. We use them throughout the whole organization, but they vary in size, depending on if it's a small office in Spain or a large office in another country. We have offices in many countries.

It saves time. It protects us from experiencing big or small attacks. If we are vulnerable to attacks, it would take us a lot of time to fix that and put out all the fires. Hopefully, we won't need that when we have several layers of security.

We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works.

They have already improved it to some degree. It has become easier, but I've not drilled down much myself. I mostly use CLI, but I can see that it's a little bit more GUI-based. So, improvement is already there. It's a good thing that we now have GUI-based control over the details, and that would be the way to go.

It integrates with other security products from Cisco, but sometimes, there can be glitches or errors.

I have been using Cisco firewalls for the last 20 years. We are now mostly using FPRs, but we also have some old Cisco firewalls that we need to change to newer technologies.

It has been a while since I used it myself. My experience was good. You get the correct engineer for the task. I'd rate them an eight out of ten.

Positive

We have firewalls from other vendors, but we will be moving over to Cisco. When we have the same vendor, it would take less time to train people to do their job because there is one technology rather than four or five different ones.

I was involved in its deployment, but that was a few years ago. It was not an in-depth technical installation; it was more of a physical installation. It was easy. We are a big company, so we need to plan the downtime and get approval from the business to take down systems and upgrade them. 

I'd rate Cisco Secure Firewall a seven out of ten.