Cisco Secure Firewall Reviews

We use it to configure the perimeter firewalls. In FireSIGHT, we have two firewalls in a cluster with high ability, then we have five firewalls in Offices. We use those firewalls as a perimeter for Offices.

We have all the devices in the Firepower Management Center system. We always work with Firepower devices in Firepower Management Center.

We have offices around the world. We are in Europe, the USA, and South America.

We have border security with Firepower. We try to curb security issues by using this Firepower firewall.

The solution provides us with good working application visibility and control.

I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.

The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.

Three years ago, the Firepower Management Center was very slow. The solution has improved a lot in the last couple of years. It is now faster. I hope that continues to improve. 

I have been using it for three years.

We have five devices. In Rome, we don't have a technician and didn't work when we started using it. We had to send a technician to Rome to reboot the system. Now, it is stable with no problems. Also, we lost the link to the high availability firewall in our data center. We only had one device there, and Solutel had to solve this issue.

The scalability is great.

We have five devices in four locations.

Three network administrators who work with Firepower, including myself.

I usually create an issue with Solutel, then they create a case with Cisco Talos or the Cisco technicians. I am happy with Solutel's support.

We deployed in several cities, but not the same day. 

The initial deployment was done by a Cisco partner, Solutel. Our experience with Solutel was fantastic. They are local partners for us and provided us with great service.

We realized that clearly we have issues of security with a lot of attacks. I don't know if it is because with the COVID-19 virus a lot of hackers are at home or working more hours. In the last year, we have seen attacks that are very big, and we need a barrier. So, we use a firewall to block these attacks.

The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.

Our license for Firepower is their best license.

We have FortiGate firewalls, the security of Office 365 from Microsoft, Cisco Umbrella, and Kaspersky Anti-virus. We are also using Cisco ASA, Meraki switches, and a router from Cisco.

The Firepower Management Center tool is very slow. We also have the FortiGate firewalls and these tools for configuring the firewall are faster.

We have to make a change to our devices in South America. We are currently evaluating Cisco Firepower Series 1000 versus FortiGate. Firepower is more powerful than FortiGate, but FortiGate is more flexible and easier to configure. Because of our last issues with Firepower, it is possible that FortiGate is more stable.

It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.

We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.

I would rate this solution as an eight (out of 10).

We use it for the actual firewall and also site-to-site VPN.

Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.

Overall, for security, we use about seven tools.

Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.

We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.

The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.

FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.

I have been using Cisco Firepower NGFW Firewall for two years.

I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.

I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.

We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.

We also use AMP, Umbrella, SecureX, and Duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.

We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy to set up.

We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.

The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.

We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.

From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.

Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.

With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.

If configured, Firepower provides us with application visibility and control.

The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.

Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.

Overall, on a scale from one to ten, I would give this solution a rating of eight.

Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.

Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.

They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.

I have been using Cisco ASA Firewall for roughly four years.

It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.

I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.

Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.

If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

We handle the implementation for our customers. 

I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.

We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.

My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. 

Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.

We use the platform to provide secure perimeter internet access for customers and also to provide secure networks or secure SANs for customers. We have a global partnership with Cisco and I'm a re-sales and security manager of IT services.

The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations. 

To configure the FirePower it is required an external console. It would be nice to have the console embedded in the Firewall so you don't require an extra device. I'd like to see some kind of SD-WAN included as a feature. 

I've been using this solution for six years. 

The solution is very stable and we feel very secure with it. 

The scalability is no problem. 

The technical support is excellent. 

The initial setup is quite straightforward. I think someone who knows the iOS platform and knows about firewalls can setup the device. If you don't have experience, it will be somewhat complicated. If you know the platform, implementation is very quick. We've installed over 1,000 firewalls for different customers.

This is a very stable platform, and you can adjust the engine for malware protection. It is one of the best and a very reliable solution.

I would rate this solution a 10 out of 10. 

I often work with financial sector companies such as banks as well as retail organizations.

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

The initial setup can be a bit complex for those unfamiliar with the solution.

There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced. 

The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.

We've used the solution recently. We've used it at least over the last 12 months or so.

The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.

This particular product does not have high availability and therefore scalability is limited.

You need a pretty sizable solution for a center.

We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.

I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.

We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.

I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.

You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.

The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.

I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.  

I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.

We use this solution for our firewall and intrusion prevention system.

The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside. 

There are no issues that we are aware of. It does its job silently in the background.

The initial setup could be simplified, as it can be complex for new users.

We have been working with this solution for a couple of years.

It's stable. If there is ever a problem, it never seems to be the firewall.

This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.

Technical support is good. They are responsive.

The initial setup was somewhat complex at first.

We had help from an integrator, which was Dell. They were helpful.

The price is comparable.

We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.

We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.

We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.

I would rate the Cisco firepower NGFW Firewall a nine out of ten.

The feature set is fine and is rarely a problem.

Cisco makes horrible UIs, so the interface is something that should be improved. Usability is poor and it doesn't matter how good the feature set is. If the UI, whether the command-line interface or GUI, isn't good or isn't usable, then you're going to miss things. You may configure it wrong and you're going to have security issues.

Security vendors have this weird approach where they like to make their UIs a test of manhood, and frankly, that's a waste of my time.

The SNMP implementation is incredibly painful to use.

I have been using Cisco Firepower NGFW Firewall within the past year.

I work with a lot of different IT products including three different firewall solutions in the past 12 months.

Everything has room for improvement.

I would rate this solution a five out of ten.

We tend to use the solution as it's forced on us by corporate. Our company wants us to use it.

The solution is stable. We haven't had any issues in that sense.

The security of the hardware is excellent. Cisco is very serious in its approach to security.

We have a high level of trust in Cisco and its products.

The solution is excellent for enterprise-level networks.

The solution is difficult to use. There's more required than a typical firewall. It's different than, for example, Palo Alto and Fortinet, which we find are easier to set up. 

If the implementation was easier, it would be a lot better for us.

It would be such a great product for us if it was easier to manage.

I've been working with the solution for more than ten years. It's been a long time. It's been over a decade at this point.

The solution is quite stable. We have no problems with bugs or glitches. It doesn't crash or freeze. It's good.

We've found the solution to be scalable. A company shouldn't have any issues with expanding it if it needs to.

We have about 300 users on the solution currently. We do plan to continue to use Cisco in the future.

We use third-party technical support that's offered and we're quite satisfied with the level of attention we receive.

I have knowledge of Palo Alto and Fortinet.

While those two are easier to set up and control, nothing compares to Cisco in terms of security. They're very strong in that regard. We also find Cisco to be more stable.

However, we only use Cisco firewalls in our organization. We don't use anything else.

The implementation is not so straightforward. It's rather complex and we have a lot of trouble with it.

The implementation took us about one month.

We plan to implement an updated version next month as well.

We need three to eight people to handle the setup.

I did not handle the implementation by myself. Rather, it's done by another team including the original support from Singapore and with license support from headquarters in Japan.

However, our team does handle the implementation in-house, and we can handle the setup for clients as well.

We do need to purchase licenses. Those come from headquarters in Japan. They handle the details in terms of pricing. I'm not sure of the overall costs.

We're both a customer of Cisco and a reseller.

This month we plan to upgrade from our existing hardware.

Overall, we've been happy with the results we've gotten. I would rate the solution at a nine out of ten.