Try our new research platform with insights from 80,000+ expert users
Sergiy Ovsyannyk - PeerSpot reviewer
VP Network Engineering at a computer software company with 501-1,000 employees
Real User
As both perimeter and internal firewalls, they provide traffic inspection, packet analysis, and decryption
Pros and Cons
  • "It just works for us."
  • "Cisco is still catching up with its Firepower Next-Generation firewalls."

What is our primary use case?

We use it for perimeter and internal firewalls. We wanted a firewall with traffic inspection, packet analysis, and decryption.

Our deployment is on-prem and hybrid. We don't use it in the cloud as we use other vendors for that.

How has it helped my organization?

I'm not sure the firewall has improved our organization because a firewall is a must. It's something that you pick up and then trust. It just works for us.

What needs improvement?

Cisco is still catching up with its Firepower Next-Generation firewalls. It's naturally growing and getting better.

For how long have I used the solution?

I've been using Cisco ASA Firewalls for 15 years.

Buyer's Guide
Cisco Secure Firewall
April 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
845,564 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's stable.

What do I think about the scalability of the solution?

It's used around the world. We have 20 data centers and each data center handles six offices. We have Cisco in every single location. If something new comes up, we'll increase our usage of the product.

How are customer service and support?

Cisco's technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We're a multi-vendor shop when it comes to firewalls, and we use Check Point and Palo Alto in addition to Cisco. We used to have Fortinet but that amounted to too many vendors.

When the Cisco product changed from legacy traffic inspection to the new Firepower it became a next-generation firewall. It was just a new product. That's why we decided to try it and stay with Cisco. It's like two different products: the legacy product and the new one. The legacy product was much simpler and the new one is, obviously, more complex.

How was the initial setup?

I'm a designer, so I don't do racking and stacking, but I'm hands-on when it comes to configuration. I have used this product for years, so for me, it's not like adding a brand new product. It is just a matter of adding features, a hardware refresh. I wouldn't call it a challenge.

For maintenance, we have two to three network engineers involved.

What's my experience with pricing, setup cost, and licensing?

The pricing of Cisco firewalls, in the security market, is fair. Their pricing of other products is questionable, but for firewalls, it's fine.

What other advice do I have?

Compare Cisco ASA with other vendors' products and compare the features one-on-one. Pay special attention to the security portion, such as traffic inspection. That's probably the most important aspect. And then look at performance.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

PeerSpot user
Rich text editor
    Admin Network Engineer at Grupo xcaret
    Real User
    Offers more security and flexibility for VPNs
    Pros and Cons
    • "It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications."
    • "I would like more features in conjunction with other solutions, like Fortinet."

    What is our primary use case?

    It is for our VPNs and filters out websites. 

    How has it helped my organization?

    It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications.

    What is most valuable?

    Its security is easy to use.

    What needs improvement?

    I would like more features in conjunction with other solutions, like Fortinet.

    For how long have I used the solution?

    I have been using it for five years.

    What do I think about the stability of the solution?

    It has very good stability.

    What do I think about the scalability of the solution?

    It has really good scalability.

    How are customer service and support?

    The customer service and technical support are good. I would rate them as nine out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were previously using Fortinet. We switched to ASA and Firepower when our contract with Fortinet ended. Now, we are only using ASA.

    How was the initial setup?

    The deployment was simple.

    What was our ROI?

    The ROI is good. Using ASA, we have saved 10% to 20% on our costs.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is fine. It is not too bad.

    What other advice do I have?

    We had it integrated with the Umbrella solution a few years ago.

    I would rate this solution as nine out of 10.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.

    PeerSpot user
    Rich text editor
      Buyer's Guide
      Cisco Secure Firewall
      April 2025
      Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
      845,564 professionals have used our research since 2012.
      reviewer1885329 - PeerSpot reviewer
      Network engineer at a government with 10,001+ employees
      Real User
      Keeps the outsiders on the outside and enables us to monitor content going out
      Pros and Cons
      • "The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current."
      • "Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."

      What is our primary use case?

      We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.

      How has it helped my organization?

      It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.

      What is most valuable?

      The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

      What needs improvement?

      Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.

      There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.

      For how long have I used the solution?

      I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.

      What do I think about the stability of the solution?

      They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal. 

      What do I think about the scalability of the solution?

      It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.

      How are customer service and support?

      Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.

      How would you rate customer service and support?

      Positive

      Which solution did I use previously and why did I switch?

      Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.

      Which other solutions did I evaluate?

      We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.

      What other advice do I have?

      I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.

      Things are changing and the ASAs are becoming dated. People want content filtering and so on now.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.

      PeerSpot user
      Rich text editor
        reviewer1500255 - PeerSpot reviewer
        Senior Network And Security Engineer at a pharma/biotech company with 201-500 employees
        Real User
        Protects your system against threats and advanced malware
        Pros and Cons
        • "If configured, Firepower provides us with application visibility and control."
        • "FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."

        What is our primary use case?

        We use it for the actual firewall and also site-to-site VPN.

        Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.

        Overall, for security, we use about seven tools.

        Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.

        How has it helped my organization?

        We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.

        What is most valuable?

        The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.

        What needs improvement?

        FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.

        For how long have I used the solution?

        I have been using Cisco Firepower NGFW Firewall for two years.

        What do I think about the stability of the solution?

        I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.

        How are customer service and technical support?

        I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.

        Which solution did I use previously and why did I switch?

        We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.

        We also use AMP, Umbrella, SecureX, and Duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.

        We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy to set up.

        We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.

        How was the initial setup?

        The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.

        We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.

        What about the implementation team?

        From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.

        Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.

        What's my experience with pricing, setup cost, and licensing?

        With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.

        What other advice do I have?

        If configured, Firepower provides us with application visibility and control.

        The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.

        Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.

        Overall, on a scale from one to ten, I would give this solution a rating of eight.

        Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

        PeerSpot user
        Rich text editor
          SOC & SECURITY SERVICES DIRECTOR at BESTEL
          Reseller
          Filtering, IPS, and the A&P on small operations are all great features
          Pros and Cons
          • "A good intrusion prevention system and filtering."
          • "Implementations require the use of a console. It would help if the console was embedded."

          What is our primary use case?

          We use the platform to provide secure perimeter internet access for customers and also to provide secure networks or secure SANs for customers. We have a global partnership with Cisco and I'm a re-sales and security manager of IT services.

          What is most valuable?

          The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations. 

          What needs improvement?

          To configure the FirePower it is required an external console. It would be nice to have the console embedded in the Firewall so you don't require an extra device. I'd like to see some kind of SD-WAN included as a feature. 

          For how long have I used the solution?

          I've been using this solution for six years. 

          What do I think about the stability of the solution?

          The solution is very stable and we feel very secure with it. 

          What do I think about the scalability of the solution?

          The scalability is no problem. 

          How are customer service and technical support?

          The technical support is excellent. 

          How was the initial setup?

          The initial setup is quite straightforward. I think someone who knows the iOS platform and knows about firewalls can setup the device. If you don't have experience, it will be somewhat complicated. If you know the platform, implementation is very quick. We've installed over 1,000 firewalls for different customers.

          What other advice do I have?

          This is a very stable platform, and you can adjust the engine for malware protection. It is one of the best and a very reliable solution.

          I would rate this solution a 10 out of 10. 

          Which deployment model are you using for this solution?

          On-premises
          Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

          PeerSpot user
          Rich text editor
            Consulting Engineer at IV4
            Reseller
            Stable, good technical support, and the VPN feature works well
            Pros and Cons
            • "The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities."
            • "I have worked with the new FTD models and they have more features than the ASA line."

            What is our primary use case?

            Our company sells Cisco Firewalls and the ASA is one of the products that we implement for our clients. The primary use cases are internet access, AnyConnect, and VPN.

            What is most valuable?

            The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities. Because I primarily deal with the VPN functionality, I don't get very deep into the IPS or other capabilities.

            What needs improvement?

            I have worked with the new FTD models and they have more features than the ASA line.

            For how long have I used the solution?

            We have been dealing with Cisco ASA since about 2002.

            What do I think about the stability of the solution?

            I am very happy with its stability and the product in general.

            What do I think about the scalability of the solution?

            In our organization, we only have one in our data center that all of our people pass through. However, I've got clients that have thousands running through large Cisco firewalls.

            How are customer service and technical support?

            Cisco's technical support has always been excellent. They have great support.

            Which solution did I use previously and why did I switch?

            I have dealt with four or five others, but so far, I have the most experience with Cisco.

            Recently, I worked with the new FTD 1000 or 1100 series, and they do a lot.

            How was the initial setup?

            The complexity of the initial setup depends on the environment. Sometimes, it's brand new whereas other times, I install a replacement for an existing Cisco device or some other product.

            What about the implementation team?

            I am in charge of installing and configuring our Cisco Firewall solutions.

            What other advice do I have?

            I would rate this solution a ten out of ten.

            Which deployment model are you using for this solution?

            On-premises
            Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

            PeerSpot user
            Rich text editor
              Ahmed Nagm - PeerSpot reviewer
              IT Solution Consultant at PCS
              Real User
              Top 10
              Offers Excellent Stability and Endpoint Protection
              Pros and Cons
              • "The feature that I found most valuable is the overall stability of the product."
              • "One of my main concerns, an area that could use improvement is in adjusting the need to buy a license to enable features."

              What is our primary use case?

              The primary use case for this solution is on the client side. PCS stands for
              Perfect Computer Systems. We are an integration company, we specialize in solution integration, bringing together component subsystems into a whole and ensuring that those subsystems function together.

              How has it helped my organization?

              Cisco ASA NGFW has improved our organization by providing more internet protection. Also, for the end user, it provides easy access from outside for users accessing the site.

              What is most valuable?

              The feature that I found the most valuable is the overall stability of the product. 

              What needs improvement?

              The two areas that need improvement are the URL filtering and content filtering features.

              These features are both very crucial to the end user environment. One of my main concerns and an area that could use some major improvement is the need to pay for licensing in order to enable necessary additional features. Included in the next release, I would like to see these features integrated into the products' functionality without having to pay for them on an individual basis.  

              For how long have I used the solution?

              More than five years.

              What do I think about the stability of the solution?

              My impression of the stability of this solution is that it's great, excellent! 

              What do I think about the scalability of the solution?

              As far as scalability, I haven't had any performance issues so far. There really isn't high utilization coming from the operations environment, so I don't need to upgrade the tier at the moment.

              How are customer service and technical support?

              I don't have much experience with technical support since contacting tech support incurs additional costs. I have been relying on my technical knowledge and experience so far.

              How was the initial setup?

              The initial setup was straightforward, though I find as we proceed we need an extra feature or two to enable all the functionalities and protection of the tool. It's an ongoing process. We have to be quick and agile to provide client support.

              What about the implementation team?

              We implemented through an in-house team. 

              What was our ROI?

              The stability is the greatest ROI for this solution. 

              What's my experience with pricing, setup cost, and licensing?

              My advice, since I have to pay for licensing each feature that I need to enable, like URL filtering, is to look at a pfSense. That is what we are doing because you have to pay for greater protection, a total solution can be very costly. We are looking at a pfSense, to bring down the total cost. The correct price point, in comparison to other platforms, is the main factor here.

              Which other solutions did I evaluate?

              During our initial decision-making process, we evaluated other options but the distinctions between all the options were quite minimal.

              What other advice do I have?

              I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me.

              I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution.

              Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution.

              I would give this product a rating of 9 out of 10!

              Disclosure: I am a real user, and this review is based on my own experience and opinions.

              PeerSpot user
              Rich text editor
                Systems Administrator at Universal Audio
                Real User
                We need the product to have HA pairs, so we can failover. It is relatively stable.
                Pros and Cons
                • "The integration and configuration were pretty straightforward."
                • "Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version."

                What is our primary use case?

                It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.

                I have been using the product for two years, but it has been installed in my company for four years.

                What needs improvement?

                Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.

                For how long have I used the solution?

                One to three years.

                What do I think about the stability of the solution?

                It has been relatively stable, in the sense that it stays up. It doesn't die on us.

                What do I think about the scalability of the solution?

                Scalability has been a pain point for us. 

                It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.

                How is customer service and technical support?

                We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.

                How was the initial setup?

                The integration and configuration were pretty straightforward.

                What's my experience with pricing, setup cost, and licensing?

                We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.

                The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.

                With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.

                Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.

                Which other solutions did I evaluate?

                Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.

                We are now looking into Cisco Meraki, the CSR stuff, and the SD-WAN technology.

                Disclosure: I am a real user, and this review is based on my own experience and opinions.

                PeerSpot user
                Rich text editor
                  Buyer's Guide
                  Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
                  Updated: April 2025
                  Buyer's Guide
                  Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.