Cisco Secure Firewall Reviews

I primarily use it for my small company to protect 5-10 users.

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.

The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco. I think in Cisco it's more complicated to do that, in my opinion. 

It could also use a better web interface because sometimes it's complicated. The interface sometimes is not easy to understand, so maybe a better interface and better documentation.

My impression of the stability of the solution is that it's very good.

I don't have a sense of the scalability. I never extend the processes or usage.

My experience with customer service is very good in general. When I have a good person on the phone, or on the email, it's in general very fast and the reply is good. It's a good solution in general.

I previously used Juniper before Cisco, but only for one year. I switched because my company only used Cisco.

The initial setup was not complex, it's just difficult to find out how to do it. The FAQ is not clear. In terms of deployment, it depends on the client, but deployment takes about an average of six hours.

In general, I implement the solution myself.

I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. 

I would rate the solution 8 out of 10.

The primary use case for this solution is on the client side. PCS stands for
Perfect Computer Systems. We are an integration company, we specialize in solution integration, bringing together component subsystems into a whole and ensuring that those subsystems function together.

Cisco ASA NGFW has improved our organization by providing more internet protection. Also, for the end user, it provides easy access from outside for users accessing the site.

The feature that I found the most valuable is the overall stability of the product. 

The two areas that need improvement are the URL filtering and content filtering features.

These features are both very crucial to the end user environment. One of my main concerns and an area that could use some major improvement is the need to pay for licensing in order to enable necessary additional features. Included in the next release, I would like to see these features integrated into the products' functionality without having to pay for them on an individual basis.  

My impression of the stability of this solution is that it's great, excellent! 

As far as scalability, I haven't had any performance issues so far. There really isn't high utilization coming from the operations environment, so I don't need to upgrade the tier at the moment.

I don't have much experience with technical support since contacting tech support incurs additional costs. I have been relying on my technical knowledge and experience so far.

The initial setup was straightforward, though I find as we proceed we need an extra feature or two to enable all the functionalities and protection of the tool. It's an ongoing process. We have to be quick and agile to provide client support.

We implemented through an in-house team. 

The stability is the greatest ROI for this solution. 

My advice, since I have to pay for licensing each feature that I need to enable, like URL filtering, is to look at a pfSense. That is what we are doing because you have to pay for greater protection, a total solution can be very costly. We are looking at a pfSense, to bring down the total cost. The correct price point, in comparison to other platforms, is the main factor here.

During our initial decision-making process, we evaluated other options but the distinctions between all the options were quite minimal.

I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me.

I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution.

Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution.

I would give this product a rating of 9 out of 10!

We mainly use this solution for our firewall and it's one layer of our security. From the time that we've used it, the organization as a whole got a sense of security because Cisco is a known product. When we do need support locally or online, we get it instantaneously. We use this solution for a couple of things: for security, for their technical support, and in terms of the knowledge and skills of the team here that gave us a good grip and confidence in the use of the product.

It gives the organization a higher vote of confidence. When I joined the organization more than six years ago, we were using the old Cisco, and some of the products already reached their end of life. Some of the products were not in its latest state, in terms of security or license. We've learned a very good lesson there. Since then, when we upgraded we made sure that all the licenses and all the security facets are in place. It gives the organization a higher vote of confidence. There may have been one or two incidences of malicious threats, but it did not really bring down the organization to a level that we would all be sorry for. The greatest benefit for the organization is the confidence that we are secured.

Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.

I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide.

It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.

I have been using the product for two years, but it has been installed in my company for four years.

Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.

It has been relatively stable, in the sense that it stays up. It doesn't die on us.

Scalability has been a pain point for us. 

It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.

We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.

The integration and configuration were pretty straightforward.

We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.

The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.

With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.

Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.

Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.

We are now looking into Cisco Meraki, the CSR stuff, and the SD-WAN technology.

Previously, our customers had to always utilize hand-to-hand delivery. Now, they are able to move completely to a secure digital method. They use a strictly dark fiber optics connection from a central location to the endpoint.

Our clients have been able to consolidate infrastructure products such as Talus for hardware encryption and Dell EMC for D2D de-duplication and backup.

FMC could be improved because management with FMC is quite difficult compared to using Firepower web-based management.

We've been selling Cisco Firepower for a year.

Our clients feel that Cisco has proven stability in enterprise networking, routers, and ASA firewall security.

We are very confident with Cisco's technical support and would give them a ten out of ten.

Positive

Previously, we sold Check Point and Palo Alto.

We choose to sell Cisco because it has been approved by NATO. Our clients use a strictly offline infrastructure, and there were significant issues with Check Point. In addition, we have good support from the local Cisco office, and they also suggested that the end user goes with Cisco.

As a Cisco Secure Firewall reseller, the value we bring is very good support. You will not get the same level of support from some other vendors. For instance,  Palo Alto and Check Point don't have direct support like Cisco. They have third-party support. Thus, you may get a response only when you escalate the issue to the third tier of the service level. With Cisco, everything is resolved within a day.

The initial setup is straightforward because most network engineers have worked with Cisco. Cisco invested in universities, and as a result, 40% of the network experience of students is with Cisco.

Our clients are mostly financial institutions and have strict policies that do not allow personal data on external clouds outside the country. As a result, they mostly use an on-premises or hybrid cloud deployment model.

We are currently having our customers switch from the 2000 to the 3000 series.

The price is not too high, but the subscription is a little bit high. We compared the activation of Cisco and Fortinet, and when we activated the whole portfolio of the UTM of Fortinet, the speed was reduced. We tested the same situation with the Cisco 2140 series, and there was no reduction in speed.

When you're evaluating the solution, take a look at the customer reviews.

We have had no issues with Cisco Secure Firewall, and I would rate it at nine on a scale from one to ten.

The primary use is as edge firewalls to the Internet.

We are only on-premise. There is still no cloud plan.

It provides visibility and information to the organization about what is being accessed on the Internet as well as the applications that it is protecting.

It is part of our security strategy.

• Anti-malware protection
• Web Filtering
• VPN Remote-Access

The most valuable feature is the anti-malware protection. It protects the endpoints on my network.

We use the application visibility and control feature of Cisco firewalls.

The ease of use needs improvement. It is complex to operate the solution. The user interface is not friendly.

I have been using it for eight to 10 years.

We have 200 users using this solution.

The technical support is good, but it could be better. I would rate them as six out of 10.

Neutral

The setup is not too complex. We implemented it on all our ports.

We have five people on our cybersecurity team.

The solution's ability to provide visibility into threats is fine, but the Fortinet and Check Point solutions have better dashboards and information about visibility.

We are also using Cisco AnyConnect, Umbrella (as a cloud proxy), and ISE. We have between five or six antivirus, proxy, anti-malware, data loss prevention, VPN client, and firewall tools.

I would rate this Cisco product as six out of 10.

We primarily use the solution to operate that LAN environment over the internet and use the public and private networks separately. It's a very good firewall in terms of security, in terms of certain scenarios, and also from an ethical hacking point of view. Both are available in our environment. Both are doing great.

Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong. 

Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to.

It's great for securing the network. You learn a lot.

The initial setup is straightforward.

The solution is very stable.

The scalability of the solution is very good.

Most of the firewalls almost 90%, 95% of the firewalls will move to GUI. This is the area which needs to be improved. The graphical interface and the monitoring level of the firewall need to be worked on. 

Most of us are using the monitoring software where we get the alarm, then details of the servers, et cetera. This aspect needs to be much updated. 

From just the security point of view, in the security, it needs to be updated every day and every week. It is getting better day by day, however, from a monitoring point of view is not the same view as we have on the different monitoring servers or monitoring software, such as PRTG and Solarwinds. It needs to be changed and improved.

Cisco has launched its multiple products separately. Where there's a new version of the hardware, there is Firepower in it. However, there must be a solution for an integrated version that includes everything in your network and your firewall as well so that you can manage and integrate from the same web portal without going to every device and just configuring it and just doing everything separately. 

It would be ideal if a solution can be configured separately and then managed centrally on one end.

We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI. If I have three firewalls and one is a normal firewall, I need to configure everything separately. I can't have it on the same port or integrated on the same single IP or bind it something like it.

We've mostly used Cisco solutions for two or three years at this point. Our old Cisco devices were due to be changed, and we moved over to ASA.

The firewall is stable, however, every two, three, or four years, you have to change the hardware and therefore get an updated version of the firewall.

This is something which companies have been doing for the sake of a new product and launching a new device. Yet, the stability needs to be considered where you have to upgrade for every two, three, four years and change the product and go for the new updated version. What I mean is that there is stability, however, obviously, it's not long-term.

The firewall is very scalable. Most contact versions are available depending upon the organization you have. It works for very large organizations. They are scalable for many scenarios. The scalability obviously is there for sure.

Cisco technical support is one of the best around. They have the most advanced and most experienced level of tech support I've been in contact with. Whether it is a hardware or software issue, the tech team can support you and help. They are very helpful and knowledgeable. We are quite satisfied with the level of support on offer. 

We also have experience using FortiGate.

The Cisco firewall is straightforward. It isn't a complex implementation. Obviously, you have to bind your IP on the port and then you must go on to configure for security and something like that. It's easy for me to configure a firewall at such a level.

If you pay for the hardware, you get the Firepower and if you don't, then you get the Cisco Firewall. 

We are just a customer and an end-user.

I'd rate the solution at an eight out of ten.

Obviously, you need to have one tech person on your online when you are configuring it, or just implementing when you are integrating with your live environment and organization. My advice is that the configuration is easy when a network engineer like myself handles it. A trained person is more than capable of the task. Other than configuring, a less technical person can manage the solution.  

We use it for the actual firewall and also site-to-site VPN.

Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.

Overall, for security, we use about seven tools.

Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.

We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.

The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.

FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.

I have been using Cisco Firepower NGFW Firewall for two years.

I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.

I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.

We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.

We also use AMP, Umbrella, SecureX, and Duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.

We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy to set up.

We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.

The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.

We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.

From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.

Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.

With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.

If configured, Firepower provides us with application visibility and control.

The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.

Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.

Overall, on a scale from one to ten, I would give this solution a rating of eight.