I use it to protect my DMZ from external attacks.
Network Security Engineer at Cielo
Great for blocking attacks, best support, and very easy to use
Pros and Cons
- "The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
- "Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
What is our primary use case?
How has it helped my organization?
Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.
What is most valuable?
The Adversity Malware Protection (AMP) feature is the most valuable.
It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.
What needs improvement?
Its interface is sometimes is a little bit slow, and it can be improved.
When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode.
In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,335 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Cisco Firepower for two years.
What do I think about the scalability of the solution?
We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.
We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports.
How are customer service and support?
We have used their technical support. They are amazing. Cisco's technical support is the best.
Which solution did I use previously and why did I switch?
We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.
How was the initial setup?
The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.
What about the implementation team?
We used our reseller and contractor to deploy Cisco Firepower. They were good.
What other advice do I have?
I would recommend this solution. I would rate Cisco Firepower a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Senior Network Administrator at a construction company with 1,001-5,000 employees
Good signature detection, intrusion detection, IDS, and IPS
Pros and Cons
- "The stability of the solution is very good. We can see that it gets even better with every release."
- "It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice."
What is our primary use case?
We primarily use the solution for internet access firewalls.
How has it helped my organization?
The solution allows you to be more agile and react faster.
What is most valuable?
The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well. The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice.
What needs improvement?
The FMC could be a little bit faster.
It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.
For how long have I used the solution?
I've been using the solution for 1.5 years.
What do I think about the stability of the solution?
The stability of the solution is very good. We can see that it gets even better with every release.
What do I think about the scalability of the solution?
For us, the scalability is good, because we sized everything right, right from the beginning. If you size it right, it's very good. We don't plan on adding more firewalls, unless we suddenly grow exponentially, which we're not expecting to do at this point.
How are customer service and technical support?
We only contacted technical support during initial implementation and that was all handled by the consultant. I have a lot of other Cisco related tickets open, so we're used to the process.
I would say, however, that we're also using Meraki, and the Meraki support is way better, in my opinion.
Cisco support tends to take longer, and I mean really long given the fact that subject matter is sometimes also more complicated, so it really depends. When you compare that directly to Meraki, Meraki answers the same day, and I cannot say that about the legacy Cisco support items. I can understand that the market for the legacy service is so much bigger for Cisco, so I can see why it takes longer.
How was the initial setup?
The initial setup was complex because we had to migrate old ASA firewalls. The ACLs, or rather the policies, are very different now, and way more elaborate, so that that took some tweaking, and some consulting and some time.
Deployment took two months. We had to make sure that our old ACL base settings from the ASAs were correctly translated and implemented into the new FTD setups.
What about the implementation team?
We used a consultant to assist with implementation.
Which other solutions did I evaluate?
We've looked at a few options, but we have an internal policy that says, unless noted otherwise, network equipment has to be Cisco based. We had to go with a Cisco product.
What other advice do I have?
We are using the on-premises deployment model.
My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product.
I would rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,335 professionals have used our research since 2012.
VP Network Engineering at a computer software company with 501-1,000 employees
As both perimeter and internal firewalls, they provide traffic inspection, packet analysis, and decryption
Pros and Cons
- "It just works for us."
- "Cisco is still catching up with its Firepower Next-Generation firewalls."
What is our primary use case?
We use it for perimeter and internal firewalls. We wanted a firewall with traffic inspection, packet analysis, and decryption.
Our deployment is on-prem and hybrid. We don't use it in the cloud as we use other vendors for that.
How has it helped my organization?
I'm not sure the firewall has improved our organization because a firewall is a must. It's something that you pick up and then trust. It just works for us.
What needs improvement?
Cisco is still catching up with its Firepower Next-Generation firewalls. It's naturally growing and getting better.
For how long have I used the solution?
I've been using Cisco ASA Firewalls for 15 years.
What do I think about the stability of the solution?
It's stable.
What do I think about the scalability of the solution?
It's used around the world. We have 20 data centers and each data center handles six offices. We have Cisco in every single location. If something new comes up, we'll increase our usage of the product.
How are customer service and support?
Cisco's technical support is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We're a multi-vendor shop when it comes to firewalls, and we use Check Point and Palo Alto in addition to Cisco. We used to have Fortinet but that amounted to too many vendors.
When the Cisco product changed from legacy traffic inspection to the new Firepower it became a next-generation firewall. It was just a new product. That's why we decided to try it and stay with Cisco. It's like two different products: the legacy product and the new one. The legacy product was much simpler and the new one is, obviously, more complex.
How was the initial setup?
I'm a designer, so I don't do racking and stacking, but I'm hands-on when it comes to configuration. I have used this product for years, so for me, it's not like adding a brand new product. It is just a matter of adding features, a hardware refresh. I wouldn't call it a challenge.
For maintenance, we have two to three network engineers involved.
What's my experience with pricing, setup cost, and licensing?
The pricing of Cisco firewalls, in the security market, is fair. Their pricing of other products is questionable, but for firewalls, it's fine.
What other advice do I have?
Compare Cisco ASA with other vendors' products and compare the features one-on-one. Pay special attention to the security portion, such as traffic inspection. That's probably the most important aspect. And then look at performance.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Admin Network Engineer at Grupo xcaret
Offers more security and flexibility for VPNs
Pros and Cons
- "It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications."
- "I would like more features in conjunction with other solutions, like Fortinet."
What is our primary use case?
It is for our VPNs and filters out websites.
How has it helped my organization?
It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications.
What is most valuable?
Its security is easy to use.
What needs improvement?
I would like more features in conjunction with other solutions, like Fortinet.
For how long have I used the solution?
I have been using it for five years.
What do I think about the stability of the solution?
It has very good stability.
What do I think about the scalability of the solution?
It has really good scalability.
How are customer service and support?
The customer service and technical support are good. I would rate them as nine out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were previously using Fortinet. We switched to ASA and Firepower when our contract with Fortinet ended. Now, we are only using ASA.
How was the initial setup?
The deployment was simple.
What was our ROI?
The ROI is good. Using ASA, we have saved 10% to 20% on our costs.
What's my experience with pricing, setup cost, and licensing?
The pricing is fine. It is not too bad.
What other advice do I have?
We had it integrated with the Umbrella solution a few years ago.
I would rate this solution as nine out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network engineer at a government with 10,001+ employees
Keeps the outsiders on the outside and enables us to monitor content going out
Pros and Cons
- "The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current."
- "Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."
What is our primary use case?
We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.
How has it helped my organization?
It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.
What is most valuable?
The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.
What needs improvement?
Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.
There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.
For how long have I used the solution?
I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.
What do I think about the stability of the solution?
They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal.
What do I think about the scalability of the solution?
It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.
How are customer service and support?
Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.
Which other solutions did I evaluate?
We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.
What other advice do I have?
I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.
Things are changing and the ASAs are becoming dated. People want content filtering and so on now.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network And Security Engineer at a pharma/biotech company with 201-500 employees
Protects your system against threats and advanced malware
Pros and Cons
- "If configured, Firepower provides us with application visibility and control."
- "FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
What is our primary use case?
We use it for the actual firewall and also site-to-site VPN.
Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.
Overall, for security, we use about seven tools.
Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.
How has it helped my organization?
We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.
What is most valuable?
The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.
What needs improvement?
FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for two years.
What do I think about the stability of the solution?
I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.
How are customer service and technical support?
I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.
Which solution did I use previously and why did I switch?
We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.
We also use AMP, Umbrella, SecureX, and Duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.
We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy to set up.
We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.
How was the initial setup?
The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.
We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.
What about the implementation team?
From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.
Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.
What's my experience with pricing, setup cost, and licensing?
With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.
What other advice do I have?
If configured, Firepower provides us with application visibility and control.
The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.
Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.
Overall, on a scale from one to ten, I would give this solution a rating of eight.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SOC & SECURITY SERVICES DIRECTOR at BESTEL
Filtering, IPS, and the A&P on small operations are all great features
Pros and Cons
- "A good intrusion prevention system and filtering."
- "Implementations require the use of a console. It would help if the console was embedded."
What is our primary use case?
We use the platform to provide secure perimeter internet access for customers and also to provide secure networks or secure SANs for customers. We have a global partnership with Cisco and I'm a re-sales and security manager of IT services.
What is most valuable?
The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations.
What needs improvement?
To configure the FirePower it is required an external console. It would be nice to have the console embedded in the Firewall so you don't require an extra device. I'd like to see some kind of SD-WAN included as a feature.
For how long have I used the solution?
I've been using this solution for six years.
What do I think about the stability of the solution?
The solution is very stable and we feel very secure with it.
What do I think about the scalability of the solution?
The scalability is no problem.
How are customer service and technical support?
The technical support is excellent.
How was the initial setup?
The initial setup is quite straightforward. I think someone who knows the iOS platform and knows about firewalls can setup the device. If you don't have experience, it will be somewhat complicated. If you know the platform, implementation is very quick. We've installed over 1,000 firewalls for different customers.
What other advice do I have?
This is a very stable platform, and you can adjust the engine for malware protection. It is one of the best and a very reliable solution.
I would rate this solution a 10 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Consulting Engineer at IV4
Stable, good technical support, and the VPN feature works well
Pros and Cons
- "The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities."
- "I have worked with the new FTD models and they have more features than the ASA line."
What is our primary use case?
Our company sells Cisco Firewalls and the ASA is one of the products that we implement for our clients. The primary use cases are internet access, AnyConnect, and VPN.
What is most valuable?
The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities. Because I primarily deal with the VPN functionality, I don't get very deep into the IPS or other capabilities.
What needs improvement?
I have worked with the new FTD models and they have more features than the ASA line.
For how long have I used the solution?
We have been dealing with Cisco ASA since about 2002.
What do I think about the stability of the solution?
I am very happy with its stability and the product in general.
What do I think about the scalability of the solution?
In our organization, we only have one in our data center that all of our people pass through. However, I've got clients that have thousands running through large Cisco firewalls.
How are customer service and technical support?
Cisco's technical support has always been excellent. They have great support.
Which solution did I use previously and why did I switch?
I have dealt with four or five others, but so far, I have the most experience with Cisco.
Recently, I worked with the new FTD 1000 or 1100 series, and they do a lot.
How was the initial setup?
The complexity of the initial setup depends on the environment. Sometimes, it's brand new whereas other times, I install a replacement for an existing Cisco device or some other product.
What about the implementation team?
I am in charge of installing and configuring our Cisco Firewall solutions.
What other advice do I have?
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?