Cisco Secure Firewall Reviews

The use case is protecting our building. We have one office and we use it to protect the network.

The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network.

We have an older version of the ASA and there are always improvements that could be made. Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance.

I have been using Cisco ASA Firewalls for over 10 years.

We've had issues with it because we always run it in pairs for high availability. We've had issues with the unit, but not in the last five or six years. It's pretty, pretty stable.

The product we have has some limitations when it comes to scalability. That's one of the things we're looking to address with a new solution.

Technical support was good when I used it, but I haven't needed support for the solution lately. I know people complain about support, but I don't have experience with it for this device because I haven't needed support recently.

We do pay the annual fee for support and I expect them to be there in four hours with a new device, if we need one, as they've done in the past.

We didn't have a previous solution.

My system engineer did the initial setup and he's the person who manages it, day in and day out.

I don't think we've tracked enough data points to see ROI data points, but the value comes from the fact that it's still running and that we are still happy with it. That is definitely a good return on our investment.

The pricing is too high and the licensing is too confusing.

Go for it.

We use it for content management and filtering. We wanted to separate DMZ traffic from normal customer traffic. We were also looking to set up portals for outside interests that needed to come in. We have our firewall set up for VPN and, with COVID breaking out, that became more important. We also use it for remote access control.

It improved our security. It keeps the outsiders on the outside and enables us to monitor the content that's going out from within the organization.

The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up.

There is also content filtering. The bad actors are so smart nowadays, that they can masquerade as the data for a given port, and they can actually transfer data through that port. The only thing that the older firewalls know about is the port. They can't read the data going across it. That's where content filtering comes in, like Palo Alto has, with next-generation firewalls.

I have been using Cisco ASA Firewalls from the beginning, when they moved over from the PIX.

They're pretty reliable. Even from a hardware perspective, we haven't lost any power supplies or the like. An ASA works until we remove it. The maintenance is very minimal. 

It's very scalable. Every organization sets it up differently, but we've been able to perform upgrades with minimal service disruption. We have ASAs in multiple locations.

Being a government-supported organization, the technical support is great. They send us equipment. It's top-notch.

Positive

Cisco has been a leader in firewalls, and the US government primarily chooses Cisco first, before it chooses competitors.

We have a variety of providers from Juniper to Palo Alto, et cetera. But the Cisco GUI is pretty consistent, so most individuals catch on. But when it comes to the Firepower, we're going to need some more training on that, as we're upgrading and moving to the Firepower.

I like the ASA product, maybe because I'm an old guy, more so than the transition to the Firepower. The ASAs have worked ever since the PIX days and they work very reliably. Even with the upgrades, your rules don't change. That's true even with a major OS upgrade.

Things are changing and the ASAs are becoming dated. People want content filtering and so on now.

We use it as a next-generation firewall for the perimeter. I generally use it on-premises.

It helps protect my servers from hackers.

The most valuable feature is the Intrusion Prevention System.

Most of the features don't work well, and some features are missing as well. The completeness of the solution is most important for me. It should be complete, but some parts are missing. Cisco should improve it.

Every part of the features should be developed. That includes the next-generation firewall parts, such as application recognition.

I have been using Cisco Firepower NGFW Firewalls for about five years. I am an integrator and reseller of multiple vendors' products.

The stability is getting better day by day, but I would expect a more stable solution, to be honest. It is stable now, but we have solutions that are more stable.

Technical support is nice, but most of the limitations or problems are caused by the product itself. There's nothing that a technical engineer can do about them.

The licensing package is good, but the licensing fee should be decreased.

I have used CheckPoint, Palo Alto, Juniper, and FortiGate. The Palo Alto solution is complete. 

If I choose Cisco Firepower it is mostly because of its integration with other solutions. When the customer has several Cisco solutions, I put Cisco Firepower on top of them. But if the customer has a complex environment, I generally prefer other solutions.

For specific needs, like VPN, you can use Cisco Firepower. But our expectation is for a next-generation Firewall or UTM solution that includes all the features. I cannot recommend Firepower to others, at the moment, as a unified threat management solution.

Generally, if the customer's number of users is greater than 100, that's when the Cisco solution is more likely to be effective.

Maintenance of the solution requires one or two people.

We use it for our data center. We have clusters of the solution to protect the equipment in our data center. We also use it for site-to-site VPN hubs.

Cisco Firepower NGFW Firewall made our firewall response much faster when trying to respond to any services or networks that stand out. It makes us very responsive when any of the visualized logs are blocked in real-time.

The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.

The ability to better integrate with other tools would be an improvement.

I have been using this solution for six years.

It is highly stable.

It is highly scalable. It has some limitations, but for medium to large-sized deployments, it is excellent.

Technical support is outstanding. You can get same-day support.

We previously used Juniper SRX. We switched because we have a contract with Cisco. This was the cheaper option and was faster.

We have very much seen an ROI in terms of the saving on man time and the costs of standing up new equipment. Compared to what we had before, Cisco Firepower NGFW Firewall is faster.

I would rate this solution a nine on a scale from one to ten.

In the new design, I put Cisco Firepower NGFW Firewall as a LAN segment and as the data center firewall. In the old design, I just used FortiGate Firewall for configurations, and we are going to replace it. The complete solution will be replaced with a two-tiered data center.

I like that Cisco Firepower NGFW Firewall is reliable. Support is also good. 

We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.

I have been using Cisco Firepower NGFW Firewall for about 11 years. 

Cisco Firepower NGFW Firewall is a stable solution. 

Scalability is good, but just like the issue with Palo Alto and Fortigate, there is also an issue with Cisco Firepower NGFW Firewall. I can configure it easily because of my Cisco background, but others in my team aren't comfortable with it.

Technical support is good. They were both fast and reliable and quick in making decisions. We faced specific issues, and tech support was efficient and provided an immediate solution. Other firewall vendors are slow to respond, and I'm not satisfied. It's also easy to Google and find solutions to our problems. We can't do that for other firewalls.

On a scale from one to five, I would give technical support a five.

Positive

We used FortiGate Firewall, but we are replacing it with Cisco Firepower NGFW Firewall because we had issues with HP solutions. We also switched because I am Cisco certified, and my background and expertise are in Cisco.

The initial setup was straightforward. 

We have seen a return on our investment. 

I will tell potential users that the data center firewall is a good solution. But most of the companies are using other firewalls like Palo Alto and FortiGate. Most of the design architects prefer the parameters of the firewalls like we prefer the data center firewall.

On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.

It is the primary data firewall for our organization and our data centers.

We have faced multiple issues regarding bugs with Cisco Firepower products. A running product is hit with bugs most of the time, and we had a lot of challenges in using the Cisco Firepower product, actually. In the future, we are planning to replace it, or at least use it instead as a secondary firewall.

The content filtering is good. 

The maturity needs to be better. The product is not yet mature. A running product is hit with the software bugs most of the time, and whenever we then log a case with the tech team, they're sometimes helpless with that. They have to involve the software development team to fix that bug in the next release. It's not ideal. Being an enterprise product, it should be mature enough to handle these types of issues.

I've been using the solution for the last three years. 

The performance is okay, however, the product is not stable. It is all hit with CVL software bugs routinely. That portion requires attention from Cisco and the tech support in this area is somewhat delayed. An open ticket can sometimes take more than two to three months to resolve. For the production setup, it is tough to rely on the tech team alone for the closure of the case.

The solution is very scalable. 

Cisco support is always available. However, multiple times, it has been tough for them to fix the software bugs in the product. They have to then deploy their development team for the same ticket.

Earlier we used the Cisco ASA Firewall. Now, it has been phased out. Firepower is categorized as the next-generation firewall, however, we haven't found the utility of that level in this product. It lacks maturity at many levels.

We have two data centers at two geographical locations. We have two firewalls - one in one data center, at the perimeter, and another at a different location.

The initial setup was okay. We had more of an in-between partner doing the installation part since the product was also new to us. The product was part of my overall product solution. We procured a firewall and another ACL fabric portion for the data center. Overall, the solution installation took over seven to eight months.

We had two people assist with the deployment process. 

We used an integrator for deployment. Overall, the experience was positive. 

There is no ROI. It is functioning as a normal firewall, as a data center perimeter, however, we expected much more than that. At times, there has been downtime with the firewall, and our custom modifications have won at a very high level. The product has to be mature when it is being used at the enterprise level.

The solution offers mid-range pricing. We can get a cheaper product like Fortinet, and we can get a costlier product like Palo Alto, and these are all in the same category.

There's only one license based on the support. Cisco Firepower is priced on the support of the product that we require: with SSL and without SSL. Currently, we are not doing any SSL inspection. We have an ATP report firewall.

When we were looking for a product, we put it through tender and we put out specifications of the product that we required. Cisco had the lowest price. We evaluated the L1 after it was technically qualifying. That is how we acquired it.

We looked at Palo Alto, however, it was far too costly.

We are a customer and an end-user. 

It was earlier named Sourcefire. Cisco acquired that company and rebranded it as Firepower.

We are actually a public cloud provider. We offer data center services to clients.

I'd advise others considering the solution that, for implementation, the product needs some stability and maturity to be offered as a next-generation firewall at an enterprise level. If a company is in need of an enterprise-level solution, they need to be aware of this.

I'd rate the solution a five out of ten. 

The product needs maturity in terms of running without hitting a bug. We have used other products also. A running product is never hit with a bug. It is normally some vulnerability or something that needs to be attended to, however, a running product is seldom hit with a bug and the operation gets stalled. We rarely find this kind of thing in an enterprise scenario. That is what we ask from Cisco, to build a stable product before offering it to customers.

It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall.

We have been using Cisco for about five years. All our products, switches, routers, and firewalls are Cisco devices.

Cisco Firewall's scalability is fine. 

I rate Cisco ASA Firewall eight out of 10. Cisco offers a great educational series to train users on their devices.

One of the things that we have solved the most with this solution is the P2P connection that we have with different clients. It gives us greater connection security with good management of the configured rules. 

Likewise, it has made it easier for us to have this type of equipment under monitoring, and, since we have implemented them, we have not been presented with any performance problems in the equipment as they have not presented CPU or RAM saturation or that for some reason it fails without any cause. We all have them managed and monitored. We always receive an email notifying us if there's something that the equipment has detected as well.

The ASA firewalls have undoubtedly helped us to improve our infrastructure throughout the corporation and currently we have just over 50 firewalls - all of them in different parts of Mexico. 

This infrastructure has been improved since, in our corporation, we handle the dynamic EIGRP protocol, which Cisco owns, and this solution has given us a geo-redundancy in our company. In case of presenting a problem with a firewall or a link, it performs an immediate convergence where end-users do not detect a failure, helping us to maintain a 99.99% operational level at all times.

I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.

Today, ASA firewalls are leaving the market and are being replaced by firepower equipment - a technology with which I am not very familiar. However, in the training or research, I have done on this new product, I see that it has many additional tools such as centralization of the administration through a single team (in the case the firepower management). It is something that we do not have, yet we are already considering it since this type of technology will help us to have better management and better administration of the equipment through a single platform. The management of additional services with this new module will certainly help us to have the internet network much more secure with connections to the outside.

I've used the solution for more than seven years.

The solution is great in terms of stability.

The scalability is great.

Technical support is great.

We previously used Fortigate.

The initial setup was not complex.

We handled the implementation in-house. 

We've seen an 80% ROI.

Cisco is not cheap, however, it is worth investing in these technologies.

We always evaluate various other options.