Try our new research platform with insights from 80,000+ expert users
reviewer1884966 - PeerSpot reviewer
Cybersecurity Architect at a financial services firm with 5,001-10,000 employees
Real User
Provides our organization with a sense of security, reliability, and trustworthiness
Pros and Cons
  • "The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment."
  • "The solution is overcomplicated in some senses. Simplifying it would be an improvement."

What is our primary use case?

It has been great for blocking incoming bad actors. The new Firepower modules have been a welcome additive to that.

How has it helped my organization?

Cybersecurity resilience has helped us be able to react and respond in a quick fashion to anything that may be happening or any anomalies within the environment.

The solution has provided us a sense of security, reliability, and trustworthiness.

What is most valuable?

The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment.

Its resilience helps offer being able to react and self-heal.

What needs improvement?

The solution is overcomplicated in some senses. Simplifying it would be an improvement.

Buyer's Guide
Cisco Secure Firewall
April 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

For how long have I used the solution?

I have used the ASA solutions for a better part of 10 years.

What do I think about the stability of the solution?

The stability is unparalleled.

All solutions require maintenance, and we do that routinely. Anywhere from three to four people from the network teams to application owners are involved in the maintenance. This is a firewall in production, so we need to do maintenances after hours, but it would be nice if we didn't need to do it after hours

What do I think about the scalability of the solution?

Scalability is unparalleled. It is easy to scale.

We don't have plans to increase our usage at this time.

How are customer service and support?

In previous years, Cisco's tech support has been great. Although, I have seen it declining. I would rate their support as seven out of 10.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have used the Check Point firewalls as well as several different vendors.

What was our ROI?

It secures the network. The ROI is really incalculable at this point as keeping our data secure is keeping the company's assets secure.

Which other solutions did I evaluate?

We did evaluate other vendors.

What other advice do I have?

You need to be always looking ahead and proactively developing to build resilience.

I would rate the solution as eight out of 10. It is a world-class firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at LEPL Smart Logic
Real User
Good protection and filtering capabilities, and everything can be easily done through the web user interface
Pros and Cons
  • "I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
  • "When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."

What is our primary use case?

They were placed in a company on the perimeter near the ISP. There were two clusters. One cluster was at the front, and one cluster was near the data center to filter the traffic from the users to the data center and from the data center to the users and outside.

How has it helped my organization?

Our clients were completely satisfied with this firewall in terms of protection from attacks, filtering of the traffic that they wanted, being able to see inside the zip files, etc.

What is most valuable?

I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.

Its IPS engine also works very fine. I don't have much experience with it because I am an IT integrator, and we only configured it, but the company for which we configured these firewalls used this feature, and they say that IPS works very fine. They were also very pleased with its reporting. They said that its reporting is better than other firewalls they have had.

What needs improvement?

When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.

In terms of tracking users, the Palo Alto Networks firewall is better than Cisco Firepower.

For how long have I used the solution?


What do I think about the stability of the solution?

It is very stable because it is based on the Cisco ASA Firewall hardware, which is an old-generation firewall. I have had Cisco ASA Firewall for more than 10 years, and they have been working fine till now. So, Cisco Firepower NGFW Firewall's performance and stability are the best. I have never seen any issues or heard from anyone that it is bad.

What do I think about the scalability of the solution?

Its scalability is very good. It was a small implementation. Traffic was maximum of 150 megabits per second. 

How are customer service and support?

I haven't worked with Cisco support.

Which solution did I use previously and why did I switch?

I have had experience with the Fortinet FortiGate firewall. It is very easy, and it does its job very well. Both Firepower and FortiGate do their job very well, but I like the Palo Alto Networks firewall the most. I have not experienced it in a real environment. I have placed it in my lab. It is a very complex firewall, and you need to know how to configure it, but it is the best firewall that I have seen in my life.

As compare to the Palo Alto Networks firewall, both Firepower and FortiGate are simpler. You can just learn which button to use and how to write rules, policies, etc. In Palo Alto, you can not guess this. You should know where each button is, how it works, and what it does. If you don't know, you cannot get the performance you want from Palo Alto. So, Firepower and FortiGate are easier to learn.

Firepower is very good for a small implementation. If you are doing a Cisco setup, you can place kind of 16 devices in one cluster. When it comes to the real environment, you need to have maybe three devices in one cluster. If two of them are in one data center and the third one is in another data center, the third firewall does not work very well when it comes to traffic flow because of the MAC address. When you want to implement Firepower in small infrastructures, it is very good, but in big infrastructures, you would have some problems with it. So, I won't use it in a large environment with five gigabits per second traffic. I will use the Palo Alto firewall for a large environment.

How was the initial setup?

It is straightforward. For me, it is very simple. The menu is quite impressive. Everything that you want to do can be done from the web user interface. You don't need to access the CLI if you don't like it. It is very easy to make rules with its web user interface.

Its deployment took two days. In terms of the implementation strategy, the first cluster was in the data center, and its main job was to filter user traffic going to the data center. The second cluster was on the edge. Its main job was to mitigate attacks on the inside network and to capture the traffic that could have viruses, malicious activities, etc.

What about the implementation team?

I deployed it myself, and it took me two days to deploy two clusters of Cisco Firepower NGFW Firewall. 

What was our ROI?

I think our client did get an ROI. They are very satisfied with what they can do with these firewalls. It fits all of their needs.

What's my experience with pricing, setup cost, and licensing?

Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones.

I don't remember any costs in addition to the standard licensing fees.

What other advice do I have?

Our client didn't implement dynamic policies for dynamic environments because they were a small company, and they didn't need that kind of segmentation. I am not sure if it reduced their firewall operational costs because they were a small company, and the traffic was not so high.

I would rate Cisco Firepower NGFW Firewall an eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
April 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
Head of ICT Infrastructure and Security at City of Harare
Real User
Leaderboard
Stable and reliable, requiring very little support
Pros and Cons
  • "The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
  • "An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier."

What is our primary use case?

We use it for intrusion prevention and in our VPN that is connected to our head office. It provides protection and security and node clustering. It gives us all the security features that we need within our environment.

What is most valuable?

The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping.

What needs improvement?

An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier. Traditionally, Cisco products have been command-line-based.

For how long have I used the solution?

The Cisco ASA Firewall has been in our environment for the past seven years.

What do I think about the stability of the solution?

The product is very stable. We've not had any challenges with it in all this time. It performs very well.

What do I think about the scalability of the solution?

We have 2,000 users who connect through this product. We are planning to increase use as we go, toward the end of the year.

How are customer service and technical support?

The technical support has been excellent. When there have been any issues, they've always been there for us.

How was the initial setup?

The initial configurations were straightforward, not complex at all. It took us just two days to finalize things.

What about the implementation team?

We did most of the setup in-house, but we also had assistance from our partner.

What's my experience with pricing, setup cost, and licensing?

We pay annually and there are no costs in addition to the standard fees.

Which other solutions did I evaluate?

When you compare Cisco ASA Firewall with Sophos, they are more or less the same in terms of functionality.

What other advice do I have?

Cisco ASA Firewall is very stable and very reliable. It requires very minimal support, once you configure it and put it in your environment. You don't need to attend to faults or issues. Once you install it and plug it in, it is good to go.

We have been using the ASA Firewall for a long time, and it is an advanced product for our current use. In terms of improvement, there's not much that can be done to it. It is a solid product, very effective, and it does its job well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr Technical Consultant at a tech services company with 51-200 employees
Real User
Best documentation, good price, and very reliable with useful remote VPN, site-to-site VPN, and clustering features
Pros and Cons
  • "The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA."
  • "Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
  • "There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues."

What is our primary use case?

We are using Cisco ASA Firewall 5525 for network security. We needed a network security solution that can take care of the network security and URL filtering. We also wanted to create site-to-site VPNs and have remote VPNs. For all these use cases, we got Cisco ASA, and we are pretty happy with it.

What is most valuable?

The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.

Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.

What needs improvement?

There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues.

What do I think about the stability of the solution?

It is very reliable.

What do I think about the scalability of the solution?

It is scalable. Cisco is pretty popular with organizations, and many customers are using it. It is suitable for all kinds of customers. It can cater to small, medium, and large organizations.

How are customer service and technical support?

I have interacted with them many times. I have been on a call with their technical support continuously for 48 hours. They were very prompt. In terms of technical support and documentation for switching, firewall, and routing solutions, no one can match Cisco.

How was the initial setup?

Its initial setup was very straightforward. Its documentation is very easily available on the web, which is very useful.

What's my experience with pricing, setup cost, and licensing?

Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis.

What other advice do I have?

I would recommend this solution to others if they are not specifically looking for URL filtering and want to use it for their infrastructure. It is a perfect and very reliable solution, but it lacks when it comes to URL filtering. 

I would rate Cisco ASA Firewall a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1446408 - PeerSpot reviewer
Acting Director, Office of Talent Management at a government with 10,001+ employees
Real User
The UI needs improvement, as does the SNMP configuration, but the feature set is good
Pros and Cons
  • "The feature set is fine and is rarely a problem."
  • "Cisco makes horrible UIs, so the interface is something that should be improved."

What is most valuable?

The feature set is fine and is rarely a problem.

What needs improvement?

Cisco makes horrible UIs, so the interface is something that should be improved. Usability is poor and it doesn't matter how good the feature set is. If the UI, whether the command-line interface or GUI, isn't good or isn't usable, then you're going to miss things. You may configure it wrong and you're going to have security issues.

Security vendors have this weird approach where they like to make their UIs a test of manhood, and frankly, that's a waste of my time.

The SNMP implementation is incredibly painful to use.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall within the past year.

Which solution did I use previously and why did I switch?

I work with a lot of different IT products including three different firewall solutions in the past 12 months.

What other advice do I have?

Everything has room for improvement.

I would rate this solution a five out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1229682 - PeerSpot reviewer
Network Administrator at a manufacturing company with 10,001+ employees
Real User
Accurate CLI, knowledgeable support team, valuable features
Pros and Cons
  • "To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface."
  • "It is hard to collaborate with our filtered environment."

What is our primary use case?

We utilize the solution for our IT security. 

What is most valuable?

To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.

We frequently use the Bottleneck feature we purchased specialized from Cisco.

What needs improvement?

It is hard to collaborate with our filtered environment. 

If Cisco could combine the Bottleneck feature of ASA, their platform called Umbrella, and the other team they have that has similar malware protection into one, this would be perfect. 

For how long have I used the solution?

I have been using the solution for almost three years.

What do I think about the stability of the solution?

The solution is stable. However, It does have some bugs, but Cisco always fixes them really quickly. Sometimes we have to restart and it would be better if the bugs could be fixed without having to reload.

What do I think about the scalability of the solution?

The scalability is not perfect.

How are customer service and technical support?

The support has been great and responsive. Most of their engineers are very professional and knowledgeable.

How was the initial setup?

The setup is easy to do if you are familiar with these type of installs, if not then it could be difficult.

What's my experience with pricing, setup cost, and licensing?

We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier.

Which other solutions did I evaluate?

We will probably change to a higher version in the near future or migrate to a next-generation firewall which would include IPI and some other new features. This makes sense because our current firewall ends the support in several years. 

Cisco FirePower, the next-generation firewall, is much better for stability.

What other advice do I have?

I have used many versions of the software over the years, versions 8.6 to 9.1 and 9.9 to 9.12.

Keep in mind before purchasing the solution, if you do need to scale the solution then ASA is probably not right for you.

I rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr Network Administrator at Orient Petroleum Inc
Real User
Reliable and user-friendly with good technical support
Pros and Cons
  • "The user interface is easy to navigate."
  • "The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco."

What is our primary use case?

We are primarily using the solution to protect our network.

What is most valuable?

The security the solution offers is very good. Security-wise, it's the top in the world.

The product has excellent technical support.

The user interface is easy to navigate.

Everything is user friendly.

What needs improvement?

The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already very cheap and have less annual maintenance costs compared to Cisco.

For how long have I used the solution?

I've been using the solution for a few years now.

What do I think about the stability of the solution?

The solution is reliable. We have been using it for more than a couple of years and we haven't had any problems. There's been no downtime and no hardware failures. It's pretty stable.

What do I think about the scalability of the solution?

We've never tried to scale. We have a pretty small set up in our country. It's unlikely we will have to scale.

Currently, we have between 200 and 300 people on the solution.

How are customer service and technical support?

The technical support has been very good. They are helpful and knowledgeable. We're quite satisfied with their level of service.

Which solution did I use previously and why did I switch?

This is the first product of this nature that we have implemented. We didn't previously use a different solution.

How was the initial setup?

Initially, the preliminary set up took us some time. However, we did have some local expertise in Pakistan. Once, when we were stuck on something, we could manage to get help from Cisco online. It wasn't that tricky or complex. In the end, it was straightforward.

What about the implementation team?

We had some assistance with a local expert as well as Cisco.

What's my experience with pricing, setup cost, and licensing?

There's an annual subscription. It's not cheap. It's quite pricey if you compare it to other competitors in Pakistan. There aren't any extra costs beyond the yearly licensing.

We pay about $200 yearly and we have two firewalls.

What other advice do I have?

We are the customer. We are in the oil and gas business. We don't have a business relationship with Cisco.

I'd recommend the solution to others straight away. It's more or less a very standard option here in Pakistan.

Overall, on a scale from one to ten, I'd rate the solution at an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Support & Presales Engineer at a computer software company with 51-200 employees
Real User
Offers an easy way to manage the devices centrally but not all of its features are supported
Pros and Cons
  • "I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
  • "Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC."

How has it helped my organization?

A lot of companies have a lot of vulnerabilities and lots of exploitations that are going inside their network that the IT staff are not aware of. You actually need a security device like a next-generation firewall to protect your network.

Once we installed the Firepower system, we started looking at the evidence, and we found a lot of exploitations and a lot of bad things that are in the network. These things were invisible to IT, they were unaware of any of them.

What is most valuable?

The Firepower Management Center is an easy way to manage the devices centrally. I guess this is something that all vendors provide so it's nothing special. I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.

Sometimes you might have a high priority event but it has nothing to do with your environment. You have a vulnerability. You don't have to treat a vulnerability as an attack. Since you're not vulnerable, it's not impactful to your environment so you don't have to focus on it. This is something that other products don't provide. 

It is very flexible. You can have the next generation firewall work as a physical connection or as a Layer 2 device. You can have a combination of Layer 2 and Layer 3, which is really good. 

What needs improvement?

There are quite a few things that can be improved. Firepower is an acquisition from another company, Cisco's trying to put it together. Their previous ASA code with the source file code that they have acquired a few years ago still has some features that are not fully supported.

Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.

Most of the high-end devices do not support Onboard management. The Onboard management is only supported on the 2100 IP at the 1050 Firepower and on select ASA devices that bear the Firepower image.

It would be very nice if the Onboard management integrated with all the devices. Log key loading for the evidence at the logs, because clearly you only have loading on the remote on the FMP, you cannot store the logs located on the device.

For how long have I used the solution?

I have been using this solution for around two years.

What do I think about the scalability of the solution?

We have several thousand employees at the company.

How are customer service and technical support?

Their technical support is good. 

How was the initial setup?

The initial setup was straightforward. 

What's my experience with pricing, setup cost, and licensing?

The pricing is overrated. Prices for Cisco equipment are always a little bit higher than other vendors. Customers are always complaining about the high prices of Cisco equipment, so it would be very good if these prices can be lowered down, but that's how it is. Cisco equipment usually has higher prices than its competitors.

What other advice do I have?

I would recommend this solution to someone considering it. I would recommend to study and know what the requirements are exactly. One of the things that might be a problem, or might be a complex thing to do is to go through Cisco Firepower, because Firepower is a software that's complex to explain to somebody. There is the previous ASA code that Cisco had and there is the source file that they acquired. Cisco started to send it as ASA Firepower services. Then they combined the two codes together and they started to send a new code called the Firepower Threat Defense, FTD.

Any customer who wants to buy it needs to understand all of these options and what the limitations of each option are, the pros and cons. Any customer who wants to deploy Firepower needs to understand what Cisco has to offer so he can choose correctly.

I would rate it a seven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.