My primary use case for this solution is for Internet access for the enterprise or for users, publishing, email, and to protect our network.
Gives more visibility into what's going on when traffic comes in and goes out from the company
Pros and Cons
- "Stability is perfect. I haven't had any problems."
- "I would like for them to develop better integration with other security platforms."
What is our primary use case?
How has it helped my organization?
Before Firepower, we didn't have any visibility about what attack was happening or what's going on from the inside to outside or the outside to inside. After Firepower and the reporting that Firepower generates, I can see what's going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what's going on. It enables me to solve any problem.
What is most valuable?
They give me more visibility of what's going on when traffic comes in and goes out from the company or comes in from the outside. I can see what's going on with this traffic, which is a nice feature. I also like the malware inspection and management of the dashboard features. The management of the dashboard is different from the old Cisco Firewall. This management brings everything together into one management platform.
What needs improvement?
I would like for them to develop better integration with other security platforms. I would also like for them to make the Cloud configuration easier.
Buyer's Guide
Cisco Secure Firewall
March 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Stability is perfect. I haven't had any problems.
What do I think about the scalability of the solution?
Scalability is great. We have around 1,500 users.
How are customer service and support?
Their technical support is good. I opened a ticket when we did the installation. We didn't have any issues with them.
Which solution did I use previously and why did I switch?
We were previously using Cisco ASA without Firepower. We switched to Cisco Firepower because Firepower has more features, like malware inspection, and more possibilities with identity management.
How was the initial setup?
The initial setup was a little complex. We required three staff members for deployment and maintenance.
What about the implementation team?
We implemented ourselves. Deployment took around six months.
What's my experience with pricing, setup cost, and licensing?
It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.
Which other solutions did I evaluate?
We also evaluated Fortinet and Juniper.
What other advice do I have?
I would advise someone considering this solution to subscribe to the URL filtering and to use malware inspection.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Senior Data Scientist & Analytics at a tech services company with 11-50 employees
Supports application visibility and control, and it has great deep packet inspection
Pros and Cons
- "The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great."
- "The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet."
What is our primary use case?
We are currently using version 6.3. Our primary use case of this solution is to put Firepower inside of the data center and at the Edge network.
How has it helped my organization?
This solution has improved my organization. I'm a solution provider and so I deploy in many different companies that are my customers right now. Before Firepower, we had some problems with the architecture of the firewall. Firepower can support two types of intelligence identity: it can support the application visibility and control, and it has a great deep inspection in the packet. Before this solution, we had some problems with malware detection. Right now, we can easily detect and filter all the applications. Before this solution, we never had any file trajectory, but right now we do, according to the file trajectory of Firepower that we have after attack solutions.
We never had any solution or any workaround for after an attack. We never had any clue what the source of an attack was or how the attack could affect the company. Right now, because of the file trajectory and the great monitoring that FMC does, we know what's happened so we can analyze it after an attack.
What is most valuable?
The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.
What needs improvement?
I would like to see real-time log systems because it's very helpful when you want to troubleshoot.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
Stability really depends on the software that you use. If you use the suggested software that Cisco suggests, you will see a highly robust and highly stable system. A crash or block will never happen to you. It really depends on the version that you are using. Definitely check the release notes before installation.
What do I think about the scalability of the solution?
I've worked with the 2000 series, the 4000, and the 9000. The 9000 series is really impressive because it's absolutely scalable for large deployments.
How are customer service and technical support?
I haven't had to contact their technical support.
Which solution did I use previously and why did I switch?
We previously used ASA, which is a regular firewall. We switched to Firepower because it has a lot of features. It is one of the best firewalls in the world so we shifted to Firepower.
What about the implementation team?
The time it takes to implement depends on the policy of the customer. Practically speaking, it takes around three to four hours to deploy, but it can depend because the Firepower solutions have two parts. One part is the hardware, it is an actual firewall and actual device but the monitoring system and the control system is a software called FMC. Most of the customers deploy it over VMware. The time of deployment really depends on your resources, but on average will take three to four hours.
At least two to three people with professional knowledge, around three years of experience, are needed for the deployment and maintenance, not only for Firepower but in every security solution. The device is doing something, but the most important part is analyzing it. The device can give you logs, but the engineer should analyze the log and do something.
Deployment without inspection can require only one person but if you want to analyze the IPS, at least two people will be needed.
What's my experience with pricing, setup cost, and licensing?
Based on the services that you will get, especially the AMP license, the price is very reasonable. The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet.
What other advice do I have?
I would advise someone considering this solution to just read the release notes before doing anything. You should know what the exact architecture is and what the exact details of the software are before trying to deploy it.
I would rate this solution a ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
March 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
One of the features that should be improved is the URL filtering engine, but the stability of this product is one of the key functionalities in our deployment.
What is most valuable?
The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.
How has it helped my organization?
This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and reduce impact on other network elements, such as the backend firewall, DMZ zone and VPN concentrators.
What needs improvement?
Cisco ASA lacks some functionalities, when compared with other vendors’ products. Cisco need to implement some more functionalities, like client-less VPN (HTML5), but I expect that Cisco will continue to add, and improve, features of the product. One of the features that should be improved is the URL filtering engine, as currently it has limited functionality. For full functionality, you will need an external URL filtering server, like Websense.
For how long have I used the solution?
We have used it for more than five years, and have implemented it for perimeter network protection. It is designed for basic network protection for our corporate environment.
What was my experience with deployment of the solution?
No issues during the deployment, as we had good planning.
What do I think about the stability of the solution?
No issues with stability. The device is designed for hard work 24/7. I never have a lack of resources like RAM or CPU. The only reason I need to restart the device is during a software upgrade.
What do I think about the scalability of the solution?
In our deployment, we did not have a scalability issue.
How are customer service and technical support?
Customer Service:
It is very high.
Technical Support:We did not have any technical problems with this product, so we have not had need of technical support
Which solution did I use previously and why did I switch?
We implemented ASA after a complete redesign of our network, and we believe that Cisco ASA is the right solution for our needs.
How was the initial setup?
The initial setup is straightforward, as there is a lot of documentation available on the Cisco site, and other sites, which makes planning and deployment pass without any problems. However, the ASA is a complex device, with a lot of features and further tuning is complex and you must have the right knowledge to do it. Configuration can be done through a Java based application called ASDM or through the CLI interface. Using ASDM is much more simple and easy, but ASDM is not compatible with the newer Java version, so before implementation you must read the compatibility notes. Also, keep in mind that when upgrading ASA software, you must also upgrade the ASDM package.
What about the implementation team?
Initial implementation was through a vendor. I would rate their experience and expertise as 9/10.
What was our ROI?
Calculating the ROI for network security or IT security is complex and dependent on many factors, like the implementation, role, expectation etc. IT security cannot be compromised, but on the other hand, we must ask how much is enough. In our case, we do not have a defined ROI for this product.
What's my experience with pricing, setup cost, and licensing?
The cost of the setup was only the product price, local vendor support for the implementation, and employee training. This product is set it and forget it, so we do not have day to day costs.
Which other solutions did I evaluate?
We did not evaluate other products. One reason was that we believe that the ASA is a reliable product and fits our needs. Another reason, was the lack of local support for other solutions.
What other advice do I have?
Unfortunately, the ASA 5500 is EoS and EoL, and I hope that Cisco’s NGF 5500-X series will be a worthy successor. This does not mean that Cisco will stop software support and will continue to release new software versions with new and improved features for the ASA 5500 series.
As with any other product, the main things for a successful implementation are to decide what you want to achieve, and what your main goal is, and then, you need good planning, not only for your current needs, but you also need to keep in mind further grow and needs. Good planning is, at least, 80% of successful implementation.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Daglig leder at a tech services company with 1-10 employees
Provides good protection and saves time, but integrations can be better
Pros and Cons
- "We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works."
- "It integrates with other security products from Cisco, but sometimes, there can be glitches or errors."
What is our primary use case?
We are using these firewalls for edge security or different zones of security. We use them throughout the whole organization, but they vary in size, depending on if it's a small office in Spain or a large office in another country. We have offices in many countries.
How has it helped my organization?
It saves time. It protects us from experiencing big or small attacks. If we are vulnerable to attacks, it would take us a lot of time to fix that and put out all the fires. Hopefully, we won't need that when we have several layers of security.
What is most valuable?
We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works.
What needs improvement?
They have already improved it to some degree. It has become easier, but I've not drilled down much myself. I mostly use CLI, but I can see that it's a little bit more GUI-based. So, improvement is already there. It's a good thing that we now have GUI-based control over the details, and that would be the way to go.
It integrates with other security products from Cisco, but sometimes, there can be glitches or errors.
For how long have I used the solution?
I have been using Cisco firewalls for the last 20 years. We are now mostly using FPRs, but we also have some old Cisco firewalls that we need to change to newer technologies.
How are customer service and support?
It has been a while since I used it myself. My experience was good. You get the correct engineer for the task. I'd rate them an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have firewalls from other vendors, but we will be moving over to Cisco. When we have the same vendor, it would take less time to train people to do their job because there is one technology rather than four or five different ones.
How was the initial setup?
I was involved in its deployment, but that was a few years ago. It was not an in-depth technical installation; it was more of a physical installation. It was easy. We are a big company, so we need to plan the downtime and get approval from the business to take down systems and upgrade them.
What other advice do I have?
I'd rate Cisco Secure Firewall a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Lead at a tech company with 10,001+ employees
Simple deployment and is easy to manage but the GUI, functionality and flexibility should improve
Pros and Cons
- "Cisco Secure Firewall improved our organization. We have it in every one of our French offices."
- "One thing that Cisco could improve is the GUI. The graphic user interface should be more user-friendly."
What is our primary use case?
Our primary use case for Cisco Secure Firewall is segregation between different environments. We put Cisco Secure Firewall between each of those environments to create this segregation.
How has it helped my organization?
Cisco Secure Firewall improved our organization. We have it in every one of our French offices.
What is most valuable?
What I like about Cisco Secure Firewall is that you get to integrate it into one box. For example, you can have one big switch with a model inside of it. This makes it easy to manage.
What needs improvement?
One thing that Cisco could improve is the GUI. The graphic user interface should be more user-friendly. If you compare it with some of its competitor's GUIs, Cisco falls short in terms of how rules are pushed.
We have also run into issues with functionality and flexibility. Cisco does fall behind its competitors in this regard. It's our opinion that Cisco is not a leader in security devices.
For how long have I used the solution?
I have been using Cisco Secure Firewall for two decades.
How are customer service and support?
We are satisfied with the level of support we get from Cisco. Getting support is quite easy. When we have a problem, our engineer just opens up a case and we get a reply quickly. The support usually has deep knowledge of the solution.
How would you rate customer service and support?
Positive
How was the initial setup?
I was involved in the initial deployment. It was quite simple, not complex at all.
What was our ROI?
We have seen a return on investment in terms of price because we have a partnership with our provider.
Which other solutions did I evaluate?
We chose Cisco Secure Firewall because we were already using Cisco switch routers and other products, so we wanted everything to be from one provider. However, we do use other products as an additional security measure.
What other advice do I have?
The solution does help us save time because it enables us to do a good job of filtering from the get-go. This ensures we have fewer potential threats to look through.
Cisco Secure Firewall has not helped us consolidate tools because part of our security strategy is having multiple firewalls from different providers. Our company policy is that it is better to have different technology, so we do have some overlap.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of network ops at a non-profit with 51-200 employees
Protects our network and gives us visibility into traffic
Pros and Cons
- "The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network."
- "Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance."
What is our primary use case?
The use case is protecting our building. We have one office and we use it to protect the network.
What is most valuable?
The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network.
What needs improvement?
We have an older version of the ASA and there are always improvements that could be made. Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance.
For how long have I used the solution?
I have been using Cisco ASA Firewalls for over 10 years.
What do I think about the stability of the solution?
We've had issues with it because we always run it in pairs for high availability. We've had issues with the unit, but not in the last five or six years. It's pretty, pretty stable.
What do I think about the scalability of the solution?
The product we have has some limitations when it comes to scalability. That's one of the things we're looking to address with a new solution.
How are customer service and support?
Technical support was good when I used it, but I haven't needed support for the solution lately. I know people complain about support, but I don't have experience with it for this device because I haven't needed support recently.
We do pay the annual fee for support and I expect them to be there in four hours with a new device, if we need one, as they've done in the past.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We didn't have a previous solution.
How was the initial setup?
My system engineer did the initial setup and he's the person who manages it, day in and day out.
What was our ROI?
I don't think we've tracked enough data points to see ROI data points, but the value comes from the fact that it's still running and that we are still happy with it. That is definitely a good return on our investment.
What's my experience with pricing, setup cost, and licensing?
The pricing is too high and the licensing is too confusing.
What other advice do I have?
Go for it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Helps protect servers from hackers but doesn't have all the next-generation features we need
Pros and Cons
- "The most valuable feature is the Intrusion Prevention System."
- "Most of the features don't work well, and some features are missing as well."
What is our primary use case?
We use it as a next-generation firewall for the perimeter. I generally use it on-premises.
How has it helped my organization?
It helps protect my servers from hackers.
What is most valuable?
The most valuable feature is the Intrusion Prevention System.
What needs improvement?
Most of the features don't work well, and some features are missing as well. The completeness of the solution is most important for me. It should be complete, but some parts are missing. Cisco should improve it.
Every part of the features should be developed. That includes the next-generation firewall parts, such as application recognition.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewalls for about five years. I am an integrator and reseller of multiple vendors' products.
What do I think about the stability of the solution?
The stability is getting better day by day, but I would expect a more stable solution, to be honest. It is stable now, but we have solutions that are more stable.
How are customer service and support?
Technical support is nice, but most of the limitations or problems are caused by the product itself. There's nothing that a technical engineer can do about them.
What's my experience with pricing, setup cost, and licensing?
The licensing package is good, but the licensing fee should be decreased.
Which other solutions did I evaluate?
I have used CheckPoint, Palo Alto, Juniper, and FortiGate. The Palo Alto solution is complete.
If I choose Cisco Firepower it is mostly because of its integration with other solutions. When the customer has several Cisco solutions, I put Cisco Firepower on top of them. But if the customer has a complex environment, I generally prefer other solutions.
What other advice do I have?
For specific needs, like VPN, you can use Cisco Firepower. But our expectation is for a next-generation Firewall or UTM solution that includes all the features. I cannot recommend Firepower to others, at the moment, as a unified threat management solution.
Generally, if the customer's number of users is greater than 100, that's when the Cisco solution is more likely to be effective.
Maintenance of the solution requires one or two people.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT/Solutions Architect at a financial services firm with self employed
A reliable next-generation firewall solution with good support
Pros and Cons
- "I like that Cisco Firepower NGFW Firewall is reliable. Support is also good."
- "We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
What is our primary use case?
In the new design, I put Cisco Firepower NGFW Firewall as a LAN segment and as the data center firewall. In the old design, I just used FortiGate Firewall for configurations, and we are going to replace it. The complete solution will be replaced with a two-tiered data center.
What is most valuable?
I like that Cisco Firepower NGFW Firewall is reliable. Support is also good.
What needs improvement?
We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for about 11 years.
What do I think about the stability of the solution?
Cisco Firepower NGFW Firewall is a stable solution.
What do I think about the scalability of the solution?
Scalability is good, but just like the issue with Palo Alto and Fortigate, there is also an issue with Cisco Firepower NGFW Firewall. I can configure it easily because of my Cisco background, but others in my team aren't comfortable with it.
How are customer service and support?
Technical support is good. They were both fast and reliable and quick in making decisions. We faced specific issues, and tech support was efficient and provided an immediate solution. Other firewall vendors are slow to respond, and I'm not satisfied. It's also easy to Google and find solutions to our problems. We can't do that for other firewalls.
On a scale from one to five, I would give technical support a five.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used FortiGate Firewall, but we are replacing it with Cisco Firepower NGFW Firewall because we had issues with HP solutions. We also switched because I am Cisco certified, and my background and expertise are in Cisco.
How was the initial setup?
The initial setup was straightforward.
What was our ROI?
We have seen a return on our investment.
What other advice do I have?
I will tell potential users that the data center firewall is a good solution. But most of the companies are using other firewalls like Palo Alto and FortiGate. Most of the design architects prefer the parameters of the firewalls like we prefer the data center firewall.
On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?