Cisco Secure Firewall Reviews

We use it as a next-generation firewall for the perimeter. I generally use it on-premises.

It helps protect my servers from hackers.

The most valuable feature is the Intrusion Prevention System.

Most of the features don't work well, and some features are missing as well. The completeness of the solution is most important for me. It should be complete, but some parts are missing. Cisco should improve it.

Every part of the features should be developed. That includes the next-generation firewall parts, such as application recognition.

I have been using Cisco Firepower NGFW Firewalls for about five years. I am an integrator and reseller of multiple vendors' products.

The stability is getting better day by day, but I would expect a more stable solution, to be honest. It is stable now, but we have solutions that are more stable.

Technical support is nice, but most of the limitations or problems are caused by the product itself. There's nothing that a technical engineer can do about them.

The licensing package is good, but the licensing fee should be decreased.

I have used CheckPoint, Palo Alto, Juniper, and FortiGate. The Palo Alto solution is complete. 

If I choose Cisco Firepower it is mostly because of its integration with other solutions. When the customer has several Cisco solutions, I put Cisco Firepower on top of them. But if the customer has a complex environment, I generally prefer other solutions.

For specific needs, like VPN, you can use Cisco Firepower. But our expectation is for a next-generation Firewall or UTM solution that includes all the features. I cannot recommend Firepower to others, at the moment, as a unified threat management solution.

Generally, if the customer's number of users is greater than 100, that's when the Cisco solution is more likely to be effective.

Maintenance of the solution requires one or two people.

In the new design, I put Cisco Firepower NGFW Firewall as a LAN segment and as the data center firewall. In the old design, I just used FortiGate Firewall for configurations, and we are going to replace it. The complete solution will be replaced with a two-tiered data center.

I like that Cisco Firepower NGFW Firewall is reliable. Support is also good. 

We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.

I have been using Cisco Firepower NGFW Firewall for about 11 years. 

Cisco Firepower NGFW Firewall is a stable solution. 

Scalability is good, but just like the issue with Palo Alto and Fortigate, there is also an issue with Cisco Firepower NGFW Firewall. I can configure it easily because of my Cisco background, but others in my team aren't comfortable with it.

Technical support is good. They were both fast and reliable and quick in making decisions. We faced specific issues, and tech support was efficient and provided an immediate solution. Other firewall vendors are slow to respond, and I'm not satisfied. It's also easy to Google and find solutions to our problems. We can't do that for other firewalls.

On a scale from one to five, I would give technical support a five.

Positive

We used FortiGate Firewall, but we are replacing it with Cisco Firepower NGFW Firewall because we had issues with HP solutions. We also switched because I am Cisco certified, and my background and expertise are in Cisco.

The initial setup was straightforward. 

We have seen a return on our investment. 

I will tell potential users that the data center firewall is a good solution. But most of the companies are using other firewalls like Palo Alto and FortiGate. Most of the design architects prefer the parameters of the firewalls like we prefer the data center firewall.

On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.

We provide IT solutions. We provide solutions to our customers based on their requirements. We support them from the beginning and do the installation and configuration in the head office and front office.

We installed Cisco ASA to support a customer in a WAN environment. They used it for site-to-site VPN and remote VPN. They used it for accessing remote office locations via the remote VPN feature. They had Cisco ASA 5500.

It made our customer's network more secure. They also have customers outside the office, and they are able to use the remote VPN feature to log in securely.

The high-availability and remote VPN features are most valuable.

It is easy to configure. It has a GUI and a CLI.

It doesn't have Layer 7 security.

I used this solution for maybe a year.

It is stable.

It is scalable.

For any issues, we contact the local support. They are very easy to deal with.

I have also worked with Fortigate.

It was easy to configure. The site-to-site VPN configuration didn't take too much time. It was complete in three to four hours.

Its price is moderate. It is not too expensive.

I would rate Cisco ASA Firewall a nine out of 10.

I have used the Cisco ASA 5585-X Series hardware. The software was probably version 9. We implemented a cluster of two firewalls. In these firewalls, we had four virtual firewalls. One firewall was dedicated for Edge, near ISP, and one firewall was for the data center. One firewall was for the application dedicated to that company, and one firewall was dedicated only to that application.

Dynamic policies were useful in the data centers for our clients. They were making some changes to the networks and moving virtual machines from one site to another. With dynamic policies, we could do that easily.

We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.

It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4. 

The virtual firewalls don't work very well with Cisco AnyConnect. 

There are two ways of managing it. You can manage it through the GUI-based software or command-line interface. I tried to use its GUI, but I couldn't understand it. It was hard for me. I know how to use the command line, so it was good for me. You should know how to use the command-line interface very well to make some changes to it. Its management through GUI is not easy.

It is very stable. It has been five years since I have configured them, and they have been up and running.

It is not much scalable. It is only a Layer 4 firewall. It doesn't provide deep packet inspection, and it can see packets only up to TCP Layer 4. It can't see the upper layer packets. So, it is not very scalable, but in its range, it is a very good one. What it does, it does very well.

I have not worked with Cisco support for this firewall.

It is not straightforward. You should know what to do, and it needs to be done from the command line. So, you should know what to do and how to do it.

From what I remember, its deployment took a week or 10 days. When I was doing the deployment, that company was migrating from an old data center to a new one. We were doing configurations for the new data center. The main goal was that users shouldn't know, and they shouldn't lose connectivity to their old data center and the new one. So, it was a very complex case. That's why it took more time.

Our clients have seen an ROI because they paid only once, and they have been using their firewalls for five years. They didn't have to pay much for anything else.

I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA Firewall. Our clients are also very satisfied with its licensing model.

You cannot compare Cisco ASA Firewall with any of the new-generation firewalls because they are at a higher level than Cisco ASA Firewall. They are at a different level.

It is a very good firewall for small companies that don't want to do deep packet inspection at Layer 7. It is not easy, but you can manage it. You should know how to use the command-line interface. Otherwise, it would be difficult to work with it.

For Cisco ASA Firewall, there will be no improvements because they will not make these firewalls anymore. They want to make changes to the next-generation firewalls, and they are killing the old ones.

I would rate Cisco ASA Firewall a 10 out of 10. I like it very much.

We use this solution for our firewall and intrusion prevention system.

The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside. 

There are no issues that we are aware of. It does its job silently in the background.

The initial setup could be simplified, as it can be complex for new users.

We have been working with this solution for a couple of years.

It's stable. If there is ever a problem, it never seems to be the firewall.

This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.

Technical support is good. They are responsive.

The initial setup was somewhat complex at first.

We had help from an integrator, which was Dell. They were helpful.

The price is comparable.

We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.

We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.

We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.

I would rate the Cisco firepower NGFW Firewall a nine out of ten.

I primarily use it for my small company to protect 5-10 users.

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.

The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco. I think in Cisco it's more complicated to do that, in my opinion. 

It could also use a better web interface because sometimes it's complicated. The interface sometimes is not easy to understand, so maybe a better interface and better documentation.

My impression of the stability of the solution is that it's very good.

I don't have a sense of the scalability. I never extend the processes or usage.

My experience with customer service is very good in general. When I have a good person on the phone, or on the email, it's in general very fast and the reply is good. It's a good solution in general.

I previously used Juniper before Cisco, but only for one year. I switched because my company only used Cisco.

The initial setup was not complex, it's just difficult to find out how to do it. The FAQ is not clear. In terms of deployment, it depends on the client, but deployment takes about an average of six hours.

In general, I implement the solution myself.

I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. 

I would rate the solution 8 out of 10.

We need a good and generic firewall which is why I bought Cisco ASAv. I also needed a secure VPN. The real reason I bought it though, was for the firewall. 

The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure. 

There definitely is room for improvement. We found it difficult to publish an antenna plug with the ASDM. Cisco should make the interface for the firewall more simple. 

This product is very stable. Before installing Cisco ASAv, I had two or three viruses in my network. Since installing ASA, I have not had any problems with viruses. There is a huge difference with and without ASA.

I am satisfied with the customer service because the assistance I got from the Cisco engineer was very good.

I used a different solution before. I used Meraki and it was a little simpler to use. However, currently, I only have Cisco routers.

The initial setup for Cisco ASAv was fairly simple. It wasn't very complicated, it would be okay for an intermediate professional. It can be made easier. I believe almost anybody could set up an ASA in a few hours. It took about two to three weeks for the platform to work properly.

The installation wasn't complicated at all and I got help from a Cisco engineer. 

I bought a license for three years and it was really affordable. 

I did consider other options as I have experience with Meraki and other devices. Meraki is simpler to use, but I decided on Cisco ASAv. 

I am really satisfied with the product and I rate this an 8.5 out of ten. The reason why I wouldn't rate it a ten, is because I find it a little more complicated to set up a firewall for publishing than when using Meraki. I therefore believe there is room for improvement.

We mainly use this solution for our firewall and it's one layer of our security. From the time that we've used it, the organization as a whole got a sense of security because Cisco is a known product. When we do need support locally or online, we get it instantaneously. We use this solution for a couple of things: for security, for their technical support, and in terms of the knowledge and skills of the team here that gave us a good grip and confidence in the use of the product.

It gives the organization a higher vote of confidence. When I joined the organization more than six years ago, we were using the old Cisco, and some of the products already reached their end of life. Some of the products were not in its latest state, in terms of security or license. We've learned a very good lesson there. Since then, when we upgraded we made sure that all the licenses and all the security facets are in place. It gives the organization a higher vote of confidence. There may have been one or two incidences of malicious threats, but it did not really bring down the organization to a level that we would all be sorry for. The greatest benefit for the organization is the confidence that we are secured.

Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.

I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide.