Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Information Technologies Consultant at a tech services company
Consultant
Everything is based on high securities standards
Pros and Cons
  • "It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance)."
  • "Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc."

What is our primary use case?

Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

How has it helped my organization?

It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

What is most valuable?

  • Reliability
  • Robustness
  • Security features
  • High encryption, hashing, and integrity support
  • Support
  • High performance

What needs improvement?

Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Consulting Engineer at a energy/utilities company with 10,001+ employees
Real User
It is very stable. Setting it up is not as intuitive as other more modern NGFWs.
Pros and Cons
  • "If only a Layer 4 FW is needed, this is a good solution."
  • "It is very stable."
  • "Setting it up is not as intuitive as other more modern NGFWs."

What is our primary use case?

Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

How has it helped my organization?

Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.

Do not do cluster to add more bandwidth.

What is most valuable?

Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

What needs improvement?

The needed features are already being done on Firepower, but this software is still in flux. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is very stable.

How was the initial setup?

Setting it up is not as intuitive as other more modern NGFWs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
IT Adviser/Manager with 51-200 employees
Real User
The Cisco ASDM management tool was helpful. I would like to see good reporting options.
Pros and Cons
  • "The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes."
  • "Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options."

How has it helped my organization?

The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes.

If you ask how a firewall can improve our business: It can’t. It is securing our business IT network.

But if you want to know what the ASA5520 can do to secure our network:
Not much more than any firewall. It is a solid port firewall, nothing more, nothing less.

What is most valuable?

The Cisco ASDM management tool was helpful.

What needs improvement?

Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options.

For example, to update or add a feature, you end up buying new support and licenses. The process is complex and changes so rapidly that you won't find a salesperson who will offer you the right products.

New generation firewalls are cloud managed or provide a good interface. They integrate into the environment. They are application aware and come with security features that are especially designed for the purpose.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

You need to buy a new product if you want to scale. I once tried to put in another network card and ended up in a support nightmare. I had to buy more support, licenses, and it was more expensive than buying a new one.

How are customer service and technical support?

Customer Service:

Customer service is non-existent. You need to go through a very complex and annoying approval system before you can get any help. The support then gets asked a question and you get one word answers. It takes you hours to find out what version of an update you need to install, and then another day to find out how to install it.

Technical Support:

I would give technical support a rating of zero out of 10. It is clear that Cisco is not for the end-customer, but rather for resellers and providers. They might have better contracts and get more technical support.

Which solution did I use previously and why did I switch?

I usually have to take what is there. If I had a choice, I would now take something newer.

How was the initial setup?

You can start very easy and set up the network cards, but it also has many traps to find out the right setting for your environment.

For example, you need fixed network settings on your switch to connect with full duplex 100Mb/s. There is no autonegotiation nor other settings. This is the same problem with the WAN connection. You need to know exactly what to configure to match the WAN, or it will not work.

What about the implementation team?

I once had support from a reseller and once from a provider. Both depended on the level of the person you speak with. Most have some knowledge.

What was our ROI?

Once installed, they last a long time. I would recommend replacing them after some years to get better security features.

What's my experience with pricing, setup cost, and licensing?

If you look for user internet access, many new products can help with filtering and rules or procedures, like Meraki. This replaces the purpose of proxy servers.

If you have to secure web servers from the internet, you need a decent firewall with web features to process the requests and redirect traffic to web servers.

Cisco is no longer the only vendor offering these features. With Microsoft TMG out of the race, others have to push in. But firewalls are also no longer the first frontier of security. Cloud services are in there as well.

Which other solutions did I evaluate?

I had no choice.

What other advice do I have?

Get someone to help you plan and set up the firewall concept, as well as the initial setup and testing. Waiting for later is not the time to test or change anything without an outage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user398799 - PeerSpot reviewer
Sr. Security Analyst with 1,001-5,000 employees
Real User
Centralized policy creation simplifies matters more than previously. URL, Malware and IPS built-in has been a great help.

What is most valuable?

Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.

How has it helped my organization?

It provides centralized management. I would also add that URL, Malware and IPS built-in has been a great help as well. Where we used to need several products for all these features, we now only need the ASAs with the additional licensing. So now, it is more a matter of license management over hardware and licensing management.

What needs improvement?

More centralization and simplification of product lines would help most engineers, but I think licensing is the key here. Most organizations won’t pay the money to have ELA licensing, so all the individual licenses for these products can be overwhelming. Plus, they never really synch for expiration time.

This is mainly due to reliance on other Cisco products and licensing. For example, Palo Alto includes several features in one whereas Cisco requires multiples. However, I still think Cisco offers great products but to get a "10" they might consolidate devices or simplify licensing.

For how long have I used the solution?

I have used this for two years, but company has used Cisco solutions for many years.

What do I think about the stability of the solution?

We did somewhat have stability problems. Upgrading the ASA, ASDM, and SFR can be a pain if you have as many firewalls as we do (21). Once you can get them to fall under FPMC management it can be a little easier, but it is a battle to get to that point.

What do I think about the scalability of the solution?

There have been no scalability issues from my point of view. I was handed the solution, so some of the initial work was done.

How are customer service and technical support?

I rate support 10/10. TAC has always done a great job with answering my questions and providing remote support when needed.

Which solution did I use previously and why did I switch?

Previously, I used ASAs without FirePower; and unsure what my company used prior to that.

How was the initial setup?

For me, setup was half-and-half. In one update run I missed the step that discusses how the ASA and ASDM need to be on a specific patch prior to upgrading the SFR. FPMC attempted to push the new update to the devices regardless of this mismatch that caused FPMC to loose communication. I had to downgrade the SFR all the way back to v5.4.1 before I could install the latest version. You also have to step through several updates before you are done, so that can be tedious as well.

What's my experience with pricing, setup cost, and licensing?

Read everything and track all your licenses. Research all options and maybe pick a few to PoC. It doesn’t hurt to trial others. Maybe they are a better fit for your environment.

Which other solutions did I evaluate?

We are moving forward with ELA 5.0 for all Cisco security devices. Prior to that decision, we did a PoC with Palo Alto 3020 and 220 firewalls and Panorama. Those are some great products, but we are so Cisco centric that the cost of ELA isn’t much more than we are spending now.

What other advice do I have?

Do research. FPMC is great for us but it requires a lot of time and attention.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Lead Network Engineer
Real User
Enables secure communication with our peers, but needs more next-gen features
Pros and Cons
  • "They are easy to maintain."
  • "I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution."

What is our primary use case?

We use them for VPNs and as firewalls, of course. We wanted to protect the network and have secure communication with our peers.

How has it helped my organization?

They secure the network and ensure our network is always available.

What is most valuable?

They are easy to maintain.

What needs improvement?

I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution.

For how long have I used the solution?

I have been using Cisco ASA Firewalls for nine years.

What do I think about the stability of the solution?

In terms of stability, it is a really good product and platform. Overall, it's great.

What do I think about the scalability of the solution?

It's not really cost-effective when it comes to scalability. It is a really expensive product if you go to the modular firewalls. You need to get new appliances to get new features.

How are customer service and support?

Tech support is good but it could be improved on some points.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used Fortinet, Check Point, and Palo Alto firewalls. Most of those solutions have everything integrated into them so you don't need multiple appliances. You get a single solution for your network. It would be better to have a centralized firewall, from Cisco, that can do everything.

How was the initial setup?

The initial deployment was straightforward. The last implementation of an ASA took us about one to two weeks.

Our implementation strategy was to have good architecture and to have all the requirements for the project beforehand. Everything went really smoothly because of that.

We needed four or five people for deployment, including field techs and network engineers.

What other advice do I have?

For clean and easy protection of an enterprise, it is a really good product. It can be also deployed as a virtualized solution in data centers.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tayyab Tahir - PeerSpot reviewer
Senior IT Officer at Paragon
Real User
The vendor offers a great educational series to train users on their devices
Pros and Cons
  • "Cisco offers a great educational series to train users on their devices."
  • "It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."

What needs improvement?

It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall.

For how long have I used the solution?

We have been using Cisco for about five years. All our products, switches, routers, and firewalls are Cisco devices.

What do I think about the scalability of the solution?

Cisco Firewall's scalability is fine. 

What other advice do I have?

I rate Cisco ASA Firewall eight out of 10. Cisco offers a great educational series to train users on their devices.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at a computer software company with 51-200 employees
Real User
Enables us to create policies based on who is accessing a resource instead of just IP addresses but the UI needs improvement
Pros and Cons
  • "Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
  • "It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."

How has it helped my organization?

I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.

Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.

What is most valuable?

If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.

What needs improvement?

The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable. 

The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.

It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.

For how long have I used the solution?

We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.

What do I think about the stability of the solution?

For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.

What do I think about the scalability of the solution?

We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.

Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.

How are customer service and technical support?

The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.

Which solution did I use previously and why did I switch?

I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.

Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.

How was the initial setup?

I recently deployed a similar solution at a customer's premises, and that setup was straightforward.

The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.

It took two to four hours, including some upgrades.

What other advice do I have?

My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.

I would rate it a seven out of ten. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Networking Specialist at a healthcare company with 1,001-5,000 employees
Real User
Blocks attacks by providing a security barrier
Pros and Cons
  • "I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
  • "The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."

What is our primary use case?

We use it to configure the perimeter firewalls. In FireSIGHT, we have two firewalls in a cluster with high ability, then we have five firewalls in Offices. We use those firewalls as a perimeter for Offices.

We have all the devices in the Firepower Management Center system. We always work with Firepower devices in Firepower Management Center.

We have offices around the world. We are in Europe, the USA, and South America.

How has it helped my organization?

We have border security with Firepower. We try to curb security issues by using this Firepower firewall.

What is most valuable?

The solution provides us with good working application visibility and control.

I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.

What needs improvement?

The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.

Three years ago, the Firepower Management Center was very slow. The solution has improved a lot in the last couple of years. It is now faster. I hope that continues to improve. 

For how long have I used the solution?

I have been using it for three years.

What do I think about the stability of the solution?

We have five devices. In Rome, we don't have a technician and didn't work when we started using it. We had to send a technician to Rome to reboot the system. Now, it is stable with no problems. Also, we lost the link to the high availability firewall in our data center. We only had one device there, and Solutel had to solve this issue.

What do I think about the scalability of the solution?

The scalability is great.

We have five devices in four locations.

Three network administrators who work with Firepower, including myself.

How are customer service and technical support?

I usually create an issue with Solutel, then they create a case with Cisco Talos or the Cisco technicians. I am happy with Solutel's support.

How was the initial setup?

We deployed in several cities, but not the same day. 

What about the implementation team?

The initial deployment was done by a Cisco partner, Solutel. Our experience with Solutel was fantastic. They are local partners for us and provided us with great service.

What was our ROI?

We realized that clearly we have issues of security with a lot of attacks. I don't know if it is because with the COVID-19 virus a lot of hackers are at home or working more hours. In the last year, we have seen attacks that are very big, and we need a barrier. So, we use a firewall to block these attacks.

What's my experience with pricing, setup cost, and licensing?

The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.

Our license for Firepower is their best license.

Which other solutions did I evaluate?

We have FortiGate firewalls, the security of Office 365 from Microsoft, Cisco Umbrella, and Kaspersky Anti-virus. We are also using Cisco ASA, Meraki switches, and a router from Cisco.

The Firepower Management Center tool is very slow. We also have the FortiGate firewalls and these tools for configuring the firewall are faster.

We have to make a change to our devices in South America. We are currently evaluating Cisco Firepower Series 1000 versus FortiGate. Firepower is more powerful than FortiGate, but FortiGate is more flexible and easier to configure. Because of our last issues with Firepower, it is possible that FortiGate is more stable.

What other advice do I have?

It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.

We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.

I would rate this solution as an eight (out of 10).

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.