Cisco Secure Firewall Reviews

Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.

Do not do cluster to add more bandwidth.

Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

The needed features are already being done on Firepower, but this software is still in flux. 

It is very stable.

Setting it up is not as intuitive as other more modern NGFWs.

The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.

Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.

Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.

I've used it for two years.

No, it was quite easy.

No issues with stability.

The only issue I have is with the price, as SourceFire is VERY expensive.

Customer service is very helpful and there are some extremely knowledgeable people on board.

Very technical! The men and women know what they are doing and are very helpful.

No previous solution was used.

It's straightforward with easy to follow instructions. You just plug-in and go.

I implemented it myself.

Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.

The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!

Other IDS/IPS products were looked at.

The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.

We deploy the firewall on the customer end and the customer can facilitate the VPN for their clients. We use Cisco Umbrella to secure their network and their endpoints.

We only work with Cisco products. We have been working with Cisco products for many years. In that way, we save time and we don't want to change to other vendors.

The security features are the most valuable. My customers find the security products very useful because nowadays there are many threats from the internet and other malicious users. The security products really help.

So far, Cisco Secure for securing infrastructure from end-to-end so that we can detect and remediate threats is good enough.

It should be easier for the IT management or the admin to configure products. For example, the firewall products are not very straightforward for many users. They should be easier to configure and should be more straightforward. 

Some competitors are very easy to configure, you don't need to spend a lot of time reading the documents and learning them.

I have been using Cisco products for ten years. 

The support is good. Sometimes it has a long waiting time. The waiting time depends on the products. For some products, for example, the Data Center solutions, you have to wait for an hour, even though they said that they escalated the case. 

Positive

The initial deployment should be more straightforward. It's not that straightforward at the moment.

The licensing is not good, it's confusing. I'm an engineer so I don't care about the actual price that much but the licensing part is confusing.

We've evaluated other solutions. We've been consulted to use competitors' products. There are things that are good with those competitors, but everything has two sides.

We choose Cisco because we are a Cisco partner, so we only recommend Cisco products. They believe in us, so we have a good relationship with them. 

I would rate Cisco Secure products an eight out of ten. 

My advice would be to use them. 

We use it as a firewall or for UTM at the data center.

We like the standard firewall features. It's quite a capable box for UTM.

Sometimes my customers say that Cisco firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved.

I have been using Cisco ASA Firewalls for as long as I have been working here, which is seven years.

Once installed, it's quite stable. We don't have many issues after it's deployed. Both the hardware and software are quite stable.

As a firewall, it's in use all the time. Whether there will be increased usage depends on how security risks increase. But at the moment, there's no expectation for an increase in use.

Cisco's technical support is usually quite satisfactory, and we get a reasonable response in a reasonable time to any inquiry we make.

Positive

The initial setup is not that simple. I don't do the installation myself, but from what I hear it's more complicated than some of the other firewall products.

We usually do our installation in two or three hours. Our customers usually have between 10 and 50 users and they are generally IT admins.

We have three people who work in the field and manage deployments, and another five to 10 to manage the solution.

If you use the full functionality of Cisco ASA, it's worth the cost. But I don't think our company product is using the full capacity of the Cisco ASA.

Licensing, recently, has been getting more complicated. In particular, the Smart Licensing that came out is quite complicated. I don't know what's going on. Our sales team asks us questions about Smart accounts, but I don't know what it is and Cisco is making it so complicated. They call it Smart, but it's complicated. I prefer the traditional license where you buy it once.

When talking with our customers, I would not recommend our company's Cisco products for their security. It depends on their requirements, but if they want full security, I wouldn't say that Cisco ASA is the one choice.

My advice would be to do a PoC first.

We use it for our VPN requirements. We wanted to allow people to work from home and we used the ASA to create VPNs through AnyConnect at the endpoints.

It has 

• allowed people to work from home when they otherwise couldn't
• improved response times when there are fires that need to be put out when people are not onsite.

The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.

I would like to see them update the GUI so that it doesn't look like it was made in 1995.

I've been using the Cisco ASA Firewall for between one and two years.

It's been very stable. I don't think we've ever had an issue with it failing entirely.

It scales well. We've had no issues ramping things up.

We're going to expand our usage of it. We rolled it out to about 200 users and now we're going to expand that to about 1,000 users out of our 3,000-user base. It has been really good.

The tech support is excellent. I've always gotten really good tech support from Cisco.

Positive

We did not have a previous solution.

The pricing could always be cheaper.

The solution always requires maintenance. I have about two people who are the "experts" and they help maintain it pretty well.

Cyber security resilience has been extremely important for our organization because of our customers' demands for security. The ASA has really helped to accomplish that with the VPN. My advice to leaders who are looking to build resilience is don't go cheap, and make sure you have backup solutions and high availability.

It's a good, robust firewall and VPN solution, with lots of knobs to turn. It is effective at what it does.

I often work with financial sector companies such as banks as well as retail organizations.

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

The initial setup can be a bit complex for those unfamiliar with the solution.

There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced. 

The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.

We've used the solution recently. We've used it at least over the last 12 months or so.

The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.

This particular product does not have high availability and therefore scalability is limited.

You need a pretty sizable solution for a center.

We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.

I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.

We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.

I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.

You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.

The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.

I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.  

I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.

The primary use case of for Cisco firewalls is to segment our network. We're using them on the perimeter network for traffic filtering. Since deploying them, we have seen a maturing of the security in our organization. 

We're using both the FTD 2100 and 4100. We have about 40 sites that are using our approximately 80 FTDs. We have about 2,000 users.

It has helped us to solve some problems regarding auditor recommendations. We used to have some audit recommendations that we were not able to comply with. With FTD deployed we have been able to be in compliance around our 36 remote sites.

Before deploying them we had a lot of incidents of internet slowness and issues with site access, as well as computers that had vulnerabilities. But as soon as we deployed them we were able to track these things. It has helped the user-experience regarding connectivity and security. 

In addition, it is giving us a better view regarding the traffic profile and traffic path. And we can categorize applications by utilization, by users, etc.

The solution has, overall, made us twice as productive and, in terms of response time for resolving issues or to identify root causes, we are three times more effective and efficient.

We can easily track unauthorized users and see where traffic is going. It is very useful.

FTD is also fully integrated with Talos. We are in the process of acquiring it and we will integrate it. That way we will have everything from Talos to do correlations.

We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.

We would also like to have a solution on the cloud, where we could manage the configuration. CDO is in the ASA mode. If Cisco could do it in full FTD — the configuration, the administration, and everything — it would be very good, and easy.

The solution is stable. Last year, we deployed it in more 32 countries and it has been stable since the deployment. We haven't had any issues with the firewall. If we have any issues, it is usually due to the power. The solution itself is stable.

It's scalable.

Tech support is able to resolve 70 percent of the issues. In case of an emergency, we can open a case because we have a contract for Smart Net support on the devices. In case of an issue, we open a case and we get assistance.

Before FirePOWER we were using the ASA.

At the beginning, it was complex, but we were able to develop a step-by-step implementation. Now, we can deploy one in about two hours, including integration testing, physical testing, configuration, and applying the rules.

We have in-house engineers for the deployment. We haven't used external, third-parties. We are a big institution, based in 36 countries. The team that is focused on this deployment is a team of five. The person who is handling the implementation will be in contact with a local engineer at the remote site, and will assist him, remotely, to do the testing and follow the steps to deploy.

The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high. A company like ours, that has about 80 firewalls, has to multiple the maintenance cost per device by 80. Cisco should find a way to provide some kind of enterprise support. We don't want to buy support per unit of equipment. It would be easier for everybody.

We are using about ten different security tools, including analytics, monitoring, threat management, and email security. What we have integrated is the ISE and FTD but the third-party solutions are not fully integrated.

We use this solution as a firewall and for the segregation of our servers from the rest of the environment.

Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.

The most valuable features are the flexibility and level of security that this solution provides. 

There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.

Some of the features should be baked-in by default.

Stability has been pretty good, so far.

This solution is very scalable.

We have contacted technical support about an issue that we were having, and it took a very long time for them to figure it out. We were on the phone for six or seven hours with them.

We previously used an ASA 5500, and it was simply time to upgrade it. We used this solution as a direct replacement.

The initial setup of this solution is pretty straightforward.

We are not restricted to any one vendor, but this solution worked well as a direct replacement for our previous one. We considered both Juniper and FortiGate.

This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into.

I would rate this solution a nine out of ten.