Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.
Info Sec Consultant at Size 41 Digital
Keeps costs low and provides granular control using appliances familiar to the team
Pros and Cons
- "Among the top features are integrated threat defence and the fact that each virtual appliance is separate so you get great granular control."
- "There are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates."
What is our primary use case?
How has it helped my organization?
Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.
It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.
What is most valuable?
Top features:
- Easy to deploy for staff to use VPNs
- Ease of setup
- Integrated threat defence
- Great flow-based inspection device
- Easy ACLs
- Failover support
- Each virtual appliance is separate so you get great granular control
- Has own memory allocation
- Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
- License control
- SSH or RESTful API
What needs improvement?
We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.
Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
How was the initial setup?
We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.
What other advice do I have?
Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.
This solution gets an eight out of ten because it is easy, has the features we need, keeps costs low, and provides granular control using appliances that are already familiar to the team.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Partner - Consulting & Advisory at Wipro Technologies
It provides the transparency of a single UI to ensure security
Pros and Cons
- "The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it."
- "The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."
What is our primary use case?
Our primary use case is security.
How has it helped my organization?
From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.
What is most valuable?
The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.
What needs improvement?
The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The stability is alright.
What do I think about the scalability of the solution?
Scalability is not an issue.
How is customer service and technical support?
Its technical support is the main reason why we selected the product.
How was the initial setup?
The integration and configuration are transparent and easy.
What's my experience with pricing, setup cost, and licensing?
We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.
Which other solutions did I evaluate?
We evaluated VMware Virtual Networking and Check Point.
We chose Cisco because of the support and their roadmap for the changing technology landscape is good. Therefore, it is always better to be partnered with them.
What other advice do I have?
When you are going to select a product, don't look at the cost, but at the functionality. Also, look at the stability. These days, the startups will show a new function or functionality, but when looking for a partner, make sure the company is sustainability for the new four years? Do they have the funding?
We have a large ecosystem system: Symantec, McAfee, Splunk, Check Point firewalls, Cisco firewalls and IPS IDS from Cisco. They integrate and work well together. Cisco has been security leader for the last 20 years, so the products are quite stable working in sync.
We are using every version of the product: On-premise, Azure, and AWS, which is a new offering.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
Network Consulting Engineer at a energy/utilities company with 10,001+ employees
It is very stable. Setting it up is not as intuitive as other more modern NGFWs.
Pros and Cons
- "If only a Layer 4 FW is needed, this is a good solution."
- "It is very stable."
- "Setting it up is not as intuitive as other more modern NGFWs."
What is our primary use case?
Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.
How has it helped my organization?
Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.
Do not do cluster to add more bandwidth.
What is most valuable?
Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.
What needs improvement?
The needed features are already being done on Firepower, but this software is still in flux.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It is very stable.
How was the initial setup?
Setting it up is not as intuitive as other more modern NGFWs.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Engineer at a tech services company with 1,001-5,000 employees
It's a straightforward setup with easy to follow instructions, however, some IDS/IPS appliances can be too complicated and too time consuming to properly deploy.
What is most valuable?
The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.
How has it helped my organization?
Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.
What needs improvement?
Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.
For how long have I used the solution?
I've used it for two years.
What was my experience with deployment of the solution?
No, it was quite easy.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
The only issue I have is with the price, as SourceFire is VERY expensive.
How are customer service and technical support?
Customer Service:
Customer service is very helpful and there are some extremely knowledgeable people on board.
Technical Support:Very technical! The men and women know what they are doing and are very helpful.
Which solution did I use previously and why did I switch?
No previous solution was used.
How was the initial setup?
It's straightforward with easy to follow instructions. You just plug-in and go.
What about the implementation team?
I implemented it myself.
What was our ROI?
Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.
What's my experience with pricing, setup cost, and licensing?
The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!
Which other solutions did I evaluate?
Other IDS/IPS products were looked at.
What other advice do I have?
The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solutions Consultant at a comms service provider with 10,001+ employees
A capable box for UTM
Pros and Cons
- "It's quite a capable box for UTM."
- "Sometimes my customers say that Cisco Firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved."
What is our primary use case?
We use it as a firewall or for UTM at the data center.
What is most valuable?
We like the standard firewall features. It's quite a capable box for UTM.
What needs improvement?
Sometimes my customers say that Cisco firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved.
For how long have I used the solution?
I have been using Cisco ASA Firewalls for as long as I have been working here, which is seven years.
What do I think about the stability of the solution?
Once installed, it's quite stable. We don't have many issues after it's deployed. Both the hardware and software are quite stable.
What do I think about the scalability of the solution?
As a firewall, it's in use all the time. Whether there will be increased usage depends on how security risks increase. But at the moment, there's no expectation for an increase in use.
How are customer service and support?
Cisco's technical support is usually quite satisfactory, and we get a reasonable response in a reasonable time to any inquiry we make.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is not that simple. I don't do the installation myself, but from what I hear it's more complicated than some of the other firewall products.
We usually do our installation in two or three hours. Our customers usually have between 10 and 50 users and they are generally IT admins.
We have three people who work in the field and manage deployments, and another five to 10 to manage the solution.
What was our ROI?
If you use the full functionality of Cisco ASA, it's worth the cost. But I don't think our company product is using the full capacity of the Cisco ASA.
What's my experience with pricing, setup cost, and licensing?
Licensing, recently, has been getting more complicated. In particular, the Smart Licensing that came out is quite complicated. I don't know what's going on. Our sales team asks us questions about Smart accounts, but I don't know what it is and Cisco is making it so complicated. They call it Smart, but it's complicated. I prefer the traditional license where you buy it once.
What other advice do I have?
When talking with our customers, I would not recommend our company's Cisco products for their security. It depends on their requirements, but if they want full security, I wouldn't say that Cisco ASA is the one choice.
My advice would be to do a PoC first.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director of network engineering at a computer software company with 5,001-10,000 employees
Is easy to use, stable, and scalable
Pros and Cons
- "Cisco ASA Firewall is a well known product. They're always updating it, and you know what they're doing and that it works."
- "It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."
What is our primary use case?
Our primary use case includes basic firewalls, VPNs, NAT, and our connections to customers.
It's used in our data centers to protect the network and customer circuits.
How has it helped my organization?
Cisco ASA Firewall has improved our organization by allowing connectivity to the outside world and into different places.
Cybersecurity resilience is very important to our organization. There are always threats from the outside, and the firewall is the first line of defense in protecting the network.
What is most valuable?
Cisco ASA Firewall is a well-known product. They're always updating it, and you know what they're doing and that it works.
What needs improvement?
It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't.
For how long have I used the solution?
I've been using it for probably 10 to 15 years.
What do I think about the stability of the solution?
For the most part, it's stable.
What do I think about the scalability of the solution?
It's a very scalable solution.
How are customer service and support?
The technical support is very good, and I would give them a nine out of ten.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing are getting more complicated, and I'd like that to be simpler.
Which other solutions did I evaluate?
We evaluated some Palo Alto and Juniper solutions, but Cisco ASA Firewall is better in terms of ease of use. You could get certified in it.
What other advice do I have?
To leaders who want to build more resilience within their organization, I would say that the ASA, along with its features, is a good product to have as one of the lines of defense.
The solution does require maintenance. We have four network engineers who
are responsible for upgrading code and firewall rules, and for new implementations.
On a scale from one to ten, I would rate Cisco ASA Firewall a nine. Also, it's a very good product, and it compares well to others.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at IKUSI
Good integration with helpful technical support and very good administration capabilities
Pros and Cons
- "The solution offers very easy configurations."
- "The initial setup can be a bit complex for those unfamiliar with the solution."
What is our primary use case?
I often work with financial sector companies such as banks as well as retail organizations.
What is most valuable?
The solution offers very easy configurations.
The administration of the solution is very good.
The product integrates well with other products.
What needs improvement?
The initial setup can be a bit complex for those unfamiliar with the solution.
There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced.
The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.
For how long have I used the solution?
We've used the solution recently. We've used it at least over the last 12 months or so.
What do I think about the stability of the solution?
The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.
What do I think about the scalability of the solution?
This particular product does not have high availability and therefore scalability is limited.
You need a pretty sizable solution for a center.
We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.
How are customer service and technical support?
I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.
Which solution did I use previously and why did I switch?
We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.
How was the initial setup?
I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.
You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.
What's my experience with pricing, setup cost, and licensing?
The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.
What other advice do I have?
I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.
I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Engineer at a consultancy with 1,001-5,000 employees
Notably reduced our time to root cause and MTTR
Pros and Cons
- "We can easily track unauthorized users and see where traffic is going."
- "We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful."
What is our primary use case?
The primary use case of for Cisco firewalls is to segment our network. We're using them on the perimeter network for traffic filtering. Since deploying them, we have seen a maturing of the security in our organization.
We're using both the FTD 2100 and 4100. We have about 40 sites that are using our approximately 80 FTDs. We have about 2,000 users.
How has it helped my organization?
It has helped us to solve some problems regarding auditor recommendations. We used to have some audit recommendations that we were not able to comply with. With FTD deployed we have been able to be in compliance around our 36 remote sites.
Before deploying them we had a lot of incidents of internet slowness and issues with site access, as well as computers that had vulnerabilities. But as soon as we deployed them we were able to track these things. It has helped the user-experience regarding connectivity and security.
In addition, it is giving us a better view regarding the traffic profile and traffic path. And we can categorize applications by utilization, by users, etc.
The solution has, overall, made us twice as productive and, in terms of response time for resolving issues or to identify root causes, we are three times more effective and efficient.
What is most valuable?
We can easily track unauthorized users and see where traffic is going. It is very useful.
FTD is also fully integrated with Talos. We are in the process of acquiring it and we will integrate it. That way we will have everything from Talos to do correlations.
What needs improvement?
We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.
We would also like to have a solution on the cloud, where we could manage the configuration. CDO is in the ASA mode. If Cisco could do it in full FTD — the configuration, the administration, and everything — it would be very good, and easy.
What do I think about the stability of the solution?
The solution is stable. Last year, we deployed it in more 32 countries and it has been stable since the deployment. We haven't had any issues with the firewall. If we have any issues, it is usually due to the power. The solution itself is stable.
What do I think about the scalability of the solution?
It's scalable.
How are customer service and technical support?
Tech support is able to resolve 70 percent of the issues. In case of an emergency, we can open a case because we have a contract for Smart Net support on the devices. In case of an issue, we open a case and we get assistance.
Which solution did I use previously and why did I switch?
Before FirePOWER we were using the ASA.
How was the initial setup?
At the beginning, it was complex, but we were able to develop a step-by-step implementation. Now, we can deploy one in about two hours, including integration testing, physical testing, configuration, and applying the rules.
What about the implementation team?
We have in-house engineers for the deployment. We haven't used external, third-parties. We are a big institution, based in 36 countries. The team that is focused on this deployment is a team of five. The person who is handling the implementation will be in contact with a local engineer at the remote site, and will assist him, remotely, to do the testing and follow the steps to deploy.
What's my experience with pricing, setup cost, and licensing?
The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high. A company like ours, that has about 80 firewalls, has to multiple the maintenance cost per device by 80. Cisco should find a way to provide some kind of enterprise support. We don't want to buy support per unit of equipment. It would be easier for everybody.
What other advice do I have?
We are using about ten different security tools, including analytics, monitoring, threat management, and email security. What we have integrated is the ISE and FTD but the third-party solutions are not fully integrated.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
I use pfSense at home and HIGHLY recommend this over anything else. But for a very distributed environment, checkout Aanval and Suricata combo with rules from Emerging Threats. At my old employer, I developed a plan to replace their $250K/year SourceFire deployment with a $80K/year custom solution that scales much better.
But again, each their own. For small/medium business, I would recommend pfSense, but for larger enterprise, I would recommend a custom solution based around Aanval/Suricata/ETPro with Firewall/VPN as separate devices.