Cisco Secure Firewall Reviews

I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.

Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.

If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.

The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable. 

The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.

It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.

We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.

For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.

We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.

Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.

The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.

I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.

Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.

I recently deployed a similar solution at a customer's premises, and that setup was straightforward.

The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.

It took two to four hours, including some upgrades.

My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.

I would rate it a seven out of ten. 

I use Cisco ASA Firewall at my company for network security.

Cisco ASA Firewall could improve by adding more advanced features such as web filtering, which is available in the next-generation firewalls. However, the Cisco ASA Firewall I am using could be old and these features have been updated.

I have been using this solution for approximately two years.

The stability needs improvement.

I have found the Cisco ASA Firewall scalability could improve.

I have not contacted technical support. There is a lot of information on the internet for troubleshooting. All you need to do is use a search engine and you will find the information you are looking for easily.

They can improve by adding a public troubleshooting process.

I have previously used Fortinet firewalls that I have found to be better.

I would not recommend Cisco.

I rate Cisco ASA Firewall a six out of ten.

We use this solution for advanced IPS, IDS, advanced malware protection, and web filtering.

The most valuable features of this solution are advanced malware protection, IPS, and IDS.

web filtering needs to improve because cisco firepower sync with bright cloud website for the website category. sometimes your URL is falling in the wrong category because of the bright cloud. so if you want to change the category you will have to drop the mail to the bright cloud and they will take action and it's a very long procedure. 

more than 2 years

This is a very reliable solution.

I have extended my Cisco solution and did not have any trouble.

We have more than 400 users and we plan to increase usage.

The initial setup is very simple to deploy in the Egyptian network. It takes two to three days to deploy but if you are implementing AMP then it will take an extra one or two days.

I am happy with the product in general, including the pricing.

We evaluated a Sophos firewall but when I checked the reviews, I found that Sophos did not rate as well in terms of IPS, IDS, and malware protection.

Cisco utilizes BrightCloud for URL filtering. Web filtering is the main problem with this product.

My advice to anybody who is considering this product is that if they want good security, compared to other offerings such as those by Check Point and Palo Alto, then they should implement Cisco Firepower.

I would rate this solution an eight out of ten.

I am using the solution as a firewall.

I like the IPS feature, it is the most valuable.

I do not like the assembly of this solution. For example, they should combine FirePOWER into one solution.

I have used Fortinet, Palo Alto, and Check Point previously and I prefer the process of everything working together. We are in the process of moving on to Fortinet from this solution.

I rate Cisco ASA Firewall a six out of ten.

We are using it to manage our environment.

The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices.

It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.

I have been using this solution for five to ten years.

It is rather stable. It can have some peculiarities, but most of the time, it is quite stable.

These are big devices. They have multiple models, but most of the models can be virtualized. You can create many virtual firewalls and add whatever you want.

We faced some issues, but I don't deal with these issues. My colleague interacts with them, and it seems it is not that easy. Cisco is a large company, and sometimes, it is not easy to get quick and very efficient support.

We have a firewall specialist who handles the installation.

It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days. 

It is a good solution for a big traffic load, but its management is not very easy. FortiGate is better in terms of management and user-friendliness.

I would rate Cisco ASA Firewall an eight out of ten.

I use it for VPNs, remote-access VPNs, environment issues, and failover issues. I also use the
content mode, NAT, and PAT in this firewall. We always use ASA for VPN sites and firewall sites. We use the edge for internet access for data center servers or company customers' internet access.

We always use ASA for integration another companies  and branches easily. 

The Inline Mode configuration works really well, and ASA works very impressively.

I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic at all. It's important, and you'll need an additional firewall. 

All next-generation firewalls don't have much control over Layer 7, but there's a little bit of control for inspection. ASA never controlled Layer 7, and it's a bad point.

 I don't like to use ASDM, a graphical interface, and other solutions for ASA. I wouldn't say I like this, and it's not good(ASDM).

I have over seven years of experience with Cisco ASA Firewall.

It's stable. ASA works very well, and it's impressive. I use only ASA and only the Inline Mode. 

It's a scalable, high availability solution. It's an active/standby model for VPN. But if you don't use VPN in these devices, it works as an active/active high availability model.

If you're a Cisco Administrator or Cisco certified, the initial setup isn't a problem. But if you don't know Cisco devices and how they work, it can get a little complicated.

I would advise new users to look at next-generation firewalls like FTD or other models from Cisco. It's better than Cisco ASA. Cisco ASA Firewall isn't a next-generation firewall.

On a scale from one to ten, I would give Cisco ASA Firewall an eight.

We are using the solution for airports.

The Cisco NGFW is an excellent fit for purpose for our network security.

I have been using the solution for five years.

We have not had to deal with stability issues.

The support of the solution is great, their staff is perfect.

My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.

People have said that Palo Alto is a less expensive solution than Cisco, but in my experience, at least from today, Cisco is cheaper than Palo Alto. 

I do not hear anything bad about the competition. I am difficult to change my ways and learn a new product. Unless somebody comes and makes a SWOT analysis and shows me the evidence of how the alternative is better, I am fine with Cisco.

I would recommend this solution to others. 

I rate Cisco Firepower NGFW Firewall an eight out of ten.

We primarily provide implementation and maintenance services to our clients.

The software itself is very simple.

The solution is easy to operate. It's not overly complex.

The command line is the same as it is on the Cisco iOS router.

The technical support is very helpful and responsive.

The solution needs to have better logging features.

Cisco needs to migrate its ASA Firewall to a management console or to a web console.

I've been working with the solution for six years at this point.

The solution is largely stable. Once we adopted Cisco services, we found that everything was pretty reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's quite good.

The scalability is a problem as the solution has a low throughput.

We've been in touch with technical support and I've always found them easy to reach. They're responsive and helpful. I find their service much better than, for example, Fortinet or Palo Alto. Overall, we're satisfied with Cisco with respect to their technical support.

We have some experience working with Palo Alto and Fortinet solutions as well.

While I don't have the exact pricing of the solution, it's my understanding that Cisco is rather costly. It's not the cheapest option on the market. It's expensive. It's more costly, for example than Palo Alto.

We have a gold partnership status with Cisco, however, we are also partners with companies such as Fortinet and Palo Alto.

For a next-generation firewall, I would likely recommend Palo Alto. However, if a company had the budget, I would recommend Fortinet. That said, for a VPN gateway, I would recommend Cisco ASA.

In general, I would rate Cisco's ASA Firewall at seven out of ten.