Cisco Secure Firewall Reviews

We are currently using version 6.3. Our primary use case of this solution is to put Firepower inside of the data center and at the Edge network.

This solution has improved my organization. I'm a solution provider and so I deploy in many different companies that are my customers right now. Before Firepower, we had some problems with the architecture of the firewall. Firepower can support two types of intelligence identity: it can support the application visibility and control, and it has a great deep inspection in the packet. Before this solution, we had some problems with malware detection. Right now, we can easily detect and filter all the applications. Before this solution, we never had any file trajectory, but right now we do, according to the file trajectory of Firepower that we have after attack solutions. 

We never had any solution or any workaround for after an attack. We never had any clue what the source of an attack was or how the attack could affect the company. Right now, because of the file trajectory and the great monitoring that FMC does, we know what's happened so we can analyze it after an attack.

The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.

I would like to see real-time log systems because it's very helpful when you want to troubleshoot.

Stability really depends on the software that you use. If you use the suggested software that Cisco suggests, you will see a highly robust and highly stable system. A crash or block will never happen to you. It really depends on the version that you are using. Definitely check the release notes before installation.

I've worked with the 2000 series, the 4000, and the 9000. The 9000 series is really impressive because it's absolutely scalable for large deployments.

I haven't had to contact their technical support. 

We previously used ASA, which is a regular firewall. We switched to Firepower because it has a lot of features. It is one of the best firewalls in the world so we shifted to Firepower.

The time it takes to implement depends on the policy of the customer. Practically speaking, it takes around three to four hours to deploy, but it can depend because the Firepower solutions have two parts. One part is the hardware, it is an actual firewall and actual device but the monitoring system and the control system is a software called FMC. Most of the customers deploy it over VMware. The time of deployment really depends on your resources, but on average will take three to four hours.

At least two to three people with professional knowledge, around three years of experience, are needed for the deployment and maintenance, not only for Firepower but in every security solution. The device is doing something, but the most important part is analyzing it. The device can give you logs, but the engineer should analyze the log and do something.

Deployment without inspection can require only one person but if you want to analyze the IPS, at least two people will be needed.

Based on the services that you will get, especially the AMP license, the price is very reasonable. The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet.

I would advise someone considering this solution to just read the release notes before doing anything. You should know what the exact architecture is and what the exact details of the software are before trying to deploy it.

I would rate this solution a ten. 

Firewall and VPN.

I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.

Pro user-based firewall rules.

The solution that we have right now doesn't do what I want it to do. We don't have a ratified solution for all the things that I wanted to right across our business. We're doing similar functions using different technology and I want ratification. I want to be able to do more than what we are currently able to do with the existing service, all under the umbrella of improving security.

The product crashes. We have a cluster of firewalls and we regularly get failovers.

I have used technical support once, and they were superb.

When selecting a vendor, the most important criteria include:

• Security - the ability of the technology from a security perspective.
• The ability of the company to support the technology - knowledge of the product by the company. It may sound really silly to say that, but you'd be surprised how poor some companies' technical support is.
• The financial stability of the company.

I was involved in the initial setup. It was complex. 

Do your research, know what you want to achieve.

Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.

I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).

This product has made visible some areas that were previously hidden.

There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those issues are based on our environment.

I have used the product for 1.5 years with nearly a year for this version.

We did not have any problem with the previous (v7) version but when we upgraded to (v8) the new version, we were well aware that there would be some bugs and issues that would require resolution.

We have had no scalability issues.

Tech Support is awesome. I never get someone who has no clue what they are doing. These guys are well trained and know their stuff.

We did not use a previous solution. FireMon was implemented as part of a security mandate and we chose this product over its competitors.

Setup was pretty simple, because we implemented the single server model.

We purchased licenses for our High Availability (HA) devices as well but they were not really needed.

I was not the researcher and decision maker. I inherited the tool.

To make sure they have the cooperation of the networking team that supports the firewalls. It has been difficult for us to get the tool working to its full potential because our network team is resistant to some of the things we want to monitor.

We use this solution to provide firewall solutions for clients. We have been transitioning from ASA to FTD, since FTD has come out with new versions or upgrades.

This solution is very flexible and offers different functionality including firewalls and VPN connectivity. It checks a lot of boxes. It is an easy solution to learn how to use and the positive impact on our organization was apparent as soon as we implemented it. 

The CLI is the most valuable feature. We are moving towards FTD, which is more GUI based. The value of this solution lies in the fact that it is a standard platform that's been around for years and is always improving. This is important to us due to the necessity of ensuring cyber security. 

We are replacing ASA with FTD which offers many new features. 

We have been using this solution since 2009. 

This is a stable solution. 

This is a very scalable solution as long as you get the right hardware. 

Over the last two years, getting a response from the support engineers has been challenging. This could be due to the impact of COVID. 

We sell a lot of different firewall varieties including SonicWall, Cisco ASA, and FTD. 

When setting up the solution for our clients, we ensure they have the bandwidth they need and consider what their throughput needs are. The solution does require maintenance in terms of patching. This requires approximately six team members depending on how many moving parts there are for clients. 

We have seen a return on investment using this solution based on the fact that we are spending less money overall. 

The pricing for this solution is pretty fair. 

If it is possible, I would advise others to try out a demo with Cisco to test their firewalls. The biggest lesson I learned from using this solution is that there are many ways to achieve the same outcome. 

I would rate this solution a nine out of ten. 

I am using Cisco ASA 5525 for netting, routing, and site-to-site VPN. We have two sites. I am using Cisco ASA Firewall on one site and Check Point Next-Generation Firewall on another site.

We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

We have been using this solution for one and a half years.

It is stable and reliable. If you are looking for security from Layer 1 to Layer 4, Cisco ASA is good, but if you are looking for Layer 7 security, deep security, and malware detection, this is not the right product. You have to use some other product.

We have more than 400 employees. We are currently not thinking of increasing its usage because we need more security, and Cisco ASA is not good for Layer 5 to Layer 7 security.

The biggest advantage of a Cisco product is technical support. They provide 24/7 support on 365 days. Their technical support is one of the best. I would rate them a ten out of ten.

Cisco ASA is very not complex. It is a very simple firewall. If you are configuring it through CLI, it is easy. If you configuring it through ASDM, it will be more difficult for a beginner engineer.

It takes around two to three days to cover all the parameters. It is very easy to deploy in an existing network, which is one of the main advantages of Cisco ASA.

We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS.

I considered pfSense, but when I checked the reviews, pfSense's reviews were really bad, so we purchased Cisco ASA.

I am very happy with this product in terms of netting, routing, and VPN functionalities. If you are a small organization with around 100 people and you are not thinking of Layer 7 security, deep security, and malware detection, Cisco ASA would be very useful and cost-effective for you.

I would rate Cisco ASA Firewall an eight out of ten.

I use Firepower for all kind of customers; healthcare, government, banks etc. All all of them have different use cases and requirements. In most cases, I would mostly end up with enterprises or government organizations. If you are already have all Cisco gears, I would suggest to consider it as it will allow you to have a more integrated approach toward other network components.                                                                                      

I will definitely recommend it to any customer. But, it all depends on the requirements and money you have. But the Intrusion Prevention and anti-malware is really good with this solution. Overall, it is a really good product.

I remember a customer who was using another firewall product and they had serious issues in intrusion and malware detection and prevention. Plus, the reporting was not that detailed. I did a demo with these people with FTDv and FMCv and they were amazed with the solution.

The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF.  This allows all devices on the network to communicate. I find it to be a more proactive approach as all devices collaborate with ISE in real time. I did a demo for a customer and there were no second thoughts in the usability of the solution. You should give it a try to find out more about how this works.

The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution. They should include a cloud-based sandbox as part of the security subscription service. In my experience, apart from the expensive price, SMB customers are lured away by other vendor solutions because of these reasons.                      

I work for a systems integrator, who is also a partner for Cisco and other security vendors. I have a reasonable hands-on with different firewall products. I have been doing it since v6.1 release. Firepower is a bit difficult and takes time to learn.

I did use and deploy different firewall solutions for various customers. But every customer has his own pain points. For example, for one of the customers, he was purely looking for URL filtering. We went with Sangfor IAM in that case. They have a very strong focus on application and URL filtering and user behavior management. Plus, reporting was very extensive. 

In my country, deployment may be charged from USD 1K to USD 10K depending on setup cost. There are different types of licenses:

• Threat
  
• URL
• Anti-malware

I would suggest going with an all-in-one bundle. You will end up saving money. Also, Cisco has a better discount on a 3YR subscription plan. Discuss this with your Cisco AM.

Yes, this included firewalls from Huawei, Fortinet, Sangfor, and Sophos. Most of the customers end up with:

• Fortinet,
  
• Sophos
• Sangfor

My primary use case is to have as VPN hardware. I have 2,000 providers. I am a reseller and as such, I am connected to telcos. I use ASA because our providers use Cisco in their core network as well. 

We had a situation where our network was down and the telecom providers at Cisco support helped us to resolve those issues. The downtime was brought down to a minimum.

The most valuable feature is that the encryption is solid. 

I have been using Cisco ASA for thirteen years. 

What I use now is sufficient based on the traffic that we are generating. We won't have to expand.  

We have two providers for ASA. There is only one administrator. We have about 1.2 million connections going through one ASA per month.

Their technical support is very good. 

I didn't previously use a different solution. We used Cisco and then we upgraded to ASA. 

The initial setup was straightforward. To set up the VPN we are able to set up the feature key networks that are going to talk to each other. We can set up what access is going to be used. The connection was set up in one or two days. 

We set it up twice. The first time it took four hours and the second time took ten hours spread out over two days. 

I have seen ROI. We use ASA because our provider uses it and they have support. The provider initiates the support with Cisco. The support is good. The license for the support is expensive. 

It is expensive. 

I would recommend this solution. If you have the money, it's a very stable product. Make sure to keep critical spare parts. You might have for instance some modules that will need acceleration cards and those types of things.

I would rate it a nine out of ten. 

The feature I find most valuable is the Cisco VPN Interconnection.

The file features are useful as well. They're good at packet tracing. They are very straightforward. I would say that the Cisco ASA ASDM makes it very easy to manage the firewall.

I would say the pricing could be improved. It's quite expensive, especially for the economy.

I'd like to see them more integration so that I don't need other parties for protecting my network. If I could just have ASA firewalls for perimeter protection and LAN protection, then I'm good. I don't need so many devices.

I would like to see improvements for client protection.

My impression is it's a stable solution. I could sound biased, but if you have a device working for four years and it's still working and people are using it, then it's stable.

Scalability depends on which device you have.

It's quite scalable if you have either the ASA, even if you had the new ASA firewall services, even if you had the one with the capacity of about 500 MDP. It isn't scalable for three hundred people connecting to it. I would say it is good for medium branch offices.

I'm not sure if we have plans to extend the service.

Technical support is good. The only thing is that Cisco cannot support you unless you have a contract with them. You have to go through the reseller in Africa. I don't see why Cisco cannot communicate directly with the customer, especially when I can prove that I have the device. They should allow customers to talk to them directly instead of having to go through the reseller.

I previously used SonicWall. I'm not the one who decided to switch, I just know that previously we used SonicWall.

The initial setup was straightforward. Within in an hour you're done, including with your basic training. For implementation, you need one to two people. You should have one senior network administrator. Two people can maintain it if they have the skill.

I did the implementation by myself. If you decide to do it by yourself, you need basic knowledge. If you don't have that you would need a contractor.

This solution might be expensive, but it is economical in the long run.

The functionality is fine.

When they prove to me they cannot be hacked then I can give them a ten.

I would rate this solution as eight out of ten.