Cisco Secure Firewall Reviews

We use it for VPN access for our two-factor authentication. We were looking to get access through AnyConnect, to gain access to devices behind boundaries and firewalls.

It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need. We have also had less downtime using these firewalls.

AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.

The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other.

I have been using Cisco ASA Firewalls for 20 years.

The stability is very good. It has been a very stable environment. Since the new AnyConnect came out, it's been very easy to use and very much self-sufficient.

You can vary scalability from very few users to thousands of users.

Technical support has been very helpful at times, helping us to know what bugs and what things are getting fixed in the next releases.

Positive

As an architecture team, we had a pretty good idea of what we wanted to do and how we wanted to do it, so it was pretty straightforward and easy. We have each one across many different avenues and many different boundaries, so each one took about a day to deploy.

We needed two to three people to deploy them and another one to go over some things to make sure everything was good to go.

There is routine maintenance, keeping it up to date and making sure the licensing versions are all good to go. We have a four-man team for maintenance and they work a regular shift of eight hours.

We used a reseller, FedData. Our experience with them was good.

It took us about six months to see benefits from our ASA Firewalls. We've seen return on our investment in terms of the timeframe of downtime, and the ability to get users connected faster and more easily has been a big benefit.

The pricing of the products isn't terrible. They're not too expensive. They're a little more expensive than other products, but you are getting the name, the company, and the support.

It's also nice that you can buy different avenues of licensing, depending on how you want to go about using them.

We buy a support license to get support if we have any issues or problems or need help on how we want to implement things.

We evaluated other options, but that was a long time ago. We went with Cisco because it is so robust as well as because they have been able to integrate their solutions into many different architectures. That makes their products easier to use.

Each use case is different and things depend upon your cost analysis and how much you need. We have these firewalls in different avenues over about 30 different sites.

The biggest lesson from using the solution is being agile which has included learning to understand how to use the ASDM and figuring out how to configure everything—the little nuances—and what can and can't be done on the CLI.

These firewalls, along with the upcoming Firepower that they're being replaced by, are going to be very good assets for two-factor authentication and VPN access.

I often work with financial sector companies such as banks as well as retail organizations.

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

The initial setup can be a bit complex for those unfamiliar with the solution.

There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced. 

The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.

We've used the solution recently. We've used it at least over the last 12 months or so.

The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.

This particular product does not have high availability and therefore scalability is limited.

You need a pretty sizable solution for a center.

We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.

I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.

We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.

I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.

You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.

The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.

I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.  

I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.

We use this solution for our firewall and intrusion prevention system.

The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside. 

There are no issues that we are aware of. It does its job silently in the background.

The initial setup could be simplified, as it can be complex for new users.

We have been working with this solution for a couple of years.

It's stable. If there is ever a problem, it never seems to be the firewall.

This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.

Technical support is good. They are responsive.

The initial setup was somewhat complex at first.

We had help from an integrator, which was Dell. They were helpful.

The price is comparable.

We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.

We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.

We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.

I would rate the Cisco firepower NGFW Firewall a nine out of ten.

Our primary use case of Cisco ASA Firewall is to protect our environment. We are customers of Cisco and I'm a network engineer. 

The solution is simple to deploy and stable. 

Technical support could be improved, they take a long time to respond. 

I've been using this solution for 10 years. 

This is a stable solution. 

Initial setup was relatively simple, it took around six months and I deployed myself. 

I would rate this solution a nine out of 10. 

The number one use for this product is security.

The management of the application can be improved with enhancements to the user interface.

I would like the ability to drill down into certain reports because currently, that cannot be done. In fact, this is one of the reasons that we want to move away from Cisco. Better reporting tools would be an improvement.

We have been using Cisco ASA for approximately seven years.

This product is pretty stable.

Our current model is reaching its end of life, so it's not very scalable at the moment. We don't plan to increase usage.

It is currently providing protection for about 30 users.

The technical support is with our solution provider. I would say that it's average, rather than very good.

The initial setup is complex. I would say that it took a maximum of a week to deploy.

We had a service provider who took care of the installation for us.

This is an expensive product. We pay about €2,000 ($2,400 USD) per year for licensing. 

Technical support is in addition to the standard licensing fees.

At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better.

I would rate this solution a seven out of ten.

A lot of companies have a lot of vulnerabilities and lots of exploitations that are going inside their network that the IT staff are not aware of. You actually need a security device like a next-generation firewall to protect your network.

Once we installed the Firepower system, we started looking at the evidence, and we found a lot of exploitations and a lot of bad things that are in the network. These things were invisible to IT, they were unaware of any of them.

The Firepower Management Center is an easy way to manage the devices centrally. I guess this is something that all vendors provide so it's nothing special. I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.

Sometimes you might have a high priority event but it has nothing to do with your environment. You have a vulnerability. You don't have to treat a vulnerability as an attack. Since you're not vulnerable, it's not impactful to your environment so you don't have to focus on it. This is something that other products don't provide. 

It is very flexible. You can have the next generation firewall work as a physical connection or as a Layer 2 device. You can have a combination of Layer 2 and Layer 3, which is really good. 

There are quite a few things that can be improved. Firepower is an acquisition from another company, Cisco's trying to put it together. Their previous ASA code with the source file code that they have acquired a few years ago still has some features that are not fully supported.

Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.

Most of the high-end devices do not support Onboard management. The Onboard management is only supported on the 2100 IP at the 1050 Firepower and on select ASA devices that bear the Firepower image.

It would be very nice if the Onboard management integrated with all the devices. Log key loading for the evidence at the logs, because clearly you only have loading on the remote on the FMP, you cannot store the logs located on the device.

We have several thousand employees at the company.

Their technical support is good. 

The initial setup was straightforward. 

The pricing is overrated. Prices for Cisco equipment are always a little bit higher than other vendors. Customers are always complaining about the high prices of Cisco equipment, so it would be very good if these prices can be lowered down, but that's how it is. Cisco equipment usually has higher prices than its competitors.

I would recommend this solution to someone considering it. I would recommend to study and know what the requirements are exactly. One of the things that might be a problem, or might be a complex thing to do is to go through Cisco Firepower, because Firepower is a software that's complex to explain to somebody. There is the previous ASA code that Cisco had and there is the source file that they acquired. Cisco started to send it as ASA Firepower services. Then they combined the two codes together and they started to send a new code called the Firepower Threat Defense, FTD.

Any customer who wants to buy it needs to understand all of these options and what the limitations of each option are, the pros and cons. Any customer who wants to deploy Firepower needs to understand what Cisco has to offer so he can choose correctly.

I would rate it a seven out of ten. 

Our primary use for the solution is as a firewall. We implemented it as an IT tech solution for our accesses through Sourcefire. It provides security.

The main product in our company is dependent on Cisco as a security solution. Cisco has a great reputation in the market. We are using Cisco as our main firewall in the company because it provides the best security.

The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.

I'm not really sure that much has to be improved. Compared to other firewall solutions probably the thing that could be improved is the interface — the GUI. Other than that I don't think there is anything else that could be better. I think it is a great product.

I believe that Cisco is one of the most stable firewall solutions. Compared to other solutions, Cisco has a better stability record than others. That's why we like it a lot.

I don't know that we have plans to scale the business on this site. But Cisco products are expandable. If we want to expand the functionality with new feature sets we can add modules. So in that way, it is a flexible and scalable solution. 

We currently have 200 to 500 users who are using this solution at any time.

We have used technical support quite a bit and always contact them if we have an issue. They will always respond as soon as possible. So I think the support is great. We don't have any issue with them being unresponsive or providing bad solutions. I like to check with them on solutions sometimes and they respond as soon as possible. It saves time and helps me to be sure I am doing the right thing before I go in the wrong direction.

I don't know the exact product they were using before but I think it was just proxy. When I came to the company, the Cisco solution had already been installed, so I don't know the exact product from before.

I think the main reason why they would have switched is the stability and possibilities are better than just proxy. Cisco is very different and more powerful than the other simple products. It's very stable.

I wasn't part of the company at the time of the initial setup, and I am just performing additional tasks. We have a staff of a maximum of three or four persons so once the deployment is live it doesn't need much effort.

I'm not sure if the company has plans to increase usage and grow our responsibilities. It's not not for me to decide. I think the company is growing and traffic is increasing. But my superior is the person responsible for determining when it is time to scale.

We used a consultant for the implementation. They actually continue to help a lot when we need them for something.

I don't know if the company evaluated other solutions before choosing Cisco. When I came to the company, it was already there. Cisco is a very popular enterprise solution so they may have just chosen it without other evaluations.

On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface.

As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). 

I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.

We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.

Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.

Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.

The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.

With regards to stability, we had a critical bug come out during our evaluation.

It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.

Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.

We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.

We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.

Our in-house team tested and evaluated the solution.

Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.

Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.

Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?

We chose a different solution after performing in-house testing.