We have around 250 users and security is extremely important for us.
IT Infrastructure Manager at Beltone Securities Brokerage S.A.E.
Secure, stable, and their technical support has excellent service
Pros and Cons
- "The features I found most valuable in this solution, are the overall security features."
- "It could also use a reporting dashboard."
What is our primary use case?
What is most valuable?
The features I found most valuable in this solution are the overall security features.
What needs improvement?
The overall application security features can be improved.
It could also use a reporting dashboard.
For how long have I used the solution?
Our company, Beltone Financial, has been using Cisco ASAv for about three years now.
Buyer's Guide
Cisco Secure Firewall
March 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
What do I think about the stability of the solution?
I found that Cisco ASAv is a really stable solution.
What do I think about the scalability of the solution?
I haven't tested scalability yet, but I believe it is a very scalable solution. We currently have 250 employees working on it without any issues.
How are customer service and support?
The few times I've had to call in technical support, the service was excellent. I've had no issues.
Which solution did I use previously and why did I switch?
Our company has used various other solutions in the past. We've decided to also install Cisco ASAv to add extra features to our system.
How was the initial setup?
The initial setup was straightforward and it took me about two days to do the installation. The fine tuning took about a week. I am the IT Infrastructure Manager of our company, but I don't believe that individuals without IT knowledge would struggle to do the installation themselves.
What about the implementation team?
We didn't use any consultant for the deployment - we installed and implemented Cisco ASAv ourselves and we didn't experience any problems.
What's my experience with pricing, setup cost, and licensing?
We pay an annual fee.
Which other solutions did I evaluate?
We have used many other solutions in the past and we constantly look out for other options. So we didn't switch to Cisco ASAv, we simply started using it together with another solution. We now use two products in the same time.
What other advice do I have?
I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Information Technologies Consultant at a tech services company
Everything is based on high securities standards
Pros and Cons
- "It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance)."
- "Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc."
What is our primary use case?
Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.
How has it helped my organization?
It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).
What is most valuable?
- Reliability
- Robustness
- Security features
- High encryption, hashing, and integrity support
- Support
- High performance
What needs improvement?
Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.
For how long have I used the solution?
Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
March 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Senior Network Security Engineer at a university
Spec the right hardware model and choose the right license for your needs.
Pros and Cons
- "The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users."
- "The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment."
How has it helped my organization?
The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users.
What is most valuable?
It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote access VPN are always useful.
What needs improvement?
It's not perfect, and does have room for improvement with certain features.
The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment.
Certain documentation on the newer models of ASA (specifically, ASA 5500-X with FirePower services) is a little out of date and in some cases incorrect, although this may have been corrected since my last deployment.
What do I think about the stability of the solution?
I've never seen a firewall that didn't need an RMA at some point! And that is true of the ASA, however, the failure rate (in my experience) has always been very low with ASA's (and Cisco equipment in general).
What do I think about the scalability of the solution?
Nope.
How are customer service and technical support?
With Cisco TAC, you can always get an answer to technical issues, and with the thriving Cisco support forum, you can always get answers to questions even if you don't have TAC.
Which solution did I use previously and why did I switch?
Not in my current organization.
How was the initial setup?
I would say it's only complex if you're not familiar with either the CLI or ASDM.
So for me, it was easy, for those without Cisco CLI (or ASDM) experience, deployment can be a little daunting.
That being said, there are plenty of configuration documents available on the Cisco website that will "hold your hand" through any deployment.
What's my experience with pricing, setup cost, and licensing?
Hardware and licensing can be expensive, and licensing can be a complicated affair. I would strongly recommend you speak with your distributor to ensure you choose the right license for your needs, and read the hardware comparison guide to make sure you spec the correct hardware for your specific needs.
Which other solutions did I evaluate?
It's great buying the latest and greatest equipment, but no so great if your engineers don't know how to operate it!
From experience, hardware purchasing is normally dependent on the technical expertise of engineers, so if all your engineers are Cisco trained, it makes no sense to buy another vendor firewall.
What other advice do I have?
Spec the right hardware model and choose the right license for your needs.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at a tech services company with 501-1,000 employees
Detection engine and historical file analysis ease threat investigations
Pros and Cons
- "The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot."
- "I would like to see more integration with third-party devices in general. There is great integration with Cisco devices, but there's not much integration with third-party devices."
What is our primary use case?
Cisco next-generation firewalls are mainly used either for data center protection - north-south traffic - or internet traffic.
How has it helped my organization?
The application and user-visibility and control, along with very powerful IPS and malware protection, enables our clients to secure their data centers and internet perimeter in a much better way. It provides them with traffic visibility and reporting as well.
The main advantage is when you put it between users and servers internally or between different VLANs in the network. You have full visibility over the traffic, over all the internal applications. Usually, there's a lot of traffic that is not very clear and no one knows what is on their network. So, once deploy it internally, you have full visibility over the internal traffic, who's accessing what, which protocol. It can directly detect all kinds of malicious traffic, traffic that abuses bandwidth.
It makes different kinds of internal behavior that is useful to a network admin. And for security of course: Any kind of file infection, any kind of internal scanning, internal attacks; it gives you full visibility.
Finally, you have communication of VLANs, internally, in the network, of course. So you have a granular access control based on user and application, instead of IP and port as you would have with a traditional firewall.
What is most valuable?
During the first phase of use, it was an extra module on standard Cisco ASA firewalls. It then became a standalone solution known as FTD, Firepower Threat Defense.
The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot.
I value the integration with other products (Cisco ISE, Cisco Endpoint AMP) which increases the protection intelligence within the enterprise by sharing security info between different products, which function on different layers. It furnishes fully connected security.
It also provides detection of the client operating system, which gives very good reporting and correlation with the signatures. It can relay the signature IP to the client operating system, to give a better correlation decision.
What needs improvement?
Some ASA known features are still missing, but are being added bit by bit in each new version release, such as:
- Remote Access VPN (the last release only supported the 2100 series): The next firewall model version is expected to support Remote Access VPN in the next software release in July 2017.
- Virtualization of the appliance (multiple contexts) is still missing.
- You always need an external management system, the onboard one is not very good. You have to use FMC, FirePOWER Management Center, as external software. There's always an add-on, whereas all the competition has an onboard management interface.
I would like to see more integration with third-party devices in general. There is great integration with Cisco devices, but there's not much integration with third-party devices.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
We did not encounter any issues with stability. Cisco Firepower FW is very stable in all of the deployments we have made.
What do I think about the scalability of the solution?
The scalability is very good. They have a clustering mechanism, so you can start with an appliance and then cluster, adding more bandwidth and nodes into your cluster. If you don't have a big budget you can start with a medium appliance and then cluster appliances. Or if you want to buy it all in one shot, there is a big range.
Although it allows scaling by adding multiple firewalls together (clustering), we have never used that, as all new hardware supports high-performance throughput and connections at a reasonable price.
How are customer service and technical support?
Technical support is perfect. Cisco is always known for its good technical support. We have never had any issues with them.
Which solution did I use previously and why did I switch?
As a Cisco Gold Partner, we always proposed Cisco firewalls for our clients.
How was the initial setup?
The setup was straightforward. A new Cisco FTD can be set up and running in a couple of hours. If you're used to firewalls you can quickly get along with it. There is nothing complicated.
The time deploy is short. But the time to tune and create the policies involves a learning phase. Traffic changes over time, so the tuning for firewall rules has to be as granular as possible takes a bit of time. But to deploy you can go live is fast.
The strategy is to start with high-level security policies and then monitor the traffic and the applications affected. Then on the detection logs, create more granular rules.
What's my experience with pricing, setup cost, and licensing?
It has a great performance-to-price value, compared to competitive solutions. Subscriptions are annual. The licensing fee and standard support are the only costs we pay for.
Which other solutions did I evaluate?
We did not evaluate any alternative solutions.
What other advice do I have?
Make sure you tune your rules very well, as some clients just leave the firewall as it is and don't maintain the access rules or tighten them to be more granular and efficient.
In terms of maintenance, you need one person for security analysis and one to create rules and for daily support.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Cisco Gold Partner.
Security architect at a computer software company with 51-200 employees
Flexible and stable security platform that offers different functionalities including VPN connectivity
Pros and Cons
- "The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."
- "We are replacing ASA with FTD which offers many new features not available using ASA."
What is our primary use case?
We use this solution to provide firewall solutions for clients. We have been transitioning from ASA to FTD, since FTD has come out with new versions or upgrades.
How has it helped my organization?
This solution is very flexible and offers different functionality including firewalls and VPN connectivity. It checks a lot of boxes. It is an easy solution to learn how to use and the positive impact on our organization was apparent as soon as we implemented it.
What is most valuable?
The CLI is the most valuable feature. We are moving towards FTD, which is more GUI based. The value of this solution lies in the fact that it is a standard platform that's been around for years and is always improving. This is important to us due to the necessity of ensuring cyber security.
What needs improvement?
We are replacing ASA with FTD which offers many new features.
For how long have I used the solution?
We have been using this solution since 2009.
What do I think about the stability of the solution?
This is a stable solution.
What do I think about the scalability of the solution?
This is a very scalable solution as long as you get the right hardware.
How are customer service and support?
Over the last two years, getting a response from the support engineers has been challenging. This could be due to the impact of COVID.
Which solution did I use previously and why did I switch?
We sell a lot of different firewall varieties including SonicWall, Cisco ASA, and FTD.
How was the initial setup?
When setting up the solution for our clients, we ensure they have the bandwidth they need and consider what their throughput needs are. The solution does require maintenance in terms of patching. This requires approximately six team members depending on how many moving parts there are for clients.
What was our ROI?
We have seen a return on investment using this solution based on the fact that we are spending less money overall.
What's my experience with pricing, setup cost, and licensing?
The pricing for this solution is pretty fair.
What other advice do I have?
If it is possible, I would advise others to try out a demo with Cisco to test their firewalls. The biggest lesson I learned from using this solution is that there are many ways to achieve the same outcome.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Network analysis at a government with 1,001-5,000 employees
Is fast and makes us very responsive when any of the visualized logs are blocked in real-time
Pros and Cons
- "The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
- "The ability to better integrate with other tools would be an improvement."
What is our primary use case?
We use it for our data center. We have clusters of the solution to protect the equipment in our data center. We also use it for site-to-site VPN hubs.
How has it helped my organization?
Cisco Firepower NGFW Firewall made our firewall response much faster when trying to respond to any services or networks that stand out. It makes us very responsive when any of the visualized logs are blocked in real-time.
What is most valuable?
The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.
What needs improvement?
The ability to better integrate with other tools would be an improvement.
For how long have I used the solution?
I have been using this solution for six years.
What do I think about the stability of the solution?
It is highly stable.
What do I think about the scalability of the solution?
It is highly scalable. It has some limitations, but for medium to large-sized deployments, it is excellent.
How are customer service and support?
Technical support is outstanding. You can get same-day support.
Which solution did I use previously and why did I switch?
We previously used Juniper SRX. We switched because we have a contract with Cisco. This was the cheaper option and was faster.
What was our ROI?
We have very much seen an ROI in terms of the saving on man time and the costs of standing up new equipment. Compared to what we had before, Cisco Firepower NGFW Firewall is faster.
What other advice do I have?
I would rate this solution a nine on a scale from one to ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a computer software company with 51-200 employees
Enables us to create policies based on who is accessing a resource instead of just IP addresses but the UI needs improvement
Pros and Cons
- "Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
- "It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
How has it helped my organization?
I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.
Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.
What is most valuable?
If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.
What needs improvement?
The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable.
The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.
It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.
For how long have I used the solution?
We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.
What do I think about the stability of the solution?
For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.
What do I think about the scalability of the solution?
We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.
Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.
How are customer service and technical support?
The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.
Which solution did I use previously and why did I switch?
I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.
Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.
How was the initial setup?
I recently deployed a similar solution at a customer's premises, and that setup was straightforward.
The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.
It took two to four hours, including some upgrades.
What other advice do I have?
My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.
I would rate it a seven out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Administrator at a university with 1,001-5,000 employees
A firewall solution with a straightforward setup and a useful incidence response feature
Pros and Cons
- "I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
- "Cisco Firepower NGFW Firewall can be more secure."
What is our primary use case?
Cisco Firepower NGFW Firewall has a lot of environment to use for your network to see what kind of critical threats are coming or going. I use it to find out what this threat is and then formulate a strategy for it. I use it a lot on my simple network to see how it works, inspect the network traffic, and so on.
What is most valuable?
Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.
What needs improvement?
Cisco Firepower NGFW Firewall can be more secure. But no product is 100% secure, so it's a case of always wanting more security. The product is also really expensive. It would help if they provided free academic access to the enterprise edition for students for a whole month, two months, three months, or a year.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for about two years.
Which solution did I use previously and why did I switch?
I used Cisco ASA Firewall, but in our specific environment and not for the whole network.
How was the initial setup?
It's easy to install Cisco Firepower NGFW Firewall. You can install it on the platform with all the images in one set form. It took me about 20 to 30 minutes to install.
What about the implementation team?
I implemented Cisco Firepower NGFW Firewall on my own.
What's my experience with pricing, setup cost, and licensing?
For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive. But it should be affordable for enterprises and educational institutions.
What other advice do I have?
I would recommend Cisco Firepower NGFW Firewall to potential customers.
On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?