Our main use case for Cisco Secure Firewall is helping clients who want to upgrade from an old firewall and move to a next-generation firewall. We also get a lot of clients who have a next-generation firewall provider, but the firewall is not up to the task. It doesn't have all the feature sets that they need, and Cisco Secure Firewall ticks those boxes.
Principal Security Consultant at Vohkus
Video Review
Has reporting and analytics capabilities at the granular level and is easily scalable
Pros and Cons
- "Cisco Secure Firewall has improved our customers' security posture because it offers Next-Gen features, granularity, and reporting on the back of it. You can see the amount of users accessing Office 365, for example, and whether they're having a good or bad experience. You can see the threats that are coming into your network. You can see anyone who is compromised from within your network."
- "I would like to see more configurable feature parity with Cisco ASA, which is the legacy product that Cisco is moving away from. When configuring remote access VPN, not all of the options are there. You have to download another tool, which means that the configuration takes a little bit longer with Cisco Secure Firewall. Though it's getting there, there are still some features lagging behind."
What is our primary use case?
How has it helped my organization?
Cisco Secure Firewall has improved our customers' security posture because it offers Next-Gen features, granularity, and reporting on the back of it. You can see the amount of users accessing Office 365, for example, and whether they're having a good or bad experience. You can see the threats that come into your network. You can see anyone who is compromised from within your network.
If customers already have Cisco solutions such as Cisco ISE, Duo, Umbrella, and Endpoint, Cisco Secure Firewall will integrate well with all of them. Our clients will be able to get more data and automate tasks. They can have Secure Firewall automatically shut things down if a threat is detected.
What is most valuable?
Without a doubt, the best features are the reporting and analytics. Some vendors provide the same feature set, but their product won't give you the power to figure out what's going on in your network. Whereas with Cisco Secure Firewall, especially with the management platform on top, you can have all of the analytics and see exactly what is going on. You can see not only the source and destination but also the application, the URL, the type of policy it's hitting, the specific rule it's hitting, and the amount of data transferred from it. Apart from that, you get all of the risk reports. You can see how much bad stuff is coming into the network at present and whether there's anything you need to act on immediately. That data is at your fingertips, and it's by far the best feature and the best selling point of Cisco Secure Firewall.
Cisco Secure Firewall has reduced our clients' mean time to repair because they are able to find possible issues quickly. The power of the reporting, the dashboards, and all of the analytics in the background also helps to alert and quickly act on the threat.
My impression of Cisco Talos is that it's well-regarded in the industry. Cisco is so well regarded that we know their security intelligence is up-to-date. Our clients have peace of mind because they have Cisco Talos in the background and know that Cisco Secure Firewall is up-to-date with the latest threats. They can be sure that they're acting on the best available data.
What needs improvement?
I would like to see more configurable feature parity with Cisco ASA, which is the legacy product that Cisco is moving away from. When configuring remote access VPN, not all of the options are there. You have to download another tool, which means that the configuration takes a little bit longer with Cisco Secure Firewall. Though it's getting there, there are still some features lagging behind.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
For how long have I used the solution?
We've been offering Cisco Secure Firewall since its first iteration 10 years ago.
We are resellers, and the value we add to our customers as resellers is our knowledge. We have 10 years' worth of experience deploying Cisco Secure Firewall. We can deploy it the correct way. We also know whether you would need the management platform, the level of licensing you may require, and the number of VPN licenses you may need. We add value by knowing how the solution should be deployed and installed in a network.
What do I think about the stability of the solution?
Secure Firewall's stability is good. I think the management platform needs a little bit of work. It's not as robust from a stability point of view. Deployment times of configuration have got better over the years, but there's still some work needed so that it deploys every time when you click that button.
What do I think about the scalability of the solution?
The scalability of Cisco Secure Firewall is really good. That's down to the management platform and the way it structures your access policies, what allows traffic in and what allows traffic out. You can easily add multiple regions, locations, and types of firewalls to the management platform. As soon as you do, they get all of those policies. Previously, you'd have had to configure each one time and time again. With this version, you import it, and it's ready to go. Thus, for scalability it's easy.
How are customer service and support?
Cisco's technical support across all their products is always good and reliable. If someone says they're going to get back to you in four hours, they do. They're always there with the right level of support. If we need a Secure Firewall engineer, that's whom we'll get. We won't get someone who's never seen the product before. As far as vendors go, Cisco's technical support is probably the gold standard. I would rate them at ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
Secure Firewall is more complex to deploy than previous Cisco Firewall products. However, it's not so complex that it's not achievable. There are some products out there that require a lot of reading to be able to deploy them. Cisco Secure Firewall has not reached that level yet, but it is a complex product.
Our clients' Secure Firewall deployment models are edge firewalls, internal firewalls, and, most often, perimeter firewalls. Sometimes, our clients ask us to help them with deployment because we have the experience.
We've used the Cisco Firewall migration tool quite a few times to migrate to Cisco Secure Firewall. It has come on a long way, and it's a lot better than it used to be. When it initially came in, there wasn't as much trust that the tool would give you everything you needed, but where it is now is great. If you've got a firewall that you want to migrate, you'll feel confident using the Cisco Firewall migration tool.
What was our ROI?
We spend a lot of time developing our consultants and our sales staff to know the product and learn how to sell the product. As a result, our ROI is that we get more clients deploying Cisco Secure Firewall.
What's my experience with pricing, setup cost, and licensing?
The licensing is not as complicated as that for some other Cisco products. There are a couple of tiers of licensing, but the price point is a little too high for the market. There are other vendors that come in lower and offer more for fewer licensing options. They may offer URL filtering or malware filtering with a single license rather than requiring two or three licenses. I think Cisco could do a bit more in this area.
Which other solutions did I evaluate?
I deal with a lot of other vendors who also offer the same features, but Cisco Secure Firewall stands out on the analytics. It is the best for analytics and getting the reporting data.
What other advice do I have?
If you're a client evaluating Cisco Secure Firewall, my advice would be to put real-world data through it to get useful data out of it. You can't see the benefits of the solution if you just turn it on and look at the device as it is. It's when you see the traffic going through it that you'll see the power of the analytics and reporting and the event data that comes through. A technical team member will understand how much easier it's going to be to troubleshoot with this platform compared to that with any other platform they've had before. With regard to reporting, a report on how many malware attacks have occurred in a particular month takes one click to generate. That data can be stored for a long time.
Overall, I would rate Cisco Secure Firewall an eight out of ten because of the feature parity. It's not quite there in terms of being able to do everything on the GUI platform. The price point is still a bit too high as well.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
System Engineer at Telekom Deutschland GmbH
Scales well, has good documentation, and helps with secure access
Pros and Cons
- "Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us."
- "In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless."
What is our primary use case?
The main use cases are firewalling, routing, site-to-site VPN, and remote access. We have some older 5585-X ASAs in place. We do have Firepower 2000 Series and 4000 Series.
For most setups, we do have high availability in place. We've at least two devices in active-active or active-standby. If it's a highly secure setup, we sometimes have two firewalls.
How has it helped my organization?
Cisco has a huge variety of products and features. It's a benefit to have the knowledge of all those things and also put it in the firewalling products. The knowledge that comes from other products or solutions that Cisco is selling is finding a place in security as well, and that's one of the key benefits.
There are time savings when you have a good solution in place for stopping or preventing security risks. In general, it isn't saving me time on a daily basis, but there is peace of mind knowing that you are being protected.
What is most valuable?
Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.
What needs improvement?
One con of Cisco Secure Firewalls is that Java is used a lot for the older generation of these firewalls. Java is used for the ASA and the ASDM tool for administration. It's an outdated way of administering, and it's also a security risk to use this kind of solution. This is a pro of Firepower or the newer generation of firewalls because they are using HTML for administration.
In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless. It should be bundled together in one solution.
For how long have I used the solution?
I have been using this solution for six to seven years.
What do I think about the stability of the solution?
They have been very stable. I did not have any cases where a network was down due to firewalling. Fortunately, I did not have any hacker attacks, but that's being lucky. It's not something I would point out to firewalling or configuration. It's just that sometimes you're lucky and sometimes you're not.
What do I think about the scalability of the solution?
It's very scalable. Cisco is for mid to large businesses. For small businesses, there are solutions that are cheaper, but that's not the main focus.
A large environment comprises several thousand users. We have small to large size environments, but we mostly have mid to large.
How are customer service and support?
Cisco's tech support is good in general. It varies and depends on with whom you're speaking and how the knowledge on the other side is. That's basically the same for our company. I'd rate them an eight out of ten. A ten would be perfect, and no one is perfect. You can reach maybe a nine, but no one can reach a ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
For more security, we sometimes have two firewalls. We have other vendors in place, such as FortiGate or Palo Alto. We have Cisco at the front or at the end, and another vendor on the other side so that there is more security, and if there is a security breach in one solution, we still have the other one. These firewalls differ mostly in administration and how you configure things but not so much in terms of features. They may differ in small things, but in the end, they are all doing the same things.
How was the initial setup?
I deploy and manage them afterward. I'm not only in the designing and implementing; I'm also in the operational business. Its deployment is not more complicated than other solutions. It's fine. When it comes to documentation, in general, Cisco is very good.
What about the implementation team?
We mostly try to do it ourselves. Our approach is to have knowledge or any certification of the topic we are trying to take.
What was our ROI?
I'm not a salesperson. I'm more from the technical perspective, and I don't know if there are any savings at the end, but I believe that all that was bought in the past was used the way we wanted it to use. So, the money was well spent.
What's my experience with pricing, setup cost, and licensing?
Licensing is not only for Secure Firewalls, and it's too complicated.
What other advice do I have?
To someone evaluating or considering Cisco Secure Firewall, I'd advise having a good greenfield approach regarding what component to use. If there is no greenfield, you should evaluate what solutions you need and what type of use case you have and then decide based on that.
I'd rate Cisco Secure Firewall an eight out of ten. Cisco is a big player in networking and security, and that's basically the pro on their side.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Director of Information Technology at a government with 501-1,000 employees
Provides us with application visibility and control
Pros and Cons
- "When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
- "The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
What is our primary use case?
We are a large company in the country in which we operate. We are a government agency dealing with taxes and we provide services for all taxpayers within the country. We have services for internal users, as well as services for public users. The main reason we use these firewalls is to protect our environment and to provide our services efficiently so that we are up and running 24/7.
Our solution is deployed in a private cloud. Everything is hosted in our environment and provided as cloud services. We are in the process of moving our infrastructure from the previous environment to the new environment where Cisco firewalls are installed.
In terms of our security maturity as an organization, we are young. In fact, we are young as a country. We have been providing electronic services for more than 10 years for our clients. We have a huge number of clients, with over 120,000 users who subscribe to our system and who access our services on a daily basis or, at a minimum, three to four times per year.
We use a few tools for security in terms of management, both internal and external, but we are mainly relying on Cisco. Our network is based on Cisco, and we also protect our mail system with Cisco. Previously, and in parallel, we used Sophos next-generation firewalls.
What is most valuable?
The solution provides us with application visibility and control and, at this stage, we are happy with it. Similarly, we are very happy with Cisco Firepower Management Center. We're still at an early stage, but we haven't seen any problems with the Cisco products. We are still switching on features and looking at how they are working.
When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.
We also believe that Cisco is updated about all security issues and threats and efficient enough to provide us with the features and protection we need.
For how long have I used the solution?
We just installed them recently. We started installation at the end of 2020 and we completed it this month, April 2021.
What do I think about the stability of the solution?
It's still early, but we believe the stability is alright.
What do I think about the scalability of the solution?
The scalability of the solution is better than the other firewalls we have, due to technical features. Our technicians have realized that this is much more scalable compared to other solutions.
How are customer service and technical support?
So far, the technical support has been excellent.
How was the initial setup?
The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.
We did a proper implementation plan according to the complexity of our network and our requirements. Then we used the best method for implementing it while mitigating our risks and meeting our requirements. We found a good way to implement it.
The setup took us two calendar months, but in terms of the actual time required to configure it, it was not so long. The setup took approximately as long as for other firewalls we have used.
What was our ROI?
It's hard to talk about ROI when it comes to security, but security now is expensive. You have to pay for it.
What's my experience with pricing, setup cost, and licensing?
For us, the pricing was more economical than other products we used. There were no extra costs.
Which other solutions did I evaluate?
We evaluated a lot of the providers: Juniper, Palo Alto, Check Point, and Fortinet. Our technical team really researched things for a considerable amount of time, and they came up with a decision that this would be the best.
Cisco was chosen because there were many features according to assessments made by other users and as noted in technical data sheets we looked at during the research. They came up with a few features which are better than what other products have.
Also, especially when you have been a long-time user of Cisco products and services, we found that from a budget perspective it was going to be much more preferable than the others.
What other advice do I have?
We are very satisfied with the service and the product. I don't think that any product would be better than Cisco when it comes to next-generation firewalls.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Network Expert at NXP Semiconductors Netherlands B.V. Internet EMEA
Quality product with a well-suited to top-down architectural level
Pros and Cons
- "The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI."
- "I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box."
What is our primary use case?
As a manufacturing company, we have to use many different concepts of firewalls. That's one reason we had to use a trusted firewall for security and trust reasons.
How has it helped my organization?
We use a top-down architectural level mostly. For this reason, Cisco Secure Firewall is the top product for us.
I would say that this solution has saved our organization's time because we are certified engineers and experts. It helps us to connect quite well with our customers on a professional level.
What is most valuable?
The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.
What needs improvement?
I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box.
For how long have I used the solution?
I have been using this solution for around seven or eight years.
Which solution did I use previously and why did I switch?
I've used different concepts of solutions before Cisco. Cisco is much better than Juniper, Brocade, or Foundry, as it is much easier to use and get directions from. It is also easier to integrate Cisco if you compare it with other customer concepts, such as Juniper, Brocade, or Aruba.
How was the initial setup?
I am not involved in all Cisco firewall deployments. We also have an architectural team. We deploy based on a top-down level architecture and implementation structure.
What's my experience with pricing, setup cost, and licensing?
When it comes to pricing, quality is important to us. When looking at products, we prefer quality over speed. Cisco is on that quality side mostly.
What other advice do I have?
We are currently using the Cisco Firepower firewall, which is dependent on the situations in the data center and regional data center concepts.
The way that this solution helps secure our infrastructure end-to-end is by enabling us to easily integrate all end-to-ends for monitoring.
Whether this solution saves us time depends on the situation. We use highly secure networks on the national security level and that's why it helps to use different products as Cisco is one of the best.
Overall, I would rate this solution a nine, on a scale from one to ten, with one being the worst and ten being the best.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Engineer at Pinellas County Government
Platform provides solid stability as well as easy logging and management
Pros and Cons
- "The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall."
- "The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them."
What is our primary use case?
A lot of them are used for campuses. Basically, it is HA pairs so it is just used to firewall off different networks from the internal network, i.e., security.
We also use them for DMZs, where there are untrusted networks coming into trusted networks, managing traffic between the two zones.
Currently, we have almost 100 firewalls spread out all across our county. Our ASAs could be anywhere in any building, wherever there is a purpose. So, if we need to firewall off a network that we don't want touching our internal network, where we want it controlled, then it would be there. All our campuses have some form of that.
How has it helped my organization?
It is easier to protect our internal network and identify unknown networks. We can put descriptions on what they are, thus we are able to see different traffic coming from different networks. So, there is better visibility.
What is most valuable?
The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall.
What needs improvement?
The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them.
I would like ASAs to be easier to centrally manage. Currently, in our central management, we have almost 100 firewalls in our environment, and it is almost impossible to manage them all. ASAs are now about 20% of them. We have been slowly migrating them out, but we still have some. Normally, what we would do with ASAs is physically go into those devices and do what we need from there, whether it is find rules, troubleshoot, or upgrade.
For how long have I used the solution?
We have had ASAs in our environment for 10 years.
What do I think about the stability of the solution?
The ASAs are solid. They have been around a long time, so there is a lot of documentation out there. They are easy to manage and make it easy to look at logs.
They have been in the environment for 10 years. They are still running and doing their job.
The only time that we really touch them is if we need to do a rule or code upgrade. We check vulnerabilities a lot to make sure that nothing major has come out. If something has, then we go ahead and patch the firewalls. This is done by network groups, e.g., network engineers or analysts. We usually look at security. We are alerted to any new security advisories that come out from Cisco. For anything that is critical or high, we definitely will address it if we need to. Sometimes, we go three months or months without an upgrade. Other times, we could upgrade in a month. It just depends on what comes out.
What do I think about the scalability of the solution?
We use them for smaller campuses. Though, if we need to upgrade a model, then we go ahead and do that. For example, with our bigger campuses, we need to have a bigger model. They have specs out there that you can kind of line up with what you need.
How are customer service and support?
Cisco tech support is spotty. Sometimes, we get good support. Other times, it is not so good. It is very up and down.
It seems like they have been short staffed recently. We have been waiting a long time for some of our tickets now, though they aren't critical tickets. However, that is one of the big issues which Cisco has going on right now - their staff shortage. We can open a ticket and keep following up, following up, and following up, but it might take weeks to resolve an issue. These aren't critical issues. For critical issues, we escalate and they are able to help us right away.
They handle it appropriately. Though, it depends on the time and on what they need. Sometimes, in one session, issues are resolved. Other times, you need to do multiple sessions for them to resolve it. However, for anything critical, those are resolved pretty fast.
I would rate the technical support as seven out of 10.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before I started, they also had Juniper SRXs. The big issue with them was the logging. It wasn't as good. We switched to ASAs for better stability, better management, and easier logging.
How was the initial setup?
The initial setup was pretty straightforward. It was very simple to deploy and replace. We did a lot of replacing, which was just copying the rules over from the old one, then deploying it in kind of the same manner.
What's my experience with pricing, setup cost, and licensing?
The pricing was pretty comparable to other solutions when we purchased it.
Which other solutions did I evaluate?
We looked at what we had and saw that Cisco was much better.
What other advice do I have?
I would rate them as nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager ICT & Innovations at Bangalore International Airport Limited
A highly stable solution that provides advanced malware protection and good DDoS communication
Pros and Cons
- "Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good."
- "The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us."
What is our primary use case?
We had implemented our Cisco API and Cisco Stealthwatch. We use the Cisco Secure Firewall for easy integration that can collaborate with all these Cisco solutions. My operations will also have less maintenance and the same existing team.
What is most valuable?
Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.
What needs improvement?
The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us.
The solution's graphical user interface could be made more user-friendly, and the configuration can be simple.
For how long have I used the solution?
I have been using Cisco Secure Firewall for five years.
What do I think about the stability of the solution?
Cisco Secure Firewall is a stable solution.
I rate Cisco Secure Firewall ten out of ten for stability.
What do I think about the scalability of the solution?
Cisco Secure Firewall is a scalable solution. Around 400 users are using the solution in our organization.
I rate Cisco Secure Firewall a nine out of ten for scalability.
How are customer service and support?
The solution’s technical support is good.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup is complex and requires Cisco-certified people.
What about the implementation team?
Two engineers were involved in the solution's deployment, which took one week.
What was our ROI?
We have seen a return on investment with Cisco Secure Firewall because it provides advanced malware protection and seamless integration with my existing solutions.
What's my experience with pricing, setup cost, and licensing?
Cisco Secure Firewall is a moderately priced solution. We have to pay a yearly licensing fee for the solution.
What other advice do I have?
The solution’s maintenance is very easy, and one person can do it.
Overall, I rate Cisco Secure Firewall an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at Intelcom
Video Review
Highly stable, easy to deploy, and provides a good ROI
Pros and Cons
- "The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks."
- "When we talk about data centers, we are talking about 100 gig capacity or 400 gig capacity. When it comes to active-active solution clustering and resilience and performance, Cisco should look into these a little bit more."
What is our primary use case?
We are Cisco partners. We have been selling Cisco products for more than 25 years, and we are a major player in various African markets, such as Morocco and French-speaking countries in Africa.
We have been offering a wide range of Cisco-branded security products. The most important ones were the ASA firewalls, and now, we have the next-generation ones, XDR, and all the applications or all hybrid security solutions offered by Cisco, including Umbrella, on-premise Identity Service Engine, and all the other third-party solutions.
Our main objective is to show customers the added value of Cisco products and how they can tackle all the security issues and all the threats or the cyber security issues rising on a daily basis nowadays. Cisco Talos, for instance, is something that we propose, and we also propose all the restrictions to be up-to-date. Cisco's ecosystem is very wide in security, so we have very good use cases.
In the beginning, customers used to implement ASA firewalls mainly as the network firewall in data centers, branch offices, all locations, and also in the DMZ. Nowadays, the perspective has changed, and also with the design requirement, the nature of the cloud hybrid solutions leads us to use more sophisticated tools based in the cloud, but we still cover all the security aspects from the branch office to the data centers.
How has it helped my organization?
Cisco adds value by providing various solutions such as Umbrella and Duo. It's a combination. An existing firewall system only protects or controls flow on a daily basis in a normal production environment, but when it comes to security threats, we need to add more components. This is why Cisco is offering a wide range of products. Cisco is completely handling all the aspects from end to end with micro-segmentation, for instance. Identity Service Engine can handle the end-users' protection, and in the end, for the data center, we have different tools, and this is how we can cover end-to-end solutions.
What is most valuable?
The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks. We also have Umbrella with Secure DNS because all the threats nowadays are coming from email servers. We also have the DSA solution to limit the threats coming from ransomware. Combining all of these with Talos provides the best security solution.
What needs improvement?
It's a question of performance. When we talk about data centers, we are talking about 100 gig capacity or 400 gig capacity. When it comes to active-active solution clustering and resilience and performance, Cisco should look into these a little bit more.
For how long have I used the solution?
We have been offering Cisco Security firewalls from the beginning of ASA, which was more than 20 years ago. We then started offering all types of firewalls, including the ones for data centers and then the next-generation firewalls.
What do I think about the stability of the solution?
The stability of the Cisco firewalls is the best in my opinion. We used to have ASA firewalls running for more than five years. Even when we did software upgrades, we had a very stable platform providing high performance without any outage, so customers can rely on Cisco firewall solutions.
What do I think about the scalability of the solution?
For daily operations and projects, scalability is very important. Cisco provides a way of mixing and clustering firewalls to enhance scalability. We have many ways to scale, and as our clients grow, we can have the Cisco firewall solution grow as well.
Which solution did I use previously and why did I switch?
We work with different vendors based on customer needs. We have a specification that we need to have a combination of different vendors, which is the best practice in the data center architecture and design. We cannot have one vendor at all levels, and we should have a combination.
As a vendor, Cisco has a complete range of products to handle all the security aspects. When I look at the architecture design, the implementation of Cisco firewalls is the best. We have data centers based on Nexus for instance. We have routing components. All the compliance and architectural design requirements are met, and we can meet the customer needs according to the Cisco design guide and validation guide. When we look at the security aspect and the guidelines in terms of next-generation firewalls, in terms of redundancy on both sites or multi-sites, we have better performance with Cisco than other vendors in some cases.
How was the initial setup?
Our customers use Cisco firewalls mainly in data centers, branch offices, and campus environments. They don't only use basic firewalls. They also use next-generation firewalls, which have email control, web filtering, and IPS. So, we have Cisco firewalling at all levels for providing the strongest protection policy.
The deployment of Cisco firewalls is very easy so far. We have the security expertise and all the knowledge that we need to deploy them and secure our customers' facilities. Networking and architecture are not really complicated, but you need a well-defined plan before doing implementation and going live.
What was our ROI?
Based on my 25 years of experience, 100% of our ROI expectations are met with Cisco products. The equipment is strong enough, stable, and well-developed. We have had the equipment running for more than five years without any outages, which leads to lesser costs of operations. There is also a reduction in cost in terms of upgrades or replacements, and this is why the ROI expectations have been met.
What's my experience with pricing, setup cost, and licensing?
With the bundling mode with Duo licensing, it's now better. It's better to have one simplified global licensing mode, and this is what Cisco has done with bundling. The next-generation firewalls include a set of features such as filtering, emails, and IPS. This combination offers the best way for customers to manage their operating expenses.
What other advice do I have?
One way to evaluate Cisco products is by looking at the experience. Gartner provides a good overview of Cisco products based on customer feedback, but the best way is by trying the product. Try-and-buy is a good model. Nowadays, all customers, enterprise service providers, and ISPs, are aware of Cisco solutions. They don't just purchase based on the technical specifications.
As a Cisco partner for over 25 years, we provide value by bringing our experience. We have worked so far with a different range of products, from the oldest Cisco firewall to the newest one, and we continue to promote them through design recommendation, capacity specification, deployment, engineering, high-level design, low-level design, migration, go-live, and maintenance and support. We cover the whole lifecycle of a product.
Our partnership with Cisco is a win-win partnership. Cisco provides us with the latest experiences and latest solutions, and on the other hand, we are doing business with our customers by using Cisco products, so it's a win-win relationship with Cisco, which leads to enhancing, promoting, and excelling in Cisco products. I would tell Cisco product managers to go fast with security platforms. Other vendors are going fast as well, and we need product managers to tackle the performance and capacity issues. It's not really an issue in itself, but it's something that can enhance and bring Cisco to the first place in security solutions.
I'd rate it an eight out of ten. The reason why I didn't give it a ten is that they have to make it better in terms of the capacity and performance for the 10 gig interface, 40 gig interface, and 100 gig interface, and in terms of how many ports and interfaces we have on appliances.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
IT Architect at Skellefteå Kommun
Improves efficiency and security, integrates well, and has reasonable pricing
Pros and Cons
- "Its efficiency and security are the most important. We are more efficient and more secure."
- "There should be more integration with Microsoft Identity."
What is our primary use case?
We are one of our Swedish municipalities. We use this solution to support our environment and keep it safe and secure.
At the moment, Cisco SecureX is just for the monitoring part. We are migrating servers from an old infrastructure to a new one. It monitors how they're behaving on the network.
We have 500 sites using it. It's a mix of remote sites and connected sites. We have a lot of devices. We are a Swedish municipality, so we do everything from healthcare to taking care of the roads. We have a wide spectrum of users, so we have to supply everyone with what they need. So, we have a lot of devices in our network.
How has it helped my organization?
Cisco SecureX is doing a good job for us in terms of securing our infrastructure from end to end so that we can detect and remediate threats. It's detecting what we want it to detect, and it's protecting us from what we want to be protected against. So, it does its job. That's our need at the moment.
It has saved us time. Attackers are constantly trying to get hold of our environment. We've had around 20 to 30 breach attempts to get ahold of our environment. It protects us from that. It also protects us when an attempt is underway. We can see them starting to get into our network, so we can prevent it in time. The time saved varies. It can be days of work.
What is most valuable?
Its efficiency and security are the most important. We are more efficient and more secure.
We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.
What needs improvement?
There should be more integration with Microsoft Identity.
How are customer service and support?
We get customer support through ITEA for a bunch of solutions. We get the help we need. I'd rate them a nine out of ten. You can always do better.
Which solution did I use previously and why did I switch?
We haven't used any other solution for a long time. We have been a Cisco customer for a long period.
How was the initial setup?
I was involved in its design. Some parts of the initial setup were quite easy and some parts were quite complex. We were quite early adopters of some parts of the Cisco brand, so we had some challenges, but overall, it was quite straightforward.
What about the implementation team?
For some parts, we took the help of a third party called ITEA. Our experience with them was good.
What was our ROI?
We haven't calculated the overall ROI. There are different areas we use it for. For some management areas, we can calculate ROI, but in some areas, we can't.
What's my experience with pricing, setup cost, and licensing?
You get what you pay for. It's always priced based on what you get and what it can handle. It's acceptable.
What other advice do I have?
To those evaluating this solution, I'd advise finding out what you want to use it for. Our usage is quite basic. Overall, I am quite satisfied with what we are using it for.
Overall, I'd rate it a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?