Cisco Secure Firewall Reviews

Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

Positive

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.

On-premises

My main use cases for Cisco Secure Firewall are to safeguard our network, including the IPS and all the traffic, and to control the traffic.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are very good. I can implement all my certificates, so I can open the traffic and see everything.

Cisco Secure Firewall’s ability to unify policies across our environment is at a high level. This unification of policies into one system is important for my company. We are able to consolidate all the policies instead of spreading them across many security systems.

What I appreciate the most about Cisco Secure Firewall is that it can be very elastic, as it can be configured with all the flexibility of my network needs and complexity. The service I receive from the Cisco engineer helps me implement all my needs. 

Cisco Secure Firewall allows me to safeguard Layer 7 or Layer 3 and manage the security rules with the business needs of my organization. The firewall has benefited my company overall because it safeguards and finds and stops all the malicious traffic.

Cisco Secure Firewall can be improved by simplifying the GUI, as it shouldn't be so complex.

I have been using Cisco Secure Firewall for ten years.

It's very robust. We don't have any downtime or anything. We work with a cluster with high availability, so if something goes wrong, we have it functioning.

Cisco Secure Firewall helps with the growing needs of our company as it's scalable.

Customer service and technical support for Cisco Secure Firewall are very good. I would rate them a nine out of ten.

Positive

It was a little bit difficult.

We needed a good integrator to help us, and we contacted Cisco for some help with technical issues.

We are able to safeguard our assets.

It's acceptable and comparable to other products.

We did consider other solutions before choosing Cisco Secure Firewall. We considered all the big vendors such as Palo Alto, Check Point, Fortinet, and others. Cisco won because it has the best IPS model on it, and that's the reason why we chose this firewall.

I would rate Cisco Secure Firewall an eight out of ten. To make it a ten, the complexity of the configuration compared to other vendors needs to be addressed. Overall, we're very happy with the product.

On-premises

Our primary use case for Cisco Secure Firewall is for enterprise customers. We primarily work on Cisco Meraki switching and wireless. We also engage with Cisco Secure Firewall for threat prevention and information security.

The Cisco Secure Firewall appliances are primarily ASIC-based, which makes them fast and purpose-built. They stand out because they are not Intel-based systems, and in terms of performance and stability, they are among the best. Scalability is another strong point, as I have not encountered any issues in terms of scalability. Everything is in a cluster and can operate in active standby, active-active, or active-passive mode. Additionally, Cisco's support is excellent, which adds further value to their solutions.

The configuration might be slightly difficult compared to other players in the market like Fortinet or WatchGuard. It can be challenging for someone who is not used to using an application to configure the firewall, but with experience, it becomes manageable.

I have been working with Cisco Secure Firewall for four, five, six years or more.

There have been no issues with deployment.

Cisco Secure Firewall offers exceptional performance and stability. They are among the best in terms of stability.

I have not come across any issues with scalability. Everything scales very well.

Customer service and support are excellent. I would rate their support 10 out of 10. I have been working with them on firewalls, wireless, switching, and routing, and the support is the best.

Positive

For someone like me who has been working on firewalls for quite some time, I do not see any problems with the initial setup. However, for someone trying to configure it for the first time with little experience, it may present a challenge.

Return on investment depends on the customer. While some may see it as an expense, others view it as an investment based on their understanding of Cisco.

The pricing is slightly more expensive than other products in the market. It's considered a premium, but people pay that price for Cisco.

I have been working with Palo Alto, Fortinet, SonicWALL, and WatchGuard.

I would definitely recommend Cisco Secure Firewall for its architecture, performance, stability, and exceptional support. When choosing a product, consider features delivery, stability, scalability, and customer support. On a scale of one to ten, I rate their firewalls eight to eight and a half.

On-premises

I am a system engineer, and I've been looking for some details and competitive information regarding the standards of this firewall and similar technologies.

There is a good relationship between real throughput, meaning the root performance, and the data sheet performance. When comparing it to other vendors, the data sheet performance is often more than expected and more than the real performance. It includes features like IPS, malware protection, and other security features.

The management usability and security of Cisco Firewall are based on Firepower Management Center, which is quite out of date compared to other vendors.

I have used this solution for more than ten years.

The SLA is great, and the escalation process is also great. For example, if I have a priority one case, I am able to call the manager to raise the severity, etc. So the SLA is very good.

Neutral

When compared with other competitors like Palo Alto or Fortinet, Cisco stands in a good position regarding the firewall environment. Compared to Fortinet, Cisco is a bit higher. When comparing with Palata and Juniper, Cisco has the same price level.

I am well prepared, and it is quite easy. Cisco has really great documentation, like a deployment guide and a quick start guide, etc.

If engineers are well prepared, it is good to note that Cisco has really great documentation. I have been working with AI features in the Cisco environment with Cisco Firewall, etc. I have been hearing and reading a lot about the integration of AI capabilities into Cisco devices, but I have not worked with that yet.

Overall, I would rate this an eight out of ten.

Regarding the use cases for the Cisco Secure Firewall, the Firepower is used in enterprise corporations, DMZ sites, perimeter security, and IPS applications.

The valuable features of the Cisco Secure Firewall include the unified console and compatibility with other solutions such as Duo Mobile with DAC and EDR. The single solution allows users to see one dashboard, and the compatibility solution provides better dashboard integration.

Areas that could be improved with the Cisco Secure Firewall include the ease of use with the product, and it needs to work better with NAC and integration.

Cisco could improve their firewall by providing better support when issues arise, such as during an attack, to help resolve problems more efficiently.

The stability of the Cisco Secure Firewall is excellent, and I find it very reliable at this moment.

Regarding the scalability of the Cisco Secure Firewall, it depends on the situation because in some cases, equipment changes are necessary when the size is very small.

Equipment changes become necessary when companies upgrade with more devices and people, as the firewall becomes insufficient for different security requirements.

The score for their support is eight.

Positive

I work only with Firepower and Palo Alto security solutions.

The initial setup for the Cisco Secure Firewall is very easy, particularly during the initial start of the equipment.

On a scale of one to ten, I would score the setup as eight.

I have experience with Cisco Secure Firewall, specifically the ASA and Firepower solutions. I work in the education and retail industry, where Palo Alto firewall is commonly used in my country. For B2B business, I use the Firepower solution as a Cisco partner.

We use Network Access Control with NAC, and we use Duo for solutions with easy integration. We also implement attack protection.

I would rate this solution as ten out of ten.

Until a couple of years ago, everything was fine regarding my main use cases for Cisco Secure Firewall. I didn't have any problems with the equipment, quality, or support. However, in the last couple of years, they started making our lives difficult. Trying to renew the partnership with them became challenging as they were requesting numerous things on our side, and since we are a very small business, it wasn't possible to get through that verification.

Until a couple of years ago, everything was fine regarding my main use cases for Cisco Secure Firewall.

They are definitely reliable, and regarding positive features, once you get through with the purchasing of this equipment they offer their special support schemes, SmartNet support schemes, which are quite useful.

They offer their own software, and regarding integration capabilities, it's not wise to have only one vendor. One might get Cisco Secure Firewall for the outside drone and then get some other software from other companies such as ESET or Panda for the PCs and the servers, and that's how it's typically done.

Regarding policies about partnership, they are losing, not us. There are other equipment options out there that don't require such strict requirements.

With the new systems that Cisco Secure Firewall is deploying right now, I don't have experience with downtimes. With older systems, it happened once with a big customer that they went through the repair and they actually hacked the whole thing. It wasn't actually the equipment's fault. It was a customer's fault because we were begging them to implement two-factor authentication mechanisms, and they never did it, and in the end something happened. That's understandable. You can't blame the equipment for that.

The technical support for Cisco Secure Firewall once you have the SmartNet is very good. The people are always willing to help, they can even log on remotely on the devices and check things. They're very good with that.

Positive

It depends on the customer, and regarding the deployment time of Cisco Secure Firewall, it depends on what you want to implement. To set it up just for getting out to the internet may take a couple of hours. However, to prepare a skilled network with site to site VPNs, it's going to take days.

There are other equipment options out there that don't require such strict requirements.

They say that their new software for Cisco Secure Firewall is AI compliant, whatever that means. They have some kind of databases on the cloud, the system communicates with them in order to monitor the traffic getting through and clearing things and stopping attacks or whatever. Everybody does this, but at what level they do it, nobody really knows.

The security policies that an organization has are also upon the IT people and the management to properly identify and implement. If they don't do these things, and they don't update the software of the servers, they leave all the usernames and passwords vulnerabilities there and they don't do something about that, you can't blame the equipment. It's the perimeter kind of firewalling you have with the equipment. But after that you have to do something on your own to help yourself.

On a scale of one to ten, I would give Cisco Secure Firewall an eight.

One of the biggest use cases for Cisco Secure Firewall is Public Bank; they use it in Malaysia, but we implemented it in the Sri Lankan branches.

When a global company is using Cisco Secure Firewall, they would prefer to go with the same product with the same switching and firewall, making it an umbrella solution.

I think the UTM is the best feature of Cisco Secure Firewall.

The UTM features are indeed the best.

The reason why the UTM feature of Cisco Secure Firewall is the best is because the customer is more concerned with security; for a worldwide company, they need the most security, and I think it's very suitable for the most secure companies.

The centralized management console in Cisco Secure Firewall is effective and helpful.

Most of the partners are looking for AI-driven solutions now, so if Cisco improves more on the AI part than other products, it will be very good when they are trying to capture the market.

Cisco Secure Firewall has to enhance its AI part.

Customers using Cisco Secure Firewall are looking for UTM features, and some enhancements have to be done, such as when you block applications, more applications have to be able to be blocked and categorized.

I've been working with Cisco Secure Firewall for around 15 years as a partner.

Cisco Secure Firewall is stable, and there are no issues or challenges that my customers have faced with it.

Customers use Cisco Secure Firewall both on the cloud and on-premises, and it is a scalable solution and easy to scale.

My experience with Cisco support is good. I would rate the technical support of Cisco Secure Firewall eight out of ten.

Positive

The deployment of Cisco Secure Firewall takes one day.

Customers see a return on investment with Cisco Secure Firewall, and it is workable in terms of value for money.

Competitively, Checkpoint is the best, but considering pricing and everything else, Cisco Secure Firewall is also the best product.

Cisco Firewall is better in terms of cost and is cheaper; unlike other products, if the license expires, no features work, but Cisco isn't that way. Most of the time, they have perpetual licenses, so that's the best solution customers are looking for.

The threat intelligence functionalities in Cisco Secure Firewall are also good, but when considering Checkpoint and others, they have some enhanced features; there is some differentiation, but it's also good.

They need a global, one single vendor, which is why they see value for money with Cisco Secure Firewall.

I recommend Cisco Secure Firewall because it's a global vendor.

On a scale of 1-10, I rate Cisco Secure Firewall an 8.

On-premises

Other

Our primary use case is filtering as we have a filtering strategy. We are trying to filter a destination and do not have a centralized filtering strategy. So we have MX and on the other end filtering on the firewalls, but not in the middle. This means that both ends of the connectivity do all the security on the firewalls.

The most valuable MX features are the ease of deployment and a great dashboard. The most valuable Cisco Secure Firewall features are options, features, and ease of deployment because it's an appliance.

Cisco Secure Firewall's integration with cloud providers has room for improvement. We could do more in terms of integration, for example, if we had a tag on an instance. 

I would also like to see tag rules with cloud objects. This would be a great improvement for Cisco Secure Firewall. 

As far as MX is concerned, I would like to see more interconnection. We would also like to be able to do BGP.

Our organization has been using this solution for about 10 years.

We had MX when it was launched initially and it was not as stable as it is now. The stability of the solution has improved. 

I would rate the stability of this solution three years ago a 3 and today's stability an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I think that their tech support is quite good. I would rate them an eight, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

We have used different types of solutions. We had Cisco ASA for about 10 years, and then we switched to an on-site firewall to MX from Meraki, Cisco. For our cloud, we have Cisco Services Routers.

The migration to the cloud has been a lot of work. Not all of our systems were compliant with being on the cloud so we had to work on some applications and delete some of them. For the old systems, we had to do extra work but for the newer systems, it was fine. The migration took around 18 months to migrate 99%.

We had more than 2,000 on-prem firewall sites.

Cisco helped with the migration to the cloud with the migration tool. Migrating MX was really easy and the tools helped us to migrate from the old ASA we had to the new MX. The cloud, firewalling, and CSR helped us from the data center on-premise approach to the cloud because at the time we didn't have a lot of experience with the cloud. It was easy to use the Cisco appliances in that space.

I think that this solution has saved our IT staff time because of the ease of deployment. When I first started as a network engineer, it took a whole day to configure a firewall because of all the particularities you could potentially have at a site.

I think that this solution saved our organization's time because security saves money because. At the end of the day, firewalls block threats.

This solution helped with the consolidation of tools as we had all the observability tools in the solutions. Some 10 years ago we all had third-party solutions doing the observability. Now, we have the whole package and not only the firewall.

We choose Cisco 10 or 20 years ago mostly because it was a market-leading solution. I also think it's because of MX's user-friendly solution that you can get on board easily. As far as CSA goes, I believe it's because you have a lot of features on the firewalls and it's the stability of course.

Public Cloud