Cisco Secure Firewall Reviews

We use it for our data center. We have clusters of the solution to protect the equipment in our data center. We also use it for site-to-site VPN hubs.

Cisco Firepower NGFW Firewall made our firewall response much faster when trying to respond to any services or networks that stand out. It makes us very responsive when any of the visualized logs are blocked in real-time.

The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.

The ability to better integrate with other tools would be an improvement.

I have been using this solution for six years.

It is highly stable.

It is highly scalable. It has some limitations, but for medium to large-sized deployments, it is excellent.

Technical support is outstanding. You can get same-day support.

We previously used Juniper SRX. We switched because we have a contract with Cisco. This was the cheaper option and was faster.

We have very much seen an ROI in terms of the saving on man time and the costs of standing up new equipment. Compared to what we had before, Cisco Firepower NGFW Firewall is faster.

I would rate this solution a nine on a scale from one to ten.

I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.

Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.

If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.

The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable. 

The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.

It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.

We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.

For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.

We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.

Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.

The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.

I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.

Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.

I recently deployed a similar solution at a customer's premises, and that setup was straightforward.

The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.

It took two to four hours, including some upgrades.

My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.

I would rate it a seven out of ten. 

Cisco Firepower NGFW Firewall has a lot of environment to use for your network to see what kind of critical threats are coming or going. I use it to find out what this threat is and then formulate a strategy for it. I use it a lot on my simple network to see how it works, inspect the network traffic, and so on. 

Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.

Cisco Firepower NGFW Firewall can be more secure. But no product is 100% secure, so it's a case of always wanting more security. The product is also really expensive. It would help if they provided free academic access to the enterprise edition for students for a whole month, two months, three months, or a year.

I have been using Cisco Firepower NGFW Firewall for about two years.

I used Cisco ASA Firewall, but in our specific environment and not for the whole network.

It's easy to install Cisco Firepower NGFW Firewall. You can install it on the platform with all the images in one set form. It took me about 20 to 30 minutes to install. 

I implemented Cisco Firepower NGFW Firewall on my own.

For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive. But it should be affordable for enterprises and educational institutions.

I would recommend Cisco Firepower NGFW Firewall to potential customers.

On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.

We are a Cisco implementor in Venezuela.

Our primary use is to deal with incoming access. We open ports for web servers or special applications that our clients have inside their network. We also use it to provide site-to-site VPN access.

The most valuable feature is the ability to block almost all of the ports.

All of the commands work the same way, whether in the graphical interface or when using the command line.

Cisco products have a lot of features.

The graphical interface should be improved to make the configuration easier, to do things with a single click.

There should be better integration with open-source products because some of our clients use them. It would be helpful if they integrated well.

I have been using the Cisco ASA Firewall for almost 10 years.

This is a very stable product.

The scalability is good and it can be used for organizations of all sizes.

Technical support is good and we haven't had any problems with documentation that is provided.

I also have experience with pfSense.

The initial setup is easy.

We have evaluated various open-source solutions for our clients.

The main difference with Cisco is that it is a big company, and their products are very easy to use. They have the best routers, switches, and firewalls.

Cisco ASA is a product that I can recommend for its stability.

I would rate this solution a nine out of ten.

We use Cisco ASAv as a firewall.

The best features are stability and scalability.

There are other solutions that are better such as Palo Alto.

The management test needs improvement. The ACM requires Java and you need to know which version of Java is compatible with your Cisco version. It needs a client.

The pricing could be reduced.

I would like to see the issue with the client resolved. You shouldn't have to use the ASDM to help manage the client. Also, it should be subscription-based similar to Palo Alto.

I have been working with Cisco ASAv for approximately eight years.

The stability is good, we have not had any issues.

Cisco ASAv is scalable.

We are satisfied with technical support. They are good.

We are also using Palo Alto. It's very easy to manage, especially the UI system. You can do anything you want.

Cisco is considered to be an expensive solution.

When comparing to other vendors, it's quite expensive.

I would rate Cisco ASAv a six out of ten.

Our primary use case is whatever is best for our customer. I'm the service provider. The customer's main purpose is to use the malware services protection and the firewall itself, as well as the application awareness feature.

My client company is Cisco Oriented. They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. That is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.

Firepower is an okay product. However, it is better as a firewall than the IPS or other services it provides.

I was trying to learn how this product actually operates and one thing that I see from internal processing is that it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. They put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. Something similar can be done in Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. An internal function that is something that they can improve upon.

They can also improve on cost because Cisco is normally expensive and that's the reason customers do not buy them.

Also, if they could provide integration with Cisco Umbrella, that would actually improve the store next level. Integration is one thing that I would definitely want.

From a technical perspective, maybe they could simplify the CLI. That is one thing that I would like to be implemented because Cisco ASA or Cisco, in general, is usually good at simple CLIs. That is one thing that I saw lacking in FTD. Maybe because they got it from another vendor. They're trying to integrate the product.

Two years

From a stability diagnosis, once I did the deployment it did not give me any issue for at least six to eight months. Once it went to a stable support, I did not see major problems. I don't think there were issues with stability.

However, the core upgrades frequently come in, so you need to be carefully devising that support management. From a stability perspective, if you are happy with your current stuff and you do not require past updates it would be very stable. If you're using an IPS, the only challenge would be past management. With Cisco having cloud integration and just firing one command and getting things done, it is still okay. It is a good stable product.

We have only one or two firewalls as a site data center firewall.

From what I have studied, they are scalable. You can have eight firewalls integrated with the FTP devices. I don't think scalability would be an issue but I do not have a first-hand answer on that.

There are approximately 2,500 customer base users using Cisco Firepower. It's a data center firewall, so all the sites integrate for one data center.

You do not need extra staff to maintain Firepower. One field technician engineer, FTE would be sufficient and should not be a problem. I don't think extra staff would be needed. For support, for instance, you need one person.

They have very good documentation, so there's a small chance you will actually need technical support. I would give kudos to the Cisco documentation. That would be the answer.

I have not tried the support because most of it has been solved with the documentation. Nevertheless, Cisco support has typically been a pleasant experience. I don't think that would be a problem with this.

We did previously use a different solution. They had two different solutions. One was Cisco ASA itself and before that, they used Check Point.

We are a Cisco company and that's the reason they are moving from one Cisco product to another Cisco product, which was better than the previous one. So, that was a major reason for the switch. I would say the other vendors are improving. This company was just Cisco oriented so they wanted something Cisco.

The initial setup is a bit difficult. Other vendors are doing the app integration solution. The initial setup was medium in complexity.

You need to install the Firepower CLI. You need to log into that and then you'll need to sit down to connect to the ASA and configure the ASA level services. You also need a Firepower management station for it to work appropriately. The setup is serious and a bit complex.

In my scenario, because I had to learn the entire technology over there and then apply it, it took me around two weeks time to do it. Then the integration, improvisation, and stuff that normally happens took some extra time. You can safely say around two to four weeks period is what it normally takes for deployment. This is based on how the company evaluates the product. It depends on how much you know at that point.

Usually, for the deployment, the company works with Cisco, so they only use Cisco products. I am a DIY person, I did the deployment myself.

We normally license on a yearly basis.

The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. 

All the shipping charges will be paid by you also.

I don't think there are any other hidden charges though.

We gave them Palo Alto as an alternative option. I think they were more into Cisco. They did not evaluate the Palo Alto though, they just opted for Cisco.

If you're really looking into Cisco Firepower, they have a good product, but I would say study hard and look around. If you want an easier product, you can always use Palo Alto. If you are a Cisco guy and you want to be with Cisco, you'll need to get an integration service engineer from the Cisco side. That will actually help you out a lot. Alternatively, maybe you can go for Palo Alto. That would be the best thing to do.

If you are not worried about the technical integration part and learning how it works and how well it can go with the environment, I would recommend you go ahead and take an integration engineer with you. Doing a POC could be troublesome for you. We have professional services. You can leverage that.

If you do not want to invest much money on all that stuff you can go ahead and hire someone who's already aware. Or if not, you can use any other vendor like Palo Alto.

Our primary use for the solution is for checking on and verifying the security of our customer data.

Our organization has been improved by the solution because we can be assured that the firewall is secure. It gives us more flexibility to monitor other things. Because we have safe firewalls, we don't have to worry about that and can direct resources elsewhere. If our internet goes down in one location we can bring it back up pretty easily.

The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage.

Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security.

One way the product could be improved is if you could monitor more than one rule at a time. We only have the option to have one monitor window up at a time if you're trying to troubleshoot something you end up switching back-and-forth and don't get the bigger picture all at once.

It's reliable and it does its job. It gives you the freedom to do other things while you get indications of any issues. The multi-monitor would be a huge improvement.

I'd definitely recommend the product. Even when you set it up for the first night, it definitely will tell you the status of the network. The important part in the setup is following the instructions to get it going.

The solution itself is good as far as stability.

The technical support is good and the response time quick. We had some firewalls down and gave them a call. They helped resolve the issue and it was all positive.

Previous to this we had just a normal firewall that I didn't like. It didn't provide enough.

The setup was straightforward, even without initially having all the information we needed. It was very intuitive. When I went in to get help, help was there.

We got the product from a reseller and we did the installation ourselves.

We certainly have seen a return on investment at the very least from being able to reallocate human resources.

Before selecting this as a solution we really didn't evaluate other options at all.

As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.

We are using the Cisco ASA NGFW as a next-generation firewall. We are using the 5516-X version. Our primary use case of this is as an X firewall for external connections.

Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.

The most valuable features are the firewall capabilities, filtering, and intrusion prevention. 

I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features.

Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer.

Stability is excellent.

It can easily scale. If you want, you can scale it to a lot of traffic. It's an X file, so all of our users are going through it.

We only require one administrator for the solution. For deployment and maintenance, it depends on how many developers you have. We require two dedicated staff at a minimum. 

Naturally, we employ both security technicians and administrators. Cisco ASA NGFW is being used at all our branches, and we'll continue using it in the future.

The technical support from Cisco is excellent.

We have only been using Cisco solutions.

The initial setup of the Cisco ASA NGFW is not easy, but at the same time also it is not complex. It's somewhere in the middle. It took about 4 weeks, then it was activated.

We used a reseller consultant for the deployment.

Our licensing costs for this solution is on a yearly basis. Just for the firewall, it's about $1.5 million USD.

We evaluated Palo Alto Networks, Fortinet FortiGate, and Checkpoint products.

For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them.

I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight.