We use it for VPN access for our two-factor authentication. We were looking to get access through AnyConnect, to gain access to devices behind boundaries and firewalls.
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees
Decreased our downtime and enables us to get users connected faster and more easily
Pros and Cons
- "AnyConnect has been very helpful, along with the ability to use LDAP for authentication."
- "The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other."
What is our primary use case?
How has it helped my organization?
It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need. We have also had less downtime using these firewalls.
What is most valuable?
AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.
What needs improvement?
The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Cisco ASA Firewalls for 20 years.
What do I think about the stability of the solution?
The stability is very good. It has been a very stable environment. Since the new AnyConnect came out, it's been very easy to use and very much self-sufficient.
What do I think about the scalability of the solution?
You can vary scalability from very few users to thousands of users.
How are customer service and support?
Technical support has been very helpful at times, helping us to know what bugs and what things are getting fixed in the next releases.
How would you rate customer service and support?
Positive
How was the initial setup?
As an architecture team, we had a pretty good idea of what we wanted to do and how we wanted to do it, so it was pretty straightforward and easy. We have each one across many different avenues and many different boundaries, so each one took about a day to deploy.
We needed two to three people to deploy them and another one to go over some things to make sure everything was good to go.
There is routine maintenance, keeping it up to date and making sure the licensing versions are all good to go. We have a four-man team for maintenance and they work a regular shift of eight hours.
What about the implementation team?
We used a reseller, FedData. Our experience with them was good.
What was our ROI?
It took us about six months to see benefits from our ASA Firewalls. We've seen return on our investment in terms of the timeframe of downtime, and the ability to get users connected faster and more easily has been a big benefit.
What's my experience with pricing, setup cost, and licensing?
The pricing of the products isn't terrible. They're not too expensive. They're a little more expensive than other products, but you are getting the name, the company, and the support.
It's also nice that you can buy different avenues of licensing, depending on how you want to go about using them.
We buy a support license to get support if we have any issues or problems or need help on how we want to implement things.
Which other solutions did I evaluate?
We evaluated other options, but that was a long time ago. We went with Cisco because it is so robust as well as because they have been able to integrate their solutions into many different architectures. That makes their products easier to use.
What other advice do I have?
Each use case is different and things depend upon your cost analysis and how much you need. We have these firewalls in different avenues over about 30 different sites.
The biggest lesson from using the solution is being agile which has included learning to understand how to use the ASDM and figuring out how to configure everything—the little nuances—and what can and can't be done on the CLI.
These firewalls, along with the upcoming Firepower that they're being replaced by, are going to be very good assets for two-factor authentication and VPN access.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at IKUSI
Good integration with helpful technical support and very good administration capabilities
Pros and Cons
- "The solution offers very easy configurations."
- "The initial setup can be a bit complex for those unfamiliar with the solution."
What is our primary use case?
I often work with financial sector companies such as banks as well as retail organizations.
What is most valuable?
The solution offers very easy configurations.
The administration of the solution is very good.
The product integrates well with other products.
What needs improvement?
The initial setup can be a bit complex for those unfamiliar with the solution.
There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced.
The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.
For how long have I used the solution?
We've used the solution recently. We've used it at least over the last 12 months or so.
What do I think about the stability of the solution?
The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.
What do I think about the scalability of the solution?
This particular product does not have high availability and therefore scalability is limited.
You need a pretty sizable solution for a center.
We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.
How are customer service and technical support?
I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.
Which solution did I use previously and why did I switch?
We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.
How was the initial setup?
I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.
You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.
What's my experience with pricing, setup cost, and licensing?
The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.
What other advice do I have?
I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.
I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
Senior IT Analyst at a insurance company with 51-200 employees
Comparable pricing, stable, with good and responsive technical support
Pros and Cons
- "There are no issues that we are aware of. It does its job silently in the background."
- "The initial setup could be simplified, as it can be complex for new users."
What is our primary use case?
We use this solution for our firewall and intrusion prevention system.
What is most valuable?
The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside.
There are no issues that we are aware of. It does its job silently in the background.
What needs improvement?
The initial setup could be simplified, as it can be complex for new users.
For how long have I used the solution?
We have been working with this solution for a couple of years.
What do I think about the stability of the solution?
It's stable. If there is ever a problem, it never seems to be the firewall.
What do I think about the scalability of the solution?
This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.
How are customer service and technical support?
Technical support is good. They are responsive.
How was the initial setup?
The initial setup was somewhat complex at first.
What about the implementation team?
We had help from an integrator, which was Dell. They were helpful.
What's my experience with pricing, setup cost, and licensing?
The price is comparable.
What other advice do I have?
We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.
We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.
We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.
I would rate the Cisco firepower NGFW Firewall a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT manager at IRPC PCL
Very simple to deploy and stable
Pros and Cons
- "Simple to deploy, stable."
- "Technical support takes a long time to respond."
What is our primary use case?
Our primary use case of Cisco ASA Firewall is to protect our environment. We are customers of Cisco and I'm a network engineer.
What is most valuable?
The solution is simple to deploy and stable.
What needs improvement?
Technical support could be improved, they take a long time to respond.
For how long have I used the solution?
I've been using this solution for 10 years.
What do I think about the stability of the solution?
This is a stable solution.
How was the initial setup?
Initial setup was relatively simple, it took around six months and I deployed myself.
What other advice do I have?
I would rate this solution a nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ICT Systems Engineer at a insurance company with 11-50 employees
Pretty stable, but it needs better reporting tools and improvements to the user interface
Pros and Cons
- "This product is pretty stable."
- "I would like the ability to drill down into certain reports because currently, that cannot be done."
What is our primary use case?
The number one use for this product is security.
What needs improvement?
The management of the application can be improved with enhancements to the user interface.
I would like the ability to drill down into certain reports because currently, that cannot be done. In fact, this is one of the reasons that we want to move away from Cisco. Better reporting tools would be an improvement.
For how long have I used the solution?
We have been using Cisco ASA for approximately seven years.
What do I think about the stability of the solution?
This product is pretty stable.
What do I think about the scalability of the solution?
Our current model is reaching its end of life, so it's not very scalable at the moment. We don't plan to increase usage.
It is currently providing protection for about 30 users.
How are customer service and technical support?
The technical support is with our solution provider. I would say that it's average, rather than very good.
How was the initial setup?
The initial setup is complex. I would say that it took a maximum of a week to deploy.
What about the implementation team?
We had a service provider who took care of the installation for us.
What's my experience with pricing, setup cost, and licensing?
This is an expensive product. We pay about €2,000 ($2,400 USD) per year for licensing.
Technical support is in addition to the standard licensing fees.
What other advice do I have?
At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Support & Presales Engineer at a computer software company with 51-200 employees
Offers an easy way to manage the devices centrally but not all of its features are supported
Pros and Cons
- "I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
- "Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC."
How has it helped my organization?
A lot of companies have a lot of vulnerabilities and lots of exploitations that are going inside their network that the IT staff are not aware of. You actually need a security device like a next-generation firewall to protect your network.
Once we installed the Firepower system, we started looking at the evidence, and we found a lot of exploitations and a lot of bad things that are in the network. These things were invisible to IT, they were unaware of any of them.
What is most valuable?
The Firepower Management Center is an easy way to manage the devices centrally. I guess this is something that all vendors provide so it's nothing special. I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.
Sometimes you might have a high priority event but it has nothing to do with your environment. You have a vulnerability. You don't have to treat a vulnerability as an attack. Since you're not vulnerable, it's not impactful to your environment so you don't have to focus on it. This is something that other products don't provide.
It is very flexible. You can have the next generation firewall work as a physical connection or as a Layer 2 device. You can have a combination of Layer 2 and Layer 3, which is really good.
What needs improvement?
There are quite a few things that can be improved. Firepower is an acquisition from another company, Cisco's trying to put it together. Their previous ASA code with the source file code that they have acquired a few years ago still has some features that are not fully supported.
Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.
Most of the high-end devices do not support Onboard management. The Onboard management is only supported on the 2100 IP at the 1050 Firepower and on select ASA devices that bear the Firepower image.
It would be very nice if the Onboard management integrated with all the devices. Log key loading for the evidence at the logs, because clearly you only have loading on the remote on the FMP, you cannot store the logs located on the device.
For how long have I used the solution?
I have been using this solution for around two years.
What do I think about the scalability of the solution?
We have several thousand employees at the company.
How are customer service and technical support?
Their technical support is good.
How was the initial setup?
The initial setup was straightforward.
What's my experience with pricing, setup cost, and licensing?
The pricing is overrated. Prices for Cisco equipment are always a little bit higher than other vendors. Customers are always complaining about the high prices of Cisco equipment, so it would be very good if these prices can be lowered down, but that's how it is. Cisco equipment usually has higher prices than its competitors.
What other advice do I have?
I would recommend this solution to someone considering it. I would recommend to study and know what the requirements are exactly. One of the things that might be a problem, or might be a complex thing to do is to go through Cisco Firepower, because Firepower is a software that's complex to explain to somebody. There is the previous ASA code that Cisco had and there is the source file that they acquired. Cisco started to send it as ASA Firepower services. Then they combined the two codes together and they started to send a new code called the Firepower Threat Defense, FTD.
Any customer who wants to buy it needs to understand all of these options and what the limitations of each option are, the pros and cons. Any customer who wants to deploy Firepower needs to understand what Cisco has to offer so he can choose correctly.
I would rate it a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Network Security Engineer at qicard
Valuable firewall solution for enterprise organizations who need reliable flexible security
Pros and Cons
- "A powerful enterprise security solution that is dependible."
- "The GUI interface could be improved when compared to other solutions."
What is our primary use case?
Our primary use for the solution is as a firewall. We implemented it as an IT tech solution for our accesses through Sourcefire. It provides security.
How has it helped my organization?
The main product in our company is dependent on Cisco as a security solution. Cisco has a great reputation in the market. We are using Cisco as our main firewall in the company because it provides the best security.
What is most valuable?
The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.
What needs improvement?
I'm not really sure that much has to be improved. Compared to other firewall solutions probably the thing that could be improved is the interface — the GUI. Other than that I don't think there is anything else that could be better. I think it is a great product.
For how long have I used the solution?
I have been using the product for two years.
What do I think about the stability of the solution?
I believe that Cisco is one of the most stable firewall solutions. Compared to other solutions, Cisco has a better stability record than others. That's why we like it a lot.
What do I think about the scalability of the solution?
I don't know that we have plans to scale the business on this site. But Cisco products are expandable. If we want to expand the functionality with new feature sets we can add modules. So in that way, it is a flexible and scalable solution.
We currently have 200 to 500 users who are using this solution at any time.
How are customer service and technical support?
We have used technical support quite a bit and always contact them if we have an issue. They will always respond as soon as possible. So I think the support is great. We don't have any issue with them being unresponsive or providing bad solutions. I like to check with them on solutions sometimes and they respond as soon as possible. It saves time and helps me to be sure I am doing the right thing before I go in the wrong direction.
Which solution did I use previously and why did I switch?
I don't know the exact product they were using before but I think it was just proxy. When I came to the company, the Cisco solution had already been installed, so I don't know the exact product from before.
I think the main reason why they would have switched is the stability and possibilities are better than just proxy. Cisco is very different and more powerful than the other simple products. It's very stable.
How was the initial setup?
I wasn't part of the company at the time of the initial setup, and I am just performing additional tasks. We have a staff of a maximum of three or four persons so once the deployment is live it doesn't need much effort.
I'm not sure if the company has plans to increase usage and grow our responsibilities. It's not not for me to decide. I think the company is growing and traffic is increasing. But my superior is the person responsible for determining when it is time to scale.
What about the implementation team?
We used a consultant for the implementation. They actually continue to help a lot when we need them for something.
Which other solutions did I evaluate?
I don't know if the company evaluated other solutions before choosing Cisco. When I came to the company, it was already there. Cisco is a very popular enterprise solution so they may have just chosen it without other evaluations.
What other advice do I have?
On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface.
As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection).
I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Manager at a financial services firm with 501-1,000 employees
Lots of bug fixes are required and it did not pass our in-house evaluation
Pros and Cons
- "Integration with all the other Cisco tools is valuable."
- "With regards to stability, we had a critical bug come out during our evaluation... not good."
What is our primary use case?
We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.
How has it helped my organization?
Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.
What is most valuable?
Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.
What needs improvement?
The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.
For how long have I used the solution?
Trial/evaluation only.
What do I think about the stability of the solution?
With regards to stability, we had a critical bug come out during our evaluation.
What do I think about the scalability of the solution?
It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.
How are customer service and technical support?
Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.
Which solution did I use previously and why did I switch?
We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.
How was the initial setup?
We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.
What about the implementation team?
Our in-house team tested and evaluated the solution.
What's my experience with pricing, setup cost, and licensing?
Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.
Which other solutions did I evaluate?
Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.
What other advice do I have?
Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?
We chose a different solution after performing in-house testing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Meraki MX
Zscaler Internet Access
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Palo Alto Networks WildFire
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?