We use this solution for advanced IPS, IDS, advanced malware protection, and web filtering.
Network security engineer at a tech services company with 1,001-5,000 employees
Good IPS/IDS functionality, straightforward to set up, and simple to deploy
Pros and Cons
- "The most valuable features of this solution are advanced malware protection, IPS, and IDS."
- "Web filtering needs improvement because sometimes the URL is miscategorized."
What is our primary use case?
What is most valuable?
The most valuable features of this solution are advanced malware protection, IPS, and IDS.
What needs improvement?
web filtering needs to improve because cisco firepower sync with bright cloud website for the website category. sometimes your URL is falling in the wrong category because of the bright cloud. so if you want to change the category you will have to drop the mail to the bright cloud and they will take action and it's a very long procedure.
For how long have I used the solution?
more than 2 years
Buyer's Guide
Cisco Secure Firewall
March 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
What do I think about the stability of the solution?
This is a very reliable solution.
What do I think about the scalability of the solution?
I have extended my Cisco solution and did not have any trouble.
We have more than 400 users and we plan to increase usage.
How was the initial setup?
The initial setup is very simple to deploy in the Egyptian network. It takes two to three days to deploy but if you are implementing AMP then it will take an extra one or two days.
What's my experience with pricing, setup cost, and licensing?
I am happy with the product in general, including the pricing.
Which other solutions did I evaluate?
We evaluated a Sophos firewall but when I checked the reviews, I found that Sophos did not rate as well in terms of IPS, IDS, and malware protection.
What other advice do I have?
Cisco utilizes BrightCloud for URL filtering. Web filtering is the main problem with this product.
My advice to anybody who is considering this product is that if they want good security, compared to other offerings such as those by Check Point and Palo Alto, then they should implement Cisco Firepower.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

System Administrator at a non-profit with 1-10 employees
User-friendly UI, blocking by category, has plenty of features
Pros and Cons
- "You do not have to do everything through a command line which makes it a lot easier to apply rules."
- "The solution could offer better control that would allow the ability to restrictions certain features from a website."
What is our primary use case?
We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.
What is most valuable?
Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.
You do not have to do everything through a command line which makes it a lot easier to apply rules.
You are able to see the traffic of what sites users are visiting.
There are warnings if you are about to go to sites that could be malicious.
It also allows you to block within categories, such as, by URL.
The solution always had these capabilities, but it did not have a user interface that was user-friendly.
What needs improvement?
The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.
For how long have I used the solution?
We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.
What do I think about the stability of the solution?
The stability is good so far. My opinion could change in another couple of months once we get more deeply involved with the solution.
What do I think about the scalability of the solution?
We currently are protection approximately 220 users.
How are customer service and technical support?
We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them.
Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.
I rate the tech support service generally from Cisco a seven out of ten.
How was the initial setup?
The installation is not hard and not easy either, it falls in between.
What about the implementation team?
The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.
What other advice do I have?
Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.
I rate Cisco Firepower NGFW Firewall a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
March 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Jr. Engineer at a computer software company with 5,001-10,000 employees
User-friendly, easy to install with updates available online, and good support
Pros and Cons
- "The interface is user-friendly."
- "The cost is very high. Most organizations cannot afford it."
What is our primary use case?
In our organization, we are using it as an internal firewall.
What is most valuable?
It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.
All of the licensing features can be upgrades.
The interface is user-friendly.
What needs improvement?
The cost is very high. Most organizations cannot afford it.
For how long have I used the solution?
We have been using the latest version of this solution for the last five years.
What do I think about the stability of the solution?
It's a stable product.
What do I think about the scalability of the solution?
It's a scalable solution. We have more than 2000 users in our organization.
How are customer service and technical support?
Technical support is fine, we have no issues.
How was the initial setup?
The initial setup was very easy. Cisco documentation is online, so it was no problem at all.
It took approximately 30 minutes to install.
What's my experience with pricing, setup cost, and licensing?
If we compare it with FortiGate and the co-existing ASA, FortiGate is better in terms of price.
What other advice do I have?
This is a product that I can recommend to others.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ICT Systems Engineer at a insurance company with 11-50 employees
Pretty stable, but it needs better reporting tools and improvements to the user interface
Pros and Cons
- "This product is pretty stable."
- "I would like the ability to drill down into certain reports because currently, that cannot be done."
What is our primary use case?
The number one use for this product is security.
What needs improvement?
The management of the application can be improved with enhancements to the user interface.
I would like the ability to drill down into certain reports because currently, that cannot be done. In fact, this is one of the reasons that we want to move away from Cisco. Better reporting tools would be an improvement.
For how long have I used the solution?
We have been using Cisco ASA for approximately seven years.
What do I think about the stability of the solution?
This product is pretty stable.
What do I think about the scalability of the solution?
Our current model is reaching its end of life, so it's not very scalable at the moment. We don't plan to increase usage.
It is currently providing protection for about 30 users.
How are customer service and technical support?
The technical support is with our solution provider. I would say that it's average, rather than very good.
How was the initial setup?
The initial setup is complex. I would say that it took a maximum of a week to deploy.
What about the implementation team?
We had a service provider who took care of the installation for us.
What's my experience with pricing, setup cost, and licensing?
This is an expensive product. We pay about €2,000 ($2,400 USD) per year for licensing.
Technical support is in addition to the standard licensing fees.
What other advice do I have?
At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ingénieur technico-commercial at ICBM
Good for building a solid security solution for a company
Pros and Cons
- "The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is."
- "The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."
What is most valuable?
We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.
What needs improvement?
I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.
Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.
To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.
For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.
For how long have I used the solution?
I've been using the solution with my newest employer for over three years.
What do I think about the stability of the solution?
For me it is stable. It is amongst the best products in that way.
What do I think about the scalability of the solution?
It is a scalable solution. It may cost money and resources to scale.
How are customer service and technical support?
I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.
Which solution did I use previously and why did I switch?
Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.
How was the initial setup?
The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.
Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.
What about the implementation team?
I did the implementation by myself.
What other advice do I have?
If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident.
I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Data Center Architect at Fronius International
Has the full package that we're looking for but the features aren't stable enough for us to use
Pros and Cons
- "We chose Cisco because it had the full package that we were looking for."
- "The stability and the product features have to really be worked on."
What is our primary use case?
Our primary use case of this solution is for firewalling.
How has it helped my organization?
We have been using Cisco for a long time, and we use Firepower to replace other systems. It hasn't really been an improvement, but there are many features we want to use in the future. We haven't seen much improvement because we only installed it a short while ago.
What is most valuable?
It has many features but not all of them work. The features aren't stable enough for us to use them. The most valuable features are the firewalling and the deep inspection.
What needs improvement?
The stability and the product features have to really be worked on.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is getting better but we had some firmware issues.
What do I think about the scalability of the solution?
The scalability is good. We have scaled it but at a normal gross so it's not very high. We have designed it for our use case and we have the option to scale but we don't use it at the moment.
Which solution did I use previously and why did I switch?
We chose Cisco because it had the full package that we were looking for.
How was the initial setup?
The initial setup was of normal complexity. It's not straightforward, and because we started so early, the migration tools were not so good at the beginning.
What about the implementation team?
We implemented through our partner and had a good experience with them.
What other advice do I have?
Customers should take note that the migrations steps are not easy. The tools cannot solve all configurations and handle all configurations directly so you will have to do some coding by yourself. The solution is not complete at the moment but it will get better.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
It has improved the security posture and visibility of our traffic, but it could use more predefined security templates
What is our primary use case?
E-commerce environment, Enterprise data center.
How has it helped my organization?
It has improved the security posture and visibility of our traffic. It has been proven very reliable on the hardware finishing and network portion. Since Cisco have been very experience in networking.
What is most valuable?
- Snort IPS with recommendation template
- Extendable hardware module
- Straightforward licensing
- Cisco product integration
What needs improvement?
- I would like to see more improvements made to the dashboard and UI, as well as to the reporting, the reporting is quite limited and not user friendly.
- I would like them to consider offering more predefined security templates.
- Technical support product knowledge, licensing portal, activation process will need to be improved.
- The configuration is not straightforward, Cisco will need to improve this so the user can easily pick up the product.
- Bugs are more than other firewall competitors, some bugs are quite serious.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Yes, we found some firmware bugs and Cisco took some time to fix them. We needed to escalate the issue to the account manager to expedite the escalation process.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
A five out of 10.
Which solution did I use previously and why did I switch?
How was the initial setup?
Complex in configuration and understanding. It would be very challenging for a non-Cisco trained engineer.
What about the implementation team?
We implemented ourselves with some assistance from the vendor. Some vendor are not expertise in this deployment, possible because of the complexity of the product.
What's my experience with pricing, setup cost, and licensing?
Base hardware cost are average. Additional hardware modules are priced higher than the base module. They also offer very clear licensing and pricing.
Which other solutions did I evaluate?
Check Point, FortiGate, Palo Alto, SonicWall, Huawei, and Sophos.
What other advice do I have?
Cisco is still a very good hardware manufacture, but they need to catch up on the software portion. We used the Cisco product because we know they tried very hard to get back into the market and we were willing to give them a chance since we are still using a lot of Cisco product. For those who are non-Cisco trained, it would be very hard to pick up.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at Modern Woodmen of America
Sourcefires' visibility and control have been a great addition to the product
Pros and Cons
- "Sourcefire has been a great addition. The visibility and control have been nice."
- "If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great."
What is our primary use case?
The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.
How has it helped my organization?
Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had.
What is most valuable?
Sourcefire has been a great addition. The visibility and control have been nice.
I also like the active/standby HA.
What needs improvement?
The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great.
Also, AnyConnect is very difficult to manage and use.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?