I am doing research on the product and testing it for security.
Administrator at a university with 1,001-5,000 employees
Flexible solution and can be easily integrated with your network hardware
Pros and Cons
- "I have found the stability of this solution really good. This is why I use it."
- "Comparing Cisco solution to others, it is expensive, it would be better for it to be cheaper."
What is our primary use case?
What is most valuable?
It is a flexible solution and can be easily integrated with your network hardware. It is a very useful product. This product is very popular in the industry and the network security environment is good.
What needs improvement?
It would be a benefit to improve the integration with other similar products from other vendors on the market, for example, Huawei or Fortinet products. Comparing Cisco solution to others, it is expensive, it would be better for it to be cheaper.
For how long have I used the solution?
I have been using the solution for three to four years.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
What do I think about the stability of the solution?
I have found the stability of this solution really good, this is why I use it.
What do I think about the scalability of the solution?
The product is scalable.
How are customer service and support?
The customer service is really helpful, they do their part in keeping our organization's network from outside intrusion.
Which solution did I use previously and why did I switch?
I have used other solutions in the past, such as Cisco Firepower. I find Cisco products to be superior.
How was the initial setup?
The solution is normally easy to install but if the user has more requirements, as in a more complicated setup, it could take more time.
What about the implementation team?
I did the deployment myself.
What's my experience with pricing, setup cost, and licensing?
The product is very expensive.
What other advice do I have?
I would recommend this product. I suggest this solution to my colleagues because it is a great product and is really stable. When looking at other products in use in other companies this product is superior.
I rate Cisco ASA Firewall ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Administrator at a university with 1,001-5,000 employees
A firewall solution with a straightforward setup and a useful incidence response feature
Pros and Cons
- "I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
- "Cisco Firepower NGFW Firewall can be more secure."
What is our primary use case?
Cisco Firepower NGFW Firewall has a lot of environment to use for your network to see what kind of critical threats are coming or going. I use it to find out what this threat is and then formulate a strategy for it. I use it a lot on my simple network to see how it works, inspect the network traffic, and so on.
What is most valuable?
Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.
What needs improvement?
Cisco Firepower NGFW Firewall can be more secure. But no product is 100% secure, so it's a case of always wanting more security. The product is also really expensive. It would help if they provided free academic access to the enterprise edition for students for a whole month, two months, three months, or a year.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for about two years.
Which solution did I use previously and why did I switch?
I used Cisco ASA Firewall, but in our specific environment and not for the whole network.
How was the initial setup?
It's easy to install Cisco Firepower NGFW Firewall. You can install it on the platform with all the images in one set form. It took me about 20 to 30 minutes to install.
What about the implementation team?
I implemented Cisco Firepower NGFW Firewall on my own.
What's my experience with pricing, setup cost, and licensing?
For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive. But it should be affordable for enterprises and educational institutions.
What other advice do I have?
I would recommend Cisco Firepower NGFW Firewall to potential customers.
On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
Information Security Manager at a financial services firm with 501-1,000 employees
Flexible, high quality, and provides good security
Pros and Cons
- "It's a flexible solution and is well-known in the community."
- "In the next release, I would like to see the VPN and UTM features included."
What is our primary use case?
We are using this product to filter network traffic.
What is most valuable?
It's a flexible solution and is well-known in the community. Most professionals are familiar with Cisco products and we prefer to work with products that we know. That is why we chose to work with Cisco firewalls, and also for the quality.
What needs improvement?
In the next year, we are planning to migrate to the Cisco Firepower. Our planned product would be Cisco Firepower 20 or the 40 series.
In the next release, I would like to see the VPN and UTM features included.
For how long have I used the solution?
I have been using the Cisco ASA Firewall for the past ten years.
We have a few different versions that we are using. Some are 5505, 5510, and 5515.
What do I think about the stability of the solution?
It's stable. We have not had any issues with stability.
What do I think about the scalability of the solution?
It's a scalable solution. We have five or six users in our organization.
How are customer service and technical support?
We have not contacted technical support because we have not had any issues.
Which solution did I use previously and why did I switch?
Previously, we did not use any other solutions. Our company is almost 11 years old and have been using this solution for ten years. We have been using this solution from the beginning.
How was the initial setup?
I have not been present for most of the deployments, but from my experience, the deployment is not complex for organizations like ours because we have less equipment and infrastructure.
In Ethiopia, most of the deployments, especially in government organizations, are on-premises because of government policy.
Our policies are limited and not complex.
Overall, I would say that it's pretty straightforward. While I was not a part of the deployment and had to guess, I would say it may have taken a week to deploy.
We require a team of four or five to maintain this solution.
What other advice do I have?
In summary, this is a good product and I recommend it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security Consultant at a consultancy with 1-10 employees
URL filtering and easy integration with other Cisco products are key features for us
Pros and Cons
- "If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering."
- "It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple."
- "One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
What is our primary use case?
The first time I deployed Cisco ASA was for one of our clients. This client had a Palo Alto firewall and he wanted to migrate. He bought an ASA 2505, and he wanted us to come in and deploy it and, after that, to put in high-availability. We deployed it and the high-availability means that in case one fails, there is a second one to take over.
I have deployed Cisco ISE and, in the same environment, we had a Cisco FTD. In that environment, we were using the ASA for VPN, and we were using the FTD like an edge device. The ASA was deployed as VPN facilitator and for the wireless part too, so that the wireless network was under the ASA firewall.
What is most valuable?
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.
Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.
When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected.
Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial.
When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good.
What needs improvement?
One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection. Right now, threats and attacks are becoming more and more intense, and I don't think that the ASA is enough. I think this is why they created FTD.
Also, Cisco is not so easy to configure.
For how long have I used the solution?
I have been using and deploying Cisco ASA for two to three years.
What do I think about the stability of the solution?
Cisco ASA is stable.
What do I think about the scalability of the solution?
It's scalable. You can integrate AD, you can integrate Cisco NAC. You can integrate quite a lot of things so that makes it scalable.
How was the initial setup?
When you configure the ASA, there is already a basic setup there. Based on your environment, you need to customize it. If you understand security and firewalls very well, you can create your own setup.
For me, the initial setup is easy, but is it good? Because from a security perspective, you always need to customize the initial setup and come up with the setup that fits with your environment. So it's always easy to do the initial setup, but the initial setup is for kids in IT.
The time it takes to set up the ASA depends on your environment. For a smaller deployment, you just have the one interface to configure and to put some policies in place and that's all. If you are deploying the ASA for something like a bank, there are a lot of policies and there is a lot of testing to do, so that can take you all night. So the setup time really depends on your environment and on the size of the company as well.
What's my experience with pricing, setup cost, and licensing?
When it comes to Cisco, the price of everything is higher.
Cisco firewalls are expensive, but we get support from Cisco, and that support is very active. When I hit an issue when I was configuring an FTD, as soon as I raised a ticket the guy called me and supported me. Cisco is very proactive.
I had the same kind of issue when I was configuring a FortiGate, but those guys took two or three days to call me. I fixed the issue before they even called me.
Which other solutions did I evaluate?
I have used firewalls from Fortinet, Palo Alto, and Check Point. To configure an ASA for VPN, there are a lot of steps. When it comes to the FortiGate, it's just a few clicks. FortiGate also has built-in templates for configuring VPN. When you want to create a VPN between FortiGate and FortiGate, the template is already there. All you need to do is enter an IP address. When you want to configure a VPN with a third-party using the FortiGate, and say the third-party is Cisco, there is a VPN template for Cisco built into the FortiGate. So FortiGate is very easy to configure, compared to Cisco. But the Cisco firewall is powerful.
Check Point is something like Cisco but if I have to choose between Cisco and Check Point firewalls, I will choose Cisco because of all the features that Cisco has. With Cisco you can do a lot of things, when it comes to advanced malware protection and IPS. Check Point is very complicated to manage. They have recently come out with Infinity where there is a central point of management.
Palo Alto has a lot of functionality but I haven't worked on the newer models.
What other advice do I have?
Cisco firewalls are not for kids. They are for people who understand security. Now I know why people with Cisco training are very good, because they train you to be competent. They train you to have ability. And when you have ability, their firewall becomes very easy to configure.
When Cisco is teaching you, Cisco teaches you the concept. Cisco gives you a concept. They don't focus on how to configure the device. With Fortinet, for instance, Fortinet teaches you how to configure their device, without giving you the concepts. Cisco gives you the concepts about how the technology is working. And then they tell you how you are going to configure things on their box. When you are an engineer and you understand the technology from Cisco, it means that you can drive everything, because if you understand Cisco very well, you can work with FortiGate. If you understand security from Cisco, it means that you can configure everything, you can configure every firewall. This is why I like Cisco.
When it comes to other vendors, it's easy to understand and it's easy to configure, but you can configure without understanding. And when you configure without understanding, you can't troubleshoot. To troubleshoot, you need understanding.
I'm a security analyst, so I deal with everything about firewalls. I'm talking about ASA firewalls, and I'm talking about ASA with Firepower, FTD, and Cisco Meraki MX. When it comes to security tools I am comfortable with Cisco and everything Cisco.
One of our clients was using Cisco ASA. They got attacked, but I don't think that this attack came from outside their company. They were managing their firewall and configuring everything well, but they were still getting attacks. One of their employees had been compromised and his laptop was infected. This laptop infected everything in the organization. So the weakest link can be your employees.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ingénieur technico-commercial at ICBM
Good for building a solid security solution for a company
Pros and Cons
- "The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is."
- "The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."
What is most valuable?
We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.
What needs improvement?
I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.
Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.
To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.
For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.
For how long have I used the solution?
I've been using the solution with my newest employer for over three years.
What do I think about the stability of the solution?
For me it is stable. It is amongst the best products in that way.
What do I think about the scalability of the solution?
It is a scalable solution. It may cost money and resources to scale.
How are customer service and technical support?
I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.
Which solution did I use previously and why did I switch?
Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.
How was the initial setup?
The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.
Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.
What about the implementation team?
I did the implementation by myself.
What other advice do I have?
If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident.
I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Security Solution Architect at a financial services firm with 5,001-10,000 employees
Good documentation for the configuration
Pros and Cons
- "The most important feature is its categorization because on the site and social media you are unified in the way they are there."
- "I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it."
What is our primary use case?
I worked for a Telecom provider, and we gave this solution to our customers.
What is most valuable?
The most important feature is its categorization because on the site and social media you are unified in the way they are there.
What needs improvement?
I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it.
Apart from the cost, I think Cisco is quite well-positioned in the market. Also, in terms of site capabilities, other companies are still in the lead.
The price, integration, and licensing models are quite odd.
For how long have I used the solution?
I have been using Sourcefire for two or three years.
What do I think about the stability of the solution?
We didn't have any problem with its stability.
What do I think about the scalability of the solution?
Scalability depends on the requirements of the license. The licensing scheme is complicated and not straightforward. I think there were around 200 users, sometimes more.
Which solution did I use previously and why did I switch?
We used to use Fortinet, but we switched because of the lack of integration.
How was the initial setup?
The initial setup was of a medium complexity. This was especially true when it came to integration of the data servers.
What about the implementation team?
We used a consultant. They were very helpful. The documentation was quite easy to find for configuring the devices. We thought the boxes would be more parceled or more completely behind, but it was not a problem. The data was there.
What other advice do I have?
I would recommend this solution. I would rate this solution as eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Computer Networking Consultant and Contractor with 51-200 employees
Initial setup was very straightforward because the training and certification provided by the vendor helped us to solve rapidly any configuration issues.
Pros and Cons
- "Stability, high availability of services, and very high MTBU were the most valuable features for me."
- "The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc."
How has it helped my organization?
I have 15 years’ experience with Cisco products and I've had very, very little problems with them. Also, for resolving appeared issues Cisco was a good partner.
Crescendo (www.crescendo.ro) is an IT&C integrator and this product (based on Cisco Partnership) helped us to grow our business, and Cisco ASA was one of most sold product in our solutions portfolio.
What is most valuable?
Stability, high availability of services, and very high MTBU were the most valuable features for me -- because in my work as network and security consultant, it is very important to guarantee to my customer the security of his business.
What needs improvement?
The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc.
What do I think about the stability of the solution?
With Cisco ASA firewall, no.
What do I think about the scalability of the solution?
No. Based on their recent acquisition of Firepower, Cisco added "multi 10Gbps" NGFW performance in their solutions portfolio, which can be used by us, as a Gold Partner with Advance Security Architecture Specialization, in our network architecture proposals.
How are customer service and technical support?
Very satisfied.
Which solution did I use previously and why did I switch?
I haven' t used another solution.
How was the initial setup?
Initial setup was very straightforward because the training and certification provided by the vendor helped us to solve rapidly any configuration issues.
What's my experience with pricing, setup cost, and licensing?
To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive.
Which other solutions did I evaluate?
We evaluated other solutions, like Fortinet, HPE, Juniper, Check Point, but Cisco ASA was what we need.
What other advice do I have?
To test the product in their network and to evaluate other products. I am sure that the Cisco ASA Firewall will be the winner.
Our complete relationship is based on the following partner competencies:
Certifications:
• Gold Certified Partner
Specializations:
• Advanced Collaboration Architecture Specialization
• Advanced Data Center Architecture Specialization
• Advanced Enterprise Networks Architecture Specialization
• Advanced Security Architecture Specialization
Cloud Partners:
• Storage: EMC
• Virtualization: VMware
• Cloud Management: VMware
• Cloud Professional Services
• SaaS Simple Resale
Other Authorizations:
• Registered Partner
• Cisco Certified Refurbished Equipment
• Cisco Developer Network Cisco Products Marketplace
• Cisco Meeting Server formerly Acano
• PSPP Defense
• Smart Care Registered Partner
• ATP - Unified Contact Center Enterprise
Partner since:
• More than 10 years
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer with 201-500 employees
Before anything, you need to know your infrastructure really well
Pros and Cons
- "IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
- "ASDM can be improved."
How has it helped my organization?
The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.
What is most valuable?
IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.
The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.
Also, the IP access list counter is a good feature while troubleshooting.
What needs improvement?
ASDM can be improved.
Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.
What do I think about the stability of the solution?
Yep, more than once, but only on one box out of the three we purchased. Suppose we got a lemon, because once replaced, everything was fine.
What do I think about the scalability of the solution?
We never had an infrastructure that required scalability.
How is customer service and technical support?
An eight out of 10. TAC was very good but some engineers were quite slow and I ended up figuring out the issue myself.
But overall, I like Cisco TAC a 1000 times more than Juniper TAC. Arista is the best TAC so far in my experience, they have the best talent pool.
How was the initial setup?
Quite straightforward for the most part, since I had TAC on call while setting it up.
What's my experience with pricing, setup cost, and licensing?
Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now.
Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All other TACs do not come close, except Arista, but they do not make firewalls.
Which other solutions did I evaluate?
None. My old company was a complete Cisco shop.
What other advice do I have?
Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well.
For example, we brought a PAN firewall for east-west traffic control so we could implement a zero trust network. But our business traffic is a bidding traffic which has extremely small packet size and huge connection size per seconds happening, which sent the PAN firewall into a tailspin. Since we bought the device without a POC, we had to eat the cost. So make sure to do a PoC with all the vendor equipment before you purchase it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?