Cisco Secure Firewall Reviews

We use this solution for advanced IPS, IDS, advanced malware protection, and web filtering.

The most valuable features of this solution are advanced malware protection, IPS, and IDS.

web filtering needs to improve because cisco firepower sync with bright cloud website for the website category. sometimes your URL is falling in the wrong category because of the bright cloud. so if you want to change the category you will have to drop the mail to the bright cloud and they will take action and it's a very long procedure. 

more than 2 years

This is a very reliable solution.

I have extended my Cisco solution and did not have any trouble.

We have more than 400 users and we plan to increase usage.

The initial setup is very simple to deploy in the Egyptian network. It takes two to three days to deploy but if you are implementing AMP then it will take an extra one or two days.

I am happy with the product in general, including the pricing.

We evaluated a Sophos firewall but when I checked the reviews, I found that Sophos did not rate as well in terms of IPS, IDS, and malware protection.

Cisco utilizes BrightCloud for URL filtering. Web filtering is the main problem with this product.

My advice to anybody who is considering this product is that if they want good security, compared to other offerings such as those by Check Point and Palo Alto, then they should implement Cisco Firepower.

I would rate this solution an eight out of ten.

We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.

Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.

You do not have to do everything through a command line which makes it a lot easier to apply rules.

You are able to see the traffic of what sites users are visiting.

There are warnings if you are about to go to sites that could be malicious.

It also allows you to block within categories, such as, by URL.

The solution always had these capabilities, but it did not have a user interface that was user-friendly.

The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.

We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.

The stability is good so far.  My opinion could change in another couple of months once we get more deeply involved with the solution.

We currently are protection approximately 220 users.

We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them. 

Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.

I rate the tech support service generally from Cisco a seven out of ten.

The installation is not hard and not easy either, it falls in between.

The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.

Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.

I rate Cisco Firepower NGFW Firewall a nine out of ten.

In our organization, we are using it as an internal firewall.

It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.

All of the licensing features can be upgrades.

The interface is user-friendly.

The cost is very high. Most organizations cannot afford it.

We have been using the latest version of this solution for the last five years.

It's a stable product.

It's a scalable solution. We have more than 2000 users in our organization.

Technical support is fine, we have no issues.

The initial setup was very easy. Cisco documentation is online, so it was no problem at all.

It took approximately 30 minutes to install.

If we compare it with FortiGate and the co-existing ASA, FortiGate is better in terms of price.

This is a product that I can recommend to others.

I would rate this solution a ten out of ten.

The number one use for this product is security.

The management of the application can be improved with enhancements to the user interface.

I would like the ability to drill down into certain reports because currently, that cannot be done. In fact, this is one of the reasons that we want to move away from Cisco. Better reporting tools would be an improvement.

We have been using Cisco ASA for approximately seven years.

This product is pretty stable.

Our current model is reaching its end of life, so it's not very scalable at the moment. We don't plan to increase usage.

It is currently providing protection for about 30 users.

The technical support is with our solution provider. I would say that it's average, rather than very good.

The initial setup is complex. I would say that it took a maximum of a week to deploy.

We had a service provider who took care of the installation for us.

This is an expensive product. We pay about €2,000 ($2,400 USD) per year for licensing. 

Technical support is in addition to the standard licensing fees.

At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better.

I would rate this solution a seven out of ten.

We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.

I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.

Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.

To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.

For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.

For me it is stable. It is amongst the best products in that way.

It is a scalable solution. It may cost money and resources to scale.

I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.

Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.

The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.

Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.

I did the implementation by myself.

If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. 

I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.

Our primary use case of this solution is for firewalling. 

We have been using Cisco for a long time, and we use Firepower to replace other systems. It hasn't really been an improvement, but there are many features we want to use in the future. We haven't seen much improvement because we only installed it a short while ago. 

It has many features but not all of them work. The features aren't stable enough for us to use them. The most valuable features are the firewalling and the deep inspection. 

The stability and the product features have to really be worked on.

The stability is getting better but we had some firmware issues. 

The scalability is good. We have scaled it but at a normal gross so it's not very high. We have designed it for our use case and we have the option to scale but we don't use it at the moment.

We chose Cisco because it had the full package that we were looking for. 

The initial setup was of normal complexity. It's not straightforward, and because we started so early, the migration tools were not so good at the beginning.

We implemented through our partner and had a good experience with them. 

Customers should take note that the migrations steps are not easy. The tools cannot solve all configurations and handle all configurations directly so you will have to do some coding by yourself. The solution is not complete at the moment but it will get better.

E-commerce environment, Enterprise data center.

It has improved the security posture and visibility of our traffic. It has been proven very reliable on the hardware finishing and network portion. Since Cisco have been very experience in networking.                                                                                                                                                                                   

• Snort IPS with recommendation template
• Extendable hardware module
• Straightforward licensing
• Cisco product integration

• I would like to see more improvements made to the dashboard and UI, as well as to the reporting, the reporting is quite limited and not user friendly. 
• I would like them to consider offering more predefined security templates.
• Technical support product knowledge, licensing portal, activation process will need to be improved. 
• The configuration is not straightforward, Cisco will need to improve this so the user can easily pick up the product.
• Bugs are more than other firewall competitors, some bugs are quite serious. 

One to three years.

Yes, we found some firmware bugs and Cisco took some time to fix them. We needed to escalate the issue to the account manager to expedite the escalation process.

No.

A five out of 10.

Cisco ASA.

Complex in configuration and understanding. It would be very challenging for a non-Cisco trained engineer.

We implemented ourselves with some assistance from the vendor. Some vendor are not expertise in this deployment, possible because of the complexity of the product.

Base hardware cost are average. Additional hardware modules are priced higher than the base module. They also offer very clear licensing and pricing.

Check Point, FortiGate, Palo Alto, SonicWall, Huawei, and Sophos.

Cisco is still a very good hardware manufacture, but they need to catch up on the software portion. We used the Cisco product because we know they tried very hard to get back into the market and we were willing to give them a chance since we are still using a lot of Cisco product. For those who are non-Cisco trained, it would be very hard to pick up.

The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.  

Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had. 

Sourcefire has been a great addition. The visibility and control have been nice. 

I also like the active/standby HA. 

The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great. 

Also, AnyConnect is very difficult to manage and use.