Cisco Secure Firewall Reviews

Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.

Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

I am using it more than five years.

No issues, very easy to deploy.

No.

Migration to new version is very easy, therefore no issue.

9/10.

9/10.

Cisco ASA firewall is most reliable to protect the network, therefore I switched.

Yes, straightforward and simple.

I am also vendor.

100%.

Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

Yes, Fortinet and Palo Alto.

No.

It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.

In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.

I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.

Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.

Stability issues did not occur in my experience, as long as we stayed with the correct image builds.

There were no scalability issues.

Customer Service:

Generally, we do not need customer support, so it is hard to rate.

Technical Support:

Generally we do not need technical support, so it is hard to rate.

The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.

We implemented the solution in-house.

We cannot determine ROI just yet.

Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.

In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.

I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

We use this solution for advanced IPS, IDS, advanced malware protection, and web filtering.

The most valuable features of this solution are advanced malware protection, IPS, and IDS.

web filtering needs to improve because cisco firepower sync with bright cloud website for the website category. sometimes your URL is falling in the wrong category because of the bright cloud. so if you want to change the category you will have to drop the mail to the bright cloud and they will take action and it's a very long procedure. 

more than 2 years

This is a very reliable solution.

I have extended my Cisco solution and did not have any trouble.

We have more than 400 users and we plan to increase usage.

The initial setup is very simple to deploy in the Egyptian network. It takes two to three days to deploy but if you are implementing AMP then it will take an extra one or two days.

I am happy with the product in general, including the pricing.

We evaluated a Sophos firewall but when I checked the reviews, I found that Sophos did not rate as well in terms of IPS, IDS, and malware protection.

Cisco utilizes BrightCloud for URL filtering. Web filtering is the main problem with this product.

My advice to anybody who is considering this product is that if they want good security, compared to other offerings such as those by Check Point and Palo Alto, then they should implement Cisco Firepower.

I would rate this solution an eight out of ten.

We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.

Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.

You do not have to do everything through a command line which makes it a lot easier to apply rules.

You are able to see the traffic of what sites users are visiting.

There are warnings if you are about to go to sites that could be malicious.

It also allows you to block within categories, such as, by URL.

The solution always had these capabilities, but it did not have a user interface that was user-friendly.

The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.

We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.

The stability is good so far.  My opinion could change in another couple of months once we get more deeply involved with the solution.

We currently are protection approximately 220 users.

We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them. 

Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.

I rate the tech support service generally from Cisco a seven out of ten.

The installation is not hard and not easy either, it falls in between.

The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.

Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.

I rate Cisco Firepower NGFW Firewall a nine out of ten.

In our organization, we are using it as an internal firewall.

It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.

All of the licensing features can be upgrades.

The interface is user-friendly.

The cost is very high. Most organizations cannot afford it.

We have been using the latest version of this solution for the last five years.

It's a stable product.

It's a scalable solution. We have more than 2000 users in our organization.

Technical support is fine, we have no issues.

The initial setup was very easy. Cisco documentation is online, so it was no problem at all.

It took approximately 30 minutes to install.

If we compare it with FortiGate and the co-existing ASA, FortiGate is better in terms of price.

This is a product that I can recommend to others.

I would rate this solution a ten out of ten.

The number one use for this product is security.

The management of the application can be improved with enhancements to the user interface.

I would like the ability to drill down into certain reports because currently, that cannot be done. In fact, this is one of the reasons that we want to move away from Cisco. Better reporting tools would be an improvement.

We have been using Cisco ASA for approximately seven years.

This product is pretty stable.

Our current model is reaching its end of life, so it's not very scalable at the moment. We don't plan to increase usage.

It is currently providing protection for about 30 users.

The technical support is with our solution provider. I would say that it's average, rather than very good.

The initial setup is complex. I would say that it took a maximum of a week to deploy.

We had a service provider who took care of the installation for us.

This is an expensive product. We pay about €2,000 ($2,400 USD) per year for licensing. 

Technical support is in addition to the standard licensing fees.

At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better.

I would rate this solution a seven out of ten.

We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.

I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.

Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.

To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.

For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.

For me it is stable. It is amongst the best products in that way.

It is a scalable solution. It may cost money and resources to scale.

I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.

Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.

The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.

Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.

I did the implementation by myself.

If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. 

I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.

Our primary use case of this solution is for firewalling. 

We have been using Cisco for a long time, and we use Firepower to replace other systems. It hasn't really been an improvement, but there are many features we want to use in the future. We haven't seen much improvement because we only installed it a short while ago. 

It has many features but not all of them work. The features aren't stable enough for us to use them. The most valuable features are the firewalling and the deep inspection. 

The stability and the product features have to really be worked on.

The stability is getting better but we had some firmware issues. 

The scalability is good. We have scaled it but at a normal gross so it's not very high. We have designed it for our use case and we have the option to scale but we don't use it at the moment.

We chose Cisco because it had the full package that we were looking for. 

The initial setup was of normal complexity. It's not straightforward, and because we started so early, the migration tools were not so good at the beginning.

We implemented through our partner and had a good experience with them. 

Customers should take note that the migrations steps are not easy. The tools cannot solve all configurations and handle all configurations directly so you will have to do some coding by yourself. The solution is not complete at the moment but it will get better.