The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.
Network Engineer with 201-500 employees
Before anything, you need to know your infrastructure really well
Pros and Cons
- "IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
- "ASDM can be improved."
How has it helped my organization?
What is most valuable?
IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.
The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.
Also, the IP access list counter is a good feature while troubleshooting.
What needs improvement?
ASDM can be improved.
Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.
What do I think about the stability of the solution?
Yep, more than once, but only on one box out of the three we purchased. Suppose we got a lemon, because once replaced, everything was fine.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We never had an infrastructure that required scalability.
How are customer service and support?
An eight out of 10. TAC was very good but some engineers were quite slow and I ended up figuring out the issue myself.
But overall, I like Cisco TAC a 1000 times more than Juniper TAC. Arista is the best TAC so far in my experience, they have the best talent pool.
How was the initial setup?
Quite straightforward for the most part, since I had TAC on call while setting it up.
What's my experience with pricing, setup cost, and licensing?
Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now.
Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All other TACs do not come close, except Arista, but they do not make firewalls.
Which other solutions did I evaluate?
None. My old company was a complete Cisco shop.
What other advice do I have?
Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well.
For example, we brought a PAN firewall for east-west traffic control so we could implement a zero trust network. But our business traffic is a bidding traffic which has extremely small packet size and huge connection size per seconds happening, which sent the PAN firewall into a tailspin. Since we bought the device without a POC, we had to eat the cost. So make sure to do a PoC with all the vendor equipment before you purchase it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security Consultant at a tech services company with 51-200 employees
It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN.
What is most valuable?
Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.
How has it helped my organization?
It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.
What needs improvement?
Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.
For how long have I used the solution?
I am using it more than five years.
What was my experience with deployment of the solution?
No issues, very easy to deploy.
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
Migration to new version is very easy, therefore no issue.
How are customer service and technical support?
Customer Service:
9/10.
Technical Support:9/10.
Which solution did I use previously and why did I switch?
Cisco ASA firewall is most reliable to protect the network, therefore I switched.
How was the initial setup?
Yes, straightforward and simple.
What about the implementation team?
I am also vendor.
What was our ROI?
100%.
What's my experience with pricing, setup cost, and licensing?
Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.
Which other solutions did I evaluate?
Yes, Fortinet and Palo Alto.
What other advice do I have?
No.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer with 1,001-5,000 employees
The solution has worked very well for us, but the configuration/management interface is complex.
What is most valuable?
- Firewall mode
- AnyConnect gateway
- Client-less SSL VPN
How has it helped my organization?
The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single management mechanism, and by having a single platform solution, it has allowed for simpler training.
What needs improvement?
The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations.
For how long have I used the solution?
I've used Cisco PIX and ASA firewalls since 2003.
What was my experience with deployment of the solution?
Not with the ASAs, with some early version PIX products.
What do I think about the stability of the solution?
Not with the ASAs, with some early version PIX products.
What do I think about the scalability of the solution?
The ASAs offer several different technologies for HA and we have used all of them successfully.
How are customer service and technical support?
Customer Service:
It's excellent.
Technical Support:Excellent, we have always been able to get the specific expertise needed to solve our challenges with the products.
Which solution did I use previously and why did I switch?
Checkpoint Firewalls - the primary reason we switched was cost and limited support options.
How was the initial setup?
It's pretty straightforward. I came at these products already having considerable firewall experience.
What about the implementation team?
It was all in-house, as we all had 10 years plus experience when we moved to PIX firewalls and then a few years later we brought in the ASAs.
Which other solutions did I evaluate?
- Watchguard
- Sonicwall
- Checkpoint
What other advice do I have?
The product line offers tremendous capability. Please look into all of the solutions it can provide for you to maximize your investment.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a manufacturing company with 10,001+ employees
Accurate CLI, knowledgeable support team, valuable features
Pros and Cons
- "To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface."
- "It is hard to collaborate with our filtered environment."
What is our primary use case?
We utilize the solution for our IT security.
What is most valuable?
To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.
We frequently use the Bottleneck feature we purchased specialized from Cisco.
What needs improvement?
It is hard to collaborate with our filtered environment.
If Cisco could combine the Bottleneck feature of ASA, their platform called Umbrella, and the other team they have that has similar malware protection into one, this would be perfect.
For how long have I used the solution?
I have been using the solution for almost three years.
What do I think about the stability of the solution?
The solution is stable. However, It does have some bugs, but Cisco always fixes them really quickly. Sometimes we have to restart and it would be better if the bugs could be fixed without having to reload.
What do I think about the scalability of the solution?
The scalability is not perfect.
How are customer service and technical support?
The support has been great and responsive. Most of their engineers are very professional and knowledgeable.
How was the initial setup?
The setup is easy to do if you are familiar with these type of installs, if not then it could be difficult.
What's my experience with pricing, setup cost, and licensing?
We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier.
Which other solutions did I evaluate?
We will probably change to a higher version in the near future or migrate to a next-generation firewall which would include IPI and some other new features. This makes sense because our current firewall ends the support in several years.
Cisco FirePower, the next-generation firewall, is much better for stability.
What other advice do I have?
I have used many versions of the software over the years, versions 8.6 to 9.1 and 9.9 to 9.12.
Keep in mind before purchasing the solution, if you do need to scale the solution then ASA is probably not right for you.
I rate Cisco ASA Firewall an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator at a non-profit with 1-10 employees
User-friendly UI, blocking by category, has plenty of features
Pros and Cons
- "You do not have to do everything through a command line which makes it a lot easier to apply rules."
- "The solution could offer better control that would allow the ability to restrictions certain features from a website."
What is our primary use case?
We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.
What is most valuable?
Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.
You do not have to do everything through a command line which makes it a lot easier to apply rules.
You are able to see the traffic of what sites users are visiting.
There are warnings if you are about to go to sites that could be malicious.
It also allows you to block within categories, such as, by URL.
The solution always had these capabilities, but it did not have a user interface that was user-friendly.
What needs improvement?
The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.
For how long have I used the solution?
We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.
What do I think about the stability of the solution?
The stability is good so far. My opinion could change in another couple of months once we get more deeply involved with the solution.
What do I think about the scalability of the solution?
We currently are protection approximately 220 users.
How are customer service and technical support?
We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them.
Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.
I rate the tech support service generally from Cisco a seven out of ten.
How was the initial setup?
The installation is not hard and not easy either, it falls in between.
What about the implementation team?
The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.
What other advice do I have?
Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.
I rate Cisco Firepower NGFW Firewall a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security/Network Management at a educational organization with 201-500 employees
Offers great technical support and good security from the firewalls
Pros and Cons
- "The technical team is always available when we have problems."
What is our primary use case?
Our primary use case of this program is network protection.
How has it helped my organization?
Up until now we haven't been down due to issues with the internet connection or denial of service, so the program does what it claims to do.
What is most valuable?
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.
What needs improvement?
The program is very expensive.
For how long have I used the solution?
We've been using Cisco Sourcefile Firewalls for three years.
What do I think about the stability of the solution?
We haven't had any problems with the stability so far.
What do I think about the scalability of the solution?
We have 500 users working on the solution and I believe it may increase, so I believe the program is scalable.
How are customer service and technical support?
The technical support from the company is very good. They are always available when we have problems.
Which solution did I use previously and why did I switch?
We did use another UTM solution before for firewall, URL and band management. We didn't switch, we just have two layers now. If we want to use Cisco for band management or URL safety, we have to pay a license fee and it is very expensive.
How was the initial setup?
The initial setup was straightforward and it took the company about a day to deploy the firewalls.
What's my experience with pricing, setup cost, and licensing?
The licensing is very expensive.
What other advice do I have?
In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Software Engineer at FireEye
Performance-wise, it is top-notch. However, it is a bit tough to navigate and see what is going on.
Pros and Cons
- "It is a comprehensive suite and complete package."
- "Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on."
What is our primary use case?
For the AWS version, Cisco is our primary use. We have our own appliances and products, which are indicated as Cisco ASA. So, we test these product against Cisco ASA using different types of rules for new cases. During the test process, we make sure the integration works.
We have been using the solution for two years.
How has it helped my organization?
Right now, it serves a purpose and has everything that we need. Performance-wise, it is top-notch.
What is most valuable?
It is a comprehensive suite and complete package. We have the following with the product:
- Interest point detection
- Firewall stuff
- VPN
- It's configurable.
- It guards with its own threat intelligence.
We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.
What needs improvement?
Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on. While I like the UI and dashboards of Cisco ASA, if you compare them to Palo Alto or Fortinet, they have much richer UIs. An analyst (or anyone) can see them, and say, "I have got all these important pointers on my dashboard." However, with Cisco ASA, we need to dig into many things and go to many views to see what is actually there.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is stable. We put a good amount of stress on it.
What do I think about the scalability of the solution?
Especially for the AWS version, we can spin up multiple instances and do load-balancing.
We have 15 to 20 Cisco ASA switches with a couple of physical appliances and twelve machines. Our team is using four to five machines.
How is customer service and technical support?
It is all self-guided, and we were already using the physical appliances. Therefore, we knew how to use the product.
What was our ROI?
Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase.
For example, if you are working with a physical appliance, then you need to have a dedicated lab administrator to work with it, even to test a simple use case. This takes time because we would need to frequently reset that appliance and load all the data. It is no longer like that.
What's my experience with pricing, setup cost, and licensing?
Purchasing from the AWS Marketplace was easy. It was just point and click.
It is pay-as-you-go, so it much cheaper than buying in the plants.
Which other solutions did I evaluate?
We also checked Fortinet and Palo Alto, their AWS versions.
When compared products, Cisco ASA is easy on AWS. We received a trial version. It is easy to setup and evaluate.
We also already had Cisco products. This provided a tighter integration with what we already had. Since most of our traffic stays in AWS, it made sense to use AWS Cisco ASAv.
What other advice do I have?
Once you deploy a virtual database or virtual machine for any product, like Cisco. The first thing to do with your data is test it. So, you need to be prepared with the test that you want to test before you deploy the instances. Because after deploying instances, you wait and see what the data come back with, how to configure it, and review what doesn't work. Therefore, you need to do some background homework before starting, such as what type of data you need to put into it, how to test it, and will the system process it.
We have used both the on-premise and AWS version. We started using AWS in the past six to seven months. Prior to that, we used the on-premise version. The AWS version is better as it is quick to spin up and configure. Also, with AWS, everything is preset, and it is more flexible.
We have it integrated with many other products, like threat intelligence and analytics. For example, all our logs go into Splunk, then we receive our analytics from there. We also have Splunk on AWS. Thus, all the data stays on the cloud, so there is no latency, etc.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works at IDF technology
Valuable features include AnyConnect, double translations, and an independent IPS module
Pros and Cons
- "Valuable features include AnyConnect, double translations, and an independent IPS module."
- "The licensing needs simplification."
- "The IPS module is combined with the main operating system."
What is our primary use case?
This solution is involved in the protection of the network perimeter and the VPN gateway.
How has it helped my organization?
It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.
What is most valuable?
- AnyConnect
- Double translations
- Independent IPS module
- High performance
- Various methods of organizing a VPN
What needs improvement?
- Simplify licensing
- Do not combine the IPS module with the main operating system.
- In new products, leave the CLI.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Meraki MX
Zscaler Internet Access
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Palo Alto Networks WildFire
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?