Cisco Secure Firewall Reviews

I worked for a Telecom provider, and we gave this solution to our customers.

The most important feature is its categorization because on the site and social media you are unified in the way they are there.

I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it.

Apart from the cost, I think Cisco is quite well-positioned in the market. Also, in terms of site capabilities, other companies are still in the lead. 

The price, integration, and licensing models are quite odd.

We didn't have any problem with its stability.

Scalability depends on the requirements of the license. The licensing scheme is complicated and not straightforward. I think there were around 200 users, sometimes more.

We used to use Fortinet, but we switched because of the lack of integration.

The initial setup was of a medium complexity. This was especially true when it came to integration of the data servers.

We used a consultant. They were very helpful. The documentation was quite easy to find for configuring the devices. We thought the boxes would be more parceled or more completely behind, but it was not a problem. The data was there.

I would recommend this solution. I would rate this solution as eight out of ten.

This solution is involved in the protection of the network perimeter and the VPN gateway.

It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

• AnyConnect
• Double translations
• Independent IPS module
• High performance
• Various methods of organizing a VPN

• Simplify licensing
• Do not combine the IPS module with the main operating system.
• In new products, leave the CLI.

We use it as a firewall and it has performed adequately.

It allows the securing of various network segments, based on use.

DMZ segmentation, and IDS and IPS.

It is fairly stable. However, Cisco suffers from some integration issues with other products, but this product, as a standalone, is fine. There is a problem with the Cisco Catalyst Switches in terms of assembling bursts and having them interact properly with the Cisco Firepower.

The scalability is good.

Tech support has been good.

We've been using Cisco. Prior to this it was Cisco ASA. This was the next evolution.

When selecting a vendor it is important that they have positive industry feedback, that they are a visionary leader.

I was involved in the initial set up and it was complex.

I give this solution a seven out of 10. Some of the tools are still a little bit difficult to use.

If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. 

The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the only feature, I feel, that is good. I have worked with other firewall products, so I know it very well. The logs are pretty good. Then it forwards. When it forwards the logs to a third-party syslog server, it then writes the Syslog very well. That is the only feature I like about it.

It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line.

Its a sort of legacy product nowadays. The firewalls which are the next generation have loads of features added to them, and they are all in one box.

It should have packets, deep level inspections and controls, like the features which other IPS solutions have. It just doesn't have any. It's just a box which does firewalling. 

Threat management features also should be added into it. 

So, the first thing is that the GUI has to be improved. The second thing is that the UTM features have to be added to it in a much broader way; not by relating to other third-party solutions which is how it is done right now. It should have built-in UTM features like other firewalls have now. Plus it should have the ability to analyze any packets which have malicious behaviors. Currently it doesn't have anything like that. It's just a layer-3 firewall.

Regarding the GUI, it's a very childish sort of attempt. It hasn't been improved since I started working with it. Yes, it shows the logs as they are but it doesn't have any option to do proper reporting.

Stability is really good, actually.

Scalability is not that good, I think. Other firewalls, upgrading is a very easy task; from the graphical user interface, you just need to import the firmware versions into it and install it. In this firewall, you need to have a third-party solution in both. It's a process. It's a procedure, a hard procedure, actually, so there is no straightforward procedure for upgrading.

I have never called the tech support, apart from a hardware issue, but that is done through the vendor, a third-party support team.

I was actually using ASA and I switched to another one.

I actually have lots of experience working on multiple firewalls and technical solutions, so for me I don't have any problem doing things by the command line. But for others, for a person who has two years of experience or one year of experience in general, they will definitely face issues working in the command line. You have to remember all of the commands, to search for the commands. If you're in a graphical user interface, you can go search somewhere and find some options. So I would say in that way it is complex.

If I were to advise others who are looking into implementing this product I would say I don't think they will like it. They would be able to meet business requirements better with other products, other vendors' firewalls. That's what I think, that's what I know from my own experience, from dealing with customers.

If those features, which I mentioned above in the first few questions, if they can add those features into the firewall as a standalone box, it can definitely become a player on the stage. They already have a good platform, even if it's a legacy product, it has that bit of maturity. So if, on top of that very good platform, they can add those features - security, threat intelligence features - they can get back into the market.

Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.

One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.

Visibility in the network traffic.

Management console – Firesight Management Center.

When deploying Cisco FMC versions 6.0 and 6.1, some issues may appear when trying to register ASA sensors. The problem needs Cisco TAC involvement, adding more effort and time. I guess this will be fixed in version 6.2.

I've used this solution for three to five years.

Some releases of the unified image (FTD – Firepower Threat Defense – Cisco ASA + Sourcefire IPS) are not very stable, but things are getting improved.

Some clustering functions are not available in the unified image.

Excellent.

Old ASA 5500. Natural upgrade to next generation functions.

Initial setup is pretty straightforward.

The licensing model has been simplified and is easy to understand. The price is higher compared to UTM solutions, such as Fortinet, but in the same range as Checkpoint and Palo Alto.

We also work with Palo Alto Networks, Fortinet, FireEye, and some other vendors.

Take a look at the features included in the unified image. Some classic ASA functionality has not been integrated yet, go for non-unified image if the deployment requires something that is not available – classic ASA iOS plus Sourcefire code.

Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.

With ASAs, we can keep operational expenses as low as possible. Disaster risks should be observed as usual, but this is definitely not the weak point.

I would like to see new SW versions being more stable and HW performance increase. However, the new 2000 series has high performance, but it is not shipped widely so far.

I started using Cisco firewalls when old PIX models were produced. I then observed all model changes. This makes about 10 years of continuous experience.

There are no real stability issues, if upgrades are done carefully.

I believe scalability issues are caused by poor design.

Cisco technical support makes a good impression most of the time.

Some of my customers switched from ZyXel to Cisco and this is an obvious decision for me. It will be much harder to imagine a customer replacing Check Point or Fortinet with Cisco.

The initial setup should not be left to the customer. The best way to do this is to make a basic setup and integration along with cabling and power-up, then verifying requirements and adjusting the configuration.

Basic features and IPs can work without subscriptions. All next-generation features require per-year payments. Enterprise customers usually agree with price and license fees, so I don't see any painful issues with pricing and licensing.

I compared Cisco with Fortinet, Checkpoint, and DIY solutions.

All you need to succeed is careful design, professional setup, and a support contract.

Some of the valuable features are detecting malware and blocking blacklisted URLs.

It has enhanced the security in every network over time.

As of now, I can't find any flaws with the device or any improvement that I can suggest.

I have been working with the device for the past two years.

The upgrade is a bit of a pain in the neck.

There were no issues with the stability

Scalability has been all-star perfect.

I would give customer service a rating of 10/10.

I would give technical support a rating of 10/10.

We have only used Cisco security devices.

The setup was smooth and simple.

We implemented it by ourselves and with some support from the Cisco TAC.

Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.

We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.

Only problem in my opinion is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part you'll need to stick to the CLI which is a bit difficult specially if you don't have a lot of experience around Cisco equipment.

We've operated this firewalls for around 2 years now.

ASAs are as complex as they are powerful. Configuration and administration are not as straightforward as other solutions and will take some time and studying to get used to them.

In my experience with various Firewall solutions, the stability and reliability of Cisco ASAs is unparalleled.

No

Cisco offers great customer service.

The best I have worked with.

We used to have a SonicWall and an older ASA 5510 platform. Both were replaced by a Cisco ASA cluster using a pair of 5525x.

ASAs are expensive. The initial cost is high compared to other similar solutions, and chances are the personnel that will operate them will require some training. But if you're aiming for stability and reliability, this is the best solution you will find.

We evaluated Fortinet and SonicWall, both great UTM vendors. Although those platforms are cheaper, we decided to go with Cisco because stability and reliability were mayor concerns for us, also the support is much better in my experience.