Cisco Secure Firewall Reviews

Cisco Secure Firewall can be used for perimeter security, IDS, IPS, and VPN purposes. When discussing secure access via Cisco Secure Firewall, it helps any roaming user, whether working from home, an airport, or in the office, to securely access any workload that could be located on a private cloud, public cloud, data center, or at the edge. It bypasses the on-premise firewall, but they offer firewall as a service, which is on the cloud and enables Secure Service Edge. Perimeter security is necessary and is part of their Secure Access offering, which is Firewall as a Service coming out of the cloud.

From Cisco Secure Firewall's security offering perspective, Cisco has a very comprehensive offering. Whether it is perimeter security in the form of firewall, user security for remote users for SASE, AI security, endpoint security, network security, or workload security, this fits very well into an overall security architecture proposed by Cisco, which is called a Security Reference Architecture. They have a very comprehensive range of products that integrate very well with their firewall. I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective.

Cisco Secure Firewall includes something called Secure Cloud Control, which provides single management for consolidating policy across multiple pieces of equipment, whether it is a SASE policy, firewall policy, or otherwise. Centralized policy management is possible within that firewall, and if you want to orchestrate the same policy across multiple security products, you can use Cisco Secure Cloud Control.

Different models exist for Cisco Secure Firewall. Every on-premise model has a limit to the throughput it can support, and up to that limit, it scales fine. After reaching that limit, you are supposed to replace the model. For on-premise solutions, this is the case. However, Firewall as a Service can scale to a very large extent because it is a cloud-based offering that can scale up to a very large number, which is not a problem.

Cisco Secure Firewall has been used and sold for at least three to four years.

Cisco Secure Firewall is quite stable. If I had to rate stability from zero to ten points for Cisco Secure Firewall, I would give it an eight.

Cloud-delivered firewall provides much better flexibility for an organization via Cisco Secure Firewall. First, you can ensure that any users coming from outside securely access any workload that the organization may be running either in a private cloud or public cloud on a hyperscaler. Second, it provides what is called local internet breakout, where any services not supposed to go through the firewall can do a local internet breakout. With Firewall as a Service, you can consume capacity as you grow, rather than trying to put one firewall for your peak load. This gives tremendous flexibility similar to the flexibility that exists in cloud consumption.

If I had to give points for technical support from Cisco, I would give it an eight. It is pretty good, and we do not face a challenge. The reason is that our own team is pretty capable technically, so we do not go back to Cisco for much support. Whenever we have requested support, they have been pretty responsive.

I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective. Cisco Secure Firewall helps with the Zero Trust Security Model. ZTNA is a concept that has to be implemented at every tier, including the firewall. You cannot implement zero trust without a firewall also supporting it. It is an important piece in building a zero trust architecture. The review rating for this product is an eight out of ten.

Cisco Secure Firewall is used to protect our edge network. We use site-to-site VPNs, VPN clients, and benefit from Next-Generation Firewall features including threat prevention, URL filtering, and application control.

I appreciate all of the features of Cisco Secure Firewall, but the most important ones are the URL filtering feature that gives control over what users try to browse or reach on the internet, along with the threat prevention that inspects all traffic going out of and incoming to our network, making them very powerful features.

For example, I want to restrict a group of employees from my area in a very secure department that is not allowed to reach the internet or browse any websites that might be malicious or harmful to our network. By applying URL filtering, I can restrict their access to only the allowed websites according to our policy, allowing them to use certain websites related to their work while restricting them from reaching other harmful websites.

With everyone discussing AI and threat intelligence, security is advancing further. In addition to the features we have, we might consider threat intelligence that uses AI for more investigation and analytics on malicious codes or access. If Cisco integrates Cisco Secure Firewall with the cloud using AI, which I am sure they are working on, that would be beneficial for customers.

The first Cisco firewall I used was the ASA back in 2008, which was a long time ago.

Cisco Secure Firewall is one of the best and most stable solutions I have encountered, with no crashes and a powerful, stable system that shows no degradation in performance.

So far, we have not had other sites to expand, but I am confident that with the current design and features from Cisco, it will be easily expandable. If I decide to put another firewall in a DR site or any HA site, it is simply an HA configuration that will integrate smoothly with the current firewall we have.

The Cisco team is a wonderful team, always helpful and ready to assist us anytime. Our local vendors and the Cisco TAC team provide support wherever we are and whenever we need it. I would rate the Cisco team a ten because they are very responsive and solve our issues. I have never been stuck on any cases, although some may take time depending on their complexity, but they are wonderful.

Positive

I have used firewalls including the Forcepoint firewall, which I found to be good, but it was complex in terms of user management, and my team suffered from the complexity of managing this firewall. I have also used FortiGate firewalls and Palo Alto firewalls.

All the mentioned products are Next-Generation Firewalls with similar features, but the main difference lies in how we use these features. The simplicity of using these features is the key point. The URL filtering and threat prevention features in Cisco Secure Firewall are very nice, simple, and easy to configure and apply to our network.

I find deploying Cisco Secure Firewall to be a little bit challenging, but once it is implemented on our network, it is stable with no problems or issues. It is not that complex, and if we know our network, the Cisco team is helpful in guiding us to achieve the best design and implementation.

Cisco is not a cheap product, but when discussing an excellent product, we should not expect it to be that cheap. We normally have agreements and get discounts because we have been a Cisco customer for a long time, so the prices are reasonable.

My advice to other companies considering Cisco Secure Firewall is to assess your network thoroughly and understand your security needs very well. I am confident that if you choose Cisco Secure Firewall from a technical point of view, it will meet all your requirements, and I highly recommend using it. I rate Cisco Secure Firewall a nine out of ten because I am expecting more from Cisco, and I am sure next time they will reach a ten.

We're using the solution as a firewall, for securing our whole network for students and staff throughout the whole school.

Cisco Secure Firewall's performance benefits my company by allowing us to shape the bandwidth and internet for staff with quality of service where it works better for them rather than students, or vice versa. When students are testing, you can adjust it for that too.

The performance part of Cisco Secure Firewall is pretty good. You can control the bandwidth and features such as bandwidth shaping and quality of service, and I appreciate that part. At our school, a lot of the kids use laptops, the staff use laptops, and they have Wi-Fi. 

I just tried the chat feature in Cisco Secure Firewall, and that was pretty cool; the AI worked pretty good when I tried it at home in the evening, so that was a nice feature.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are pretty good too, as our finance department uses it, so keeping that part secure for them works out well.

For our students, we have them in certain groups, and then our staff in certain groups, so with Cisco Secure Firewall, you can push out policies for each one.

Cisco Secure Firewall is important. You can control what students are looking at, and if they're looking at something inappropriate, you can control it. You can also see which device is taking up more bandwidth.

Regarding the zero-trust security model, Cisco Secure Firewall helps our company. Our students and staff have the ability to do whatever they need to do with their research. It helps them while keeping security top of mind.

I would like to see more about the pricing of Cisco Secure Firewall or maybe see it enhanced.

I have been using Cisco Secure Firewall for about ten years now.

The stability and reliability of the Cisco Secure Firewall have always been good; it never falls, never fails, and it's always backed up, which is always good too.

We have more kids and more staff coming in, so with Cisco Secure Firewall, just having that ability to add on more features is great. Currently, it appears we're barely using it, so we can add more with it, and we always have room for that, which is good.

Whenever I call about a problem with Cisco Secure Firewall, they're always helpful and very knowledgeable, getting me to the right solutions I need. They're always willing to help afterwards too and send me documentation, which is always good.

Positive

The deployment experience with Cisco Secure Firewall is easy, with a straightforward deployment.

From my point of view as an IT admin, the biggest return on investment when using Cisco Secure Firewall is seeing what kids are looking at, shaping what they're looking at, shaping the bandwidth, quality of service, and you can do all that with the firewall, too. It also helps in blocking kids from things and monitoring what staffers are looking at.

I work for a school, so getting licensing and getting the budget for Cisco Secure Firewall for certain products is a challenge. It's good to have them, however, it costs us a lot.

On a scale of one to ten, I rate Cisco Secure Firewall a ten.

Cisco Secure Firewall's use case in our organization is justified because we operate in the financial industry where security best practices require multi-vendor products. We are running other vendors' solutions as well, and since Cisco is a prominent and one of the best vendors in the market, we opted for Cisco Secure Firewall. Both solutions serve our security requirements effectively.

The most valuable feature of Cisco Secure Firewall is the policy cleanup functionality. In the firewall, we have hundreds of policies deployed, and we often face a challenge regarding what to do with unused policies and how to remove them without impacting required access. Cisco Secure Firewall helps us identify the unused policies efficiently, and we are confident to remove them without any negative impact.

Cisco Secure Firewall helps our company overall because the firewall provides substantial capability when it comes to throughput, the number of policies, and the number of records. However, whenever traffic comes into the network, it must pass through all the policies and match the required ones, which takes considerable time. This solution helps us streamline our processes, streamline our information security requirements, and streamline our audit requirements to achieve our goals.

From the improvement perspective, I would identify automation as a key area. Whenever a requirement comes and needs to be deployed, there are individual rules to configure. When it comes to CLI, it was easy to create a script and copy-paste, but the GUI approach takes considerable time. Built-in automation would help significantly. Although there are options in the market such as Terraform or Ansible Tower with possible integration, having something built directly into Cisco Secure Firewall would be more beneficial.

I have been using Cisco Secure Firewall for a couple of years.

Cisco Secure Firewall is quite stable. While I experienced some issues when it was new in the market, the solution is stable now.

We are running other solutions as well, but being in the financial industry, we run multiple vendors and multiple firewalls. When I compare this solution with others, Cisco Secure Firewall is quite stable.

Cisco Secure Firewall is scalable and provides the required functionality and scalability from a throughput perspective and from a bandwidth perspective.

Regarding my experience with Cisco support for firewalls, we are using TAC support and partner support from Cisco. The experience is generally fine, but there is one area where we consistently face problems. Whenever we open a case, for example a P1 (severity one) case, an L2 engineer initially takes time to understand the requirement. Then the engineer mentions that their shift is going to finish and hands over to a new engineer, who takes additional time to get up to speed. This approach is not workable in our environment, especially in banking, where uptime is critical. This area requires improvement.

From the pricing and licensing perspective for Cisco Secure Firewall, we have multiple licenses covering threat intelligence, antivirus, and other security functionalities, and these come within the offering. This is satisfactory from that perspective. My overall review rating for Cisco Secure Firewall is 8 out of 10.

Cisco Secure Firewall's main use case is the edge firewall, which has great IPS and IDS capabilities, providing a solid defense layer for the organization.

I really appreciate the NAT-ting feature of Cisco Secure Firewall the most.

The main benefit of the NAT-ting feature in Cisco Secure Firewall is that when I establish a site-to-site tunnel with another endpoint from another company, I can provide them with a fake IP instead of the real IP.

Cisco Secure Firewall benefits our organization by serving as the first defense layer, which is the edge firewall as I mentioned before, helping to prevent DDoS attacks and similar threats.

I think Cisco Secure Firewall could become even better overall, but as of now, it is already in a stable status, and I do not see any significant features that need immediate attention. Perhaps something will come up in the future.

Cisco Secure Firewall is a stable and reliable product.

Cisco Secure Firewall remains stable because even if there are bugs, Cisco TAC engineers are consistently working to find solutions on the spot.

I am not experiencing any downtime with Cisco Secure Firewall.

There are bugs in Cisco Secure Firewall, but as I mentioned, the TAC engineers are actively working to resolve issues as quickly as possible, so the downtime is only for a short period.

I have experienced bugs with Cisco Secure Firewall, such as a sudden reboot, for example, but they resolved it on the spot.

Cisco Secure Firewall scales with the growing needs of an organization and has scalability.

Cisco Secure Firewall definitely demonstrates scalability, though I cannot explain it exactly.

I find that customer support from Cisco is good, as the TAC engineers are available all the time.

If I could rate Cisco Secure Firewall's support on a scale from one to ten, I would give it a ten.

Positive

The deployment model for Cisco Secure Firewall is on-premises.

My experience with deploying Cisco Secure Firewall is that it is complicated, but if you have the experience, you can deploy it smoothly.

There is a high learning curve for the deployment of Cisco Secure Firewall.

I have seen ROI with Cisco Secure Firewall, as they definitely save time and provide peace of mind.

Cisco Secure Firewall saves time and also saves money, definitely providing peace of mind.

My impression of the pricing and licensing of Cisco Secure Firewall is that it is not the normal pricing; it is high, but they deserve it.

They bring great value for the price because they provide excellent support, have stability, and we trust this product.

I would rate Cisco Secure Firewall a nine on a scale from one to ten. I rate it a nine because there is one point regarding the bugs that the versions of Cisco in general have.

My advice to other organizations considering Cisco Secure Firewall is to ensure that customers receive guidance from TAC engineers regarding bugs and workarounds when they are published. It is crucial to expedite the process of finding bugs before deploying new versions.

The use case at my company is to secure our campus and our different data centers.

My most valuable feature of Cisco Secure Firewall is that I can see what is where, which rules are applied where, and create templates. In general, it's a good feature for us.

Having Cisco Secure Firewall has definitely helped our organization because we are a German company that follows rules, so we have governance. We need to deploy the same type of governance everywhere, and it's much easier to deploy this way, even with some country-to-country differences.

To improve Cisco Secure Firewall product, we have a TAC case open for that, but I would prioritize responsiveness for sure, as UX/UI is always something to work on. We have complaints from our NOC people, but they are always complaining.

I have been using Cisco Secure Firewall at my company for a year.

When it comes to reliability with Cisco Secure Firewall, it's not necessarily about downtime; it's about reliability in updates. We want something that can be updated easily and reliably. When we push an update, we don't want it to crash, of course, and we want to be sure that we are up in the security game. This is one of the main reasons I'm here, as everything security-related is quite important to us. We mostly have on-premises devices and our own data centers, so it's crucial that the tools we buy are reliable.

I find Cisco Secure Firewall to be pretty easy to scale, and I was in a meeting this week with Cisco insiders who said it's going to be even easier in the future.

They're going to provide us with AI now for Cisco Secure Firewall, and we will just be able to chat while everything does itself.

Regarding customer support, I had a meeting yesterday with them for Cisco Secure Firewall. We are a very large company, so we open TAC cases quite often because we have more than 200 people working in security at my company. We find problems all the time, and most of the time it's quite responsive. However, one of the reasons we come to Cisco Live is to meet face-to-face with the engineers and their managers to ask why a particular TAC case hasn't moved for the last couple of months, and we want answers. We're not afraid to say when it's bad, but we also recognize when it's good. We want answers. If you don't want to tell us why, tell us why you don't want to tell us why. Generally, we have a very good relationship with Cisco.

On a scale of one to ten, I would rate the support for Cisco Secure Firewall a nine, even if sometimes we have some bumps. I understand the effort all the support team needs to provide to reach this level. Living in Warsaw, I have seen the Krakow office grow, and I believe it's a fantastic development for Poland to have so many people there. I hope Cisco continues investing there.

I believe we were using another product before Cisco Secure Firewall, but I don't have the detailed answer. I work at digital department, where we provide all IT and IT infrastructure for the company, so it's quite a large environment with 2,000 people in the networking team globally. I don't know what everyone is doing, even if I should probably know.

Evaluating other solutions is becoming my job now, and I'm focusing on three main topics: creating the lab for the networkers at my company, evaluating the monitoring capabilities for the networkers, and looking into AI tools for our networking team. I know some of my colleagues in architecture are also evaluating tools more in detail, ranging from SD-WAN to firewall to switching. We have many solutions here in Cisco, and we are all communicating to share opinions, even if it's not our core role to have answers. It's a good thing.

This new AI functionality will definitely help our company operate more efficiently for the SOC team, especially concerning deploying different rules and rule sets. This year, when we faced problems with the geopolitical environment, our company decided to enforce policies on some countries, and instead of reviewing hundreds of thousands of IP addresses manually, we could just do five clicks to shut off a whole part of Ukraine very easily. It's a life-saver sometimes.

I think in general, Cisco Secure Firewall is a really great product, and we will just go with the flow. AI is probably something that we need to go with, but let's not implement AI everywhere for the sake of it. Let's ensure it's useful, and I believe it has its utility there as well.

I don't think there is anything competing on the market at the moment. There is nothing competing on the market, so I have given Cisco Secure Firewall an overall rating of ten. I appreciate your understanding; when I mention integers, I know that engineers will understand exactly what I'm talking about.

Concerning the pricing and licensing of Cisco Secure Firewall, that's not really my part. My focus is on the product itself — how good it is, how it competes, and how well it fits our needs. I do ask about pricing, but that ultimately goes to board management for negotiating directly with Cisco. I have an overview of the pricing, of course, and I can share with my management what the pricing is versus competitors. We often see significant disparities, but most of the time there are valid reasons with Cisco.

Cisco Secure Firewall serves as our primary line of defense when receiving traffic for the customers that we serve, and from there, it is distributed across our network. It is the main firewall for the division of service that we manage the network for.

Cisco Secure Firewall performs very well in that the web interface is manageable when deploying configurations because it is very easy to set up. I don't have to write all those lines of configuration codes directly on the devices, but I can do it on a visual interface where I can double-check before pushing any configuration through, and that is very useful. When setting VPN connections, the filtering during troubleshooting is particularly helpful, as the Cisco IOS CLI has never been very capable when filtering during troubleshooting of a deep issue, and the interface is very helpful when it comes to that.

There are quite a lot of bugs when opening sub-windows, as sometimes I cannot extend the size to read more information, and when writing a long line of text, it can be annoying.

There are quite a lot of bugs when opening sub-windows, as sometimes I cannot extend the size to read more information, and when writing a long line of text, it can be annoying.

I have been using Cisco Secure Firewall for approximately three or four years now.

I have seen some instability regarding Cisco Secure Firewall. This may have been on us because we had a provisioning capacity issue and had to make an upgrade to serve the needs of our network. We experienced the issue due to a memory issue with one of our firewall pairs. Despite that issue, the devices are very reliable and stable under normal functioning.

Cisco Secure Firewall is very scalable. It is almost transparent from both customer and service technician perspectives, and I would give Cisco a 10 for scalability. This has been one of its strengths in their history.

I have contacted the technical support or customer support of Cisco regarding this solution. The speed of the support was appropriate. The quality was challenging to assess because when given a problem to resolve, there are so many details to recover and so much context of the company's usage to understand that it is not as simple as saying the official support of Cisco must have a magic wand to resolve the issue. At the end of the day, they were not able to provide the proper insight that we needed to resolve the issue we were facing at the time.

It is worth mentioning that our head of network is one of the toughest professionals I have come across when it comes to networking, and this may have made it more difficult for them because every person who came on the line was way ahead of them. When trying to get to a solution and having to repeat myself, I can come into a call not knowing everything, and recovery scripts must be run to gather information, analyze it, and then come back with a solution. In the end, it did not work, and we had to use another workaround developed by us. I would not say the support was bad; it was efficient in communication, but the final solution was not satisfactory.

I have never used any direct alternative to Cisco Secure Firewall, although there were discussions about switching to another vendor. After a lot of discussion, we remained with Cisco for its capabilities and some other details. It came into consideration to switch to another vendor for administrative decisions because Cisco solutions are quite expensive, and other vendors might do the job for a considerably lower amount, but Cisco remained. We never managed to use an alternative.

The initial deployment was most difficult because there were some compatibility issues. At the time I came to the team, we were transitioning from Cisco ASA to the new Firepower solution, and the tools for migrating the configuration about the objects were not working properly. I did not have the time to work out why since I was not the main architect of the network and was in a lesser role, but this was one of the main challenges I worked on. We had to do a lot of scripting and manual work to migrate the objects and configure the new solution because Cisco ASA was not very capable of extracting the information to push to a newer generation of firewalls.

We handle maintenance on Cisco Secure Firewall ourselves. We require maintenance and upgrades, and we do it ourselves.

I would rate this product an 8 out of 10 overall.

Our company's use case involves internal data center firewalls, mostly for east-west traffic.

The most valuable feature of Cisco Secure Firewall is the firewalling, which is essentially the security part of the firewall.

The security is improving with the blocking of access and the access rules. Security-wise, I find that it helps improve access between entities and departments, and more importantly, it covers the regulatory aspect as well.

If I could improve Cisco Secure Firewall, I would focus on the fact that there are many bugs, specifically with the FTDs. The versioning and software stability need improvement.

I have been using Cisco Secure Firewall for almost ten years.

Regarding bugs in Cisco Secure Firewall, for example, the logs show some traffic between two endpoints while others do not, which is a bug we found out recently. Cisco has reviewed it, and we are trying to fix it through an upgrade.

The bugs are problematic.

Cisco Secure Firewall is scalable and reliable. Regarding scalability, it is seamless. We have had a recent upgrade, added new data centers, and enhanced the existing firewalls.

My experience with their support team is that support is good and they are quite responsive. On a scale of one to ten, I would rate them a ten for good support.

Positive

I know that they evaluated other companies, including Forcepoint, a company providing firewalls as well, specifically next-generation firewalls. They picked Cisco Secure Firewall mainly for the FTD and superior Cisco support, which was the main deciding factor.

Deployment-wise, Cisco Secure Firewall is straightforward, as all Cisco products are straightforward. It takes roughly two months to deploy Cisco Secure Firewall, but it depends on the type of implementation and the specific data center involved.

The two months mainly involve the LLDs, the design phase, and the shipping. The most delay comes from shipping and delivery, as the standard delivery from Cisco is six to eight weeks, which is where the delay occurs, while the rest of the activities are completed prior to that. I would rate Cisco Secure Firewall a seven on a scale of one to ten overall. I would not rate it a ten due to the stability of the product needing improvement, specifically with the FTD.