Cisco Secure Firewall Reviews

Cisco Secure Firewall's main use case is the edge firewall, which has great IPS and IDS capabilities, providing a solid defense layer for the organization.

I really appreciate the NAT-ting feature of Cisco Secure Firewall the most.

The main benefit of the NAT-ting feature in Cisco Secure Firewall is that when I establish a site-to-site tunnel with another endpoint from another company, I can provide them with a fake IP instead of the real IP.

Cisco Secure Firewall benefits our organization by serving as the first defense layer, which is the edge firewall as I mentioned before, helping to prevent DDoS attacks and similar threats.

I think Cisco Secure Firewall could become even better overall, but as of now, it is already in a stable status, and I do not see any significant features that need immediate attention. Perhaps something will come up in the future.

Cisco Secure Firewall is a stable and reliable product.

Cisco Secure Firewall remains stable because even if there are bugs, Cisco TAC engineers are consistently working to find solutions on the spot.

I am not experiencing any downtime with Cisco Secure Firewall.

There are bugs in Cisco Secure Firewall, but as I mentioned, the TAC engineers are actively working to resolve issues as quickly as possible, so the downtime is only for a short period.

I have experienced bugs with Cisco Secure Firewall, such as a sudden reboot, for example, but they resolved it on the spot.

Cisco Secure Firewall scales with the growing needs of an organization and has scalability.

Cisco Secure Firewall definitely demonstrates scalability, though I cannot explain it exactly.

I find that customer support from Cisco is good, as the TAC engineers are available all the time.

If I could rate Cisco Secure Firewall's support on a scale from one to ten, I would give it a ten.

Positive

The deployment model for Cisco Secure Firewall is on-premises.

My experience with deploying Cisco Secure Firewall is that it is complicated, but if you have the experience, you can deploy it smoothly.

There is a high learning curve for the deployment of Cisco Secure Firewall.

I have seen ROI with Cisco Secure Firewall, as they definitely save time and provide peace of mind.

Cisco Secure Firewall saves time and also saves money, definitely providing peace of mind.

My impression of the pricing and licensing of Cisco Secure Firewall is that it is not the normal pricing; it is high, but they deserve it.

They bring great value for the price because they provide excellent support, have stability, and we trust this product.

I would rate Cisco Secure Firewall a nine on a scale from one to ten. I rate it a nine because there is one point regarding the bugs that the versions of Cisco in general have.

My advice to other organizations considering Cisco Secure Firewall is to ensure that customers receive guidance from TAC engineers regarding bugs and workarounds when they are published. It is crucial to expedite the process of finding bugs before deploying new versions.

On-premises

The use case at my company is to secure our campus and our different data centers.

My most valuable feature of Cisco Secure Firewall is that I can see what is where, which rules are applied where, and create templates. In general, it's a good feature for us.

Having Cisco Secure Firewall has definitely helped our organization because we are a German company that follows rules, so we have governance. We need to deploy the same type of governance everywhere, and it's much easier to deploy this way, even with some country-to-country differences.

To improve Cisco Secure Firewall product, we have a TAC case open for that, but I would prioritize responsiveness for sure, as UX/UI is always something to work on. We have complaints from our NOC people, but they are always complaining.

I have been using Cisco Secure Firewall at my company for a year.

When it comes to reliability with Cisco Secure Firewall, it's not necessarily about downtime; it's about reliability in updates. We want something that can be updated easily and reliably. When we push an update, we don't want it to crash, of course, and we want to be sure that we are up in the security game. This is one of the main reasons I'm here, as everything security-related is quite important to us. We mostly have on-premises devices and our own data centers, so it's crucial that the tools we buy are reliable.

I find Cisco Secure Firewall to be pretty easy to scale, and I was in a meeting this week with Cisco insiders who said it's going to be even easier in the future.

They're going to provide us with AI now for Cisco Secure Firewall, and we will just be able to chat while everything does itself.

Regarding customer support, I had a meeting yesterday with them for Cisco Secure Firewall. We are a very large company, so we open TAC cases quite often because we have more than 200 people working in security at my company. We find problems all the time, and most of the time it's quite responsive. However, one of the reasons we come to Cisco Live is to meet face-to-face with the engineers and their managers to ask why a particular TAC case hasn't moved for the last couple of months, and we want answers. We're not afraid to say when it's bad, but we also recognize when it's good. We want answers. If you don't want to tell us why, tell us why you don't want to tell us why. Generally, we have a very good relationship with Cisco.

On a scale of one to ten, I would rate the support for Cisco Secure Firewall a nine, even if sometimes we have some bumps. I understand the effort all the support team needs to provide to reach this level. Living in Warsaw, I have seen the Krakow office grow, and I believe it's a fantastic development for Poland to have so many people there. I hope Cisco continues investing there.

I believe we were using another product before Cisco Secure Firewall, but I don't have the detailed answer. I work at digital department, where we provide all IT and IT infrastructure for the company, so it's quite a large environment with 2,000 people in the networking team globally. I don't know what everyone is doing, even if I should probably know.

Evaluating other solutions is becoming my job now, and I'm focusing on three main topics: creating the lab for the networkers at my company, evaluating the monitoring capabilities for the networkers, and looking into AI tools for our networking team. I know some of my colleagues in architecture are also evaluating tools more in detail, ranging from SD-WAN to firewall to switching. We have many solutions here in Cisco, and we are all communicating to share opinions, even if it's not our core role to have answers. It's a good thing.

This new AI functionality will definitely help our company operate more efficiently for the SOC team, especially concerning deploying different rules and rule sets. This year, when we faced problems with the geopolitical environment, our company decided to enforce policies on some countries, and instead of reviewing hundreds of thousands of IP addresses manually, we could just do five clicks to shut off a whole part of Ukraine very easily. It's a life-saver sometimes.

I think in general, Cisco Secure Firewall is a really great product, and we will just go with the flow. AI is probably something that we need to go with, but let's not implement AI everywhere for the sake of it. Let's ensure it's useful, and I believe it has its utility there as well.

I don't think there is anything competing on the market at the moment. There is nothing competing on the market, so I have given Cisco Secure Firewall an overall rating of ten. I appreciate your understanding; when I mention integers, I know that engineers will understand exactly what I'm talking about.

Concerning the pricing and licensing of Cisco Secure Firewall, that's not really my part. My focus is on the product itself — how good it is, how it competes, and how well it fits our needs. I do ask about pricing, but that ultimately goes to board management for negotiating directly with Cisco. I have an overview of the pricing, of course, and I can share with my management what the pricing is versus competitors. We often see significant disparities, but most of the time there are valid reasons with Cisco.

On-premises

Other

Our company's use case involves internal data center firewalls, mostly for east-west traffic.

The most valuable feature of Cisco Secure Firewall is the firewalling, which is essentially the security part of the firewall.

The security is improving with the blocking of access and the access rules. Security-wise, I find that it helps improve access between entities and departments, and more importantly, it covers the regulatory aspect as well.

If I could improve Cisco Secure Firewall, I would focus on the fact that there are many bugs, specifically with the FTDs. The versioning and software stability need improvement.

I have been using Cisco Secure Firewall for almost ten years.

Regarding bugs in Cisco Secure Firewall, for example, the logs show some traffic between two endpoints while others do not, which is a bug we found out recently. Cisco has reviewed it, and we are trying to fix it through an upgrade.

The bugs are problematic.

Cisco Secure Firewall is scalable and reliable. Regarding scalability, it is seamless. We have had a recent upgrade, added new data centers, and enhanced the existing firewalls.

My experience with their support team is that support is good and they are quite responsive. On a scale of one to ten, I would rate them a ten for good support.

Positive

I know that they evaluated other companies, including Forcepoint, a company providing firewalls as well, specifically next-generation firewalls. They picked Cisco Secure Firewall mainly for the FTD and superior Cisco support, which was the main deciding factor.

Deployment-wise, Cisco Secure Firewall is straightforward, as all Cisco products are straightforward. It takes roughly two months to deploy Cisco Secure Firewall, but it depends on the type of implementation and the specific data center involved.

The two months mainly involve the LLDs, the design phase, and the shipping. The most delay comes from shipping and delivery, as the standard delivery from Cisco is six to eight weeks, which is where the delay occurs, while the rest of the activities are completed prior to that. I would rate Cisco Secure Firewall a seven on a scale of one to ten overall. I would not rate it a ten due to the stability of the product needing improvement, specifically with the FTD.

Our company's use case for Cisco Secure Firewall is to separate and protect the different server network ranges in our data center and to provide access to and from those services that sit in our data center to users and customers alike. We also use Cisco Secure Firewall on the edge to provide internet access to and from the internet for our business.

The most valuable aspect of Cisco Secure Firewall for me is not a specific feature but the fact that it is quite stable as a firewall overall. It is not too buggy or disruptive when performing our day-to-day operations, and that is the main thing about it.

Centralized management of Cisco Secure Firewall benefits our organization because we have multiple firewalls, but we go to one single page or use the Firewall Management Center to administer policies and make changes. This allows us to see what is going on from a visibility perspective, so all troubleshooting, configuration, and administration of the firewall happens at one single place, which is beneficial.

A single pane of glass for management is available.

One thing I would improve in Cisco Secure Firewall is somehow embedding the capability to use an asterisk-type of firewall rules in the access control policy. An example could be star.google.com; being able to use an asterisk for anything in the subdomain would be beneficial, as I know some of Cisco's competitors allow that on their firewalls, which eliminates the need for an additional appliance to facilitate that component.

I have been using Cisco Secure Firewall for about five years.

Currently, Cisco Secure Firewall has been up and running for about three years since its last reboot, so it is quite stable.

I find the solution to be scalable, especially with the other products that Cisco is developing. For instance, Cisco Secure Cloud now allows us to potentially take the management functions of Cisco Secure Firewall, move it into the cloud, and integrate it with other Cisco security products, managing everything from one single pane.

I have worked with Cisco's customer support.

When it comes to customer support, referring to TAC, I find that Cisco's support stands out. It is very important for us as a business to have that support when needed, and Cisco has often never failed in providing that support.

If I were to rate the support overall from one to ten, I would give it a nine.

While I rate it a nine, to make it a ten, it could be improved based on individual cases. Some support people truly embody Cisco's values in responding and assisting, but there are times when some individuals may not be as helpful as others, leading to a disconnect in the support experience.

Positive

Deploying Cisco Secure Firewalls is quite straightforward, as Cisco provides a lot of available documentation online, extensive support, and training, which makes it easy for engineers and customers to use Cisco products effectively.

The deployment time for Cisco Secure Firewalls varies. Currently, I am going through a refresh where we are replacing older Firepower systems with newer ones, but in the past, it has been relatively simple, typically taking within an hour or two to get everything up and running.

I have been part of the deployment of Cisco Secure Firewalls.

From a return on investment perspective, I think Cisco Secure Firewalls keep our organization safe and protect the organization's image from a governance standpoint. With cybersecurity being a big issue in the world, Cisco Secure Firewalls protect data, the environment, organization, and keep things safe. It is always reassuring for customers to know that the organization I work for invests in products like Cisco Secure Firewall to protect ourselves.

Cisco Secure Firewall is similar to insurance in that it provides peace of mind.

I rate Cisco Secure Firewalls a nine overall. While there are features I think could be added to achieve a perfect ten, I still regard it higher than its competitors. From both a technical and peace of mind perspective, Cisco Secure Firewall is the frontrunner.

I would tell someone considering purchasing Cisco Secure Firewalls that they will not be disappointed. My overall review rating for Cisco Secure Firewall is nine.

Cisco Secure Firewall is used for securing perimeters, such as internal or external perimeters of the network.

I consider a valuable feature of Cisco Secure Firewall to be that it serves its purpose. ASA is nice, but it is outdated now. When it comes to FTD, complexity is one of the things. I am not sure they should build it from scratch.

Cisco Secure Firewall has helped improve my company over the last 15 years. Nowadays, you cannot live without a firewall. We are currently moving to another vendor.

Navigating through Cisco Secure Firewall is not intuitive. Complexity is another significant issue that needs to be addressed.

I have been using Cisco Secure Firewall for 15 years.

Cisco Secure Firewall is working with some bugs and glitches, but it is stable overall. ASA is a super stable firewall, even though it is outdated nowadays. FTD is working fine with some glitches.

Scalability depends on which Cisco Secure Firewall you are buying. For the enterprise level, it is scalable, but not significantly.

I have contacted Cisco support about these issues and opened many TAC cases for the firewalls.

I would evaluate Cisco support as good. Cisco is the best there. However, they need to rebuild this product. I love Cisco products, but when it comes to the firewall, I do not.

We are transitioning to Palo Alto.

I find Palo Alto to be much easier to operate and much more stable. If you want to incorporate FTD with another Cisco product, then you need to go with Cisco to have the full ecosystem. Since we do not have that requirement, we are going to another vendor, which is definitely easier to handle.

I have knowledge about the pricing and licensing.

A couple of days ago, I was working on a project and received a quote for the FTD 1230. For the same level with Palo Alto, even though we had a huge discount with Cisco, it turned out to be more expensive than Palo Alto. The pricing is quite expensive. My overall review rating for this product is 6.

We use Cisco Secure Firewall for our servers, protecting data centers, and limiting the ports and threats. We have various web servers hosted in our data center, and to protect them from external threats, we use the firewall.

The most valuable features of Cisco Secure Firewall include the next-generation firewall and its strong anti-malware capabilities. These features protect internal servers from external threats, such as denial of service threats, viruses, and malware. Additionally, Cisco checks and stops traffic containing new threats, taking steps to mitigate them. When our servers are secure, their speed is very good using Cisco Secure Firewall. We do not face any kind of delay or issues, allowing more users to connect seamlessly.

Cisco Secure Firewall is difficult to manage as it lacks a web interface for management, requiring installation of management center software on a dedicated computer or server. Should the management software be removed, it needs to be reinstalled, consuming time and resources. Moreover, the configuration commands are not user-friendly, especially when compared to Fortinet's interface. The process of licensing is complicated, involving many steps to obtain and enter the license key. This process should be simplified.

We have been working with Cisco Secure Firewall for about five to six years.

The technical support is not very good because when support is requested, assistance often takes a few days to arrive as they are quite busy.

We previously used software firewalls running on Linux. We switched because they were not next-generation firewalls and did not provide antivirus and malware protection.

The licensing process for Cisco Secure Firewall is convoluted, involving many steps to request and enter a license key. In contrast, Fortinet or other firewalls offer a simpler process where you just need to enter the key quickly.

Cisco Secure Firewall could improve in areas like user-friendliness and cost-effectiveness, as it is very costly and difficult to manage. I would rate it seven out of ten, but I would recommend other firewalls due to its high cost and complexity.

On-premises

My use case for Cisco Secure Firewall is because the old solution for the VPN access for the employees and also for the external contractors was already out of date, and there was no possibility of somehow prolonging it. So we did the search for a new solution and from the auction and bidding, Cisco Secure Firewall came.

I consider the most valuable aspect of Cisco Secure Firewall to be that we are basically using it only for termination of the VPN, so that's basically the most valuable thing for us.

If I could improve Cisco Secure Firewall in any way, I have no clue, to be honest. I really don't know what to improve. It's working as it should be. Maybe it would be nice to have a better overview regarding the logging, regarding the issues a client can have with the VPN. But I can understand that because the primary feature for the firewall is not the VPN; it's the firewall, but we are not using the firewall.

There is still room to improve. There can be some things that can be better, such as some of the menu and some of the visibility. It's not chaotic, but it's not that user-friendly.

The GUI of Cisco Secure Firewall could improve, as there are better solutions in terms of how they look and how they can be navigated.

I find the solution reliable and stable, and I can say that there is no downtime. As I am used to Cisco products, they are stable and reliable.

I think that what we bought is overkill, but whatever. Basically, it can serve up to 1,000 clients on VPN, so for us it's basically unlimited. The largest number I have seen on the dashboard was 300 users connected on the VPN.

My experience with Cisco customer support has been nice all the time. Sometimes they can take their time, but if they are properly motivated, they can be fast.

If I had to rate their support from one to ten, with ten being best and one being worst, I would give it an eight.

Positive

I evaluated basically the new solution from Pulse Secure, which is now called Ivanti.

The reason we chose Cisco Secure Firewall was more or less politics because Ivanti didn't have the hardware, and they will not have the hardware in the foreseeable future. So we went with the only one who was able to provide it to us.

The deployment of Cisco Secure Firewall was kind of straightforward and was not problematic.

It took us two months, together with the migration, but the thing is that we needed to change the groups and rules and everything in the background. It was more or less up to us, not up to the platform. We needed to change things on our side.

It was internal, not the product's fault. The migration was lengthy.

Regarding the pricing and licensing of Cisco Secure Firewall, it's not up to me.

I know that it was purchased from our partner, from the local distributor.

On a scale of one to ten, with ten being best and one being worst, I would rate Cisco Secure Firewall overall with my past experience as nice. Because I cannot say it was good, from the point of view when I was able to look through Cisco Secure Firewall, it was nice. The FTD, the Firepower Threat Detection, is really mature, but the former ASA was a pain in the ass.

The former ASA was a pain in the ass because when someone is used to the Cisco way, the ASA was a strange thing. My overall rating for this product is 8 out of 10.

Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

Positive

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.

On-premises