Cisco Secure Firewall Reviews

Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

Positive

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.

On-premises

Our company's use case for Cisco Secure Firewall is to separate and protect the different server network ranges in our data center and to provide access to and from those services that sit in our data center to users and customers alike. We also use Cisco Secure Firewall on the edge to provide internet access to and from the internet for our business.

The most valuable aspect of Cisco Secure Firewall for me is not a specific feature but the fact that it is quite stable as a firewall overall. It is not too buggy or disruptive when performing our day-to-day operations, and that is the main thing about it.

Centralized management of Cisco Secure Firewall benefits our organization because we have multiple firewalls, but we go to one single page or use the Firewall Management Center to administer policies and make changes. This allows us to see what is going on from a visibility perspective, so all troubleshooting, configuration, and administration of the firewall happens at one single place, which is beneficial.

A single pane of glass for management is available.

One thing I would improve in Cisco Secure Firewall is somehow embedding the capability to use an asterisk-type of firewall rules in the access control policy. An example could be star.google.com; being able to use an asterisk for anything in the subdomain would be beneficial, as I know some of Cisco's competitors allow that on their firewalls, which eliminates the need for an additional appliance to facilitate that component.

I have been using Cisco Secure Firewall for about five years.

Currently, Cisco Secure Firewall has been up and running for about three years since its last reboot, so it is quite stable.

I find the solution to be scalable, especially with the other products that Cisco is developing. For instance, Cisco Secure Cloud now allows us to potentially take the management functions of Cisco Secure Firewall, move it into the cloud, and integrate it with other Cisco security products, managing everything from one single pane.

I have worked with Cisco's customer support.

When it comes to customer support, referring to TAC, I find that Cisco's support stands out. It is very important for us as a business to have that support when needed, and Cisco has often never failed in providing that support.

If I were to rate the support overall from one to ten, I would give it a nine.

While I rate it a nine, to make it a ten, it could be improved based on individual cases. Some support people truly embody Cisco's values in responding and assisting, but there are times when some individuals may not be as helpful as others, leading to a disconnect in the support experience.

Positive

Deploying Cisco Secure Firewalls is quite straightforward, as Cisco provides a lot of available documentation online, extensive support, and training, which makes it easy for engineers and customers to use Cisco products effectively.

The deployment time for Cisco Secure Firewalls varies. Currently, I am going through a refresh where we are replacing older Firepower systems with newer ones, but in the past, it has been relatively simple, typically taking within an hour or two to get everything up and running.

I have been part of the deployment of Cisco Secure Firewalls.

From a return on investment perspective, I think Cisco Secure Firewalls keep our organization safe and protect the organization's image from a governance standpoint. With cybersecurity being a big issue in the world, Cisco Secure Firewalls protect data, the environment, organization, and keep things safe. It is always reassuring for customers to know that the organization I work for invests in products like Cisco Secure Firewall to protect ourselves.

Cisco Secure Firewall is similar to insurance in that it provides peace of mind.

I rate Cisco Secure Firewalls a nine overall. While there are features I think could be added to achieve a perfect ten, I still regard it higher than its competitors. From both a technical and peace of mind perspective, Cisco Secure Firewall is the frontrunner.

I would tell someone considering purchasing Cisco Secure Firewalls that they will not be disappointed. My overall review rating for Cisco Secure Firewall is nine.

Cisco Secure Firewall is used for securing perimeters, such as internal or external perimeters of the network.

I consider a valuable feature of Cisco Secure Firewall to be that it serves its purpose. ASA is nice, but it is outdated now. When it comes to FTD, complexity is one of the things. I am not sure they should build it from scratch.

Cisco Secure Firewall has helped improve my company over the last 15 years. Nowadays, you cannot live without a firewall. We are currently moving to another vendor.

Navigating through Cisco Secure Firewall is not intuitive. Complexity is another significant issue that needs to be addressed.

I have been using Cisco Secure Firewall for 15 years.

Cisco Secure Firewall is working with some bugs and glitches, but it is stable overall. ASA is a super stable firewall, even though it is outdated nowadays. FTD is working fine with some glitches.

Scalability depends on which Cisco Secure Firewall you are buying. For the enterprise level, it is scalable, but not significantly.

I have contacted Cisco support about these issues and opened many TAC cases for the firewalls.

I would evaluate Cisco support as good. Cisco is the best there. However, they need to rebuild this product. I love Cisco products, but when it comes to the firewall, I do not.

We are transitioning to Palo Alto.

I find Palo Alto to be much easier to operate and much more stable. If you want to incorporate FTD with another Cisco product, then you need to go with Cisco to have the full ecosystem. Since we do not have that requirement, we are going to another vendor, which is definitely easier to handle.

I have knowledge about the pricing and licensing.

A couple of days ago, I was working on a project and received a quote for the FTD 1230. For the same level with Palo Alto, even though we had a huge discount with Cisco, it turned out to be more expensive than Palo Alto. The pricing is quite expensive. My overall review rating for this product is 6.

We use Cisco Secure Firewall for our servers, protecting data centers, and limiting the ports and threats. We have various web servers hosted in our data center, and to protect them from external threats, we use the firewall.

The most valuable features of Cisco Secure Firewall include the next-generation firewall and its strong anti-malware capabilities. These features protect internal servers from external threats, such as denial of service threats, viruses, and malware. Additionally, Cisco checks and stops traffic containing new threats, taking steps to mitigate them. When our servers are secure, their speed is very good using Cisco Secure Firewall. We do not face any kind of delay or issues, allowing more users to connect seamlessly.

Cisco Secure Firewall is difficult to manage as it lacks a web interface for management, requiring installation of management center software on a dedicated computer or server. Should the management software be removed, it needs to be reinstalled, consuming time and resources. Moreover, the configuration commands are not user-friendly, especially when compared to Fortinet's interface. The process of licensing is complicated, involving many steps to obtain and enter the license key. This process should be simplified.

We have been working with Cisco Secure Firewall for about five to six years.

The technical support is not very good because when support is requested, assistance often takes a few days to arrive as they are quite busy.

We previously used software firewalls running on Linux. We switched because they were not next-generation firewalls and did not provide antivirus and malware protection.

The licensing process for Cisco Secure Firewall is convoluted, involving many steps to request and enter a license key. In contrast, Fortinet or other firewalls offer a simpler process where you just need to enter the key quickly.

Cisco Secure Firewall could improve in areas like user-friendliness and cost-effectiveness, as it is very costly and difficult to manage. I would rate it seven out of ten, but I would recommend other firewalls due to its high cost and complexity.

On-premises

My use case for Cisco Secure Firewall is because the old solution for the VPN access for the employees and also for the external contractors was already out of date, and there was no possibility of somehow prolonging it. So we did the search for a new solution and from the auction and bidding, Cisco Secure Firewall came.

I consider the most valuable aspect of Cisco Secure Firewall to be that we are basically using it only for termination of the VPN, so that's basically the most valuable thing for us.

If I could improve Cisco Secure Firewall in any way, I have no clue, to be honest. I really don't know what to improve. It's working as it should be. Maybe it would be nice to have a better overview regarding the logging, regarding the issues a client can have with the VPN. But I can understand that because the primary feature for the firewall is not the VPN; it's the firewall, but we are not using the firewall.

There is still room to improve. There can be some things that can be better, such as some of the menu and some of the visibility. It's not chaotic, but it's not that user-friendly.

The GUI of Cisco Secure Firewall could improve, as there are better solutions in terms of how they look and how they can be navigated.

I find the solution reliable and stable, and I can say that there is no downtime. As I am used to Cisco products, they are stable and reliable.

I think that what we bought is overkill, but whatever. Basically, it can serve up to 1,000 clients on VPN, so for us it's basically unlimited. The largest number I have seen on the dashboard was 300 users connected on the VPN.

My experience with Cisco customer support has been nice all the time. Sometimes they can take their time, but if they are properly motivated, they can be fast.

If I had to rate their support from one to ten, with ten being best and one being worst, I would give it an eight.

Positive

I evaluated basically the new solution from Pulse Secure, which is now called Ivanti.

The reason we chose Cisco Secure Firewall was more or less politics because Ivanti didn't have the hardware, and they will not have the hardware in the foreseeable future. So we went with the only one who was able to provide it to us.

The deployment of Cisco Secure Firewall was kind of straightforward and was not problematic.

It took us two months, together with the migration, but the thing is that we needed to change the groups and rules and everything in the background. It was more or less up to us, not up to the platform. We needed to change things on our side.

It was internal, not the product's fault. The migration was lengthy.

Regarding the pricing and licensing of Cisco Secure Firewall, it's not up to me.

I know that it was purchased from our partner, from the local distributor.

On a scale of one to ten, with ten being best and one being worst, I would rate Cisco Secure Firewall overall with my past experience as nice. Because I cannot say it was good, from the point of view when I was able to look through Cisco Secure Firewall, it was nice. The FTD, the Firepower Threat Detection, is really mature, but the former ASA was a pain in the ass.

The former ASA was a pain in the ass because when someone is used to the Cisco way, the ASA was a strange thing. My overall rating for this product is 8 out of 10.

We are deploying Cisco Secure Firewall for customers in the cloud, on-premise, or all around, depending on the customer. We have small customers that are migrating to the cloud, so we have to deploy virtual firewalls as well as on-premise solutions for both large-scale and small-scale operations.

The best return on investment when using Cisco Secure Firewall is the visibility. From my point of view, the best return on investment is the visibility. With Firepower Management and the FMC, you are able to really see everything that's going on in your network.

From my point of view, the stability and reliability of the product is quite good. The firewall sensors and the management are quite stable. We are encountering some problems, but mostly when you implement the solution correctly, you don't have any problems besides hardware failure, which is really rare. 

Scalability for Cisco Secure Firewall is a good point. It's hard to say because mostly we are consulting and planning together with the customer. If they can see upfront or if they know when they have to scale big, then we can scale with them. I think the appliances are well scaled for the use of the customer.

I have a lot of experience with the customer service and technical support of Cisco. Recently, we managed to get one of the Cisco engineers to connect with us to solve some customer problems.

My experience with the customer service and technical support of Cisco is quite excellent. The engineers are top-notch and they know what they are doing. They are really experts in their field.

Regarding customer service, I'm not as familiar with that aspect. However, with the technical support, when you know the right people and when you really have problems which you can't solve on your own, they are behind you and they can help you mostly.

Negative

I have worked with other solutions in the past, different ones. The vibe which is in Cisco equipment caught me from the early days. When I started, the first security appliance I saw was Cisco PIX. I worked sometimes with Cisco ASA, and this was all before I came to Bechtle. Now I'm where I want to be.

Deploying Cisco Secure Firewall is getting easier, so I would describe the experience as straightforward. You are now able to preconfigure the appliances to send out, so you don't need engineers on site. In some cases, you can preconfigure and send it to the customer, and the customer is able to plug it in and it has access to WAN or to the internet. You are up and can run the system. I would rate Cisco Secure Firewall overall as an eight or a nine out of ten.

This is mostly the system I'm working with, so I do work with other solutions other than Cisco Secure Firewall, but we do have other teams working with other vendors. We are at a point where things are getting more and more complicated and you need more and more knowledge to do the implementation correctly. My goal is to do Cisco and to do it the best I can and do it properly.

I'm mostly on the implementation side, so pricing, the setup cost, and the licensing are not really my part in the business. I hear it's quite expensive, but the service you get is worth it. When you invest so much, you will get a lot of service. About licensing, I don't have experience with other vendors regarding licensing, so I would say the licensing is quite good. I'm not sure if there are any other downsides, so I consider it acceptable.

My main use cases for Cisco Secure Firewall are to safeguard our network, including the IPS and all the traffic, and to control the traffic.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are very good. I can implement all my certificates, so I can open the traffic and see everything.

Cisco Secure Firewall’s ability to unify policies across our environment is at a high level. This unification of policies into one system is important for my company. We are able to consolidate all the policies instead of spreading them across many security systems.

What I appreciate the most about Cisco Secure Firewall is that it can be very elastic, as it can be configured with all the flexibility of my network needs and complexity. The service I receive from the Cisco engineer helps me implement all my needs. 

Cisco Secure Firewall allows me to safeguard Layer 7 or Layer 3 and manage the security rules with the business needs of my organization. The firewall has benefited my company overall because it safeguards and finds and stops all the malicious traffic.

Cisco Secure Firewall can be improved by simplifying the GUI, as it shouldn't be so complex.

I have been using Cisco Secure Firewall for ten years.

It's very robust. We don't have any downtime or anything. We work with a cluster with high availability, so if something goes wrong, we have it functioning.

Cisco Secure Firewall helps with the growing needs of our company as it's scalable.

Customer service and technical support for Cisco Secure Firewall are very good. I would rate them a nine out of ten.

Positive

It was a little bit difficult.

We needed a good integrator to help us, and we contacted Cisco for some help with technical issues.

We are able to safeguard our assets.

It's acceptable and comparable to other products.

We did consider other solutions before choosing Cisco Secure Firewall. We considered all the big vendors such as Palo Alto, Check Point, Fortinet, and others. Cisco won because it has the best IPS model on it, and that's the reason why we chose this firewall.

I would rate Cisco Secure Firewall an eight out of ten. To make it a ten, the complexity of the configuration compared to other vendors needs to be addressed. Overall, we're very happy with the product.

On-premises

Our company's use case involves integration with Cisco Secure Firewall for our clients, typically for remote access VPN. The purpose of our remote access VPN integration is to connect with Duo. We also perform integration with Cisco ICE and integration directly with the firewall.

The most valuable feature of Cisco Secure Firewall for me relates to the remote access VPN, because companies need multi-factor authentication. The selling point of the product revolves around multi-factor authentication for VPNs. I have implemented this with Cisco firewall, Cisco ICE, and Palo Alto integration with Duo.

If I could improve the product in any way to make it better for my clients, that would be beneficial. For now, everything is fine from my perspective, although there may be room for improvement that I have not yet identified.

I have been using Duo for two years.

I find Cisco Secure Firewall to be stable and scalable. It is reliable. The solution has experienced downtime.

I have worked with Cisco support. My experience with Cisco support is fine. When I need to open a case, I have done so. I did not contact Duo support, but I did contact support for Cisco firewall and Cisco ICE. I did not work with an engineer for Duo.

They are responsive. In general, it takes them two to three hours to get back to me. When they need to search for something, it may take a day.

Negative

Deploying Duo is quite simple because Duo has very good documentation for all integrations. It typically takes a couple of days to deploy because we need to schedule meetings with our clients. When we gather all the information, we can integrate it, then test it and put it in production.

I have experience with the implementation.

The benefit of using this integration for our company is that clients want solutions from us. Our clients need to find a solution for multi-factor authentication, and we recommend them to use Cisco Secure Firewall with Duo. We integrate that with their firewalls or AAA servers. Cisco Secure Firewall integrates well. I am not involved with pricing and licensing concerns, as our company has a sales team who handles that. My company is a partner. I rate this product ten out of ten.