We use it for security of branch offices and data centers.
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
Filtering is the best feature
Pros and Cons
- "Filtering is the best feature."
- "The IPS and GUI are outdated."
- "It is slowly not supported and other vendors are a few years ahead of Cisco in development."
What is our primary use case?
How has it helped my organization?
It works like a firewall for security reasons.
What is most valuable?
Filtering is the best feature, as I have gotten used to using it. .
What needs improvement?
The IPS and GUI are outdated. It is finally getting IPS inside, which will be a big improvement. The GUI is outdated, and they are slowly improving it. We will see if they go in the correct direction. Unfortunately, they usually just follow other vendors.
It is slowly not supported and other vendors are a few years ahead of Cisco in development.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
For how long have I used the solution?
More than five years.
What other advice do I have?
Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Owner at David Strom Inc.
Cisco has done a superior job at its next generation of firewall technology.
What is most valuable?
The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.
How has it helped my organization?
Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.
What needs improvement?
Prime manager is just for the CX line for now. CX features also add about a 30% overhead on throughput.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
Security Technical Architect at a tech services company with 10,001+ employees
It provides detection of zero day infections. The feature sets are great when there are no software bugs.
What is most valuable?
The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.
How has it helped my organization?
It provides detection of zero day infections through FirePOWER AMP.
What needs improvement?
Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.
For how long have I used the solution?
I have used the ASA portion for over eight years and the FirePOWER portion for about three years.
What do I think about the stability of the solution?
We did have stability issues with the FirePOWER software.
What do I think about the scalability of the solution?
We did not have scalability issues with the high end devices.
How are customer service and technical support?
I give technical support a rating of 5/10.
Which solution did I use previously and why did I switch?
We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.
How was the initial setup?
The setup was reasonably straightforward.
What's my experience with pricing, setup cost, and licensing?
Get a clear understanding of what the licensing entails before committing.
Which other solutions did I evaluate?
We checked out Check Point and FortiGate.
What other advice do I have?
Plan very well in order to have a seamless project implementation and transition.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager Network Security at a financial services firm with 5,001-10,000 employees
I love its CLI mode of working, it gives plenty of information with single line of command.
What is most valuable?
I love its CLI mode of working, it gives plenty of information with a single line of command.
This feature allows its administrator to perform advanced level tasks with much ease.
How has it helped my organization?
These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.
What needs improvement?
This product lacks in GUI format; that needs to be more mature and composed.
For how long have I used the solution?
10 years +
What was my experience with deployment of the solution?
No issues.
What do I think about the stability of the solution?
Rarely, due to software issues.
What do I think about the scalability of the solution?
As of now, no.
How are customer service and technical support?
Excellent but if non-Indian engineer is assigned.
Which solution did I use previously and why did I switch?
We have almost 99% Cisco based infrastructure.
How was the initial setup?
Pretty straightforward.
Which other solutions did I evaluate?
Usually yes. We did like Huawei and Juniper.
What other advice do I have?
Cisco has done great job in introducing new features in their security product by acquiring specialized companies in the past. However, they still need to improve their unique feature products as they are in a challenger position, but not on top, at various product review portals.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer with 1,001-5,000 employees
The solution has worked very well for us, but the configuration/management interface is complex.
What is most valuable?
- Firewall mode
- AnyConnect gateway
- Client-less SSL VPN
How has it helped my organization?
The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single management mechanism, and by having a single platform solution, it has allowed for simpler training.
What needs improvement?
The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations.
For how long have I used the solution?
I've used Cisco PIX and ASA firewalls since 2003.
What was my experience with deployment of the solution?
Not with the ASAs, with some early version PIX products.
What do I think about the stability of the solution?
Not with the ASAs, with some early version PIX products.
What do I think about the scalability of the solution?
The ASAs offer several different technologies for HA and we have used all of them successfully.
How are customer service and technical support?
Customer Service:
It's excellent.
Technical Support:Excellent, we have always been able to get the specific expertise needed to solve our challenges with the products.
Which solution did I use previously and why did I switch?
Checkpoint Firewalls - the primary reason we switched was cost and limited support options.
How was the initial setup?
It's pretty straightforward. I came at these products already having considerable firewall experience.
What about the implementation team?
It was all in-house, as we all had 10 years plus experience when we moved to PIX firewalls and then a few years later we brought in the ASAs.
Which other solutions did I evaluate?
- Watchguard
- Sonicwall
- Checkpoint
What other advice do I have?
The product line offers tremendous capability. Please look into all of the solutions it can provide for you to maximize your investment.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager of Infrastructure at a manufacturing company with 51-200 employees
Very stable, but high learning curve.
Valuable Features:
We choose Cisco ASA 5500 Series for our branch office primarily because it is a stable firewall. Many home and even business grade firewalls will often start acting up and have to be rebooted, but the ASA is completely rock-solid. ASA Firewall Chains STP and RST Protocol allows us to build redundant uplinks to STP compatible switches. It has 256 MB RAM and 128 MB of flash which is plenty for future upgrades. I personally like to have the multitude of VPN options such as - IPsec VPN, DMVPN, L2TP, SSL, Any Connect, etc. The IPsec VPN is supported on the iPhone, so it is cool to be able to access my home network from my phone.
Room for Improvement:
Extraordinary learning curve, especially if you do not have previous skill with Cisco PIX or routers. Even using the Java-based ASDM, it can take time to find your way. In addition, ASDM is not compatible with the latest version of Java (you will get an 'unconnected sockets' error). No support for DHCP reservations. I like to configure Servers and Printers this way, and cannot find any decent reason Cisco would not support it as they do on their routers and Layer 3 switches.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Consultant at a tech services company with 51-200 employees
A reliable but outdated firewall
Pros and Cons
- "It is extremely stable I would say — at least after you deploy it."
- "They need to do an overhaul of the management console."
What is our primary use case?
Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.
Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.
What needs improvement?
They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.
For how long have I used the solution?
I have been using Cisco ASA Firewall for roughly four years.
What do I think about the stability of the solution?
It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.
What do I think about the scalability of the solution?
I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.
How are customer service and technical support?
Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.
If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.
How was the initial setup?
For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.
Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.
What about the implementation team?
We handle the implementation for our customers.
I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.
What's my experience with pricing, setup cost, and licensing?
We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.
What other advice do I have?
My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general.
Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Senior MIS Manager at a tech company with 201-500 employees
Stable with great security and good scalability
Pros and Cons
- "The solution is excellent for enterprise-level networks."
- "If the implementation was easier, it would be a lot better for us."
What is our primary use case?
We tend to use the solution as it's forced on us by corporate. Our company wants us to use it.
What is most valuable?
The solution is stable. We haven't had any issues in that sense.
The security of the hardware is excellent. Cisco is very serious in its approach to security.
We have a high level of trust in Cisco and its products.
The solution is excellent for enterprise-level networks.
What needs improvement?
The solution is difficult to use. There's more required than a typical firewall. It's different than, for example, Palo Alto and Fortinet, which we find are easier to set up.
If the implementation was easier, it would be a lot better for us.
It would be such a great product for us if it was easier to manage.
For how long have I used the solution?
I've been working with the solution for more than ten years. It's been a long time. It's been over a decade at this point.
What do I think about the stability of the solution?
The solution is quite stable. We have no problems with bugs or glitches. It doesn't crash or freeze. It's good.
What do I think about the scalability of the solution?
We've found the solution to be scalable. A company shouldn't have any issues with expanding it if it needs to.
We have about 300 users on the solution currently. We do plan to continue to use Cisco in the future.
How are customer service and technical support?
We use third-party technical support that's offered and we're quite satisfied with the level of attention we receive.
Which solution did I use previously and why did I switch?
I have knowledge of Palo Alto and Fortinet.
While those two are easier to set up and control, nothing compares to Cisco in terms of security. They're very strong in that regard. We also find Cisco to be more stable.
However, we only use Cisco firewalls in our organization. We don't use anything else.
How was the initial setup?
The implementation is not so straightforward. It's rather complex and we have a lot of trouble with it.
The implementation took us about one month.
We plan to implement an updated version next month as well.
We need three to eight people to handle the setup.
What about the implementation team?
I did not handle the implementation by myself. Rather, it's done by another team including the original support from Singapore and with license support from headquarters in Japan.
However, our team does handle the implementation in-house, and we can handle the setup for clients as well.
What's my experience with pricing, setup cost, and licensing?
We do need to purchase licenses. Those come from headquarters in Japan. They handle the details in terms of pricing. I'm not sure of the overall costs.
What other advice do I have?
We're both a customer of Cisco and a reseller.
This month we plan to upgrade from our existing hardware.
Overall, we've been happy with the results we've gotten. I would rate the solution at a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?