Cisco Secure Firewall Reviews

We use it for security of branch offices and data centers. 

It works like a firewall for security reasons. 

Filtering is the best feature, as I have gotten used to using it.                               .

The IPS and GUI are outdated. It is finally getting IPS inside, which will be a big improvement. The GUI is outdated, and they are slowly improving it. We will see if they go in the correct direction. Unfortunately, they usually just follow other vendors.

It is slowly not supported and other vendors are a few years ahead of Cisco in development.  

More than five years.

Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module.

The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.

Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.

Prime manager is just for the CX line for now. CX features also add about a 30% overhead on throughput.

The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

It provides detection of zero day infections through FirePOWER AMP.

Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.

I have used the ASA portion for over eight years and the FirePOWER portion for about three years.

We did have stability issues with the FirePOWER software.

We did not have scalability issues with the high end devices.

I give technical support a rating of 5/10.

We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

The setup was reasonably straightforward.

Get a clear understanding of what the licensing entails before committing.

We checked out Check Point and FortiGate.

Plan very well in order to have a seamless project implementation and transition.

I love its CLI mode of working, it gives plenty of information with a single line of command.

This feature allows its administrator to perform advanced level tasks with much ease.

These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.

This product lacks in GUI format; that needs to be more mature and composed.

10 years +

No issues.

Rarely, due to software issues.

As of now, no.

Excellent but if non-Indian engineer is assigned.

We have almost 99% Cisco based infrastructure.

Pretty straightforward.

Usually yes. We did like Huawei and Juniper.

Cisco has done great job in introducing new features in their security product by acquiring specialized companies in the past. However, they still need to improve their unique feature products as they are in a challenger position, but not on top, at various product review portals.

• Firewall mode
• AnyConnect gateway
• Client-less SSL VPN

The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single management mechanism, and by having a single platform solution, it has allowed for simpler training.

The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations.

I've used Cisco PIX and ASA firewalls since 2003.

Not with the ASAs, with some early version PIX products.

Not with the ASAs, with some early version PIX products.

The ASAs offer several different technologies for HA and we have used all of them successfully.

Customer Service:

It's excellent.

Technical Support:

Excellent, we have always been able to get the specific expertise needed to solve our challenges with the products.

Checkpoint Firewalls - the primary reason we switched was cost and limited support options.

It's pretty straightforward. I came at these products already having considerable firewall experience.

It was all in-house, as we all had 10 years plus experience when we moved to PIX firewalls and then a few years later we brought in the ASAs.

• Watchguard
• Sonicwall
• Checkpoint

The product line offers tremendous capability. Please look into all of the solutions it can provide for you to maximize your investment.

We choose Cisco ASA 5500 Series for our branch office primarily because it is a stable firewall. Many home and even business grade firewalls will often start acting up and have to be rebooted, but the ASA is completely rock-solid. ASA Firewall Chains STP and RST Protocol allows us to build redundant uplinks to STP compatible switches. It has 256 MB RAM and 128 MB of flash which is plenty for future upgrades. I personally like to have the multitude of VPN options such as - IPsec VPN, DMVPN, L2TP, SSL, Any Connect, etc. The IPsec VPN is supported on the iPhone, so it is cool to be able to access my home network from my phone.

Extraordinary learning curve, especially if you do not have previous skill with Cisco PIX or routers. Even using the Java-based ASDM, it can take time to find your way. In addition, ASDM is not compatible with the latest version of Java (you will get an 'unconnected sockets' error). No support for DHCP reservations. I like to configure Servers and Printers this way, and cannot find any decent reason Cisco would not support it as they do on their routers and Layer 3 switches.

Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.

Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.

They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.

I have been using Cisco ASA Firewall for roughly four years.

It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.

I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.

Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.

If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

We handle the implementation for our customers. 

I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.

We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.

My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. 

Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.

On-premises

We tend to use the solution as it's forced on us by corporate. Our company wants us to use it.

The solution is stable. We haven't had any issues in that sense.

The security of the hardware is excellent. Cisco is very serious in its approach to security.

We have a high level of trust in Cisco and its products.

The solution is excellent for enterprise-level networks.

The solution is difficult to use. There's more required than a typical firewall. It's different than, for example, Palo Alto and Fortinet, which we find are easier to set up. 

If the implementation was easier, it would be a lot better for us.

It would be such a great product for us if it was easier to manage.

I've been working with the solution for more than ten years. It's been a long time. It's been over a decade at this point.

The solution is quite stable. We have no problems with bugs or glitches. It doesn't crash or freeze. It's good.

We've found the solution to be scalable. A company shouldn't have any issues with expanding it if it needs to.

We have about 300 users on the solution currently. We do plan to continue to use Cisco in the future.

We use third-party technical support that's offered and we're quite satisfied with the level of attention we receive.

I have knowledge of Palo Alto and Fortinet.

While those two are easier to set up and control, nothing compares to Cisco in terms of security. They're very strong in that regard. We also find Cisco to be more stable.

However, we only use Cisco firewalls in our organization. We don't use anything else.

The implementation is not so straightforward. It's rather complex and we have a lot of trouble with it.

The implementation took us about one month.

We plan to implement an updated version next month as well.

We need three to eight people to handle the setup.

I did not handle the implementation by myself. Rather, it's done by another team including the original support from Singapore and with license support from headquarters in Japan.

However, our team does handle the implementation in-house, and we can handle the setup for clients as well.

We do need to purchase licenses. Those come from headquarters in Japan. They handle the details in terms of pricing. I'm not sure of the overall costs.

We're both a customer of Cisco and a reseller.

This month we plan to upgrade from our existing hardware.

Overall, we've been happy with the results we've gotten. I would rate the solution at a nine out of ten.

On-premises