Cisco Secure Firewall Reviews

We are an ISP, so it's primarily for customer firewalls that we help customers setup and maintain. While we do use Cisco ASA in our company, we mostly configure it for customers. Our customers use it as a company firewall and AnyConnect VPN solution.

A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.

The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.

It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.

One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes.

If you use Cisco ASDM with the command line configuration, it can look a bit messy. We have some people who use them both. If you use one, it's not a problem. If you use both, it can be an issue.

For five or six years.

We haven't had any issues with the firewalls.

The maturity of our company's security implementation is good. We are very satisfied as long as we maintain the software. It has needed to be updated quite a few times.

We don't have any firewalls that can handle more than a couple of gigabits, which is pretty small. I think the largest one we have is the 5525-X, though we haven't checked it for scalability.

In my company, there are probably 16 people (mostly network engineers) working with the solution: seven or eight from my group and the others from our IT department.

I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.

This was the first firewall solution that I worked with.

The initial setup has been pretty straightforward. We have set up a lot of them. The solution works.

The deployment takes about half an hour. It takes a little longer than if we were using their virtual firewalls, which we could implement in a minute.

We have a uniform implementation strategy for this solution. We made some basic configurations with a template which we just edited to fit a customer's needs. 

We haven't notice any threats. The firewalls is doing its job because we haven't noticed any security issues.

The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference.

Our company has five or six tools that it uses for security. For firewalls, we have Check Point, Palo Alto, Juniper SRX, and CIsco ASA. Those are the primary ones. I think it's good there is some diversity. 

The GUI for Cisco ASA is the easiest one to use, if you get it to work. Also, Cisco ASA is stable and easy to use, which are the most important things.

We use this solution with Cisco CPEs and background routers. These work well together. 

We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now.

We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD.

I would rate the product as an eight (out of 10).

We had legacy Sourcefire Sensors and ASA state full firewalls.

Cisco offered the FTD NGFW solution, but the implementation of the two systems was not successful.

The firepower sensors have been great; they do a good job of dropping unwanted traffic.

The VDB updates run on schedule, so less hands-on configuration is needed.

The software was very buggy, to the point it had to be removed.

We are moving completely away from Cisco NGFW.  The product was pushed out before it was ready.

We use Cisco ASA with Firepower. Currently, we have been implementing the solution for around four years. Our company has been around for a long time, more than ten years. We cover the solutions for Network Direct Turbo ATM at the moment, it's a lot of the security work.

Cisco ASA is best at the technical part of the business, related to our selling and management services. We have to improve the technical functionality of the product as part of making an efficient service for the customer. We need to improve the customer's technical experience with Cisco ASA & Firepower.

There are two main ways that using Cisco ASA & Firepower has improved our organization:

1. Technical features
2. Our Sales team

With Cisco ASA, we used the SMB of the model. The customers are usually satisfied, but I am going to recommend that all clients upgrade to Firepower management.

For Cisco ASA Firepower, I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.

The stability of Cisco ASA is excellent compared to other products on the market. The performance is good. Compared to Fortinet on the watchband firewall, it is indispensable. Because of our customer experience as an integration company, our clients never report any performance problems. We have good performance from Cisco ASA.

ASA is limited in terms of its scalability because of our customer environments. They are in the banking and microfinance sector. Our clients always want to move to the next generation firewall so they like FirePOWER. When we move clients to Firepower, they need to integrate with Sourcefire and move into more complicated management.

We have the staff perform the migrations to Firepower. We redirected traffic with Sourcefire and also require the use of FMC by our management center with Firepower.

I've been exploring the technical support for Cisco ASA. I haven't had any problems with it.

The initial setup is straightforward. 

I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300.

I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.

The use case has been for the banking sector, for one of our banking customers. According to them, it's working perfectly.

Monitoring, of course - the dashboard. It enables you to see what is happening.

It's lacking one feature: VPN. That is a feature we're looking for. Otherwise, the new devices have very good support, and the performance is quite good.

Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good.

So far, since we installed it, there have been no issues.

In terms of scalability, it is really expensive. It is scalable, but when it comes to pricing, the upgrading is a bit high.

It's not straightforward. You need to know what you're doing, you need to be trained. I don't know for other vendors whether it's the same issue, but for Cisco you have to be trained on the system.

Check Point and Fortigate. Generally, our customers choose Firepower because they've seen the system work somewhere before, and they see it is stable and working perfectly. Those are the reasons they opt for Firepower.

There are other solutions, like Fortigate, which are very good solutions, and cheaper for the customer. Even the support via subscription is favorable, in terms of pricing. I would really advise the customer to do some research first and come up with the best solution for their needs

I rate Firepower as an eight out of 10. It is a good solution but it is expensive compared to other products, like Fortigate. Still, some of our customers do prefer Firepower over the others.

It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

There were no problems in terms of scaling an existing solution, though very expensive.

I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

Choose it if you aim to have a stable environment.

Provides advanced malware capabilities.

Simplified the complexity of our security architecture.

Integration of advanced malware services with the firewall through Firepower services.

We have been using this solution for six months.

There were no issues with deployment.

There were no issues with stability.

There were no issues with scalability.

I would give customer service a rating of 10/10.

I would give technical support a rating of 10/10.

We were looking to upgrade to a comprehensive firewall solution that integrated Next Generation Prevention System (NGIPS).

There were no issues with setup.

We implemented in-house.

We calculated for the entire year, but the ROI seemed very decent from the first six months.

Pricing: Negotiate

Licensing: Buy the advanced Malware Protection license subscription for one year. It is worth the investment.

We evaluated Juniper, Fortinet, and Huawei.

It gives us the ability to do lan-to-lan VPN.

So far it has proven to be rock solid and relatively easy to maintain.

• Support for automation tools (Puppet)
• More granular logging

I've used ASA for four years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10

8/10

We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing and VPN termination.

The most complex part was figuring out the failover and what NAT mode to implement.

We did it in-house.

Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

No options were evaluated. We heavily rely on Cisco hardware for our infrastructure

I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good knowledge of procedures and best practices. Being a CCIE R&S I know the value of those certifications, and I wish I had a CCNP Security to better handle the task.