Try our new research platform with insights from 80,000+ expert users
reviewer1010625 - PeerSpot reviewer
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
A stable firewall that our customers use as their AnyConnect VPN solution
Pros and Cons
  • "The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one."
  • "One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes."

What is our primary use case?

We are an ISP, so it's primarily for customer firewalls that we help customers setup and maintain. While we do use Cisco ASA in our company, we mostly configure it for customers. Our customers use it as a company firewall and AnyConnect VPN solution.

How has it helped my organization?

A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.

What is most valuable?

The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.

It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.

What needs improvement?

One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes.

If you use Cisco ASDM with the command line configuration, it can look a bit messy. We have some people who use them both. If you use one, it's not a problem. If you use both, it can be an issue.

Buyer's Guide
Cisco Secure Firewall
April 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

For how long have I used the solution?

For five or six years.

What do I think about the stability of the solution?

We haven't had any issues with the firewalls.

The maturity of our company's security implementation is good. We are very satisfied as long as we maintain the software. It has needed to be updated quite a few times.

What do I think about the scalability of the solution?

We don't have any firewalls that can handle more than a couple of gigabits, which is pretty small. I think the largest one we have is the 5525-X, though we haven't checked it for scalability.

In my company, there are probably 16 people (mostly network engineers) working with the solution: seven or eight from my group and the others from our IT department.

How are customer service and support?

I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.

Which solution did I use previously and why did I switch?

This was the first firewall solution that I worked with.

How was the initial setup?

The initial setup has been pretty straightforward. We have set up a lot of them. The solution works.

The deployment takes about half an hour. It takes a little longer than if we were using their virtual firewalls, which we could implement in a minute.

What about the implementation team?

We have a uniform implementation strategy for this solution. We made some basic configurations with a template which we just edited to fit a customer's needs. 

What was our ROI?

We haven't notice any threats. The firewalls is doing its job because we haven't noticed any security issues.

What's my experience with pricing, setup cost, and licensing?

The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference.

Which other solutions did I evaluate?

Our company has five or six tools that it uses for security. For firewalls, we have Check Point, Palo Alto, Juniper SRX, and CIsco ASA. Those are the primary ones. I think it's good there is some diversity. 

The GUI for Cisco ASA is the easiest one to use, if you get it to work. Also, Cisco ASA is stable and easy to use, which are the most important things.

What other advice do I have?

We use this solution with Cisco CPEs and background routers. These work well together. 

We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now.

We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD.

I would rate the product as an eight (out of 10).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at Johnson & Wales University
Real User
Very buggy, and was released before it was ready for market
Pros and Cons
  • "The firepower sensors have been great; they do a good job of dropping unwanted traffic."
  • "The software was very buggy, to the point it had to be removed."

What is our primary use case?

We had legacy Sourcefire Sensors and ASA state full firewalls.

Cisco offered the FTD NGFW solution, but the implementation of the two systems was not successful.

How has it helped my organization?

The firepower sensors have been great; they do a good job of dropping unwanted traffic.

What is most valuable?

The VDB updates run on schedule, so less hands-on configuration is needed.

What needs improvement?

The software was very buggy, to the point it had to be removed.

We are moving completely away from Cisco NGFW.  The product was pushed out before it was ready.

For how long have I used the solution?

We have been using this solution for twelve years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
April 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
Team Leader Network Egnieer at deam
Real User
Efficient at improving client operations and has excellent stability
Pros and Cons
  • "The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA."
  • "Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility."

What is our primary use case?

We use Cisco ASA with Firepower. Currently, we have been implementing the solution for around four years. Our company has been around for a long time, more than ten years. We cover the solutions for Network Direct Turbo ATM at the moment, it's a lot of the security work.

How has it helped my organization?

Cisco ASA is best at the technical part of the business, related to our selling and management services. We have to improve the technical functionality of the product as part of making an efficient service for the customer. We need to improve the customer's technical experience with Cisco ASA & Firepower.

What is most valuable?

There are two main ways that using Cisco ASA & Firepower has improved our organization:

  1. Technical features
  2. Our Sales team

What needs improvement?

With Cisco ASA, we used the SMB of the model. The customers are usually satisfied, but I am going to recommend that all clients upgrade to Firepower management.

For Cisco ASA Firepower, I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability of Cisco ASA is excellent compared to other products on the market. The performance is good. Compared to Fortinet on the watchband firewall, it is indispensable. Because of our customer experience as an integration company, our clients never report any performance problems. We have good performance from Cisco ASA.

What do I think about the scalability of the solution?

ASA is limited in terms of its scalability because of our customer environments. They are in the banking and microfinance sector. Our clients always want to move to the next generation firewall so they like FirePOWER. When we move clients to Firepower, they need to integrate with Sourcefire and move into more complicated management.

We have the staff perform the migrations to Firepower. We redirected traffic with Sourcefire and also require the use of FMC by our management center with Firepower.

How are customer service and technical support?

I've been exploring the technical support for Cisco ASA. I haven't had any problems with it.

How was the initial setup?

The initial setup is straightforward. 

What other advice do I have?

I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300.

I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer820269 - PeerSpot reviewer
IT Manager with 51-200 employees
User
Once configured to suit your needs, these firewalls are rock solid appliances
Pros and Cons
  • "Once configured to suit your needs, these firewalls are rock solid appliances."
  • "These firewalls are not for beginners."

These firewalls are used in enterprise level environments, which require granular control and customization to meet security and compliance guidelines for an organization. Once configured to suit your needs, they are rock solid appliances. 

These firewalls are not for beginners. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user886188 - PeerSpot reviewer
Presales Engineer
Real User
Monitoring via the dashboard enables customers to see what is happening in the system
Pros and Cons
    • "It's lacking one feature: VPN. Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good."

    What is our primary use case?

    The use case has been for the banking sector, for one of our banking customers. According to them, it's working perfectly.

    What is most valuable?

    Monitoring, of course - the dashboard. It enables you to see what is happening.

    What needs improvement?

    It's lacking one feature: VPN. That is a feature we're looking for. Otherwise, the new devices have very good support, and the performance is quite good.

    Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    So far, since we installed it, there have been no issues.

    What do I think about the scalability of the solution?

    In terms of scalability, it is really expensive. It is scalable, but when it comes to pricing, the upgrading is a bit high.

    How was the initial setup?

    It's not straightforward. You need to know what you're doing, you need to be trained. I don't know for other vendors whether it's the same issue, but for Cisco you have to be trained on the system.

    Which other solutions did I evaluate?

    Check Point and Fortigate. Generally, our customers choose Firepower because they've seen the system work somewhere before, and they see it is stable and working perfectly. Those are the reasons they opt for Firepower.

    What other advice do I have?

    There are other solutions, like Fortigate, which are very good solutions, and cheaper for the customer. Even the support via subscription is favorable, in terms of pricing. I would really advise the customer to do some research first and come up with the best solution for their needs

    I rate Firepower as an eight out of 10. It is a good solution but it is expensive compared to other products, like Fortigate. Still, some of our customers do prefer Firepower over the others.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Solutions provider/integrator.
    PeerSpot user
    PeerSpot user
    Network Security Administrator at a tech company with 5,001-10,000 employees
    Vendor
    It helped us and our customers to implement more granular and flexible connections to and from our/their environments.
    Pros and Cons
    • "The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging."
    • "It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes."

    How has it helped my organization?

    It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

    What is most valuable?

    The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

    What needs improvement?

    It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

    In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

    What do I think about the stability of the solution?

    There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

    What do I think about the scalability of the solution?

    There were no problems in terms of scaling an existing solution, though very expensive.

    How are customer service and technical support?

    I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

    Which solution did I use previously and why did I switch?

    I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

    How was the initial setup?

    The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

    What's my experience with pricing, setup cost, and licensing?

    I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

    What other advice do I have?

    Choose it if you aim to have a stable environment.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user3396 - PeerSpot reviewer
    it_user3396Team Lead at Tata Consultancy Services
    Top 5Real User

    Cool review

    PeerSpot user
    Founder, CEO, & President at Krystal Sekurity
    Consultant
    Simplified the complexity of our security architecture.

    What is most valuable?

    Provides advanced malware capabilities.

    How has it helped my organization?

    Simplified the complexity of our security architecture.

    What needs improvement?

    Integration of advanced malware services with the firewall through Firepower services.

    For how long have I used the solution?

    We have been using this solution for six months.

    What was my experience with deployment of the solution?

    There were no issues with deployment.

    What do I think about the stability of the solution?

    There were no issues with stability.

    What do I think about the scalability of the solution?

    There were no issues with scalability.

    How are customer service and technical support?

    Customer Service:

    I would give customer service a rating of 10/10.

    Technical Support:

    I would give technical support a rating of 10/10.

    Which solution did I use previously and why did I switch?

    We were looking to upgrade to a comprehensive firewall solution that integrated Next Generation Prevention System (NGIPS).

    How was the initial setup?

    There were no issues with setup.

    What about the implementation team?

    We implemented in-house.

    What was our ROI?

    We calculated for the entire year, but the ROI seemed very decent from the first six months.

    What's my experience with pricing, setup cost, and licensing?

    Pricing: Negotiate

    Licensing: Buy the advanced Malware Protection license subscription for one year. It is worth the investment.

    Which other solutions did I evaluate?

    We evaluated Juniper, Fortinet, and Huawei.

    Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CISCO Security Business partner
    PeerSpot user
    it_user341043 - PeerSpot reviewer
    System and Network Administrator at a hospitality company with 501-1,000 employees
    Vendor
    It gives us the ability to do Lan-to-Lan VPN, but it needs support for automation tools, such as Puppet.

    What is most valuable?

    It gives us the ability to do lan-to-lan VPN.

    How has it helped my organization?

    So far it has proven to be rock solid and relatively easy to maintain.

    What needs improvement?

    • Support for automation tools (Puppet)
    • More granular logging

    For how long have I used the solution?

    I've used ASA for four years.

    What was my experience with deployment of the solution?

    No issues encountered.

    What do I think about the stability of the solution?

    No issues encountered.

    What do I think about the scalability of the solution?

    No issues encountered.

    How are customer service and technical support?

    Customer Service:

    8/10

    Technical Support:

    8/10

    Which solution did I use previously and why did I switch?

    We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing and VPN termination.

    How was the initial setup?

    The most complex part was figuring out the failover and what NAT mode to implement.

    What about the implementation team?

    We did it in-house.

    What's my experience with pricing, setup cost, and licensing?

    Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

    Which other solutions did I evaluate?

    No options were evaluated. We heavily rely on Cisco hardware for our infrastructure

    What other advice do I have?

    I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good knowledge of procedures and best practices. Being a CCIE R&S I know the value of those certifications, and I wish I had a CCNP Security to better handle the task.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
    Updated: April 2025
    Buyer's Guide
    Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.