Cisco Secure Firewall Reviews

Malicious URLs are being blocked.

Advanced malware protection, it blocks malicious attacks.

• Bandwidth allocation.
• SSL decryption (avoid installing the intermediate device certificate in the client) should happen from Firepower itself.
• Critical bugs need to be addressed before releasing the version.
• Need to reduce the time to for detection of new threats.
• Enable a feature for importing/exporting logs when required for analysis.
• Dynamic IP address in client systems mapping with respect to OS change or device change should be updated periodically in FireSIGHT management.
• Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues.

Yes, there were stability issues due to memory issues in the cluster environment and Firepower misbehaved due to non-responding of service/process.

No scalability issues.

Good support.

We switched from our previous solution because of scalability issues.

It was straightforward, even though we migrated from a third-party to Cisco.

Price should be judged based on the above answers, among the most capable vendors.

FortiGate.

We are using ASA5585-X with Firepower SSP-20 (ASA version 9.6(1)3, Firepower version 6.1.0.5).

When looking at different solutions, take a deep look at the features.

It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

There were no problems in terms of scaling an existing solution, though very expensive.

I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

Choose it if you aim to have a stable environment.

It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.

I've used the devices for over 10 years.

I have never had an issue with my deployments.

One of the best things about ASA's is that they are very stable.

With ASA, you can scale to the largest deplyments. As an example, I have installed an ASA in an environment with 80.000 users.

Cisco Support is very good, you don't have problems using it.

10/10.

I have migrated customers from Cisco's competitors to ASA's.

Once you have the knowledge it is not complex to install an ASA, but it does depend on the network of the customer.

Our customers also evaluate PaloAlto.

The feature I have found most valuable is the IPS advanced threat detection for removing ransomware and malware.

An area of improvement for this solution is the console visualization.

I have been using this solution for two months.

The solution is stable.

The customer service/technical support is very good with this solution.

The initial setup is straightforward and it took two weeks to deploy. Currently, 5000 employees use this solution in our company.

The solution was chosen because of its price compared to other similar solutions.

I would recommend this solution to other users.

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch.

In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future.

I have been using this solution for the last one and a half years.

Stability-wise, it is pretty stable. It is probably not very feature-rich, but whatever features we are using, they are pretty stable.

Scalability-wise, we did not have much problem because we have a single site. If we have two or more sites, and if we want to have a site-to-site VPN and more number of users, we are not sure about the scalability. We will have to go for an updated version of the new product line. 

We have close to 80 plus users. We anticipate a huge increase in the number of users and plan to increase the usage of Cisco ASA Firewall. We may have to open a new center in a different city, which will lead to more sites, users, and usage.

Their support is good, but the cost of support is very high. Next year onwards, we may not go for technical support because most of the time, they only do the configuration, and the configuration-related information is pretty much available on the internet.

Initially, we started with some open-source alternatives, like Opium, but eventually, we thought of moving towards a proven solution. We just did a study. We didn't put the open-source solution into production. One of our customers was basically suggesting us to go with this one, and we went for it. We did not get time to go through, study, and explore different options because we didn't have the bandwidth for testing the complete features of the open-source alternatives. Therefore, we thought of going for a commercial solution. A lot of alternatives are available right now for this solution.

The initial setup was not too complicated. It was good. 

We took the help of a reseller for the initial configuration. 

The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.

I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness. 

We are an ISP, so it's primarily for customer firewalls that we help customers setup and maintain. While we do use Cisco ASA in our company, we mostly configure it for customers. Our customers use it as a company firewall and AnyConnect VPN solution.

A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.

The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.

It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.

One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes.

If you use Cisco ASDM with the command line configuration, it can look a bit messy. We have some people who use them both. If you use one, it's not a problem. If you use both, it can be an issue.

For five or six years.

We haven't had any issues with the firewalls.

The maturity of our company's security implementation is good. We are very satisfied as long as we maintain the software. It has needed to be updated quite a few times.

We don't have any firewalls that can handle more than a couple of gigabits, which is pretty small. I think the largest one we have is the 5525-X, though we haven't checked it for scalability.

In my company, there are probably 16 people (mostly network engineers) working with the solution: seven or eight from my group and the others from our IT department.

I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.

This was the first firewall solution that I worked with.

The initial setup has been pretty straightforward. We have set up a lot of them. The solution works.

The deployment takes about half an hour. It takes a little longer than if we were using their virtual firewalls, which we could implement in a minute.

We have a uniform implementation strategy for this solution. We made some basic configurations with a template which we just edited to fit a customer's needs. 

We haven't notice any threats. The firewalls is doing its job because we haven't noticed any security issues.

The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference.

Our company has five or six tools that it uses for security. For firewalls, we have Check Point, Palo Alto, Juniper SRX, and CIsco ASA. Those are the primary ones. I think it's good there is some diversity. 

The GUI for Cisco ASA is the easiest one to use, if you get it to work. Also, Cisco ASA is stable and easy to use, which are the most important things.

We use this solution with Cisco CPEs and background routers. These work well together. 

We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now.

We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD.

I would rate the product as an eight (out of 10).

Our primary use case for this solution is to protect the Internet Edge, and our VPN (Virtual Private Network).

We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.

The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

The product would be improved if the GUI could be brought into the 21st Century.

Its security is the most valuable feature. 

The phishing emails could be improved. 

It is stable. 

The scalability is good. I'm happy with the service. We are around twenty users. Some are in finance, some are in a mid-user roles, and some are in other official roles.

We did not previously use a different solution. 

The initial setup was straightforward. Implementation took two days. We needed two people for the deployment. 

Pricing is high, but it is corporate's decision.

We didn't look at any other solutions. All of our campuses use Cisco products. This is why we chose this solution. 

This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good.

I would rate this solution an eight out of ten.