Cisco Secure Firewall Reviews

We use them for some of our border firewalls in our data centers and also as our VPN concentrator. 

It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.

I don't have any specific improvements to recommend. However, when you compare the throughput of a Cisco firewall to the competitors, especially Fortinet, what you find is that Cisco has lagged a little bit behind in terms of firewall throughput, especially for the price that you pay for that throughput.

We've been using Cisco firewalls for probably 10 years.

We have 105,000 users, and they all have access to use a VPN to connect back into our network. We found that it works very well for us, and it's very scalable to the number of users that we have. That's why we continue using it.

It's very good. Cisco has excellent support. It's better than most of our vendors. I'd rate their support a ten out of ten. 

Positive

I don't believe so. We've used Cisco, at least for this specific use case, for a long time.

The enterprise agreement that we have has helped with the pricing because it allows us to consume licensing in more of a consumption model versus a per-user type model. That has helped us a lot.

I don't know. I wasn't with the organization then.

We don't use Cisco Secure for securing our infrastructure from end to end to be able to detect and mediate threats. We have other products that serve as our endpoint detection and especially for the end-to-end side of things. That's not really our strongest use case for it. Cisco Secure hasn't helped save our organization any time or operations expenditure because we have other products that we use for that.

Overall, I'd rate Cisco Secure Firewall a ten out of ten.

We started with the old ASA 5510 and migrated to Firepower, first using ASA as the basic operating system. Lately, we've been using FTD because it simplifies operations a lot. We are a very small networking team, and being able to push one policy to many firewalls eases our workload.

We are a global company, and we don't always have IT staff in all corners of the world. Therefore, having one place to do everything is very nice.

Cisco Secure Firewall has made it easier so that more than one person can handle things. We are able to have a bigger team that can handle simple tasks and have a smaller team focus on the deep-dive needs.

We have the same basic policies everywhere now, which makes it more flexible for us to manage.

I like the central management and IPS features. Having everything in one place is very valuable.

Cisco Secure Firewall is very good at detecting threats. We see a lot getting blocked by the IPS in our DMZ, that is, our internet-facing web service.

It helped free up IT staff time. Before, we would have to manually configure every single firewall. Every time we configure something on a firewall, it takes five to ten minutes, and we have more than 50 firewalls around the globe. We do changes every week, and the automated policy and upgrades saved us a lot of time.

In terms of the organization, we have been able to save time by getting things out faster. However, the only downside is that the policy push takes quite a while. Thus, a quick fix still takes at least 15 minutes, and troubleshooting can take time as well.

Some of our problems are related to software updates in remote sites where the internet connection is not stable. Sometimes, the image push just gets disrupted and fails.

The most annoying thing is having to replace the hardware so often. It's very difficult for us to do.

The integration between different tools could be improved. For example, with SecureX, I am yet to find out how to forward security events to different tools such as Microsoft Sentinel, which is what we use for log detection.

We've been using Cisco Secure Firewalls for a very long time.

We had to get in touch with technical support a few times, and our experience was good. I would give them a rating of nine out of ten. 

Positive

The initial deployment is easy, and I have not had any issues.

The solution is deployed on-premises. We have an on-premises FMC that connects everything.

The cost of the firewalls versus the ROI is okay.

We are quite Cisco-centric because of the performance we get for the price range. We have a lot of smaller sites, and we are not a very big organization. The price fits us perfectly.

Overall, I would rate Cisco Secure Firewall at nine on a scale from one to ten.

We use the Firepower as a perimeter firewall to protect from the outside network.

We are using Firepower to protect a number of services.

We are using it in a dynamic environment. This is important for our company's policies. The dynamic policy capabilities enable tight integration with Secure Workload at the application workload level.

The most valuable feature is the IPS. We also like the AnyConnect feature.

We monitor daily the final inspection activities and intelligence on Firepower. We also send logs from Firepower to our monitoring server, which is a nice feature.

The reporting and other features are nice, but there is an issue with applying the configuration. That part needs some improvement.

Services from the outside, like financial services that are critical, should be protected by the NGFW. There are cyber attacks on these services. Therefore, adding this NGFW in front of those services will reduce our costs for cyber crime.

We started using this next-generation firewall two years ago.

It is stable, but there are issues with the hybrid when you do the activation.

It is scalable. All our users utilize this firewall. We have more than 30,000 users who are end users, admins, and developers.

Cisco technical support team is perfect in their specific area, but they could improve their support for Cisco integration issues between products. I would rate them as eight out of 10.

Positive

We were previously using Cisco ASA for eight years. Now, we are using Firepower NGFW. We hope to continue using this product in the future, as long as there are no discouraging issues.

We are also using Check Point in conjunction with Cisco. We use Checkpoint for our internal networks and Secure Firewall for our outside network.

Installation wasn't that difficult, but there were some challenges on the integration. Sometimes, we face issues from the integration between another Cisco product's API and Firepower NGFW. We just integrated with our existing networks.

The firewall takes no more than two weeks to install. The integration with the API takes about six months.

We implemented ourselves. 

Two technical guys deployed it and now maintain it.

If we didn't use this NGFW, our company might have been charged by a number of attackers. Therefore, the firewall reduces our costs and operational expenses by around 40%.

Since the product is stable, we do not have to spend additional money to buy other firewalls. Once deployed, we can use the product for a long time. Thus, it is cost effective.

Pricing for Cisco is expensive. There are additional costs for the licensing part, support, and even the hardware part. The device cost is very high. I would be very happy with an improvement on the price.

From the user perspective, the reporting and other features are easy to use and user-friendly, but the Control feature of Firepower needs improvement, especially when comparing Firepower to Check Point NGFW.

For digital banking, this solution's firewalls have greatly improved our economy. Most enterprises in our country are using Cisco products because Cisco has worldwide support and cable devices.

I would rate this solution as eight out of 10.

I am an IT administrator and my job is probably 80% security analyst. We are a HIPAA environment, so we're a regulated industry and my job is to keep us from being breached. It's extremely difficult and an ever-changing, evolving problem. As such, I spend a couple of hours a day just reading everything threat report from every source I can get. 

We have a pair of 2110 models, with high availability set up.

There are multiple licenses that you can get with this firewall, and we subscribe to all three. A few months ago, we made the decision to do an enterprise agreement just because of the amount of security software we have. We subscribe to the threat, the URL, and the malware licensing. We use it for IPS, URL blocking, IP blocking, and domain blocking.

We've embraced the Cisco ecosystem primarily because I think they made some very intelligent acquisitions. We talk about security and depth and they've really done a good job of targeting their acquisition of OpenDNS Umbrella. It's all part of our ecosystem.

I take the firewall information and using SecureX, Cisco Threat Response, AMP for Endpoints, and Umbrella, I'm able to aggregate all that data with what I'm getting from the firewalls and from our email security, all into one location. From my perspective, being a medium-sized organization, threat hunting can be extremely difficult.

This product enriches all of the threat data, which I am able to see in one place.

There's nothing I personally have needed to do that I haven't been able to do with the firewall. It integrates so tightly into how I spend the majority of my day, which is threat response.

Much of this depends on any given organization's use case, but because I was an early adapter of Cisco Threat Response and was able to start pulling that data into it, and aggregate that with all of my other data. As I'm doing threat hunting, rather than jump into the firewall and look in the firewall at events, I'm able to pull that directly into Threat Response.

The ability to see the correlation of different event types in one place, these firewalls have definitely enriched that. You have Umbrella, but there are so many different attack types that it's good to have the DNS inspection at the firewall on the edge level too. So, the ability to take all of that firewall data and ingest it directly via SecureX and into our SIEM, where I have other threat feeds, including third-party thread feeds, gives our SIEM the ability to look at the firewall data as well. It lends to the whole concept of layering, where you don't have to have all of your eggs in one basket.

With our Rapid7 solution, I'm able to take the firewall data and dump it into our SIEM. The SIEM is using its threat feeds, as well as the threat feeds that are coming from Cisco Talos. In fact, I have other ones coming into the SIEM as well. So, I'm able to also make sure that something's not missed on the Talos side because it's getting dumped into our SIEM at the same time. All of this is easy to set up and in fact, I can automate it because I can get the threat data from the firewall.

In terms of its ability to future-proof our security strategy, every update they've done makes sense. We've been using one flavor or another of Cisco firewall products for a long time. Although I have friends that live and die by Fortinet or Palo Alto, I've never personally felt that I'm wanting for features.

We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government. My experience with Talos has been, they're pretty on top of things. Another driving factor towards Cisco: We get feeds every hour, automatically refreshed, and updated into the firewall.

If I had to rely on one security intelligence, which I wouldn't, but if I had to, I'm sure it would be Talos. The fact that it gets hourly updates from Talos gives me some peace of mind.

The real strength for the Cisco next-generation firewall is it'll do pretty much anything you want it to do, although it requires expertise and proper implementation. It's not an off-the-shelf product. For instance, there are some firewalls that may be easier to set up because they don't have the complexity, but at the same time, they don't have the feature set that the Cisco firewall has.

The firewall does DNS inspection, and you can create policies there.

The firewall integrates seamlessly and fully with our SIEM. We use a Rapid7 SIEM inside IDR and it now integrates seamlessly with that. Cisco's doing a lot more with APIs and automation, which we've been leveraging.

In terms of application visibility and control, I used the firewall and I also use Umbrella, but it depends on what it is that I'm seeing. One component that I use is network discovery. When you configure the policy properly, it'll go out and do network discovery so you're not loading up a bunch of rules you don't necessarily need. Instead, you're targeting rules that Cisco will say, "Hey, because of network discovery, we found that with this bind to whichever version server, we recommend you apply this ruleset." This is something that's been very helpful. You don't necessarily have to download every rule set, depending on your environment.

I have used it for application control. Right now, we're in the midst of doing tighter integration with ISE and the integration is very good. This is something that we would expect, given that it's a Cisco product.

I use the automated policy application and enforcement every chance I get. Using an automation approach, I would rather have a machine isolated even if it's a false positive because that can happen much faster than I can get an alert and react to it. On my end, I'm trying to automate everything that I can, and I haven't experienced a false positive yet.

Anything that's machine learning-based with automation, that's where I'm focusing a fair amount of attention. Another advantage to having Cisco is that their installed base is so huge. With machine learning, you're benefiting from that large base because the bigger their reach is, the bigger and better the dataset is for machine learning.

At some point, you have to trust that the data set is good. What's impressed me about Cisco is with all of our Cisco products, whether it's AMP or whatever, they're really putting an emphasis on automation, including workflows. For someone like me, if I get an alert in the middle of the night and I see it at 6:00 AM, it is going to be a case of valuable time lost, so anything that I can do to make my life easier, I'll definitely do it.

It would be great if some of the load times were faster. My general sense is that it's probably related to them taking a couple of different technologies and marrying them together. We are using virtual, so the way that I handled that was to throw more RAM in it, which these days, is pretty cheap. I could see some improvement with the speed of deploying policies out, although it's not terrible by any means. One thing about Cisco is whatever they're doing, it keeps getting better.

The speed of deploying policies could be improved, although it is not terrible by any means.

Another legitimate criticism of Cisco that comes to mind is that you need to make sure you've got your licensing straightened out. I haven't had any problems in a long time, but I know people that haven't used Cisco products sometimes can run into issues because they haven't figured out so-called smart licensing. Depending on the Cisco person you're working with, make sure you have all that stuff all set to go before you start the implementation.

That's an area that Cisco has been working on, I know. But licensing is a common complaint about Cisco. I suggest making sure that you have that stuff in place and you've got all your licenses all ready to go. It seems like a dumb thing, but my most common complaint about Cisco before we entered into our enterprise agreement was licensing. When it's working, it's great, but God help you if you've got a licensing problem.

They've been very reliable for us and we haven't had one fail, so we've never had to failover. That has been generally my experience with Cisco products, which is one reason that we tend to lean on Cisco hardware for switching, too. The reliability of the hardware over the years has been very good.

We have integrated these firewalls with other products, such as Cisco ISE, and it hasn't been a problem. ISE is a Cisco product so it would make sense that it integrates well, but ISE integrates with other firewalls as well.

Everything that I've done with these firewalls has been pretty seamless. We've had no downtime with them at all. They've been very rugged as we expanded usage through integration.

People knock Cisco TAC but in my experience, they have been very good. I've always found them to be extremely helpful. Friends that I have made from inside Cisco say, "Hey, you want me to look at this or that?", which is very helpful.

The big three solutions, Cisco, Fortinet, and Palo Alto, are all really good but I tend to lean on Cisco versus the others because one of their strengths, in general, is threat intelligence. When you put a bunch of security people in a room then you have a lot of consensuses, but like anything, you'll have a lot of disagreements, too.

Each of these products has its strengths and weaknesses. However, when you factor in AnyConnect, which most people will agree is state-of-the-art from a security standpoint in terms of VPN technology, especially when it's integrated with Umbrella, it plays into the firewall. But, it always comes back to configuration. Often, when you read about somebody having an attack, it's probably because they didn't set things up properly.

If you're a mom-and-pop shop, maybe you can get by with a pfSense or something like that, which I have in my house. But again, if you're in a regulated environment, you're looking at not just a firewall, you're looking at all sorts of things. The reality is, security is complicated.

Cisco gives you lots of options, which means that it can be complicated to set up. You have to know what you're doing and it's good to have somebody double-check your work. But, on the other hand, it does everything from deep packet inspection and URL filtering to whatever you want it to do, with world-class integration. It integrates with Umbrella, AnyConnect, ISE, StealthWatch, and other products.

It is important to remember that a firewall is only as good as it's configured. Sometimes, people will forget to configure a policy, or they will create the rules but forget to apply them. It comes back to the fact that it's a professional product and it's only as good as the person who's using it.

I do some security consulting and I've seen many misconfigurations. People will write a Rule Set but forget to apply it to a policy, for example. There is no foolproof product and I think it is a challenge to say, "Wow, this firewall is better than that firewall." These things are complex, but Cisco has always, in my mind, set many kinds of standards. I don't know any serious security person that would argue that.

Especially AnyConnect with an Umbrella module attached, I think most people would argue it's state-of-the-art. I know that I would because it allows me to do a couple of things at once. It's not just the firewall; it's AnyConnect, and it's what you can do with AnyConnect given its functionality with Umbrella. It gets kind of complicated and it depends on the use case, and some people don't need that.

Again, what makes it difficult to say something about a firewall is, the configuration possibilities are so varied and endless. How people license them is different. Some people think, "I prefer the IPS License," or whatever. But again, I think to get the strength of a Cisco firewall is just that.

I found our setup straightforward, but you don't go into it blind. You have to be clear on your requirements and you need to take the setup step-by-step. Whenever I deploy a firewall, I have a couple of people to double-check my work. These are people who only work on Cisco firewalls and they act as my proofreaders whenever I am doing a new deployment.

Cisco's documentation is very good and it's always very thorough. However, it's not for a novice, so you wouldn't want a novice setting up the firewall for an enterprise. Personally, I've never had any issues with policies not deploying properly or any other such problems.

Talking about how long it takes to deploy, it's a good weekend if it's a new deployment. It's not just clicking and you're done. I haven't installed a Fortinet product, but I can't imagine any of them are easy to install. Essentially, I found it straightforward, but it is involved. You've got to take your time with it.

You need to make sure anything you do with your networking, that you have it planned out well in advance. But once you do that, you go through the steps, which are well-documented by Cisco.

Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain. That's the way I look at it.

We also use Cisco Umbrella, and I may use features from that product, depending on where I am.

Every firewall has its pluses and minuses, but because we've taken such a layered approach and we're not relying on one thing to keep us safe, I've never really gone, "Oh, I've had it." I've heard some complaints about Cisco TAC, but generally speaking, I've been able to configure them and do whatever I need to with the Cisco firewall. There's nothing in my experience with Cisco that leads me to believe that that's going to stop.

I've always felt comfortable with every Cisco purchase we've made and every improvement they've made to it. I think they keep moving in a positive direction and they're pretty good with updates and fixes. You can have 10 people, networking people or security people, and they'll all have different takes on it. That said, I've always been very comfortable. I don't stay up at night and worry about our firewalls.

One thing to remember about Cisco is that whatever they're doing, it just keeps getting better. In my experience with Cisco, I have yet to have a product of theirs that they haven't improved over time. For example, we bought into OpenDNS Umbrella before Cisco acquired them. At the time, I was wondering whether they were going to improve it or what was going to happen with it, because you can never be sure. Again, Cisco has done nothing but improve it. It's a far more mature product than when we picked it up five or six years ago.

While not directly related to the NGFW, it speaks to Cisco's overarching vision for security, which again, I'm always looking at layers. If you're thinking that you're going to secure an environment by buying a firewall, yes, that's a really important piece of it, but it's only one piece of it.

Cisco is a company that is really open about vulnerabilities, which some people could see that as a negative but I see as a positive. I do security all the time, so I'm always going to be paranoid. That said, I've spent so much time doing this stuff that I've developed a lot of trust in Cisco. Again, I think there are other great products out there, but Cisco has made it really easy to integrate stuff into this ecosystem where you have multiple layers of not perfect, but state-of-the-art enterprise security.

My advice for anybody who is implementing this solution is, first of all, to know what you're doing. If you're not sure then get somebody that does. However, I would say that's probably true of any firewall. If your business relies on it, have all of your information ready beforehand, it's just all the straightforward stuff that any security person needs.

In summary, I think what I can say about them is there's nothing I needed to do that I haven't been able to do. I have incredible visibility into everything that's happening. We continue to leverage more features, to use it in different ways, and we haven't run into any limitations. I cannot say that the product is perfect, however, and I would deduct a mark for the interface loading. It's not terrible but sometimes, especially when you're doing the setup, it can chug away for a while. Considering what the device does, I think that it's a small complaint.

I would rate this solution a nine out of ten.

I'm a Cybersecurity Designer working for a financial services company in London, England with about 4,500 employees. We've been using Cisco Secure Firewall for about a decade now.

Currently, our deployment is entirely on-premise. We do use a hybrid cloud, although we don't have any appliances in the cloud just yet, that is something that we're looking to do over the next five years. 

The primary use case is to provide the ability to silo components of our internal network. In the nature of our business, that means that we have secure enclaves within the network and we use Cisco Secure Firewall to protect those from other aspects of the network and to control access into those parts of the network. 

The greatest benefit that this has provided to our organization is that we've been able to adjust the time that it takes to implement firewall changes. It's gone from a week to less than half a day to implement a change, which means that our DevOps team can be much more agile, and there is much less overhead on the firewall team. 

I would say that the Cisco firewall has helped us to improve cyber resilience, particularly with node clustering. We're now much more confident that a firewall going offline or being subject to an attack won't impact a larger amount of the network anymore, it will be isolated to one particular element of the network. 

We use Cisco Talos to a limited extent. We are keen to explore ways that we could use more of the services that they offer. At the moment, the services that we do consume are mostly signatures for our Firepower systems, and that's proven invaluable. 

It sometimes gives us a heads-up of attacks that we might not have considered and would have written our own use cases for. But also the virtual patching function has been very helpful. When we look at Log4j, for example, it was very difficult to patch systems quickly, whereas having that intelligence built into our IDS and IPS meant that we could be confident that systems weren't being targeted. 

I would say the most valuable aspect of Cisco Secure Firewall is how scalable the solution is. If we need to spin up a new environment, we can very easily and quickly scale the number of firewall instances that are available for that environment. Using clustering, we just add a few nodes and away we go. 

In terms of time-saving or cost of ownership, the types of information that we can get out of the Cisco Secure Firewall suite of products means that our security responders and our security operations center are able to detect threats much faster and are able to respond to them in a much more comprehensive and speedy manner. 

In terms of application visibility, it's very good. There is still room for improvement, and we tend to complement the Cisco Secure Firewall with another tool link to help us do some application discovery. That said, with Firepower, we are able to do the introductory part of the discovery part natively. 

In terms of detecting and remediating threats, I would say on the whole, it is excellent. When we made the decision to go with the Cisco Secure Firewall compared to some other vendors, the integration with other third-party tools, and vulnerability management, for example, was a real benefit. It meant that we could have a single view of where those three threats were coming from and what type of threats would be realized on our network.

In recent years through the integration of Firepower threat defense to manage some of the firewalls. We were able to do away with some of our existing firewall management suite. We do still need to use some third-party tools, but that list is decreasing over time. 

In terms of ways that the firewall could be improved, third-party integration is already reasonable. We were able to integrate with our vulnerability management software, for example. 

However, I would say that when we're looking at full-stack visibility, it can be difficult to get the right information out of Firepower. For example, you may need to get a subset of it into your single pane of glass system and then refer back to Firepower, which can add time for an analyst to look at a threat or resolve a security incident. It would be nice if that integration was a little bit tighter. 

The stability of Cisco Secure Firewall was one of the primary reasons that we looked to Cisco when we were replacing our existing firewall estate. I would rate it very highly. We have not had any significant problems with outages. The systems are stable and very good. 

The scalability of the firewall is one of the main reasons why we looked to Cisco. The ability to add nodes and remove nodes from clusters has been hugely important, particularly in some of our more dynamic environments where we may need to speed up a few hundred machines just for a few days to test something and then tear it all back down again. 

Within our data centers, we have around 6,000 endpoints, and then our user estate is around 4,500 endpoints and all of that connectivity is controlled by Cisco Secure Firewall.

Tech support has been very good. There are occasions where it would be nice to be able to have a consistent engineer applied to our tickets, but on the whole, the service has been very good. We haven't had any real problems with the service. I would rate them an eight out of ten.

The areas that could be improved would be if we could have dedicated support, that would bring them up from an eight. 

Positive

Prior to using the Cisco Secure Firewall, we were using another vendor. The Secure Firewall was a big change for us. The legacy firewalls were very old and not particularly usable. We do still use another vendor's products as well. We believe in in-depth defense. 

Our perimeter firewall controls are a different vendor, and then our internal networks are the Cisco Secure Firewall. 

Comparing Cisco Secure Firewall to some other vendors, I would say that because we use a lot of other Cisco technologies, the integration piece is very good. We can get end-to-end visibility in terms of security. In terms of the cons, it can be quite difficult to manage firewall changes using the Cisco standard tools. So we do rely on third-party tools to manage that process for us. 

The firewall platform itself was not at all difficult to deploy in our environment. I would say that we do have a very complex set of requirements. So migrating the policy from our existing firewall estate to the new estate was quite difficult. The third parties helped us to achieve that. 

We've seen a good return on investment. The primary return that we have seen is fewer outages due to firewall issues, and also the time to detect and respond to security incidents has come down massively. That's been hugely useful to us. 

On a scale of one to ten, I would say Cisco Secure Firewall rates very highly. I'd give it an eight. There are still some places to improve. 

If we look at what some of the other vendors are doing, like Fortinet, for example, there are some next-gen features that it would be interesting to see introduced into the product suite. That said, there are other capabilities that other vendors do not have such as the Firepower IPS systems, which are very useful to us. On the whole, Cisco Secure Firewall is a great fit for us. 

If you were considering Cisco Secure Firewall, I would say your main considerations should be the size of your environment and how frequently it changes. If you're quite a dynamic environment that changes very frequently, then Cisco Secure Firewall is good, but you might want to consider complimenting it with some third-party tools to automate the policy distribution. 

Your other consideration should be around clustering and adding nodes quickly. If you have a dynamic environment, then it is quite hard to find a better product that can scale as quickly as the Cisco firewalls.

Our primary use cases lie mainly with high availability and the security features available doing Layer 3 routing that we would need on our internal network.

It has simplified the internal network, so we don't have to worry about one device failing and losing connectivity. High availability is always there.

Our top three features are the high-availability features, the VPN and the IPSec.

It has fantastic visibility. It's a 10 out of 10. 

Cisco Secure Firewall is fantastic at securing our infrastructure from end to end so we can detect and remediate threats. We have already caught things that have tried to get in. 

Cisco Secure Firewall has improved resilience by a huge margin. It has been a great help.

Cisco Secure Firewall has freed staff because we don't have IT staff worrying about a lot of the threats. We trust the device that we are going to catch the threat. We are going to get a notification and be able to act upon that. Cisco Secure Firewall has saved at least 25 hours a week

The newer versions have made it so that we do not have to worry about other appliances with feature sets that are already built into the Cisco firewall.

The solution has had a huge effect, especially from physical density when it comes to securing our infrastructure. A lot of people don't think about power availability and cooling aspects. You have a limit to how much power you can push, and every little bit helps. 

We chose Cisco because of its understanding, customer service, warranties, and the quality of the product

We would like to see dual power supplies for some Cisco Firewall products. Having to get an ATS in the Data Center application because there's an A+B power feed on such a vital device with high availability may be something that I want to put in there.

We have been using Cisco Firewall for the last 20 years.

The solution is very stable.

The solution is scalable because Cisco keeps up with new technology, the security application, bandwidth, optics, and the kind of speed that one can use.

Customer support has been very responsive, whether it is a hardware failure or calling for any kind of technical support.

Positive

We have seen a return on investment in the total cost of ownership.

The pricing is fair compared to competitors. Cisco is the Cadillac in its field. You get what you pay for. 

Cisco is amazing at upgrading, so even if we did have to upgrade a device, it is plug-and-play because of that availability option.

Cisco is doing a great job with all the improvements that are coming; they are allowing for GUI setups where many people aren't so used to CLI. Many of the younger grads coming into our field are more used to APIs and automation, so having that GUI feel is a lot better than CLI.

I rate the solution a ten out of ten.

We are an insurance company. The core of what we do is service. We manage people and security. We have all the implementation for security. 

We have one ERP running on-prem and another one is running on the GCP cloud. We have a cloud service that runs that ERP on GCP. Our other service is running with Microsoft 365. So, we have an in-house AD that syncs with the cloud AD, but it is the firewall that is managing the communication process in between. The on-prem AD sync with the cloud AD is managed by the firewall. It is like a gateway. 

A vendor implemented this system for us to use and manage the process. We have an integration with the GCP. We've integrated this system with our network in such a way that you cannot access the GCP applications or infrastructure if you are not on-premises. This integration with the GCP and our virtual network online has been done locally.

In general, the management of our infrastructure is now easy. I can manage remotely. I can manage on-prem. I can always log in. I have a couple of users who work remotely via VPN because of the license. Not everybody works remotely in my organization. For people who work remotely, we have licenses for them to log in remotely from where they are and use the service. So, managing people, resources, and devices is easy. It has been a good experience. I don't intend to change it because it's giving me the service I need.

In terms of money, it has saved a lot of money. A lot of other organizations that don't have this kind of easy-to-manage layer of security are going through different kinds of attacks. We have a culture of being careful, even though you cannot be a hundred percent careful. When I hear that people have some security issues, I come and check my devices, and I notice that my firewall has actually blocked a lot of things. It gives me rest and peace. So, it saves a lot when you consider the cost of the organization's operations going down, even for one, two, or three hours. We would lose a lot if that happens. It probably saves us over a million dollars a year. The investment is totally worth it.

Our network is a little bit flat. We have a load balancer before getting into our network. We have configured the load balancer on the device itself. We have two major service providers. We have a core business application, and there are some people who use the core business application. We also have some light users. We have set up criteria to give priority to the people who use the core business application. I have a provider that gives me 300 MB to 500 MB, and I have another provider that gives me 20 MB to 25 MB as a backup. I have set priority based on the usage. If you're using the core business application, it pushes you to the fast network. Otherwise, it sends you to the other network. All that has been done on the firewall. It has been very good for this. I have no complaints.

It enables us to implement dynamic policies for dynamic environments, which is important for us. We can control the network based on different kinds of users. We can quickly and easily define the policies. We can set priorities based on different applications, systems, and users on our network.

Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often. Sometimes, when users complain that they are not able to see a particular thing, we log in to check the scan and see what it has scanned and filtered. It is usually something it has filtered out. It works perfectly.

It is easy to use. There is a GUI, and there is a backend that is being managed by our consultant. When we log in to the GUI, we are able to do anything we want to do. Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things. With Cisco, there is also a lower limit on virtual accounts. In FortiGate, they could be in thousands. Cisco is also more expensive. 

I have been using this solution for about three to four years.

It is very stable. I've not had any thought of reconfiguring it. I have just applied my criteria, and I'm good.

Scalability is not a problem because I still have a span of five to seven more years. After that, I might have to go for a bigger device. For now, I have no issues. I can scale up or down. I'm good with that.

Their support is very good. We had an issue where the OS got corrupted. We got Cisco to log in. They did the reset on it, reformatted it, and sent it back to us. Because of the subscription we have with Cisco, we got a copy back in no time. We're now good. We've not been calling their tech support very often. We only call them when we have a very serious issue. I would rate them a nine out of ten.

Positive

It wasn't simple. Its implementation doesn't take much time, but we had to get a consultant in. Implementing a Cisco solution from scratch is harder than implementing FortiGate. With FortiGate, I can do my implementation and put all the criteria easily, but with Cisco, I need to do a lot more research, and I need to get someone to help me, but after implementation, it just works.

We had a consultant from a local vendor here called Incognito. Our experience with him was good. I can refer him to anybody.

When we have issues and we need improvement, he comes in. There was a time we noticed that we had lag on our network. We were trying to figure out the cause for it. We were using two service providers but the same backbone. We called him to make the required modifications.

It is more expensive than the other solutions. 

I'm the CIO here. When I came here, I did an audit of the IT infrastructure to see what was there. I looked at what was existing and thought of improvement. I got in all the vendors and had a meeting with them. I also got in a Cisco vendor and sat down with him and told him about the implementation I wanted. Because of the cost, I didn't change any equipment. So, he did the implementation. At any other place, I would look at the users and implement what is easy for them to manage. For a big enterprise with a whole crew, I would definitely consider Cisco. For any other place, I would go for Fortinet. Cisco is harder to implement and manage, but its stability is good. It is also more expensive. There are other cheaper solutions I would have gone for, but I had to focus on what was existing and improve. I had to make sure I worked with what was existing. We also have Cisco switches.

What it's been configured to do, it does it well. I would rate this solution a nine out of ten.

We were looking to consolidate some of our equipment and technology. When we switched over, ASA was a little bit more versatile as firewalls or VPN concentrators. So, we were able to use the same technology to solve multiple use cases.

We have data centers across the United States as well as AWS and Azure. 

We use it at multiple locations. We have sites in Dallas and Nashville. So, we have them at all our locations as either a VPN concentrator or an actual firewall.

Cybersecurity resilience is very much important for our organization. We are in the healthcare insurance industry, so we have a lot of customer data that goes through our data center for multiple government contracts. Making sure that data is secure is good for the company and beneficial to the customer.

It provides the overall management of my entire enterprise with an ease of transitioning. We have always been a Cisco environment. So, it was easy to transition from what we had to the latest version without a lot of new training.

• Speed
• Its capabilities
• Versatility

When we first got it, we were doing individual configuring. Now, there is a way to manage from one location. We can control all our policies and upgrades with a push instead of having to touch every single piece.

We have been using ASAs for quite a number of years now. 

We have other things around it going down, but we really don't have an issue with our ASAs going down. They are excellent for what we have.

There is rarely maintenance. We have our pushes for updates and vulnerabilities, but we have never really had an issue. 

It is very scalable with the ability to virtualize, which is really easy. We do it during our maintenance window. Now, if we plan it, we know what we are doing. We can spin up another virtual machine and keep moving. 

The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them.

Positive

We were previously using a Cisco product. We replaced them awhile back when I first started, and we have been working with ASAs ever since.

We did have Junipers in our environment, then we transitioned. We still have a mix because some of our contracts have to be split between vendors and different tiers. Now, we mostly have Apollos and ASAs in our environment.

I was involved with the upgrades. Our main firewall was a Cisco module, so we integrated from that because of ASA limitations. This gave us a better benefit.

The deployment was a little complex at first because we were so used to the one-to-one. Being able to consolidate into a single piece of hardware was a little difficult at first, but once we got past the first part, we were good.

We have seen ROI. When I first started, everything was physical and one-to-one. Now, with virtualization, we are able to leverage a piece of hardware and use it in multiple environments. That was definitely a return on investment right out of the gate.

The licensing has definitely improved and got a lot easier. It is customizable depending on what the customer needs, which is a good benefit, instead of just a broad license that everybody has to pay.

It is a good product. I would rate it as 10 out of 10.

Resilience is a definite must. You need to have it because, as we say, "The bad guys are getting worse every day. They are attacking, and they don't care." Therefore, we need to make sure that our customers' data and our data is secure.

It depends on what you need. If there is not a need for multiple vendors or pieces of equipment per contract, you should definitely look at what ASAs could be used for. If you are splitting, you can consolidate using this product.