Cisco Secure Firewall Reviews

We use Cisco Secure Firewall for traditional firewall use cases, like VPN, segmenting of traffic, and creating PPSs.

We need reliable communication to do what we do, and that's very important. The solution does what we need to do and when we need to do it. It has a great reputation for the support that we need because if things don't work within the Department of Defense, people don't survive. Communication and keeping the adversary out are key components of our work. So we need a robust, reliable, and secure product, and that's what Cisco provides us.

Cisco Secure Firewall is robust and reliable.

The process of procuring modern-day technology within the DOD needs to improve.

I've spent quite a few years with Cisco Secure Firewall.

Cisco Secure Firewall is a very stable solution.

Cisco Secure Firewall is a very scalable solution.

Cisco Secure Firewall's technical support is great, reliable, and responsive.

Positive

We have seen a return on investment from using Cisco Secure Firewall. From the DOD's perspective, we need a reliable and robust solution that has to be reliable in real-time. Cisco Secure Firewall is a reliable solution that works when needed.

Cisco Secure Firewall is a great scalable, secure, and robust product.

There is a dedicated team designed to handle firewalls.

I have a good impression of Cisco Talos and its effects on our security operations. They have a great reputation for doing a lot of great things.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience.

Overall, I rate Cisco Secure Firewall nine out of ten.

We are primarily using the solution for VLAN implementations and also for remote VPN capability - basically it's used for connecting to remote offices securely.

After implementing tools, including Cisco ASA, unauthorized access comes down a lot. We are not facing asset issues as of now. We are not facing an issue related to malicious traffic or any bad activity in our network.

The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.

It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.

Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.

They are best-in-class.

The remote VPN feature is one of the best features we've found. 

We like that there is two-factor authentication on offer.  We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.

Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.

When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products. 

There are multiple features in a single appliance, which is quite beneficial to us.

Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.

We have not had any security breaches. 

They provide a helpful feature that allows us to configure email. 

We are getting a lot from the appliance in real-time.

There's an upgraded version of the 5500 that has come to the market. It offers the latest encryption that they have. If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve. The rest is good.

We've been using the solution for about five or more years at this point. It's been a while. 

The stability and availability are very good. there are no bugs or glitches. It doesn't crash or freeze. it's a reliable solution. 

We have it in our infrastructure for around 15 plus users, including Fortinet sites.

We have found that whenever the traffic spikes at peak times, the product automatically scales up to the requirement. We have also implemented the single sign-on it, and therefore, it automatically scales up. We haven't felt any limitations. Currently, we are using it for 1500 plus users. At any given time, there are around 700 plus users available in the office. It's a 24/7 infrastructure. We have tested it for up to 750 plus users, and it's perfectly fine.

Technical support is excellent. they are always available, no matter the time of day, or day of the week. We are quite satisfied with their level of support. They are quite helpful and very responsive. I'd rate them at a ten out of ten. They deserve perfect marks.

We did not previously use a different solution. When the office was launched we implemented Cisco as a fresh product.

We are using a Cisco ASA Firewall, as well as Sophos at the remote sites. We are using another product is for log collecting. There are three solutions that basically cover us for security purposes. Those, at least, are the physical devices we are using as of now. The rest are cloud solutions such as Nexus. 

That said, I personally, have used Sophos XG as a firewall in the past. Sophos is good in terms of traffic blocking and identifying interruptions to the traffic. The features are better on Cisco's side. For example, there is two-factor authentication and a remote VPN. The only benefit I found in Sophos was the way it dealt with the traffic. 

The initial setup was not overly complex or difficult. It was quite straightforward and very easy to implement. 

Deployment takes about 20 to 25 minutes. 

In terms of the implementation strategy, at first, we put up the appliances in the data center. After that, we connected it with the console. After connecting the console, we had an in-house engineer that assisted. Cisco provided us onboarding help and they configured our device for us. We have just provided them the IP address and which port we wanted up. Our initial configuration has been done by them.

While most of the setup was handled in-house, we did have Cisco help us with the initial configurations.

The ROI we are getting from Cisco ASA is higher availability, which we are getting all the time. On top of that, it's good at blocking traffic and protecting us from cyber-crime issues.

The pricing is pretty reasonable. it's standard and comparable to other solutions. The maximum difference between products might be $20 to $40. It's not much of a difference. 

We did not evaluate other solutions. We trust Cisco. It's a very good product and well known in the market.

We are a customer and an end-user.

We are using physical Cisco appliances.

We use a lot of Cisco products, Cisco router (the 3900-series routers), and Cisco switches.

In the next quarter, we will implement SD-WAN. Once the SD-WAN is implemented, then we will go with an automated policy and DNS kinds of tools. We are in the process of upgrading to Cisco ASA Firepower in the next quarter. We have not integrated Cisco ASA with Cisco's SecureX solution.

I'd recommend the solution, especially for medium-sized or larger companies and those who are looking for long-term solutions (for example those with a user base of around 2,000 plus users in and around 20 plus applications). It's reliable and offers users a lot of features. This helps companies avoid having to rely on other third-party solutions.

If you are new to Cisco, you should take advantage of the education they have on offer. Cisco provides access to training and it's worth taking advantage of this.

Overall, I'd are the solution at a nine out of ten.

The solution is primarily used for protecting the environment, or the cloud environments for our customers.

All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features. 

The implementation is pretty straightforward.

The security market is a fast-changing market. The solution needs to always check if the latest threats are covered under the solution. 

It would always be helpful if the pricing was improved upon a bit.

In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.

We've been using the solution for about five or more years at this point.

The solution is stable. It's very reliable. It doesn't crash or freeze and doesn't seem to be plagued by bugs or glitches.

The solution can scale quite well. A company that needs to expand it can do so easily.

In our case, we have clients with anywhere between 1,000 and 10,000 users.

We have our own in-house team that can assist our clients should they need technical support. They're quite knowledgeable and can handle any issues.

I also have experience with Fortinet and Check Point.

The implementation isn't complex. It's straightforward. However, it also depends on the specifications of the customer. Normally we check that out first and then we can make a judgment of how to best implement the solution.

Typically, the deployment takes about two days to complete.

In terms of maintenance, we have about five people, who are engineers, who can handle the job.

We deliver the solution to our customers.

You do need to pay for the software license. In general, it's a moderately expensive solution. It's not the cheapest on the market.

We're a partner. We aren't an end-user. We are a managed security provider, and therefore we use this solution for our customers.

We always provide the latest version of the solution to our clients.

Typically, we use both cloud and on-premises deployment models.

I'd recommend the solution to others. It's quite good.

On a scale from one to ten, I would rate it at an eight.

We use it for our university department firewall. It replaced our 12-year-old Cisco ASA 5520, which used to protect web servers, mail servers, SVN repositories, office computers, research computers, and computer labs. It was used for blocking the internet for exams. It was not used for IPS, so we did not buy the new threat protection or malware license. We connected it to a Layer 3 switch for faster Inter-VLAN routing.

It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.  

• Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. 
• I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
• Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
• I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
• I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
• I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
• It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
• The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
• While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.
  

• It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center. It would be nice to have a Windows program instead of a virtual appliance for the Firepower Management Center.  The ASA and Firepower module seem redundant, not sure which one to set the rules in, but maybe that was for backward compatibility. I am not sure that is very useful.
• It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it.
  
• 10Gb interfaces should be available on more models. 
  

ASA pricing seems high compared to other firewalls, such as the Sophos XG models. 

The licensing features are getting more complicated. These should be simplified. 

I'm a design consultant. We primarily use the product to secure various client networks, major infrastructure, highways, and urban surveillance.

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

I would like to see an IE version of the solution where it is ruggedized. Most of what we do is infrastructure based on highways. Now that the product has a hardened switch, the only thing left in our hubs that isn't hardened is probably the firewall. It would be nice to pull the air conditioners out of the hubs.

I have been using the solution for 20 years.

I've never had a stability problem with firewalls.

The solution seems to be very scalable. I probably don't have much experience with scalability because, by the nature of how our networks work, we don't scale them; we just add another one.

Support is very good. I've never had a problem with any form of support.

Positive

I used only a couple of other products over the years due to client preference. In general, Cisco Secure Firewall is easier to deploy mostly because of the depth of personnel trained in it. Every other product seems to be a niche thing that two people know, but Cisco once again seems ubiquitous throughout the industry. Our customers choose Cisco for various reasons, from cost to a preference for Cisco. It meets the task that they need to meet. It's really the spectrum.

The deployment is pretty straightforward. It's the same as deploying any other Cisco equipment. If you know what you're doing, it's not a huge deal.

I believe our clients have seen an ROI. Their networks are more secure. Various agencies have tested a few of them to prove it, and they've proven okay. Since they weren't attacked, they have received an ROI.

The licensing is not so bad. The solution’s pricing could be lower. It's not horrible, though.

The application visibility and control are pretty good. It seems to do everything we've ever needed it to do. I've never asked the product to do something that it couldn't do. The solution has been pretty successful at securing our infrastructure from end to end. Most of our client’s staff have reported that the product is not as maintenance intensive as they would like. They never had to deal with maintenance before, but now they do. We deploy new systems for our clients.

I haven't had much experience with Cisco Talos directly. I know it's there, but I haven't really been involved. I haven't experienced it, which I believe is a good thing. It's doing its job if I don't have to get involved with it. The product has definitely helped improve our organization’s cybersecurity resilience. We weren't secure at all before, and we are a known target since we’re based in infrastructure. The solution has been very helpful in providing security.

It is a good product. I would definitely look into it. There is great value in going to a partner to a reseller to deploy the product. They understand the equipment and have expertise. Normally, they're local, so local knowledge is always useful. They have done deployments before, so sometimes they know tips or tricks that aren't in the manuals.

People evaluating the solution should give it a look. Definitely, it is worth taking a look at it.

Overall, I rate the product a nine out of ten.

One of the most important roles of Cisco Secure Firewall is as a central firewall for the internet. We use it for segmentation of the outside network, DMZ networks, inside networks, and also as an intrusion prevention system for protecting our resources from the internet. All Access Control Lists are implemented on this firewall.

These days, it's normal to require that networks be more open because of the recent changes brought about by the COVID pandemic. The need for hybrid work environments and more collaborations has made securing the network more challenging. However, Cisco offers us monitoring and configuration, and with one platform, we are able to be more flexible and be able to control our security and our network.

The security features that protect our networks are the most valuable for me and my department, as we are responsible for the security of our network. We investigate cases and analyze traffic to see what's going on. These features are also very valuable when we are investigating communication between some services in the bank and what's happening in the network.

We are very satisfied with Cisco Secure Firewall for securing our infrastructure from end to end so we can detect and remediate threats. We have not seen a lot of false positives, and we haven't seen many situations when the traffic was interrupted without a proper cause. We are confident that the signatures that Cisco Secure Firewall uses are very good and reliable. For us, this is very important because we are a relatively small security team, and we don't have much manpower to be able to analyze every signature or event. By default, Cisco Secure Firewall is reliable, and that is the most important factor for us. Cisco is a large company that invests in security, and if it has reliable signatures and processes in intrusion detection, then that is very good for us.

Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network.

We have encountered problems when implementing new signatures and new versions on our firewall. Sometimes, there is a short outage of our services, and we have not been able to understand what's going on. This is an area for improvement, and it would be good to have a way to monitor and understand why there is an outage.

We use Cisco Secure Firewall and Cisco ISE.

In general, Cisco Secure Firewall is stable. We have had problems when we automatically deployed some signatures. There have been issues with the memory of the Firewall Management Center, and we've had to reload the system.

Our company has approximately 2,500 employees and 500 devices. In terms of scalability, Cisco Secure Firewall is sufficient for our needs.

We usually work with our local partner because it's much more convenient and faster. Because of their experience, they are able to solve some of our problems or issues without Cisco's technical support. For bigger problems such as bugs, we work with Cisco's technical support.

Because we mainly work with our local partner for technical support, I would rate them at ten out of ten.

Positive

The initial setup was relatively simple for us. During migration, we used the Cisco Firewall migration tool. From our point of view, the migration tool was okay.

We have a very reliable partner who helps us with Cisco products. They helped us to deploy Cisco Secure Firewall. I think it's important for every company to have local partners with enough knowledge and experience on whom they can rely. 

Our experience working with our partner was great. They have a lot of knowledge and experience with implementation.

We have always used Cisco firewalls. Cisco products have been the standard in networking in our company for many years. This has been beneficial because some of our core IT activities are connected with Cisco. Also, it has been proven that Cisco Secure Firewall is a reliable product that can help us have stable and reliable networks and services.

We have some experience with Check Point, which we started using recently. Cisco is more hardware-oriented, and Check Point is more application-orientated. The two vendors have a slightly different approach to the same problem.

On a scale from one to ten, I would rate Cisco Secure Firewall at eight because it's a very reliable product. We can use predefined signatures and don't have to do a lot of customization. However, we have had a few small issues with the deployment of some signatures and with the availability of Firewall Management Center.

We are one of our Swedish municipalities. We use this solution to support our environment and keep it safe and secure.

At the moment, Cisco SecureX is just for the monitoring part. We are migrating servers from an old infrastructure to a new one. It monitors how they're behaving on the network.

We have 500 sites using it. It's a mix of remote sites and connected sites. We have a lot of devices. We are a Swedish municipality, so we do everything from healthcare to taking care of the roads. We have a wide spectrum of users, so we have to supply everyone with what they need. So, we have a lot of devices in our network.

Cisco SecureX is doing a good job for us in terms of securing our infrastructure from end to end so that we can detect and remediate threats. It's detecting what we want it to detect, and it's protecting us from what we want to be protected against. So, it does its job. That's our need at the moment.

It has saved us time. Attackers are constantly trying to get hold of our environment. We've had around 20 to 30 breach attempts to get ahold of our environment. It protects us from that. It also protects us when an attempt is underway. We can see them starting to get into our network, so we can prevent it in time. The time saved varies. It can be days of work.

Its efficiency and security are the most important. We are more efficient and more secure.

We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.

There should be more integration with Microsoft Identity.

We get customer support through ITEA for a bunch of solutions. We get the help we need. I'd rate them a nine out of ten. You can always do better.

We haven't used any other solution for a long time. We have been a Cisco customer for a long period.

I was involved in its design. Some parts of the initial setup were quite easy and some parts were quite complex. We were quite early adopters of some parts of the Cisco brand, so we had some challenges, but overall, it was quite straightforward.

For some parts, we took the help of a third party called ITEA. Our experience with them was good.

We haven't calculated the overall ROI. There are different areas we use it for. For some management areas, we can calculate ROI, but in some areas, we can't.

You get what you pay for. It's always priced based on what you get and what it can handle. It's acceptable.

To those evaluating this solution, I'd advise finding out what you want to use it for. Our usage is quite basic. Overall, I am quite satisfied with what we are using it for.

Overall, I'd rate it a nine out of ten.

We are using it for security on everything from small customers to big data centers.

It is stable. We saw benefit from this in just a few days.

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower. Everything that I could wish for is in Firepower. We will probably not be doing too many new installations of ASAs since Firepower is mostly taking over.

I have been using it for 15 to 20 years.

It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.

There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.

The solution's scalability is very good.

We use it on customers who have two employees up to customers with 5,000 employees. It is also used for customers who have one site or several sites. It is all over the place

Cisco tech is always good and helpful. I would rate them as 10 out of 10.

Positive

I didn't use another solution previously.

All our deployments have been different. Some have been really easy and others have been really complex. It could go either way: some are complex and some are easy. The complex solutions could take days or a couple of weeks to deploy. Easy solutions take a day.

If it was a big project, there would be a pre-project identifying what we were going to do and making a plan for it, then we would realize that plan. If it was a smaller thing, we would just jump into it.

It was deployed in-house. Depending on the solution and its complexity, it could take a single person to a team of 20 people to deploy it.

Our return on investment is having a network that we don't need to think too much about. It works, and that is it.

Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money.

AnyConnect is an extra license. If you want the IDS/IPS things, those are usually extra too.

I evaluated Check Point, Palo Alto, and Fortinet, but Cisco won the race. Since we were already running most of our other networking with Cisco, it felt natural to land on Cisco.

I would rate the solution as 10 out of 10.