Cisco Secure Firewall Reviews

I have been using the Cisco ASA NGFW for about four months. Everything works fine right now. We have only been using this device for a very short period of time. 

• We have about 500 registered users and about 400-600 static users. 
• For 400 to 600 users with wireless devices, we use Cisco ASA NGFW to control device traffic. We're using the new web filters. 
• We use Cisco ASA NGFW as the bit application.

Thus far, we are using it as a web filter to filter the data against incoming traffic. We are an educational organization, so there is no gambling allowed. We don't want to allow students access to gambling sites or adult sites, etc. We use lots of web filters. That's the primary reason I installed the Cisco firewall. 

We are also happy with the Cisco ASA NGFW router firewall. It protects your small server infrastructure, but it's not complete. We purchased the Cisco ASA NGFW for the web filter. That's why we moved to the firewall.

Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization. 

We have an opportunity to grow now. The Cisco ASA NGFW firewall can be upgraded to another version, so it's better for us long term. It is much better because we can control the traffic that students are accessing and downloading. There are still a lot of improvements that can be done. 

For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections.

We installed a Cisco path a month ago. There was a new update for the Cisco firewall and there were security issues.

We like Cisco filtering as a firewall, but in the current market, Cisco's passive firewall is not unique. We don't have any warranty problems with Cisco. 

I asked our carrier several times to provide the exact gap code for me, but there is no Cisco dealer in our region. There is also no software accessibility with Cisco ASA NGFW. You can't always access the product that way. I also tried pfSense.

There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products. 

Cisco products are more supported by lots of companies who are producing technical services for cloud platforms. The certification is very easy in Georgia now. There are lots of people using Cisco in Georgia because their accessibility is better than the other products on the market. I also talked to several guys about the Barracuda firewall.

The Barracuda firewall is very expensive. You need to pay three or four thousand dollars every three months, so it's very expensive for us. We are not a big company.

For our users, there are rules for the students and staff have another RF for authorization. There are small file servers also within the domain controller. 

There is no special restriction for the students. They can print. They can visit outside websites online, but there is no gambling allowed at other sites.The students can access whatever they want over email or HTTP. Only the gambling and the betting sites, they cannot install the software. There are restrictions. 

The students can use their own mobile phones or wireless devices, whatever they want. They are using the shared public key authorization. Our institution doesn't have any restrictions about accessing legal data. Except in Georgia, we have a very big problem with gambling websites. There are a lot of gambling websites, so we are trying to restrict all of the gambling sites at our company. We have a contract for the next year. 

We are growing. In the next two years, we will have an additional 600 users, so we will double the capacity. We will see even more in the next three years. 

It will be like very tough. In about five-year cycles, you need to update the firewall and add other new Cisco devices for the next generation of innovation.

In five years, we will be ready for a complete upgrade cycle for everything. The stability and scalability of the Cisco ASA NGFW are good for when we need to grow. 

For the next five years, everything is fine. After that, we will see because there will be a lot of changes.

Technical support with Cisco is very good. We feel the company is very reliable and very competent. I have very good feelings about the future for project operations.

We had the old version of the Kerio firewall, but because in our country, there is no official dealer for Kerio, we moved to the Cisco ASA NGFW. This is the main reason why we moved to the Cisco firewall.

We announced the tender and bought this product with the installation plus setup included in the price. I was not involved in the installation or in the setup. 

The company just asked a consultant to do it. The whole process, after we announced the tender, took about one to two weeks. The consultant company installed the software. They also helped us to optimize other parts of the network such as the routers and switches.

The setup of the Cisco ASA NGFW was complex, not only for us as a firewall. We have now submitted another tender for a device router with two-node switchless support. We updated almost everything on the Cisco ASA NGFW with the core and distribution level software upgrades.

We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.

The Cisco license was not yearly. It was a yearly license for the firewall. For the router and switch, it was a lifetime license.

The other option we considered was Kerio. I tried to contact their office in Russia, but it is in the UK. I wanted to communicate with them because we cannot buy things without a warranty.

We considered buying Kerio products with the warranty, but they said we needed to send the device to them to repair it. This meant it would take too much time to replace it. In Georgia, we need a local distributor, i.e. a local representative here who we can work with, so that's the problem.

In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem.

I would rate Cisco ASA NGFW an 8 out of 10.

Our use cases include inbound access, outbound access, as well as VPN solutions, both site-to-site and for an incoming client. We wanted something that would do all those things at one time, as opposed to having separate boxes.

Our deployment is on-premises. We're looking at going into cloud-based with some of it. Meraki is the cloud-based version of the ASAs.

If we have a power failure at one building, traffic can be routed to our other building. We also have backup data stores. I live in the Northeast, so in the event of ice storms that cause power outages, it really enables us to keep functioning as a company rather than going dark for the amount of time it takes to get the power back.

The GUI makes configuring it much simpler than the command line.

They should work on making it a little more intuitive for users and not quite as complex. Still, it's a good product.

I've been using Cisco ASA Firewalls for 15 years.

It's very stable. We've had no hardware issues at all and only very infrequent software configuration issues.

It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go.

The technical support is very good. Whenever we call up Cisco, we get a rapid response. They help us in troubleshooting issues we have and we implement the solutions and go on.

Positive

For me, there wasn't a previous solution here. I inherited the solution when I came in.

From a security standpoint, the return on investment is hard to quantify. You've stopped something that was going to cost you money, but how do you quantify that? How many times did it stop something from coming in that would have cost you a bunch of money? You don't know.

We've compared it to other solutions, like WatchGuard and other types of firewalls in that same realm. Cisco ASAs are fairly priced and very competitive with them.

Some of the solutions we looked at had different GUI interfaces that might be a little bit easier to get around in, but they might not have had as many features. Cisco had the feature edge.

Look at the features and consider what your migration path may be. Some other vendors offer firewalls with great bells and whistles, but when you look beneath the surface, they don't do exactly what they say. Do your due diligence and make sure you see everything.

In terms of resilience, in general, if we have any box failure, being able to fail over to another box or to fail over to another site helps measurably. Cyber security resilience is important for all organizations. The number of attacks going on just increases every day. There's a cost-benefit to building cyber security resilience. You have to get past that and build as much resiliency as you can. If you worry more about cost than you do about your product or your productivity, something else is going to fail.

Maintenance of the ASA is just the security updates that we watch for and updating the client software.

It is the primary data firewall for our organization and our data centers.

We have faced multiple issues regarding bugs with Cisco Firepower products. A running product is hit with bugs most of the time, and we had a lot of challenges in using the Cisco Firepower product, actually. In the future, we are planning to replace it, or at least use it instead as a secondary firewall.

The content filtering is good. 

The maturity needs to be better. The product is not yet mature. A running product is hit with the software bugs most of the time, and whenever we then log a case with the tech team, they're sometimes helpless with that. They have to involve the software development team to fix that bug in the next release. It's not ideal. Being an enterprise product, it should be mature enough to handle these types of issues.

I've been using the solution for the last three years. 

The performance is okay, however, the product is not stable. It is all hit with CVL software bugs routinely. That portion requires attention from Cisco and the tech support in this area is somewhat delayed. An open ticket can sometimes take more than two to three months to resolve. For the production setup, it is tough to rely on the tech team alone for the closure of the case.

The solution is very scalable. 

Cisco support is always available. However, multiple times, it has been tough for them to fix the software bugs in the product. They have to then deploy their development team for the same ticket.

Earlier we used the Cisco ASA Firewall. Now, it has been phased out. Firepower is categorized as the next-generation firewall, however, we haven't found the utility of that level in this product. It lacks maturity at many levels.

We have two data centers at two geographical locations. We have two firewalls - one in one data center, at the perimeter, and another at a different location.

The initial setup was okay. We had more of an in-between partner doing the installation part since the product was also new to us. The product was part of my overall product solution. We procured a firewall and another ACL fabric portion for the data center. Overall, the solution installation took over seven to eight months.

We had two people assist with the deployment process. 

We used an integrator for deployment. Overall, the experience was positive. 

There is no ROI. It is functioning as a normal firewall, as a data center perimeter, however, we expected much more than that. At times, there has been downtime with the firewall, and our custom modifications have won at a very high level. The product has to be mature when it is being used at the enterprise level.

The solution offers mid-range pricing. We can get a cheaper product like Fortinet, and we can get a costlier product like Palo Alto, and these are all in the same category.

There's only one license based on the support. Cisco Firepower is priced on the support of the product that we require: with SSL and without SSL. Currently, we are not doing any SSL inspection. We have an ATP report firewall.

When we were looking for a product, we put it through tender and we put out specifications of the product that we required. Cisco had the lowest price. We evaluated the L1 after it was technically qualifying. That is how we acquired it.

We looked at Palo Alto, however, it was far too costly.

We are a customer and an end-user. 

It was earlier named Sourcefire. Cisco acquired that company and rebranded it as Firepower.

We are actually a public cloud provider. We offer data center services to clients.

I'd advise others considering the solution that, for implementation, the product needs some stability and maturity to be offered as a next-generation firewall at an enterprise level. If a company is in need of an enterprise-level solution, they need to be aware of this.

I'd rate the solution a five out of ten. 

The product needs maturity in terms of running without hitting a bug. We have used other products also. A running product is never hit with a bug. It is normally some vulnerability or something that needs to be attended to, however, a running product is seldom hit with a bug and the operation gets stalled. We rarely find this kind of thing in an enterprise scenario. That is what we ask from Cisco, to build a stable product before offering it to customers.

We primarily use the solution as a firewall for our data centers. We have a medium-sized data center right now. It's about six or seven servers. We actually store the data for students and schools and need to protect it.

Overall, the solution works very well.

The solution is quite fast. We found that the speed was good and the throughput was good.

The stability has been very good.

The solution can scale as necessary.

The product is quite robust and durable. 

The solution lacks the abilities of an FTD type which are the abilities we need, and they are not in the firewall. We're looking for a next-generation firewall instead.

The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI.

The solution needs to be easier to use. Right now, it's overly complicated. 

The initial setup is a bit complex. 

The cost of the solution is very high.

The product should add free URL filtering. It's another product, or part of another product, however, it should be available as part of this offering as well.

I've been using this solution for about seven or eight years at this point. It's been a while. 

The stability is excellent and the performance is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

The product can scale nicely. If a company would like to expand it, it can do so. 

We have about 10,000 schools use the solution in general, and 1,000 to 2,000 that use it simultaneously daily. 

I don't directly deal with technical support. Typically, that's something that others on the team deal with. We have our own team within the company that, if I run into issues, I would reach out to first. I can't speak to how helpful or responsive they are. I've never had a chance to contact them. 

I have not used other firewalls.

The initial setup is not easy or straightforward. It's a bit complex and a little difficult.

We have three engineers on staff. They are capable of handling any maintenance.  

The solution is quite expensive. Fortinet and other competitors are about half the price. Cisco is very expensive in comparison. They need to work to be more competitive.

We're currently looking into a new firewall - something that is Next Generation. We don't know what it will be yet, however, we are considering Cisco, Fortinet, or Palo Alto.

It's my understanding that Fortinet is better in graphics and has a better user experience than Cisco, however, I haven't had a chance to test anything out.

We're just a customer and an end-user. 

We no longer have an SLA for this solution. We're potentially looking for something new.

I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey.

In general, I would rate the solution at a seven out of ten.

We primarily use the solution for the various firewalls.

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There is one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

Before an ASA, it was a live log. It was easy and comfortable to work with. After the next-generation firewall, Firepower, the live log became really slow. I cannot reach the information easily or quickly. This has only been the case since we migrated to next-generation firewalls.

There is some delay between the log itself. It's not really real-time. Let's say there's a delay of more than 20 seconds. If they had a monitoring system, something to minimize this delay, it would be good.

It would be ideal if I could give more bandwidth to certain sites, such as Youtube.

I work with Fortinet also, and I find that Fortinet is easier now. Before it was Cisco that was easier. Now Fortinet is simpler to work with.

On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.

I've been using the solution since about 2003, when I originally implemented it.

The solution is extremely stable. We don't have any issues whatsoever. It doesn't have bugs or glitches. It works well. Occasionally, it may need patches, however, there's very little downtime.

The scalability of the solution is very good. We have no trouble expanding the solution.

They have multiple products that fit in multiple areas. They also have virtual firewalls, which are working well in virtualization systems. They have the data center firewalls feature for data centers. It's scalable enough to cover most of the use cases that might arise.

Cisco offers excellent technical support.  They're useful and very responsive - depending on the situation itself. Sometimes we require the support of agents and we've found Cisco to have one of the best support systems in the market.

I also work with Fortinet, and it's my sense that, while Fortinet is getting easier to use, Cisco is getting harder to deal with.

The initial setup is not complex at all. It's pretty straightforward.

A full deployment takes between two and three days. It's pretty quick to set up.

The pricing is neither cheap nor expensive. It's somewhere in the middle. If you compare it to Fortinet or Palo Alto, Fortinet is low and Palo Alto is very high. Cisco falls in the middle between the two.

As far as deployment options go, they often have more wiggle-room with discounts, especially for larger deployments. Therefore, in general, it ranges closer to Fortinet's pricing.

We're partners with Cisco, Fortinet, and Palo Alto.

I work with on-premises deployments and virtual firewalls, however, I don't use the cloud.

The solution works well for medium-sized enterprises.

Overall, I would rate the solution nine out of ten.

I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.

Our use for Cisco Secure is for the firewall. 

Network segmentation is the most valuable feature.

The dashboard can be improved. 

I have been using Cisco Secure Firewall for seven years. 

It is stable.

It is scalable. A thousand-plus users are using the solution in my company. 

The initial setup is straightforward. 

Pricing is high.

Overall, I rate the product an eight out of ten. 

I'm in network security, so I care more about security than the network architecture. I mostly just pull all the data out and throw it into Splunk. I use threat intelligence and some of the integrations like Talos. My company uses the product for east-west traffic, data center, and Edge.

The product is easy to manage and simple. It works with the rest of our Cisco products. You can drop in new ones if you need more performance. The training and documentation provided are good.

There's a little bit of a disconnect between Firepower’s management and the rest of the products, like DNA and Prime. The solution should have fewer admin portals for network, security, and firewalls.

I have been using the solution for a year and a half. My company has been using it for at least five years.

I haven’t had a product die. The products failover really fast, and we can cluster them. The product is definitely many nines of reliability.

I have contacted support in my previous jobs for things beyond firewalls, like servers, switches, and call centers. It's always been pretty good. They know their stuff. Sometimes we have to have a few calls to get really deep down into the issue. Eventually, we’ll get an engineer who's a senior and knows how to fix it. They do a pretty good job finding a resource that can be helpful.

In my previous jobs, I used Palo Alto and Fortinet. My current organization chose Cisco Secure Firewall because we use Cisco for the rest of our network, and it just made sense.

We have definitely seen a return on investment. It works pretty well. It is important to have everything work together. Our time is probably more valuable than our money. We're not going to go out and grab ten other network engineers to set up another complicated platform when we can just save the hassle.

The solution has improved our organization. I think my company was using Check Point back in the day. My company has 12 Cisco products. We used Palo Alto in my old organization. It’s what I'm most familiar with.

The application visibility and control with Secure Firewall are not bad. The product’s alerting is pretty good. There were a couple of things that surprised me about the solution. It works really well because we use it with Secure Client and Secure Endpoint. Sometimes the solutions can cross-enrich each other, which we wouldn’t get with a dedicated, standalone firewall.

The solution has helped free up our IT staff for other projects. We don't even have a dedicated firewall person. I sometimes do some stuff. Mostly the dedicated network admins run it, and they have time to do the rest of their job. Our whole network infrastructure team's only five to six people, and they can manage multiple sites across all different firewalls. It's not unreasonable to demand at all.

The product has helped us consolidate tools and applications. If we were using another solution, we would have had their firewall, management plane, and other appliances to back that up. Having a product in the Cisco universe definitely does help. It's all right there when we're using Secure Client and Umbrella. I want more of what Cisco Identity Services Engine and DNA do. I don't like switching tabs in my browser.

We use a relatively basic subset of Cisco Talos for general threat intel. It's definitely helpful. It's mostly about just getting the Talos definitions into the firewall so it can do all the heavy lifting so we don't have to. Now that Cisco has the XDR product, it will probably make it even more useful because then we can combine the network side, the security operations, and the threat intelligence into one thing to work harder for us.

Cisco Secure Firewall has definitely helped our organization improve its cybersecurity resilience. I like the IDS a lot. The definitions work really well. Making custom ones is pretty trivial. We don't have to do complicated packet captures or anything of that kind.

My advice would be to lean really hard on your sales engineer to explain the stack to you. There's definitely a learning curve to it. Cisco does things in a very particular way that's maybe a little bit different than other firewall vendors. Generally, it's pretty helpful talking to post-sales about what you need because you're probably not going to be able to figure it out. It's definitely a pretty top-shelf tool. If an organization already uses Cisco, they probably want to invest in the solution.

Overall, I rate the solution an eight out of ten.

We are mainly using it as a VPN gateway and edge firewall.

It helped us with the transition to working from home and hybrid working. Because of its VPN capabilities, it enabled us to keep working while everyone had to stay home because of COVID.

It integrates well with other systems within our environment. 

I like its integration with the AnyConnect client. I also like how modular it is. For example, I can easily integrate the Umbrella add-on into it. We are planning on adding Umbrella. We haven't added it yet, but we have researched it.

One big pain point I have is the ASDM interface because it's Java, and sometimes, it's a bit buggy and has low performance. That's something that probably won't be improved because of backward compatibility. 

The CLI is not always clear. It's not always intuitive.

Some of the things, such as site-to-site VPN, are complicated to set up. The settings you have are all hidden away in crypto maps, and you can't have a setting per tunnel. When you want to change one particular tunnel, you automatically change them all. That's a drawback.

We've been using the Cisco ASA firewall for about two years.

It's reliable.

I haven't had much contact with their tech support. We have a partner called Fundamentals for support. They're good. I'd recommend them.

We have a Palo Alto core firewall, and we handle threat detection and intrusion prevention on that device. We don't use Cisco ASA for detecting or remediating threats.

Compared to other systems that I have used in the past, Cisco ASA is reliable, and it's not a very big hassle to set up. It's very good, and it just does its job. 

It's not a very big hassle to set up. It's a bit complex when you go into different topics that aren't the basic capabilities, such as when you go above VPN and basic ACL configuration, but all in all, it does the job.

I'd rate it a seven out of ten because of the ASDM, non-intuitive CLI, and complication of setting some of the things.