Cisco Secure Firewall Reviews

The primary use case is as one-layer protection of our OT network. The way we're set up is that we have our OT network behind the commercial network, and we do dual firewalls. We've Cisco firewalls on the commercial network side and a different vendor and a different management group on the OT network side.

It's a good solution. It's in some ways a reactive solution where we have it sitting in a whitelist mode rather than a blacklist mode. So, we are blocking everything and permitting specific things, and it seems to work fairly well for us.

It hasn't necessarily freed up the time, but it has helped in securing the infrastructure and the OT network behind it. The intent of this particular solution is not time-saving. It's not a cost solution. It's meant to isolate and control access to and from a specific set of infrastructure.

It allows us to get access. We're seeing more and more that business systems like SAP are looking to get access to OT systems, and this is how our systems get that.

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls.

We've been using Cisco firewalls for 10 years or more.

It has been a very stable solution. If you keep it up to date and do sensible management on it, it's a very stable solution.

So far, in this use case, it has met our scalability requirements in terms of traffic and management.

We have an excellent account team, and they go to bat for us inside of Cisco. We also have access to TAC and things like Smart Net, and all that seems to go very well. It's a good team. I'd rate them a nine out of ten.

Positive

We weren't using anything similar in this particular use case. We chose Cisco because they originally came on the recommendation of our networking partner. They came in with a strong recommendation from a strong partner.

I wasn't involved in its deployment. That was before I started working in this space.

In this specific use case, the biggest return on investment is that we do not have incidents, and this ultimately, in some of our factories, ends up being a health and human-safety use case.

We've gone to all smart licensing, so that works well. 

Understand what you're trying to protect and what you're trying to protect it from, and then also understand how the solution is managed.

I'd rate Cisco Secure Firewall a nine out of ten.

We are primarily using the solution for VLAN implementations and also for remote VPN capability - basically it's used for connecting to remote offices securely.

After implementing tools, including Cisco ASA, unauthorized access comes down a lot. We are not facing asset issues as of now. We are not facing an issue related to malicious traffic or any bad activity in our network.

The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.

It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.

Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.

They are best-in-class.

The remote VPN feature is one of the best features we've found. 

We like that there is two-factor authentication on offer.  We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.

Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.

When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products. 

There are multiple features in a single appliance, which is quite beneficial to us.

Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.

We have not had any security breaches. 

They provide a helpful feature that allows us to configure email. 

We are getting a lot from the appliance in real-time.

There's an upgraded version of the 5500 that has come to the market. It offers the latest encryption that they have. If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve. The rest is good.

We've been using the solution for about five or more years at this point. It's been a while. 

The stability and availability are very good. there are no bugs or glitches. It doesn't crash or freeze. it's a reliable solution. 

We have it in our infrastructure for around 15 plus users, including Fortinet sites.

We have found that whenever the traffic spikes at peak times, the product automatically scales up to the requirement. We have also implemented the single sign-on it, and therefore, it automatically scales up. We haven't felt any limitations. Currently, we are using it for 1500 plus users. At any given time, there are around 700 plus users available in the office. It's a 24/7 infrastructure. We have tested it for up to 750 plus users, and it's perfectly fine.

Technical support is excellent. they are always available, no matter the time of day, or day of the week. We are quite satisfied with their level of support. They are quite helpful and very responsive. I'd rate them at a ten out of ten. They deserve perfect marks.

We did not previously use a different solution. When the office was launched we implemented Cisco as a fresh product.

We are using a Cisco ASA Firewall, as well as Sophos at the remote sites. We are using another product is for log collecting. There are three solutions that basically cover us for security purposes. Those, at least, are the physical devices we are using as of now. The rest are cloud solutions such as Nexus. 

That said, I personally, have used Sophos XG as a firewall in the past. Sophos is good in terms of traffic blocking and identifying interruptions to the traffic. The features are better on Cisco's side. For example, there is two-factor authentication and a remote VPN. The only benefit I found in Sophos was the way it dealt with the traffic. 

The initial setup was not overly complex or difficult. It was quite straightforward and very easy to implement. 

Deployment takes about 20 to 25 minutes. 

In terms of the implementation strategy, at first, we put up the appliances in the data center. After that, we connected it with the console. After connecting the console, we had an in-house engineer that assisted. Cisco provided us onboarding help and they configured our device for us. We have just provided them the IP address and which port we wanted up. Our initial configuration has been done by them.

While most of the setup was handled in-house, we did have Cisco help us with the initial configurations.

The ROI we are getting from Cisco ASA is higher availability, which we are getting all the time. On top of that, it's good at blocking traffic and protecting us from cyber-crime issues.

The pricing is pretty reasonable. it's standard and comparable to other solutions. The maximum difference between products might be $20 to $40. It's not much of a difference. 

We did not evaluate other solutions. We trust Cisco. It's a very good product and well known in the market.

We are a customer and an end-user.

We are using physical Cisco appliances.

We use a lot of Cisco products, Cisco router (the 3900-series routers), and Cisco switches.

In the next quarter, we will implement SD-WAN. Once the SD-WAN is implemented, then we will go with an automated policy and DNS kinds of tools. We are in the process of upgrading to Cisco ASA Firepower in the next quarter. We have not integrated Cisco ASA with Cisco's SecureX solution.

I'd recommend the solution, especially for medium-sized or larger companies and those who are looking for long-term solutions (for example those with a user base of around 2,000 plus users in and around 20 plus applications). It's reliable and offers users a lot of features. This helps companies avoid having to rely on other third-party solutions.

If you are new to Cisco, you should take advantage of the education they have on offer. Cisco provides access to training and it's worth taking advantage of this.

Overall, I'd are the solution at a nine out of ten.

The solution is primarily used for protecting the environment, or the cloud environments for our customers.

All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features. 

The implementation is pretty straightforward.

The security market is a fast-changing market. The solution needs to always check if the latest threats are covered under the solution. 

It would always be helpful if the pricing was improved upon a bit.

In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.

We've been using the solution for about five or more years at this point.

The solution is stable. It's very reliable. It doesn't crash or freeze and doesn't seem to be plagued by bugs or glitches.

The solution can scale quite well. A company that needs to expand it can do so easily.

In our case, we have clients with anywhere between 1,000 and 10,000 users.

We have our own in-house team that can assist our clients should they need technical support. They're quite knowledgeable and can handle any issues.

I also have experience with Fortinet and Check Point.

The implementation isn't complex. It's straightforward. However, it also depends on the specifications of the customer. Normally we check that out first and then we can make a judgment of how to best implement the solution.

Typically, the deployment takes about two days to complete.

In terms of maintenance, we have about five people, who are engineers, who can handle the job.

We deliver the solution to our customers.

You do need to pay for the software license. In general, it's a moderately expensive solution. It's not the cheapest on the market.

We're a partner. We aren't an end-user. We are a managed security provider, and therefore we use this solution for our customers.

We always provide the latest version of the solution to our clients.

Typically, we use both cloud and on-premises deployment models.

I'd recommend the solution to others. It's quite good.

On a scale from one to ten, I would rate it at an eight.

We use it for our university department firewall. It replaced our 12-year-old Cisco ASA 5520, which used to protect web servers, mail servers, SVN repositories, office computers, research computers, and computer labs. It was used for blocking the internet for exams. It was not used for IPS, so we did not buy the new threat protection or malware license. We connected it to a Layer 3 switch for faster Inter-VLAN routing.

It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.  

• Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. 
• I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
• Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
• I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
• I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
• I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
• It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
• The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
• While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.
  

• It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center. It would be nice to have a Windows program instead of a virtual appliance for the Firepower Management Center.  The ASA and Firepower module seem redundant, not sure which one to set the rules in, but maybe that was for backward compatibility. I am not sure that is very useful.
• It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it.
  
• 10Gb interfaces should be available on more models. 
  

ASA pricing seems high compared to other firewalls, such as the Sophos XG models. 

The licensing features are getting more complicated. These should be simplified. 

I'm a design consultant. We primarily use the product to secure various client networks, major infrastructure, highways, and urban surveillance.

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

I would like to see an IE version of the solution where it is ruggedized. Most of what we do is infrastructure based on highways. Now that the product has a hardened switch, the only thing left in our hubs that isn't hardened is probably the firewall. It would be nice to pull the air conditioners out of the hubs.

I have been using the solution for 20 years.

I've never had a stability problem with firewalls.

The solution seems to be very scalable. I probably don't have much experience with scalability because, by the nature of how our networks work, we don't scale them; we just add another one.

Support is very good. I've never had a problem with any form of support.

Positive

I used only a couple of other products over the years due to client preference. In general, Cisco Secure Firewall is easier to deploy mostly because of the depth of personnel trained in it. Every other product seems to be a niche thing that two people know, but Cisco once again seems ubiquitous throughout the industry. Our customers choose Cisco for various reasons, from cost to a preference for Cisco. It meets the task that they need to meet. It's really the spectrum.

The deployment is pretty straightforward. It's the same as deploying any other Cisco equipment. If you know what you're doing, it's not a huge deal.

I believe our clients have seen an ROI. Their networks are more secure. Various agencies have tested a few of them to prove it, and they've proven okay. Since they weren't attacked, they have received an ROI.

The licensing is not so bad. The solution’s pricing could be lower. It's not horrible, though.

The application visibility and control are pretty good. It seems to do everything we've ever needed it to do. I've never asked the product to do something that it couldn't do. The solution has been pretty successful at securing our infrastructure from end to end. Most of our client’s staff have reported that the product is not as maintenance intensive as they would like. They never had to deal with maintenance before, but now they do. We deploy new systems for our clients.

I haven't had much experience with Cisco Talos directly. I know it's there, but I haven't really been involved. I haven't experienced it, which I believe is a good thing. It's doing its job if I don't have to get involved with it. The product has definitely helped improve our organization’s cybersecurity resilience. We weren't secure at all before, and we are a known target since we’re based in infrastructure. The solution has been very helpful in providing security.

It is a good product. I would definitely look into it. There is great value in going to a partner to a reseller to deploy the product. They understand the equipment and have expertise. Normally, they're local, so local knowledge is always useful. They have done deployments before, so sometimes they know tips or tricks that aren't in the manuals.

People evaluating the solution should give it a look. Definitely, it is worth taking a look at it.

Overall, I rate the product a nine out of ten.

To safeguard our clients' system data and related aspects, we rely on Next-Generation Firewalls as a system integrator. In particular, we use Cisco Secure Firewall for enhanced security measures.

We have provided our services to the National Information Center in Riyadh, which is a government database. They installed Cisco Secure Firewall systems and have given us positive feedback, which is why most of the areas prefer to use Cisco. To date, we have not received any negative feedback from our clients regarding any issues, such as hacking. Everything has been secure, and I hope it stays that way in the future.

Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial.

In today's world, cyberattacks have become a common occurrence. However, so far, we have not faced any issues with our systems. I hope the situation remains the same in the future. If Cisco introduces even more advanced security measures, it would be beneficial.

One of the major issues we face in the Middle East is the long delivery time for Cisco products. Currently, they are taking almost 10 months to deliver, which is much longer compared to before when we received the products within 70 to 80 days or even two to three months. For instance, we recently placed an order that has a delivery date in the middle of 2024. This delay is unacceptable as customers cannot wait that long, and they may opt for other alternatives, such as Huawei, Juniper, or HPE. Therefore, Cisco needs to improve its delivery time and ensure that they deliver products within a reasonable timeframe, as it did before.

I have been working with Cisco Secure Firewall for more than 10 years.

We have not encountered any stability issues. The only issue we faced was with another company that did not have proper cooling systems in their data center.

The scalability of the Cisco Secure Firewall is excellent.

A few years ago, we faced an issue with some of our devices in Saudi Arabia, and we reached out to Cisco for assistance. They responded promptly and repaired our devices within the given time frame. While the delivery time for their solutions in the Middle East may be longer, Cisco still delivers their solutions on time, whether it's for repair or new orders. Even if the delivery time is up to a year, Cisco ensures that our products are provided on time.

I rate the support from Cisco Secure Firewall a ten out of ten.

Positive

As a system integrator, our primary focus is not on selling products, but rather on providing comprehensive solutions to our customers, starting from scratch and ensuring everything runs smoothly. In this regard, we rely heavily on Cisco devices, including switches, routers, code devices, NK, Nexus, 7000, and 9000. We also use other Cisco products, such as IP phones and access points. In Saudi Arabia, Cisco is the most popular brand in the market, but its popularity is declining due to prolonged delivery times. Customers cannot afford to wait a year, and this is the primary reason for the decline in demand.

The prices of Cisco Secure Firewall are competitive, especially for us as Cisco partners. We purchase the products directly from Cisco as a gold partner, which allows us to obtain better pricing than we would get from normal distributors or the local market.

Our current company, SNC ICT, is already a Cisco Gold Partner. We are actively involved in investing, purchasing, and selling Cisco products to our customers, as well as performing installations, configurations, and providing other related services.

In the Middle East, most people with a budget opt for Cisco. However, I do not have any information about the preferences in Europe, South Asia, or Asia.

We are using it for security on everything from small customers to big data centers.

It is stable. We saw benefit from this in just a few days.

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower. Everything that I could wish for is in Firepower. We will probably not be doing too many new installations of ASAs since Firepower is mostly taking over.

I have been using it for 15 to 20 years.

It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.

There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.

The solution's scalability is very good.

We use it on customers who have two employees up to customers with 5,000 employees. It is also used for customers who have one site or several sites. It is all over the place

Cisco tech is always good and helpful. I would rate them as 10 out of 10.

Positive

I didn't use another solution previously.

All our deployments have been different. Some have been really easy and others have been really complex. It could go either way: some are complex and some are easy. The complex solutions could take days or a couple of weeks to deploy. Easy solutions take a day.

If it was a big project, there would be a pre-project identifying what we were going to do and making a plan for it, then we would realize that plan. If it was a smaller thing, we would just jump into it.

It was deployed in-house. Depending on the solution and its complexity, it could take a single person to a team of 20 people to deploy it.

Our return on investment is having a network that we don't need to think too much about. It works, and that is it.

Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money.

AnyConnect is an extra license. If you want the IDS/IPS things, those are usually extra too.

I evaluated Check Point, Palo Alto, and Fortinet, but Cisco won the race. Since we were already running most of our other networking with Cisco, it felt natural to land on Cisco.

I would rate the solution as 10 out of 10.

The way we've installed Firepower was for the migration process. For example, there was a data center consolidation, and therefore we had to move everything. We offer data center products to our customers across VPN funnels. We had to move away from older ASAs, so it's a lift and shift. We move older ASAs, which were dispersed in many sites, and we consolidated a couple of services in a single site. Firepower was left there in place. I came in and I took over the administration duties, and now I'm trying to put everything together in a way that it makes sense.

With Firepower, they have better hardware. It's fitted for more throughput, more load. I'm trying to centralize service delivery on this high-availability pair and move all the remote access to Firepower. Then, it's all part of a transition process from a hybrid cloud to a full cloud deployment on a cloud provider. It's mostly just a necessary pain, until we move away from our on-prem deployments. Currently, I'm working with Azure, etc. and I try to look at the main design of the whole process, even though it's going to take two years. 

COVID has also made everything very, very slow for us as we try to move away from our initial plan.

The 2100 models are extremely useful for us.

It's got the capabilities of amassing a lot of throughput with remote access and VPNs. 

They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me.

We've been using the solution for about a year.

The solution is pretty solid in terms of stability, however, I prefer Palo Alto. For the enterprise world, it's better to have Palo Alto. For the service provider field, Firepower is quite well suited, I'd say. That said, Palo Alto, is definitely the enterprise way to go. For a smaller deployment, you can also go with FortiGate. It's simple, however, it works for smaller offices.

The scalability of the product is pretty good. If you need to expand it, you can do so with relative ease.

The technical support is amazing. They do reply quickly, and often within an hour. It's been great. I've worked at Cisco before, however, with the type of contract we are in, I find it super fast right now. We're quite satisfied with the level of support.

I don't have any knowledge as to what the product costs. It's not part of the business I deal with.

Palo Alto, it's my understanding, is a little more expensive, however, it depends on the users and on the design. It always depends on the contract

We're just customers. We don't have a business relationship with Cisco.

It's a solid, reliable product, however, if it's right for a company depends on the use case and the size of the organization. For a startup, this might not be a suitable option.

Overall, I'd rate this solution nine out of ten. As a comparison, if I was rating Palo Alto, I would give it a ten out of ten.