In the security portfolio from Cisco, the issue is marketing. Cisco is still seen primarily as an enterprise network player rather than being acknowledged as a security vendor. Cisco offers a vast array of potent security products, yet the global market hasn't fully accepted Cisco as a top security provider. Palo Alto, for instance. They have made their mark in the global market, leading in firewalls and building robust security portfolios.
Some GUI modules have extended prices compared to other vendors, which isn't ideal. Cisco is a scalable product, but it is expensive compared to other vendors. Huawei, Netgear, and FortiGate all offer scalable solutions at a lower cost. There is room for improvement in licensing.
I would like upgrading iOS to be a bit easier. If you want the old version to continue running, that should be a bit easier. People have made many apps to do that online, but if Cisco could have that at the click of a button to quickly download or upload it, after which everything starts to work, that would be good. Sometimes, setting up your TFTB is difficult even though there are tools now. There should be something that would make it much easier where I just have to download, upload it into the iOS, and start it up.
We’ve implemented the Cisco firewall along with additional security licenses. These licenses have been configured and the system is adequately protected. The entire process takes some time, but the most time-consuming part is creating the region and applying the necessary security policies to it.
The weakness of Cisco's products is that it has higher prices for even its lowest configurations. Cisco has to come a little forward with its products. Cisco very slowly introduces and implements the products, unlike other brands.
We cannot directly upgrade the system. The tool's deployment is also very difficult in legacy environments. The tool needs to have bigger ports as well.
The security of the solution has room for improvement. The solution is complex and can be more user-friendly. The stability and scalability can be improved.
The solution is not user friendly and it is hard to manage the GUI interface. This is an ongoing CISCO problem. The solution needs Active/Active firewalls to have good load balance with high availability. The firewalls should work simultaneously, not just as failovers.
Pre-Sales at a computer software company with 501-1,000 employees
Reseller
2022-10-12T12:24:26Z
Oct 12, 2022
An area for improvement in Cisco IOS Security is the performance because it's not as stable sometimes. There's also some latency in the solution, which could be improved. Cisco IOS Security integrates with other solutions, but you'll encounter many errors after integration, so this is another area for improvement. I'd like to see enhanced performance and a simplified setup in the next version of Cisco IOS Security.
Operations Specialist - MX Operations at Bank Alfalah Limited
Real User
2022-08-29T15:19:36Z
Aug 29, 2022
It takes too much time to deploy a policy to FMC. It takes around eight minutes. You can't afford any downtime when you're changing policies. The update process could also be smoother. They could improve the FirePOWER integration to reduce the time needed to update to the newer version. Sometimes, in the middle of the update, the process starts, but it doesn't find the new installation, so we have to force it to run that particular part.
How to improve the solution depends on the usage. Sometimes I find it difficult to manage. Some configurations are difficult for new engineers, for example. It could be more flexible.
The graphical user interface or the GUI could be better. Beginners can use some devices with the GUI, but some security devices are configured using CLI. It would also be better if it had its own Intrusion Protection Service and Intrusion Detection Service on the server.
Cisco IOS Security could improve its security features. There are competitors that have some additional security features, such as Fortinet FortiGate. Additionally, there should be better synchronization with Cisco IOS Security and other vendors, and improved AI features would be beneficial.
Sr. Security and Enterprise Architect at a security firm with 11-50 employees
Real User
2021-12-03T15:39:00Z
Dec 3, 2021
There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time. Some additional features could be improved. For example, the licensing for DNA environments could be better. In some countries, the end-user does not want to go to orchestration/automation environments. They just want to have a small network for their small budget and they never will go to these environments. They consider it unfair that they have to pay for a license/subscription that will never be used.
It's a good device yet it's not a market leader. There are better options for customers to choose from. There could be a bit more functions on offer that could make it easier to use.
Sr. Security and Enterprise Architect at a security firm with 11-50 employees
Real User
2021-04-01T09:54:31Z
Apr 1, 2021
I think they should bring back remote VPN for users. However, I understand the attempt is to have these functions inside the firewalls and not the routers or the IOS devices.
Technical Lead at a tech services company with 10,001+ employees
Real User
2020-12-23T10:57:32Z
Dec 23, 2020
It would be ideal if the solution had more capacity. Right now, we are almost hitting the maximum capacity of the product. If they could provide more capacity for the same product, that would be great.
Field Solutions Engineer at a computer software company with 1,001-5,000 employees
MSP
2020-09-29T05:58:00Z
Sep 29, 2020
With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle. My expectation is that it will remain a primarily command-line-based technology. The biggest annoyance is probably the quality control of the code. They have to make sure that they are better at vetting bugs and software issues before they release code to the general public.
Vice President - Network and Infrastructure at NJA LLC
Real User
2020-09-27T04:10:08Z
Sep 27, 2020
I think the user interface for IOS Security needs to be improved. I think the signature updates and all the other critical definitions need to be updated more frequently.
A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then. Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products. I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.
Managing Director at a computer software company with 51-200 employees
Real User
2020-09-21T06:33:00Z
Sep 21, 2020
The pricing of the solution can be improved. It's not cheap. It's quite expensive. The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it.
Chief Technology Officer at Future Point Technologies
Reseller
Top 5
2020-08-11T06:17:00Z
Aug 11, 2020
I would love it if it has a link-by-link feature, integration with Unified Threat Management (UTM), and load balancers. They haven't got any link-by-link feature right now, which can be a very attractive option. This link-by-link feature can also be made available for Cisco's UTM firewalls. The link-by-link feature is available in some of the other firewalls. Currently, integration with UTM is missing. Cisco IOS Security also doesn't have the load balancers and a few things that need to be done to get a good UTM firewall. Normally, other firewalls have UTM. As a next-generation firewall, it's good, but as a UTM, it has to do some work.
I think setup could be one area for improvement. I would also like to see them add integration with cloud solutions like Umbrella, as well as some monitoring improvements. This would let us connect a new platform and cloud solution for a site.
I wish it would be more like the next generation firewall technology. There should be more selection between the application and filtering. I would appreciate updates to reporting, in terms of data entry.
Product Manager - Wireless / IT Support Manager at a tech services company with 51-200 employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019
If they could increase the performance a little better because the device sometimes gets slow. If they could increase the performance it would be great.
With Cisco IOS, especially the routers, don't have like long-term tendency features, or high availability features available for the IOS. Also, it could use a better user interface.
We don't love everything about the product. For now, it's what we're using. It's okay. It is difficult to set up. The training is okay. The pricing is standard. It will be great if they can make it more easy to use the features. The interface is not user-friendly, but a normal IT technician can handle it. Most of the features only work with Cisco equipment. It's about connectivity. Most of their features are meant for Cisco. You cannot integrate them with any other vendor. Cisco needs to be more flexible with the integration of other solutions.
Networks Lead Engineer at a mining and metals company with 1,001-5,000 employees
Real User
2019-06-23T09:40:00Z
Jun 23, 2019
I think it's a complicated product. It is very complicated, especially in the design. If in some way you mess up the logic and design, you can really mess up and you will hate your life. The dashboard is actually very complicated. There's a lot of options. They don't need to do this. They need to make it more simple. Going to the direct point, showing what to do, where to configure, how to make the policy. They need to simplify the dashboard management more. Also, they need to improve the dashboard statistics. We need to see the statistics in a more organized way and clear. Reporting features, I think are also missing. It should be there. Maybe they need to add in posturing. Cisco is able to check if a device is updated or not. Taking action to isolate it outside the network, and then requesting automatically for the updates to that system would be helpful. It's something in automation they can improve.
There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing.
Cisco IOS Software delivers a sophisticated set of security capabilities for a comprehensive, layered security approach throughout your network infrastructure. Cisco IOS security technologies help to defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
In the security portfolio from Cisco, the issue is marketing. Cisco is still seen primarily as an enterprise network player rather than being acknowledged as a security vendor. Cisco offers a vast array of potent security products, yet the global market hasn't fully accepted Cisco as a top security provider. Palo Alto, for instance. They have made their mark in the global market, leading in firewalls and building robust security portfolios.
Some GUI modules have extended prices compared to other vendors, which isn't ideal. Cisco is a scalable product, but it is expensive compared to other vendors. Huawei, Netgear, and FortiGate all offer scalable solutions at a lower cost. There is room for improvement in licensing.
Cisco IOS Security should improve its functionalities.
I would like upgrading iOS to be a bit easier. If you want the old version to continue running, that should be a bit easier. People have made many apps to do that online, but if Cisco could have that at the click of a button to quickly download or upload it, after which everything starts to work, that would be good. Sometimes, setting up your TFTB is difficult even though there are tools now. There should be something that would make it much easier where I just have to download, upload it into the iOS, and start it up.
We’ve implemented the Cisco firewall along with additional security licenses. These licenses have been configured and the system is adequately protected. The entire process takes some time, but the most time-consuming part is creating the region and applying the necessary security policies to it.
The product's technical support services need improvement.
The weakness of Cisco's products is that it has higher prices for even its lowest configurations. Cisco has to come a little forward with its products. Cisco very slowly introduces and implements the products, unlike other brands.
The solution’s setup process could be better. It is complex regarding troubleshooting, and only highly skilled engineers can resolve it.
We cannot directly upgrade the system. The tool's deployment is also very difficult in legacy environments. The tool needs to have bigger ports as well.
Cisco IOS Security's monitoring is rather rudimentary and could be improved.
The security of the solution has room for improvement. The solution is complex and can be more user-friendly. The stability and scalability can be improved.
The solution is not user friendly and it is hard to manage the GUI interface. This is an ongoing CISCO problem. The solution needs Active/Active firewalls to have good load balance with high availability. The firewalls should work simultaneously, not just as failovers.
An area for improvement in Cisco IOS Security is the performance because it's not as stable sometimes. There's also some latency in the solution, which could be improved. Cisco IOS Security integrates with other solutions, but you'll encounter many errors after integration, so this is another area for improvement. I'd like to see enhanced performance and a simplified setup in the next version of Cisco IOS Security.
It takes too much time to deploy a policy to FMC. It takes around eight minutes. You can't afford any downtime when you're changing policies. The update process could also be smoother. They could improve the FirePOWER integration to reduce the time needed to update to the newer version. Sometimes, in the middle of the update, the process starts, but it doesn't find the new installation, so we have to force it to run that particular part.
How to improve the solution depends on the usage. Sometimes I find it difficult to manage. Some configurations are difficult for new engineers, for example. It could be more flexible.
The graphical user interface or the GUI could be better. Beginners can use some devices with the GUI, but some security devices are configured using CLI. It would also be better if it had its own Intrusion Protection Service and Intrusion Detection Service on the server.
Cisco IOS Security could improve its security features. There are competitors that have some additional security features, such as Fortinet FortiGate. Additionally, there should be better synchronization with Cisco IOS Security and other vendors, and improved AI features would be beneficial.
While Cisco IOS Security is stable and scalable, I would like to see it improved to be even better.
There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time. Some additional features could be improved. For example, the licensing for DNA environments could be better. In some countries, the end-user does not want to go to orchestration/automation environments. They just want to have a small network for their small budget and they never will go to these environments. They consider it unfair that they have to pay for a license/subscription that will never be used.
It's a good device yet it's not a market leader. There are better options for customers to choose from. There could be a bit more functions on offer that could make it easier to use.
I think they should bring back remote VPN for users. However, I understand the attempt is to have these functions inside the firewalls and not the routers or the IOS devices.
The configuration should be easier in the solution.
It would be ideal if the solution had more capacity. Right now, we are almost hitting the maximum capacity of the product. If they could provide more capacity for the same product, that would be great.
With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle. My expectation is that it will remain a primarily command-line-based technology. The biggest annoyance is probably the quality control of the code. They have to make sure that they are better at vetting bugs and software issues before they release code to the general public.
I think the user interface for IOS Security needs to be improved. I think the signature updates and all the other critical definitions need to be updated more frequently.
A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then. Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products. I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.
The pricing of the solution can be improved. It's not cheap. It's quite expensive. The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it.
I would love it if it has a link-by-link feature, integration with Unified Threat Management (UTM), and load balancers. They haven't got any link-by-link feature right now, which can be a very attractive option. This link-by-link feature can also be made available for Cisco's UTM firewalls. The link-by-link feature is available in some of the other firewalls. Currently, integration with UTM is missing. Cisco IOS Security also doesn't have the load balancers and a few things that need to be done to get a good UTM firewall. Normally, other firewalls have UTM. As a next-generation firewall, it's good, but as a UTM, it has to do some work.
External threats are changing every day, so there are new features coming in. We're more into the command line interface rather.
In the next release of this solution, we would like to see support for the 100BT and 7000 models. We have experienced bugs in the solution.
I think setup could be one area for improvement. I would also like to see them add integration with cloud solutions like Umbrella, as well as some monitoring improvements. This would let us connect a new platform and cloud solution for a site.
I wish it would be more like the next generation firewall technology. There should be more selection between the application and filtering. I would appreciate updates to reporting, in terms of data entry.
If they could increase the performance a little better because the device sometimes gets slow. If they could increase the performance it would be great.
With Cisco IOS, especially the routers, don't have like long-term tendency features, or high availability features available for the IOS. Also, it could use a better user interface.
We don't love everything about the product. For now, it's what we're using. It's okay. It is difficult to set up. The training is okay. The pricing is standard. It will be great if they can make it more easy to use the features. The interface is not user-friendly, but a normal IT technician can handle it. Most of the features only work with Cisco equipment. It's about connectivity. Most of their features are meant for Cisco. You cannot integrate them with any other vendor. Cisco needs to be more flexible with the integration of other solutions.
I think it's a complicated product. It is very complicated, especially in the design. If in some way you mess up the logic and design, you can really mess up and you will hate your life. The dashboard is actually very complicated. There's a lot of options. They don't need to do this. They need to make it more simple. Going to the direct point, showing what to do, where to configure, how to make the policy. They need to simplify the dashboard management more. Also, they need to improve the dashboard statistics. We need to see the statistics in a more organized way and clear. Reporting features, I think are also missing. It should be there. Maybe they need to add in posturing. Cisco is able to check if a device is updated or not. Taking action to isolate it outside the network, and then requesting automatically for the updates to that system would be helpful. It's something in automation they can improve.
There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing.
I would like to see much more embedded security that works and that isn't a bolt-on.