Our main use cases include segmenting different networks for IPS and IDS, using it for basic firewall purposes, controlling ACLs, and monitoring traffic to identify issues within the network.

Currently, I find the event viewer feature of Cisco Secure Firewall very useful as it visually displays what is being blocked or allowed by the ACL. I also appreciate the improved visual presentation of the ACL layout. 

We have many different opportunities to share incidents with individuals on how traffic flows through the network, and we utilize Cisco Secure Firewall features such as network packet inspection to ensure that policies are applied correctly and to monitor traffic for what is blocked, allowed, or denied.

Cisco Secure Firewall's ability to unify policies across our environment is pretty good. 

We can deploy different features and ACLs between various firewalls easily with the FMC, which has improved significantly from the initial deployment time, which was once poor and is now manageable for multiple firewalls.

We use the new AnyConnect or Secure Connect VPNs, which works pretty well. Although we haven't switched to the latest series to utilize the VPNs fully, I appreciate the deployment phase where we can track our deployment progress.

What stands out positively about Cisco is their training and support, which has effectively prepared engineers to work with their products. When hiring, I find it beneficial that most network engineers are familiar with Cisco, whereas I might question the expertise of those trained with Palo Alto or Fortinet.

Performance-wise, Cisco seems to be the best. For instance, my sister company uses Palo Alto and Juniper and reports a high RMA rate. In contrast, we have only RMAed one Cisco Secure Firewall in six years, indicating stability and dependability.

The interface of Cisco Secure Firewall works effectively once you become familiar with its layout, although hiring engineers requires training on the platform, especially as updates occur. They should prioritize adding to the existing product rather than overcomplicating it with new features that may not be necessary.

Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities.

Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. 

My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time.

For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. 

If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.

I have been using Cisco Secure Firewall for about six years.

The process of expanding the usage was fairly smooth. My assessment of the stability and reliability of Cisco Secure Firewall is great from a hardware perspective, yet only okay from a software perspective. 

I have experienced downtime crashes and performance issues. Specifically, the FTDs have had High Availability (HA) issues, which I struggle to understand, especially concerning switch connections and HA setups between firewalls.

We have often encountered split-brain scenarios during failover processes and code upgrades, which have been persistent problems for us. It seems that Cisco lacks enough skilled technical support engineers to quickly resolve these issues, often requiring escalation that takes too long.

Cisco Secure Firewall scales incredibly well with our growing needs. We recently transitioned to the new 4100s and we have only just reached the firewall's limitations after five years, indicating that it has been able to build for our future success.

I would rate customer service and technical support about a five out of ten, sometimes dipping to a four depending on the time of day. As in many support models, the quality depends on the region. Some TAC engineers are better in specific areas, such as India or South America. However, they often lack the skills to troubleshoot effectively, leading to repetitive troubleshooting sessions and unresolved issues.

Neutral

Prior to adopting Cisco Secure Firewall, I used solutions such as SonicWall and Juniper firewalls. I didn't prefer Juniper and found Cisco Secure Firewall to be the most stable firewall I've worked with.

The deployment time could be improved. The deployment was good, however, it could be sped up. There was a bit of a learning curve as well. 

What works well is the interface. It's pretty good as far as knowing where to go and the layout. When hiring engineers, they need to know the platform. In terms of updates, sometimes they bolt on too much.

I have not seen ROI with Cisco Secure Firewall initially, however, over time, it has paid for itself as we scale our business.

My experience with pricing, setup costs, and licensing was a nightmare. It is indeed challenging as Cisco has too many variations of support with no clear explanation of what you are actually getting. 

Sales representatives try their best but often fall short, making it complicated for users to understand what licenses are included with the product, leading to confusion over various levels of support.

Before selecting Cisco Secure Firewall, I considered Fortinet and Palo Alto, and I even thought about sticking with ASAs. We still operate a couple of FTDs alongside ASAs, which creates internal competition. Fortinet, in particular, has remained a competitive option.

We did not purchase this on the AWS Marketplace. 

My advice to organizations considering Cisco Secure Firewall would be to recognize the tendency for Cisco to overcomplicate things. However, they are striving for simplification in their firewall products. If someone has experience with ASAs, they can adapt to FTDs as easily. Cisco should focus on learning from competitors to enhance its features and remain competitive in the market. 

If you want a stable solution with fewer vulnerabilities, Cisco Secure Firewall is likely to meet your needs as it requires fewer upgrades compared to competitors.

On a scale of one to ten, I rate Cisco Secure Firewall a seven.

On-premises

Our main use cases for Cisco Secure Firewall include firewall, IPS, and URL filtering.

The feature of Cisco Secure Firewall that I prefer the most is IPS. I appreciate the IPS feature because it's built in and I can control it using the FMC and push out the policy company-wide, making it centrally managed. The IPS benefits my company because that's one of the requirements; we used to have separate IPS. Now it's all integrated, providing ease of use for us. Cisco Secure Firewall has helped my company achieve its goals because it's a next-generation firewall. That's what we need to maintain certain compliance from the security side. Having IPS built in, firewall, URL filtering, everything is centrally managed, so we have more visibility and management.

Compared to the previous generation, the ASA, firewall rules appear differently in the ASDM and the previous generation firewall versus FTD, which I don't prefer as much. The ASA makes it easier to view those policies. There could be some improvement in the way FMC displays the policy.

I have been using Cisco Secure Firewall in my company for the last two years.

I haven't seen any breakdown or instability; the platform has been stable, and we haven't had any issues.

Cisco Secure Firewall scales with the growing needs of my company as we're going to implement clustering. I've used clustering in my past experience; it's very easy and straightforward. We had some minor issues with the clustering. I appreciate the clustering capability, though I haven't implemented it in my current job.

The customer service and technical support have been great; they've always been great.

Positive

I considered other solutions such as Palo Alto before choosing Cisco Secure Firewall. We were using Palo Alto, but we decided to go with Cisco because of its ease of use. We were a Cisco shop, and there's a micro facility where you can migrate all the ASA to the firewall.

The deployment process of Cisco Secure Firewall is simple enough. Out of the box, you perform the initial management configuration, specify the FMC location, join FMC, and then you can manage it from FMC. The process is straightforward and simple.

From my point of view, the biggest return on investment when using Cisco Secure Firewall is the single pane of glass, which is a huge plus for us. Having that visibility, managing all the alerts, IPS alerts, vulnerability management - everything is a huge plus.

My experience with the pricing, setup costs, and licensing is that it's consistent. I don't have much visibility on the licensing side, but I assume it remains the same.

There are differences between Palo Alto and Cisco, particularly on the cloud side. Palo Alto has Prisma Cloud and additional tools. I would say Cisco has room for improvement in that area for the future. We're not heavily in the cloud, so for us, it's not a significant concern.

We haven't used any new features or functionalities in Cisco Secure Firewall recently, but we plan to try file scanning, focusing more on the malware side, AMP and everything. That's something we want to try next.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is limited as we haven't tried SSL encryption yet. That's something we might explore in the future.

Regarding Cisco Secure Firewall's ability to unify policies across my environment, managing via FMC ensures accuracy. Unifying policies is essential for my company because it provides one pane of glass. Software pushes, policy implementation, traffic monitoring, and having all alerts in one place are crucial.

The impact of the cloud-delivered firewall on my company's security posture is significant. Having the same FTD running in the cloud, managed by FMC, is our future direction. We currently implement this with Azure.

Regarding zero trust security model implementation, we are exploring options with SD-WAN, both on-premises and in the cloud with firepower. I'm meeting with a Cisco engineer next week to discuss implementation strategies.

I don't see anything that needs improvement in Cisco Secure Firewall; we've been very satisfied with it. I've been using FTD for almost five to seven years now, including with a previous company, and heavily worked on migration from ASA to FTD.

From one to ten, I would rate Cisco Secure Firewall a ten.

On-premises

We bundle Cisco Secure Firewall with our telco offerings as a service provider. We bundle it basically with Meraki.

We have received good feedback from our engineers. It helps them with their day-to-day operations. I need to get some more input on specific items they need to gather more information about, but so far, there are no issues.

Regarding Cisco Secure Firewall's ability to unify policies across our environment, I haven't heard any particular issues from our engineers.

The feature of Cisco Secure Firewall that I appreciate the most is its ability to be used via the cloud, so we don't have to deploy service engineers on-site at any time. 

Since telcos just provide basic connectivity, bundling Cisco Secure Firewall has actually allowed us to gain more value for our customers and level up versus our competitors. It helps our customers even more because they don't have to worry about cybersecurity issues, as we put it out of the box.

We found something that prevented us from using it and integrating it a few years back, so they should really have a discussion about improving those aspects. More specifically, it's related to cybersecurity technical details. Implementing a zero-trust security model is what we need help with. We're making progress. We have different types of security for our native applications, but we're slowly looking into what Cisco can deliver. We tried to look into Z3 models before, but our cybersecurity team found some issues where it was lacking. They found some bugs or loopholes, so we wanted Cisco to address these before we fully roll out the solution. We're trying again, and hopefully, with Cisco's updates, it will be acceptable to us in the near future.

We've been using Cisco Secure Firewall since 2016.

Cisco Secure Firewall covers roughly our 2,000 employees really effectively. It's just a matter of expanding the requirements and infrastructure requirements with AWS, and I believe Cisco has some integrations that allow us to use that scale to our advantage.

My opinion is somewhat biased because we have access to Cisco's TAC, and we are very much managed by our Cisco Philippines company team. I'd give them a nine out of ten.

Positive

The biggest return on investment when using Cisco Secure Firewall is that there's no waste in any infrastructure cost and licensing costs for us. If we have to repurpose a specific box per year, we could save on cost by just transferring it to another person or project rather than pay another one-year license for it.

The pricing is very good for us, especially since we have a partnership with Cisco. The challenge is the licensing. There are competitors that offer more flexible licensing, such as daily licensing, some offer hourly, but Cisco is locked in for one, three, and five years. We don't have much flexibility, especially if we want to shift applications or shift users at any time. Hopefully, licensing becomes more flexible.

There were solutions from Fortinet. The main difference between Cisco and Fortinet is that Cisco will have more flexibility. It's just a matter of being able to put together the flexibility that we require versus what Cisco can provide at this time.

The impact of the cloud-delivered Cisco Secure Firewall on my company's security posture involves some hesitation because it's on the cloud, but we're slowly adopting certain parts of it for our cybersecurity team. We're undergoing that transition and don't have full visibility yet on how they see that as a future mode of operations versus what other companies are doing globally. 

I would rate Cisco Secure Firewall an eight out of ten. 

Public Cloud

My main use cases for Cisco Secure Firewall include firewall protection and managing the ingress and egress of a fabric and cloud, involving private cloud tasks, inter-domain, and inter-tenant processes, as well as handling whatever comes in and exits the fabric.

The features from the Firewall have benefited my organization by providing more integration with the Firewall Management Center and other Cisco tools such as ACI, APEX, ISE, and several others such as PXGrid, helping to create an ecosystem of Cisco solutions.

The feature I appreciate the most about Cisco Secure Firewall is its speed, especially for a 40-gig network. 

Improving Cisco Secure Firewall could involve adding more functionality on the box without needing an FMC, as some features become less effective without it. I find it hard to think of anything else to add since there are so many features now that it's challenging to use and understand them all.

I have been using Cisco Secure Firewall since it came out, which was just a year or two ago.

Regarding the stability and reliability of Cisco Secure Firewall, the only issues I encounter are with the Secure Firewalls we have in HA. Sometimes, if they are reloaded improperly, junior staff may fail to see the HA pair, requiring physical resetting of the ports to link them together. Beyond that, I have never had a problem with a Cisco Firewall, FMC, or any of their next-generation firewalls, which speaks for itself.

I would evaluate customer service and technical support for Cisco Secure Firewall as excellent, as my Cisco team for the Army has been exceptional. I don't know how you can get better, and I don't have any complaints after ten years with the same team from Cisco.

Positive

I haven't really seen ROI on Cisco Secure Firewall yet, as we are not in a business that focuses on that. We just need the security functionality.

My experience with pricing, setup costs, and licensing for Cisco Secure Firewall is pretty good. There are a lot of in-place contracts for us that provide the benefit of discounts.

Before selecting Cisco Secure Firewall, I considered other solutions such as Palo Alto. That was about it. I was mainly looking at layer seven firewalls. 

When comparing Cisco Secure Firewall to Palo Alto, what stood out positively was the FMC, which you can buy as either a physical or virtual appliance, allowing for the tying of all your firewalls to it, whereas Palo Alto lacks such functionality or the availability to do deeper analysis such as snort, making it clear that Cisco Secure Firewall wasn't really a competition.

My advice for organizations considering Cisco Secure Firewall is to take advantage of Cisco's C-Pot program, where you can actually use their equipment in a practical setting. This allows for firsthand comparisons with other vendors, giving you clear insights into how everything works, making it worthwhile to get demo gear from our Cisco team to test before making any purchases.

I rate Cisco Secure Firewall a nine out of ten. 

It's not perfect, as nothing truly is, however, I don't know of anything that compares to it, with Palo Alto being the closest option, though their layer seven firewalls are not as effective as those of Cisco Secure Firewall.

On-premises

One of the companies I'm working with is in the medical sector and medical vertical.

Some of the most valuable features of the Cisco Secure Firewall are that they are easy to deploy, which is a very important thing to highlight. Everybody says that about cloud, and I agree with that. If you have an account on AWS, for example, you can quickly deploy one of those devices. There are many benefits to that, and they don't require a lot of resources. They won't overwhelm your cloud, and they work very efficiently. I'm impressed with how they work on the cloud. They work as a real firewall. I don't see much difference.

The Cisco Secure Firewall product in general has room for improvement. I had a problem this weekend working with one of them, and I think it's very specific, though I'm going to be more general with my answer. Cisco has the FMC as a centralized tool, but sometimes they have too many dependencies. I faced a problem this weekend because while trying to solve an issue with one of the company's firewall management centers, I couldn't update or install an update on the platform due to a remote site being down. The device got stuck in my queue. I had to cancel my maintenance because of that.

Everyone was expecting me to fix many bugs, but because of one device, I had to cancel everything. Sometimes the ID is nice around Cisco, but another area they need to improve is the capability to manage multiple devices. The FMC manages many devices, but if I put too many, around 300 devices, it becomes very slow, and the system becomes heavy. When you compare that with solutions such as Palo Alto, Palo Alto can manage many more devices on the same type of platform.

Cisco is better at managing things such as RMAs. They do that exceptionally, even with the support. However, when we're talking about the FMC itself, sometimes they have some small issues; the platform is very slow and has too many bugs in the versions. We constantly need to update the platform to maintain stability.

I have at least 3 years of experience with the Cisco Secure Firewall.

If you have a problem and need to delete and re-add the device, it can cause an outage since it deletes all the configurations. There's no file generated for configurations, meaning you must screenshot everything and manually reconfigure that. I mention this because I do this often.

If I were to rate stability on a scale of 1 to 10, I would give it a 6.

As for scalability, I would rate it a 7. It's not that bad, but it could be better. My customer has many Cisco devices on the FMC. Cisco has various versions, from FMC 600 and 1600 to 4600s, but even with the highest one, the 4600, we still face issues, particularly when transitioning between screens; it becomes very slow, and it has difficulties managing all the logs and events.

I reach out to support frequently, and I think their support is good. The engineers are very well-trained, and I would give it an 8.

Cisco is always more expensive; it's actually more expensive than other brands. When you compare it to others such as Palo Alto or Fortinet, it's slightly more expensive.

Positive

Regarding the initial setup of the Cisco Secure Firewall, if we're discussing setting it up from scratch, it's not difficult. I think it's acceptable.

On a scale of 1 to 10 for ease of deploying FMC from scratch, I would rate it a 7. There's a wizard for the initial setup; you input the management IP, and that part is easy. Adding it to the FMC is also easy, but then you have to configure extensively from the graphical interface, and that's not very straightforward. You need to manually configure many items. They could allow more setup options in the wizard when connecting to the FMC. You can do things through APIs to facilitate, but if you're doing it manually, it can be challenging.

I would recommend the Cisco Secure Firewall to other businesses, but I suggest comparing it to other platforms. While I've been a Cisco specialist for a long time, experimenting with other platforms is valuable. Consider looking at Palo Alto or Fortinet, and make comparisons and benchmarks. If you have a full Cisco environment, it may be wise to go with Cisco due to benefits from enterprise agreements. But if you're starting anew, check out organizations such as Checkpoint or Palo Alto.

If that's not a blocker or a big deal, I would provide that advice. I rate the Cisco Secure Firewall a seven out of ten.

Public Cloud

Amazon Web Services (AWS)

Regarding the use cases for the Cisco Secure Firewall, the Firepower is used in enterprise corporations, DMZ sites, perimeter security, and IPS applications.

The valuable features of the Cisco Secure Firewall include the unified console and compatibility with other solutions such as Duo Mobile with DAC and EDR. The single solution allows users to see one dashboard, and the compatibility solution provides better dashboard integration.

Areas that could be improved with the Cisco Secure Firewall include the ease of use with the product, and it needs to work better with NAC and integration.

Cisco could improve their firewall by providing better support when issues arise, such as during an attack, to help resolve problems more efficiently.

The stability of the Cisco Secure Firewall is excellent, and I find it very reliable at this moment.

Regarding the scalability of the Cisco Secure Firewall, it depends on the situation because in some cases, equipment changes are necessary when the size is very small.

Equipment changes become necessary when companies upgrade with more devices and people, as the firewall becomes insufficient for different security requirements.

The score for their support is eight.

Positive

I work only with Firepower and Palo Alto security solutions.

The initial setup for the Cisco Secure Firewall is very easy, particularly during the initial start of the equipment.

On a scale of one to ten, I would score the setup as eight.

I have experience with Cisco Secure Firewall, specifically the ASA and Firepower solutions. I work in the education and retail industry, where Palo Alto firewall is commonly used in my country. For B2B business, I use the Firepower solution as a Cisco partner.

We use Network Access Control with NAC, and we use Duo for solutions with easy integration. We also implement attack protection.

I would rate this solution as ten out of ten.

Until a couple of years ago, everything was fine regarding my main use cases for Cisco Secure Firewall. I didn't have any problems with the equipment, quality, or support. However, in the last couple of years, they started making our lives difficult. Trying to renew the partnership with them became challenging as they were requesting numerous things on our side, and since we are a very small business, it wasn't possible to get through that verification.

Until a couple of years ago, everything was fine regarding my main use cases for Cisco Secure Firewall.

They are definitely reliable, and regarding positive features, once you get through with the purchasing of this equipment they offer their special support schemes, SmartNet support schemes, which are quite useful.

They offer their own software, and regarding integration capabilities, it's not wise to have only one vendor. One might get Cisco Secure Firewall for the outside drone and then get some other software from other companies such as ESET or Panda for the PCs and the servers, and that's how it's typically done.

Regarding policies about partnership, they are losing, not us. There are other equipment options out there that don't require such strict requirements.

With the new systems that Cisco Secure Firewall is deploying right now, I don't have experience with downtimes. With older systems, it happened once with a big customer that they went through the repair and they actually hacked the whole thing. It wasn't actually the equipment's fault. It was a customer's fault because we were begging them to implement two-factor authentication mechanisms, and they never did it, and in the end something happened. That's understandable. You can't blame the equipment for that.

The technical support for Cisco Secure Firewall once you have the SmartNet is very good. The people are always willing to help, they can even log on remotely on the devices and check things. They're very good with that.

Positive

It depends on the customer, and regarding the deployment time of Cisco Secure Firewall, it depends on what you want to implement. To set it up just for getting out to the internet may take a couple of hours. However, to prepare a skilled network with site to site VPNs, it's going to take days.

There are other equipment options out there that don't require such strict requirements.

They say that their new software for Cisco Secure Firewall is AI compliant, whatever that means. They have some kind of databases on the cloud, the system communicates with them in order to monitor the traffic getting through and clearing things and stopping attacks or whatever. Everybody does this, but at what level they do it, nobody really knows.

The security policies that an organization has are also upon the IT people and the management to properly identify and implement. If they don't do these things, and they don't update the software of the servers, they leave all the usernames and passwords vulnerabilities there and they don't do something about that, you can't blame the equipment. It's the perimeter kind of firewalling you have with the equipment. But after that you have to do something on your own to help yourself.

On a scale of one to ten, I would give Cisco Secure Firewall an eight.

Our primary use case for Cisco Secure Firewall is for enterprise customers. We primarily work on Cisco Meraki switching and wireless. We also engage with Cisco Secure Firewall for threat prevention and information security.

The Cisco Secure Firewall appliances are primarily ASIC-based, which makes them fast and purpose-built. They stand out because they are not Intel-based systems, and in terms of performance and stability, they are among the best. Scalability is another strong point, as I have not encountered any issues in terms of scalability. Everything is in a cluster and can operate in active standby, active-active, or active-passive mode. Additionally, Cisco's support is excellent, which adds further value to their solutions.

The configuration might be slightly difficult compared to other players in the market like Fortinet or WatchGuard. It can be challenging for someone who is not used to using an application to configure the firewall, but with experience, it becomes manageable.

I have been working with Cisco Secure Firewall for four, five, six years or more.

There have been no issues with deployment.

Cisco Secure Firewall offers exceptional performance and stability. They are among the best in terms of stability.

I have not come across any issues with scalability. Everything scales very well.

Customer service and support are excellent. I would rate their support 10 out of 10. I have been working with them on firewalls, wireless, switching, and routing, and the support is the best.

Positive

For someone like me who has been working on firewalls for quite some time, I do not see any problems with the initial setup. However, for someone trying to configure it for the first time with little experience, it may present a challenge.

Return on investment depends on the customer. While some may see it as an expense, others view it as an investment based on their understanding of Cisco.

The pricing is slightly more expensive than other products in the market. It's considered a premium, but people pay that price for Cisco.

I have been working with Palo Alto, Fortinet, SonicWALL, and WatchGuard.

I would definitely recommend Cisco Secure Firewall for its architecture, performance, stability, and exceptional support. When choosing a product, consider features delivery, stability, scalability, and customer support. On a scale of one to ten, I rate their firewalls eight to eight and a half.

On-premises

We use Cisco Secure Firewall for our servers, protecting data centers, and limiting the ports and threats. We have various web servers hosted in our data center, and to protect them from external threats, we use the firewall.

The most valuable features of Cisco Secure Firewall include the next-generation firewall and its strong anti-malware capabilities. These features protect internal servers from external threats, such as denial of service threats, viruses, and malware. Additionally, Cisco checks and stops traffic containing new threats, taking steps to mitigate them. When our servers are secure, their speed is very good using Cisco Secure Firewall. We do not face any kind of delay or issues, allowing more users to connect seamlessly.

Cisco Secure Firewall is difficult to manage as it lacks a web interface for management, requiring installation of management center software on a dedicated computer or server. Should the management software be removed, it needs to be reinstalled, consuming time and resources. Moreover, the configuration commands are not user-friendly, especially when compared to Fortinet's interface. The process of licensing is complicated, involving many steps to obtain and enter the license key. This process should be simplified.

We have been working with Cisco Secure Firewall for about five to six years.

The technical support is not very good because when support is requested, assistance often takes a few days to arrive as they are quite busy.

We previously used software firewalls running on Linux. We switched because they were not next-generation firewalls and did not provide antivirus and malware protection.

The licensing process for Cisco Secure Firewall is convoluted, involving many steps to request and enter a license key. In contrast, Fortinet or other firewalls offer a simpler process where you just need to enter the key quickly.

Cisco Secure Firewall could improve in areas like user-friendliness and cost-effectiveness, as it is very costly and difficult to manage. I would rate it seven out of ten, but I would recommend other firewalls due to its high cost and complexity.

On-premises

The solution is used in a normal enterprise-level configuration. It has effectively worked as a perimeter firewall. Our VPN was also configured on it.

The threat prevention is better than FortiGate, but it is less effective than Palo Alto. The VPN functionality is consistent, and the performance is good.

Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps. Compared to Palo Alto and FortiGate, it is not as effective. Cisco Firewalls require FMC for management. 

If you have a small to medium-sized office with only a few firewalls, you can deploy and manage them without FMC. However, without FMC, it is not fully functional, limiting the features available. You cannot use the asterisk value in address objects in Cisco. 

In other firewalls, hovering over an object displays details like the IP address. With Cisco, you need to access the object to see inside details. Cisco should improve this aspect. The NAT process is handled differently, which I do not like. Obtaining support is challenging compared to FortiGate and Palo Alto. 

Although knowledge-wise they are good, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

I have used the solution for almost two years.

The scalable performance is good, however, the voice communication is not effective. Compared to FortiGate and Palo Alto, it lags in configuration and other aspects.

Knowledge-wise, they are good, however, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

Negative

The deployment was a normal activity, similar to how enterprises operate. It worked as a perimeter firewall, and our VPN was configured on it. The installation took approximately half a day.

For mid-sized organizations, I do not recommend it. For ISPs or data centers, I would recommend it due to its good performance and hardware capabilities. Their hardware can handle substantial amounts of data without causing latency. I recommend it for ISP or data center. For enterprise purposes, I do not recommend it. 

I rate the overall solution seven out of ten.

On-premises