Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

Positive

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.

On-premises

Our main use cases include segmenting different networks for IPS and IDS, using it for basic firewall purposes, controlling ACLs, and monitoring traffic to identify issues within the network.

Currently, I find the event viewer feature of Cisco Secure Firewall very useful as it visually displays what is being blocked or allowed by the ACL. I also appreciate the improved visual presentation of the ACL layout. 

We have many different opportunities to share incidents with individuals on how traffic flows through the network, and we utilize Cisco Secure Firewall features such as network packet inspection to ensure that policies are applied correctly and to monitor traffic for what is blocked, allowed, or denied.

Cisco Secure Firewall's ability to unify policies across our environment is pretty good. 

We can deploy different features and ACLs between various firewalls easily with the FMC, which has improved significantly from the initial deployment time, which was once poor and is now manageable for multiple firewalls.

We use the new AnyConnect or Secure Connect VPNs, which works pretty well. Although we haven't switched to the latest series to utilize the VPNs fully, I appreciate the deployment phase where we can track our deployment progress.

What stands out positively about Cisco is their training and support, which has effectively prepared engineers to work with their products. When hiring, I find it beneficial that most network engineers are familiar with Cisco, whereas I might question the expertise of those trained with Palo Alto or Fortinet.

Performance-wise, Cisco seems to be the best. For instance, my sister company uses Palo Alto and Juniper and reports a high RMA rate. In contrast, we have only RMAed one Cisco Secure Firewall in six years, indicating stability and dependability.

The interface of Cisco Secure Firewall works effectively once you become familiar with its layout, although hiring engineers requires training on the platform, especially as updates occur. They should prioritize adding to the existing product rather than overcomplicating it with new features that may not be necessary.

Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities.

Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. 

My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time.

For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. 

If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.

I have been using Cisco Secure Firewall for about six years.

The process of expanding the usage was fairly smooth. My assessment of the stability and reliability of Cisco Secure Firewall is great from a hardware perspective, yet only okay from a software perspective. 

I have experienced downtime crashes and performance issues. Specifically, the FTDs have had High Availability (HA) issues, which I struggle to understand, especially concerning switch connections and HA setups between firewalls.

We have often encountered split-brain scenarios during failover processes and code upgrades, which have been persistent problems for us. It seems that Cisco lacks enough skilled technical support engineers to quickly resolve these issues, often requiring escalation that takes too long.

Cisco Secure Firewall scales incredibly well with our growing needs. We recently transitioned to the new 4100s and we have only just reached the firewall's limitations after five years, indicating that it has been able to build for our future success.

I would rate customer service and technical support about a five out of ten, sometimes dipping to a four depending on the time of day. As in many support models, the quality depends on the region. Some TAC engineers are better in specific areas, such as India or South America. However, they often lack the skills to troubleshoot effectively, leading to repetitive troubleshooting sessions and unresolved issues.

Neutral

Prior to adopting Cisco Secure Firewall, I used solutions such as SonicWall and Juniper firewalls. I didn't prefer Juniper and found Cisco Secure Firewall to be the most stable firewall I've worked with.

The deployment time could be improved. The deployment was good, however, it could be sped up. There was a bit of a learning curve as well. 

What works well is the interface. It's pretty good as far as knowing where to go and the layout. When hiring engineers, they need to know the platform. In terms of updates, sometimes they bolt on too much.

I have not seen ROI with Cisco Secure Firewall initially, however, over time, it has paid for itself as we scale our business.

My experience with pricing, setup costs, and licensing was a nightmare. It is indeed challenging as Cisco has too many variations of support with no clear explanation of what you are actually getting. 

Sales representatives try their best but often fall short, making it complicated for users to understand what licenses are included with the product, leading to confusion over various levels of support.

Before selecting Cisco Secure Firewall, I considered Fortinet and Palo Alto, and I even thought about sticking with ASAs. We still operate a couple of FTDs alongside ASAs, which creates internal competition. Fortinet, in particular, has remained a competitive option.

We did not purchase this on the AWS Marketplace. 

My advice to organizations considering Cisco Secure Firewall would be to recognize the tendency for Cisco to overcomplicate things. However, they are striving for simplification in their firewall products. If someone has experience with ASAs, they can adapt to FTDs as easily. Cisco should focus on learning from competitors to enhance its features and remain competitive in the market. 

If you want a stable solution with fewer vulnerabilities, Cisco Secure Firewall is likely to meet your needs as it requires fewer upgrades compared to competitors.

On a scale of one to ten, I rate Cisco Secure Firewall a seven.

On-premises

One of the companies I'm working with is in the medical sector and medical vertical.

Some of the most valuable features of the Cisco Secure Firewall are that they are easy to deploy, which is a very important thing to highlight. Everybody says that about cloud, and I agree with that. If you have an account on AWS, for example, you can quickly deploy one of those devices. There are many benefits to that, and they don't require a lot of resources. They won't overwhelm your cloud, and they work very efficiently. I'm impressed with how they work on the cloud. They work as a real firewall. I don't see much difference.

The Cisco Secure Firewall product in general has room for improvement. I had a problem this weekend working with one of them, and I think it's very specific, though I'm going to be more general with my answer. Cisco has the FMC as a centralized tool, but sometimes they have too many dependencies. I faced a problem this weekend because while trying to solve an issue with one of the company's firewall management centers, I couldn't update or install an update on the platform due to a remote site being down. The device got stuck in my queue. I had to cancel my maintenance because of that.

Everyone was expecting me to fix many bugs, but because of one device, I had to cancel everything. Sometimes the ID is nice around Cisco, but another area they need to improve is the capability to manage multiple devices. The FMC manages many devices, but if I put too many, around 300 devices, it becomes very slow, and the system becomes heavy. When you compare that with solutions such as Palo Alto, Palo Alto can manage many more devices on the same type of platform.

Cisco is better at managing things such as RMAs. They do that exceptionally, even with the support. However, when we're talking about the FMC itself, sometimes they have some small issues; the platform is very slow and has too many bugs in the versions. We constantly need to update the platform to maintain stability.

I have at least 3 years of experience with the Cisco Secure Firewall.

If you have a problem and need to delete and re-add the device, it can cause an outage since it deletes all the configurations. There's no file generated for configurations, meaning you must screenshot everything and manually reconfigure that. I mention this because I do this often.

If I were to rate stability on a scale of 1 to 10, I would give it a 6.

As for scalability, I would rate it a 7. It's not that bad, but it could be better. My customer has many Cisco devices on the FMC. Cisco has various versions, from FMC 600 and 1600 to 4600s, but even with the highest one, the 4600, we still face issues, particularly when transitioning between screens; it becomes very slow, and it has difficulties managing all the logs and events.

I reach out to support frequently, and I think their support is good. The engineers are very well-trained, and I would give it an 8.

Cisco is always more expensive; it's actually more expensive than other brands. When you compare it to others such as Palo Alto or Fortinet, it's slightly more expensive.

Positive

Regarding the initial setup of the Cisco Secure Firewall, if we're discussing setting it up from scratch, it's not difficult. I think it's acceptable.

On a scale of 1 to 10 for ease of deploying FMC from scratch, I would rate it a 7. There's a wizard for the initial setup; you input the management IP, and that part is easy. Adding it to the FMC is also easy, but then you have to configure extensively from the graphical interface, and that's not very straightforward. You need to manually configure many items. They could allow more setup options in the wizard when connecting to the FMC. You can do things through APIs to facilitate, but if you're doing it manually, it can be challenging.

I would recommend the Cisco Secure Firewall to other businesses, but I suggest comparing it to other platforms. While I've been a Cisco specialist for a long time, experimenting with other platforms is valuable. Consider looking at Palo Alto or Fortinet, and make comparisons and benchmarks. If you have a full Cisco environment, it may be wise to go with Cisco due to benefits from enterprise agreements. But if you're starting anew, check out organizations such as Checkpoint or Palo Alto.

If that's not a blocker or a big deal, I would provide that advice. I rate the Cisco Secure Firewall a seven out of ten.

Public Cloud

Amazon Web Services (AWS)

We use Cisco Secure Firewall for our servers, protecting data centers, and limiting the ports and threats. We have various web servers hosted in our data center, and to protect them from external threats, we use the firewall.

The most valuable features of Cisco Secure Firewall include the next-generation firewall and its strong anti-malware capabilities. These features protect internal servers from external threats, such as denial of service threats, viruses, and malware. Additionally, Cisco checks and stops traffic containing new threats, taking steps to mitigate them. When our servers are secure, their speed is very good using Cisco Secure Firewall. We do not face any kind of delay or issues, allowing more users to connect seamlessly.

Cisco Secure Firewall is difficult to manage as it lacks a web interface for management, requiring installation of management center software on a dedicated computer or server. Should the management software be removed, it needs to be reinstalled, consuming time and resources. Moreover, the configuration commands are not user-friendly, especially when compared to Fortinet's interface. The process of licensing is complicated, involving many steps to obtain and enter the license key. This process should be simplified.

We have been working with Cisco Secure Firewall for about five to six years.

The technical support is not very good because when support is requested, assistance often takes a few days to arrive as they are quite busy.

We previously used software firewalls running on Linux. We switched because they were not next-generation firewalls and did not provide antivirus and malware protection.

The licensing process for Cisco Secure Firewall is convoluted, involving many steps to request and enter a license key. In contrast, Fortinet or other firewalls offer a simpler process where you just need to enter the key quickly.

Cisco Secure Firewall could improve in areas like user-friendliness and cost-effectiveness, as it is very costly and difficult to manage. I would rate it seven out of ten, but I would recommend other firewalls due to its high cost and complexity.

On-premises

The solution is used in a normal enterprise-level configuration. It has effectively worked as a perimeter firewall. Our VPN was also configured on it.

The threat prevention is better than FortiGate, but it is less effective than Palo Alto. The VPN functionality is consistent, and the performance is good.

Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps. Compared to Palo Alto and FortiGate, it is not as effective. Cisco Firewalls require FMC for management. 

If you have a small to medium-sized office with only a few firewalls, you can deploy and manage them without FMC. However, without FMC, it is not fully functional, limiting the features available. You cannot use the asterisk value in address objects in Cisco. 

In other firewalls, hovering over an object displays details like the IP address. With Cisco, you need to access the object to see inside details. Cisco should improve this aspect. The NAT process is handled differently, which I do not like. Obtaining support is challenging compared to FortiGate and Palo Alto. 

Although knowledge-wise they are good, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

I have used the solution for almost two years.

The scalable performance is good, however, the voice communication is not effective. Compared to FortiGate and Palo Alto, it lags in configuration and other aspects.

Knowledge-wise, they are good, however, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

Negative

The deployment was a normal activity, similar to how enterprises operate. It worked as a perimeter firewall, and our VPN was configured on it. The installation took approximately half a day.

For mid-sized organizations, I do not recommend it. For ISPs or data centers, I would recommend it due to its good performance and hardware capabilities. Their hardware can handle substantial amounts of data without causing latency. I recommend it for ISP or data center. For enterprise purposes, I do not recommend it. 

I rate the overall solution seven out of ten.

On-premises

I implemented the product which provides end-to-end networking and security features. It starts with secure tunneling, and I performed micro-segmentation in the firewall specific to a particular customer environment. It offers comprehensive security as well as networking features that I have enabled.

The software was mainly the highlight. Most firewalls have a challenge of identifying keywords and providing restricted access, which I encountered. However, Cisco Firewall has very good features, like trusted applications and restricted access for users based on keywords. I could access it appropriately, unlike some firewalls where this is a challenge. Essentially, the restricted access to websites has been exceptional. I was in the life science industry, focusing heavily on compliance. This product meets compliance requirements, and the security process has improved. Stability and consistent performance are critical components of Cisco's product.

The integration, especially for APIs or with other firewall products, is a challenge for me. In some satellite sites where large firewalls are not involved, I used Cisco Meraki. The integration between Cisco products themselves presents difficulties, such as SD-WAN configuration. Managing centralized networking with Cisco is challenging for me in terms of integration with other firewall products.

I have used the solution for almost four years.

The solution is stable and performs well.

Scalability presents a challenge. There is commercial involvement and several factors, making it complex for me. I would rate scalability seven out of ten.

Technical support is unsatisfactory for me. There might be restructuring within Cisco India or with the partner's capability. Whenever I encounter a technical support challenge, it is not an easy process. Even with premium support, it is a struggle. I have to provide many logs, yet problems remain unresolved, often requiring workarounds rather than solutions.

Neutral

The initial setup is not simple as it is all based on my requirements. If the requirement or site is predominantly complex, specialist involvement is necessary. However, for a vanilla installation, it is fine - just not easy.

I have assessed and decided to move on to Sophos. Sophos's support is excellent compared to Cisco and other products, with their technical support team based in South India. I have received a lot of good feedback about it.

Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. 

However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk.

I rate the overall solution six out of ten.

Hybrid Cloud

Cisco Secure Firewall is a next-generation firewall that can be used for various security applications. 

The advantage of using Cisco is its integration within the Cisco fabric, which allows for effective threat detection and mitigation.

Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance.

The product is stable with minimal glitches or latency issues.

The solution is easy to install, requiring minimal expertise. Deployment time varies, but it can take about two days for a medium-sized company with 200-300 users to configure and install.

After five years of product usage, the high return on investment and low total cost of ownership can be observed.

Pricing depends on partnerships and certifications. The engineering team's certifications can qualify it for seven to eight percent discounts.

The platform's integration capabilities depend on the project context. In some cases, integrating Palo Alto may provide better performance, but Cisco can still be effective.

However, its classification in industry comparisons, such as those from Gartner, is lower than that of competitors like FortiGate and Palo Alto.

Overall, I rate it seven out of ten. 

My company uses Cisco Secure Firewall for its protection and security features.

I won't be able to speak about the strong points of the product. I will need the input from my team to be able to speak about the advantages of the product. The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market.

The solution's price can be lowered because, currently, it is pricier than the tool its competitors offer in the market. If the product's prices are lowered, it may help Cisco to expand its market base.

If Cisco reduces the price of its product, then it can gain more advantage and become much more competitive in a market where there are solution providers like Fortinet FortiGate.

I have been using Cisco Secure Firewall for five years.

I don't remember the version of the solution since there is a support team in my company to manage it. My company has a partnership with Cisco.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 2,500 people use the solution in my company.

Most of the time, the solution's technical support is helpful and responsive. There have been a few cases where a few black spots have been noticed, which I think is because Cisco opted for localization of support because, during holidays, nighttime, or weekends, it becomes difficult for users to reach the support team, though the rest of the time the support is good.

If you have already scheduled a call with the support team of Cisco, then it is good. If you need to reschedule a call with the support team when you face a new issue with the product, then it may get a bit of a problem to get a hold of someone from the support team of Cisco. Earlier, there were no problems with Cisco's support team. Recently, there have been a few issues cropping up related to the technical team of Cisco. Technically speaking, the support team is good, but the availability offered by the technical team has deteriorated.

I rate the technical support a seven out of ten.

Neutral

I work with Palo Alto, Fortinet, and Check Point for different parts of our IT environment.

The product's initial setup phase was taken care of by another team in my company before I joined my current company.

On our company's core payroll, we have a very small support team, but we do have a support team in my company for the product. The support team in my company consists of around 20 to 25 engineers who work around the clock.

The solution is deployed on an on-premises model.

I rate the product's price a seven on a scale of one to ten, where one is expensive, and ten is cheap. If we compare Cisco with other OEMs available in the market, Cisco needs to work on price improvement. Nowadays, there is a lot of competition in the market with newer solutions, like Fortinet, gaining popularity, amongst a few other names like Cyberoam, a product from a local Indian vendor. Palo Alto has also gained a lot of market share in recent years.

From a security perspective, generally, there are only three solutions that our company looks at, which include Check Point in the last four or five years, among other options like Palo Alto and Cisco.

I recommend the solution for SMB businesses.

I rate the overall tool a seven out of ten.

On-premises

We use them for site-to-site VPN solutions as well as other VPN activities, and for general application security.

We needed a good VPN solution and, as our network grew, we had more applications that were virtualized and that can be spun up. We needed a solution that would keep us ahead.

Cisco ASA provides great security for our applications.

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.

Also, the ASAs need to be improved a little bit to keep up with the demand for high bandwidth and session count applications.

I've been using Cisco ASAs for about 11 years.

It's reliable. It doesn't have all the features of some of the newer firewalls, but it's very reliable. It doesn't break. It's pretty rock-solid.

We have at least a pair in every one of our data centers. We gateway our applications around the firewall system, meaning all application data goes through firewalls.

We have good support from Cisco for the ASAs. That helps us out a lot. Some of our ASAs are pretty old and technically not supported anymore, but TAC always helps us out.

The initial one, for me, was a little bit complex because I hadn't done it before. It was inline and an active/standby pair, so it involved a little bit more than just deploying one firewall. 

We had some documentation written and we tested it in the lab and then the deployment took about four hours.

We deployed it alongside different solutions and then we cut over to it when it wouldn't impact the customers.

The maintenance involves doing code upgrades periodically to keep up with the security environment requirements. One person handles that.

We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.

From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.

The licensing is straightforward and simple, so we don't have to keep relicensing every year as we do with other applications.

We use Juniper as well.