Our main use case for Cisco Secure Firewall is to protect our RTU traffic, specifically on the operational technology side, for SCADA systems. For our side, we don't have encrypted traffic; for the most part, we have the firewall to protect everything behind it when it comes to RTU traffic, which is remote terminal units.

The visibility and control capabilities of Cisco Secure Firewall benefit our company by making it easier for us to parse through traffic that is denied or allowed through, and that helps us with troubleshooting, so it does help cut down on troubleshooting.

The feature of Cisco Secure Firewall that I prefer the most is the use of ASDM where we visually are able to see all of our traffic when it comes through the firewall. 

Cisco Secure Firewall does a good job unifying policies across our environments because we have many firewalls that have the same rules, so when Cisco Secure Firewalls are able to do that, that's very beneficial.

The fact that unifying policies will help us save time, costs, and be more efficient in general is very important for our company. Unfortunately, the impact of the cloud-delivered firewall on our company's security posture is negligible since we are an air-gapped system, and we do not deal with the cloud infrastructure.

Cisco Secure Firewall does a good job in helping our company implement a zero-trust security model, and it deserves an eight out of ten.

Cisco Secure Firewall could be improved in terms of the GUI and management. It could be more intuitive, as sometimes there might be too many features and buttons that make it harder when we're trying to parse through information. 

To make Cisco Secure Firewall a ten out of ten, improving the documentation of all the features would help significantly. I sometimes feel I'm just searching around on Google for specific configurations compared to Palo Alto, which has more detailed steps.

We've been using Cisco Secure Firewall for about 20 years. We've had it since the whole creation of our RT team.

In terms of stability and reliability, Cisco Secure Firewall is reliable. We haven't had real issues where these firewalls have gone down or anything of that nature, so we're happy with the consistency.

When it comes to the scalability of Cisco Secure Firewall, it scales very efficiently and is easy to implement with the growing needs of our company.

Our experience with customer service or technical support through TAC for Cisco Secure Firewall could be more in-depth instead of going through the first levels. 

We often find ourselves trying to escalate faster because we need timely responses. I would rate the customer service and technical support from Cisco Secure Firewall a six out of ten. They're good and know what they're doing in general. That said, it's not where we want it to be.

Neutral

We considered Palo Alto before choosing Cisco Secure Firewall, and we do have some Palo Altos on the network to compare. We're mostly using Cisco products in general. I'm aware Palo Alto is a strong competitor when it comes to firewalls.

The deployment is pretty seamless. Sometimes we do have some issues with Palo Alto Fireworks, where when it comes to deploying, it's not as intuitive. It doesn't work correctly, and there are some bugs that come up. So we have to troubleshoot that aspect. Cisco Secure Firewalls is pretty pretty seamless. 

The biggest return on investment when using Cisco Secure Firewall comes from how intuitive it is. The more it's able to identify issues during troubleshooting, the better the ROI we achieve.

I'm not too concerned about the pricing of Cisco Secure Firewall. The pricing is fixed, and we're comfortable with it since pricing doesn't matter as much since we have to purchase it if there's a need for it.

The main differences between Cisco Secure Firewall and Palo Alto come down to the GUI. They are on par when comparing unified policy and how to make things more intuitive for monitoring traffic and creating rules based on that traffic.

We haven't used any new features or functionalities in Cisco Secure Firewall recently. The features work efficiently, and I can't think of anything new that I would want right now.

I would rate Cisco Secure Firewall overall an eight out of ten; it's reliable, and we have no real issues.

We're using the solution as a firewall, for securing our whole network for students and staff throughout the whole school.

Cisco Secure Firewall's performance benefits my company by allowing us to shape the bandwidth and internet for staff with quality of service where it works better for them rather than students, or vice versa. When students are testing, you can adjust it for that too.

The performance part of Cisco Secure Firewall is pretty good. You can control the bandwidth and features such as bandwidth shaping and quality of service, and I appreciate that part. At our school, a lot of the kids use laptops, the staff use laptops, and they have Wi-Fi. 

I just tried the chat feature in Cisco Secure Firewall, and that was pretty cool; the AI worked pretty good when I tried it at home in the evening, so that was a nice feature.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are pretty good too, as our finance department uses it, so keeping that part secure for them works out well.

For our students, we have them in certain groups, and then our staff in certain groups, so with Cisco Secure Firewall, you can push out policies for each one.

Cisco Secure Firewall is important. You can control what students are looking at, and if they're looking at something inappropriate, you can control it. You can also see which device is taking up more bandwidth.

Regarding the zero-trust security model, Cisco Secure Firewall helps our company. Our students and staff have the ability to do whatever they need to do with their research. It helps them while keeping security top of mind.

I would like to see more about the pricing of Cisco Secure Firewall or maybe see it enhanced.

I have been using Cisco Secure Firewall for about ten years now.

The stability and reliability of the Cisco Secure Firewall have always been good; it never falls, never fails, and it's always backed up, which is always good too.

We have more kids and more staff coming in, so with Cisco Secure Firewall, just having that ability to add on more features is great. Currently, it appears we're barely using it, so we can add more with it, and we always have room for that, which is good.

Whenever I call about a problem with Cisco Secure Firewall, they're always helpful and very knowledgeable, getting me to the right solutions I need. They're always willing to help afterwards too and send me documentation, which is always good.

Positive

The deployment experience with Cisco Secure Firewall is easy, with a straightforward deployment.

From my point of view as an IT admin, the biggest return on investment when using Cisco Secure Firewall is seeing what kids are looking at, shaping what they're looking at, shaping the bandwidth, quality of service, and you can do all that with the firewall, too. It also helps in blocking kids from things and monitoring what staffers are looking at.

I work for a school, so getting licensing and getting the budget for Cisco Secure Firewall for certain products is a challenge. It's good to have them, however, it costs us a lot.

On a scale of one to ten, I rate Cisco Secure Firewall a ten.

My main use cases for Cisco Secure Firewall are mainly user access to the internet and blocking firewall sites.

With the centralized management of Cisco Secure Firewall, it's good in unifying policies across my environment. The simplicity and supportability are important to my organization as it's much easier if everything's the same as much as possible.

I appreciate that the central management of Cisco Secure Firewall is from one location, which saves a lot of time. 

The IPS protection is good for us for security reasons. 

The central management feature of Cisco Secure Firewall saves one location instead of having to log on to multiple locations, which speeds up deployment of any changes or requirements for monitoring.

The upgrading process of Cisco Secure Firewall is a long process on a per-firewall basis, and it would be nice if that could be improved. One firewall can take two to two and a half hours to upgrade, so we end up having to watch it. It becomes a problem; in the old firewall days, it would be about a ten-minute job. I know it's more complicated with the newer firewalls. It's just a long-winded process even if they have sorted it out a little bit with automation.

I have been using Cisco Secure Firewall for probably about eight years.

I have not had one Cisco Secure Firewall fail so far, which shows it is stable and reliable. Right now, I have not experienced any downtime, crashes, or performance issues with Cisco Secure Firewall.

Cisco Secure Firewall scales with the growing needs of my organization, as we have different models and sizes, and our central boxes are powerful enough to cover whatever we want whenever we want.

My evaluation of customer service and technical support for Cisco Secure Firewall is that I have generally hardly ever had to use them. We did two weeks ago, and it was a very quick response that identified exactly where the issue in our configuration was. 

Two weeks ago, I received a very quick response from customer service, which identified exactly where the issue on our configuration was, and it went very smoothly, so out of ten, I would give it a nine.

Positive

Prior to adopting Cisco Secure Firewall, I was also using previous Cisco firewalls, and before that, we had Fortinet and Juniper.

The factors that led me to consider the change to Cisco Secure Firewall were actually price, as Cisco's was a very competitive price, and we received a very good deal.

My experience with the deployment of Cisco Secure Firewall has been generally okay.

I have seen a return on investment with Cisco Secure Firewall since we run them for a long time. 

Our current Cisco Secure Firewall units have been in place for probably over three years now, and at the moment, we're not looking to replace them, indicating a good return on investment since they last and are supported quite a long time after they're released.

My experience with pricing, setup costs, and licensing for Cisco Secure Firewall shows it can be expensive, especially the bigger boxes, since they do a lot more and handle a lot more, with a big jump from the smaller firewalls to the big firewalls.

The other solutions I considered before selecting Cisco Secure Firewall include Fortinet, Juniper, and Palo Alto. We're generally a Cisco house and have been for quite a few times with the old Cisco firewalls, so it was a natural progression. 

We did not purchase the product on AWS Marketplace.

We actually don't do that much encrypted inspecting traffic at the moment with Cisco Secure Firewall, which is something we want to look at. We just want to make sure we don't max out the CPU with the many jobs it does. Cisco Secure Firewall will be a building block part of our zero-trust security model, however, there will be a few other parts needed, such as Cisco Secure Access. 

I have not really expanded the usage of Cisco Secure Firewall. My advice to other organizations considering Cisco Secure Firewall is that it does what it says on the tin; it works, it's reliable, and I have never had one fail, so I think it's good. 

On a scale of one to ten, I rate Cisco Secure Firewall a nine.

My main use cases for Cisco Secure Firewall include revamping old networks, security, content filtering, amp protection, et cetera.

Cisco Secure Firewall is easy to configure, and you can do it all in one pane of glass. It is really simple to configure. The solution allows my junior admins to go into the dashboard and look at any issues or reconfigure any features that need to be tweaked without me physically having to be there.

I have been using the assurance feature in Cisco Secure Firewall recently, and I am starting to see that it is a lot more beneficial for me, with all the analytics and reporting that it provides. 

Cisco Secure Firewall allows us to pinpoint exactly where the packets are being delivered or dropped, and we are able to identify issues quicker than with other models or other vendors.

I assess Cisco Secure Firewall's ability to unify policies across my environment as having ease of building. We need to be able to scale and deploy without running a bunch of commands, especially when managing multiple locations acting as separate entities. It is important to my organization since our team is really small. As an engineer, it is just myself and a few juniors. I can verbally tell them to look at specific things or deploy certain features. It gives them the confidence to touch a firewall without being insecure.

The impact of the cloud-delivered firewall on my organization's security posture is very important. It allows us to place certain policies compared to the old infrastructure that is currently in there, with outdated hardware. It allows us to control the firmware and deploy the firmware. In evaluating Cisco Secure Firewall, I find that it helps us implement a zero-trust security model by allowing us to create one policy and deploy it across all of our networks versus multiple agents. Cisco Secure Firewall is very helpful and convenient for me.

I faced challenges moving away from the MS switches to the CS switches, as it is a little different. I am experiencing some small issues with IP reservations, however, I am working with the Meraki engineers to work around or configure it the next day. 

Regarding stability and reliability, I have experienced false negative alerts with the CS models, which indicate that my switch has gone down when in reality, it has not. That is a fix that is needed.

I would say I have been using Cisco Secure Firewall for the past two months.

Regarding stability and reliability, I have experienced false negative alerts with the CS models, which indicate that my switch has gone down, but in reality, it has not. That is a fix that is needed.

Cisco Secure Firewall scales tremendously with the growing needs of my organization. I know in the future we are going to start deploying SD-WAN and other applications that will require all of our clinics to connect to our HQ, and deploying Meraki will make their IPsec tunnels very seamless.

I evaluate customer service and technical support based on productivity. If I can reduce ticketing by 10% to 20% by deploying these solutions, I consider or job done. 

On a scale of one to ten, I would rate the customer service and technical support of Cisco a ten. There is always someone on call. They are very thorough; they know the product and work with you to resolve issues. That is important for me.

Positive

Prior to adopting Cisco Secure Firewall, I was using different solutions at various locations. As we transition and take on these clinics, we have anywhere from home networks, where someone's uncle installed something, to very outdated firewalls. When we come in and present Meraki and what it can do, it becomes a done deal.

My experience with the deployment of Cisco Secure Firewall has been awesome.

I come in when they have the old network and deploy it. I install a cabinet and new drops. I configure the Meraki gear onto their old network side by side. 

Especially during downtime, I can plug the firewall into that rack to get the external IP configured. Once my ISP comes in, I apply those IP addresses to the firewall.

I have seen a return on investment with Cisco Secure Firewall.

I handle pricing, setup costs, and licensing with our vendors. I contact our vendors, we go over the pricing and the licensing. I make sure they get all the proper codes. As I purchase and license these firewalls, it is all in one place and easy to read and do.

Before selecting Cisco Secure Firewall, I considered Fortinet, which was probably one of the bigger competitors, and SonicWall. We thrive in the Meraki policy. What stood out to me in the evaluation process, compared to other options, was the ease of deployment, the dashboard, being able to manage everything in one place, and Meraki support.

I did not purchase the product on AWS Marketplace.

My advice to other organizations considering Cisco Secure Firewall is to make sure they plan for their organization. Plan for your growth, a three-year growth, and then scale your solutions accordingly. 

On a scale of one to ten, I would rate Cisco Secure Firewall overall a solid ten.

My main use cases for Cisco Secure Firewall include certain requirements from the energy sector, NERC CIP compliance, acting as a perimeter security device, doing layer three routing for us, and VLAN segmentation, as well as creating DMZs.

These features benefit my company by reducing my troubleshooting time, and in the energy sector, time is money, so it does help. The time reduction depends on how quickly someone gets used to it.

The feature of Cisco Secure Firewall I prefer most is troubleshooting, packet capture, and packet tracer; I love those features.  

You can quickly run certain commands on CLI or on FMC CLI to find out what could be the root cause, and it varies from person to person, but it's very useful.

I prefer Cisco since it has been here for a very long time, we have a good relationship with the sales team and Cisco representatives, and the support is pretty good, providing us with 24/7 support, which makes me pretty happy.

Cisco Secure Firewall in helping my company implement a zero-trust security model. I've yet to try it, however, I'm very excited to work on it. My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is pretty good. We can build site-to-site tunnels and various ways of site-to-route based or policy-based, allowing us to see the packets and cap decaps, and Cisco CLI provides a way to see the packets inside, which is very helpful.

Cisco Secure Firewall's licensing model can be improved, as I struggle with it in an air-gapped environment. To make it a ten, a couple of challenges need to be addressed, particularly with the licensing model, as I'm looking for a permanent license solution for air-gapped environments. 

The second issue is the ROMmon mode, where during power outages the firewalls go into ROMmon mode, causing outages and financial loss until we can send someone on-site.

I have been using Cisco Secure Firewall for almost six years.

The stability and reliability of the platform are pretty stable. 

The only challenge I see is with the substation, where when it loses power and there's no manual reboot, it ends up in ROMmon mode and requires a physical reboot, which means we have to send somebody on-site. It does not pick it up when the power goes out and comes back up, going into ROMmon mode, so I need better answers from Cisco about that.

I'm not sure how Cisco Secure Firewall scales with the growing needs of my company.

My experience with customer service and technical support has been good. If I were to rate customer service and technical support on a scale of one to ten, I would give them an eight.

Positive

In the past, we have used other solutions such as Palo Alto and other vendors. I am more of a Cisco person and prefer Cisco.

My experience with the deployment of Cisco Secure Firewall is that it's pretty straightforward.

The biggest return on investment for me when using Cisco Secure Firewall is reliability and robust network design.

Regarding pricing and setup costs, apart from the licensing issue, Cisco products are on the pricier side. That said, they're worth it. We have over 500 substations plus our data center just on OT, and everything is Cisco, so we are a core Cisco customer, and as long as the product is reliable, it's worth every penny.

We did consider other solutions before choosing Cisco Secure Firewall.

I'm not sure how Cisco Secure Firewall's ability to unify policies across my environment is, as I haven't tried that. 

I am not using Cisco SecureX with Secure Firewall; I'm using FMC for centralized management for the firewalls.

The impact of the cloud-delivered firewall on my company's security posture is tricky. For compliance, we are not supposed to have anything cloud-based, so it must be on-prem. We're a big company and we can use it in some other parts of the network, just not for my team.

Overall, I would rate Cisco Secure Firewall an eight out of ten.

My main use case for Cisco Secure Firewall is just control between outer boundary and inner boundaries.

The feature I appreciate the most about Cisco Secure Firewall is the FMC platform where it merges multiple firewalls into one management plane. An example of how features of Cisco Secure Firewall have benefited my organization is through easy deployment of access policies across a long array of devices. I assess Cisco Secure Firewall's ability to unify policies across my environment as a single pane of glass with the FMC. If I need to look up a policy or implement something, I just type in the name of the policy I made to see what objects apply to our policy. I appreciate that part.

Cisco Secure Firewall could be improved in several ways. I've noticed in different versions that some versions had packet caps and some didn't. The user interface could be improved, and maintaining a consistent version across the board would be beneficial. Ease-of-use is important, with the user-based interface and keeping plain language. In the next release of Cisco Secure Firewall, it should include features that utilize AI to speak plain language. For example, it could respond to, 'Hey, I want to do this thing,' and guide users accordingly. I know AI feedback is a hot topic, but I wonder how reliant that is on external connectivity. If it can work in an air-gap network, that would be significant.

I have been using Cisco Secure Firewall for at least a few years, maybe three or four years.

I evaluate the stability and reliability of Cisco Secure Firewall as quite strong since it's probably one of the few things that hasn't crashed on us. While I haven't experienced crashes with Cisco Secure Firewall, most of our issues don't come from it unless it's something we've blocked, preventing users from accessing areas. It's never been a device problem or related to the technical implementation of things.

I think Cisco Secure Firewall scales effectively with the growing needs of my organization because we work in boundary-level areas. Most of our users connect on the inside of the boundary and then egress out, making it easy for us to scale out to support thousands of users as long as they connect to that inner part.

My evaluation of customer service and technical support for Cisco is positive. TAC cases generally serve as a good option for anything we've had problems with Cisco devices, and the process is good. On a scale of one to ten, I would rate Cisco's customer service a 10.

Positive

Prior to adopting Cisco Secure Firewall, I was using Fortinet. The factor that led me to consider changing from Fortinet was its vulnerability problems. We scrapped that solution.

My experience with the deployment of Cisco Secure Firewall is pretty good.

Before selecting Cisco Secure Firewall, I considered a couple of other platforms, including some Palo Altos, for separate requirements that Cisco doesn't meet.

My experience with Cisco Secure Firewall is positive. I appreciate it because it has always been easy for me as an individual to navigate and manage anything Cisco-related.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is somewhat mixed. I have a concern about the GRE and the Snort inspection. Sometimes Snort would break GRE traffic when trying to tunnel from the outside in. Making a policy to allow GRE always breaks. But other than that, it's been straightforward.

This unified policy management is important to my organization because different functions in a network can apply to many other users. It allows us to see that from one pane of glass, and I can easily search it up by name or IP address. I use Cisco SecureX with Cisco Secure Firewall, mainly Firepower, and we integrate them in FMC.

The integration of Cisco SecureX with Cisco Secure Firewall doesn't really affect dwell time for my team. It just gives us the ability to filter out unwanted things from the outside. We don't use much cloud functionality, so I can't comment on the impact of the cloud-delivered firewall on our organization's security posture.

My evaluation of Cisco Secure Firewall in helping my organization implement a zero-trust security model is that we don't really use it for firewalls. We work with DNA center stuff and fabric-enabled technologies. We use the zero-trust model with 802.1X, but that's more unfirewall-related.

The process of using Cisco Secure Firewall is straightforward; you install it and decide whether to block or allow protocols. It's simple and easy. The language part makes it easy since a Cisco box is a Cisco box, and opening up TAC cases on the Cisco portal is straightforward.

My advice to other organizations considering Cisco Secure Firewall is to understand how a firewall works, know your network, and what you want to block and allow. Cisco has been good with their support level, so as long as they know Cisco, they should be fine. I rate Cisco Secure Firewall 10 out of 10.

My main use cases for Cisco Secure Firewall are to help secure the network and control what we allow in and out of the network.

The benefits of Cisco Secure Firewall's features for my company include giving us more visibility into what's going on when there's either an attack or just normal traffic, allowing us to see what's going through it.

The feature of Cisco Secure Firewall that I appreciate the most is the central management. The central management feature makes it easier to configure once, push out, and replace firewalls when they go bad. It's nice to have one pane of view, one pane of glass. 

I assess Cisco Secure Firewall's ability to unify policies across my environment as definitely easy. We just do it through the one central management and then push it out from there. It is important for our organization to have such a feature. The importance of this feature lies in that it just helps standardize our configuration approach, allowing us to ensure that our ideas get pushed out to everything.

Cisco Secure Firewall could be improved by providing more visibility, especially regarding encryption, to be able to see what's in those traffic flows. More application visibility would also help; it knows about certain types of traffic yet not everything. It would be awesome if it knew everything. 

To make Cisco Secure Firewall a better product or a perfect product, visibility is a good improvement area. You sort of have to know the product to use it, so user and technical improvements should aim for simplicity. There's so much it does that I don't know how much more simple it could go, so I'm not sure what really could be improved.

My impression of Cisco Secure Firewall's visibility and control capabilities in managing encrypted traffic is that somewhat limited. Most tools seem to be limited on encrypted traffic, so we don't get too much visibility into it—just the general type of traffic, not too much more than that.

We've been using the solution for at least 15 years.

The stability and reliability of the Cisco Secure Firewall platform are very good; it's rock solid and has always just done its work.

Cisco Secure Firewall is growing and handling everything we ask it to do, so it's performing that part effectively.

I evaluate customer service and technical support of Cisco overall as good; it's definitely one of the better companies to work with.

Positive

While using Cisco Secure Firewall, we did consider other solutions. We recently upgraded all of them to the latest edition of Cisco, and we looked at Palo Alto and other tools at that time, but those firewalls have been in place for about 15 years. I don't know what happened when we initially put them in, but we did do an evaluation three years ago and decided to stay with Cisco.

The deployment seems to go well. I'm not the one personally doing it. That said, the guys I tell to do it get it done when we need it done.

I don't see a return on investment with Cisco Secure Firewall; it's more of a needed tool, just something we need to do to get business done, so I'm not really looking at it as a tool that would give us an ROI.

My experience with the pricing, the setup cost, and the licensing of Cisco Secure Firewall has been what I expect; I'd always prefer it cheaper, but nothing too exorbitant.

Familiarity was the biggest reason for staying with Cisco; everybody knows how to use the Cisco CLI, so it wasn't worth the effort to swap out, as there were no big benefits from other solutions.

I'm not sure if there are any new features or functionalities that I have tried recently in Cisco Secure Firewall; it's just been doing its work for a while now. 

I don't really use a cloud-delivered firewall as of today, so the only effect of not looking at it is speed. We're looking for the best performance we can get, and cloud usually isn't that. Cisco Secure Firewall helps us along the path to implementing a zero-trust security model, but there are a lot of tools and different paths to cover, so it's just really one tool in the arsenal.

On a scale of one to ten, I rate Cisco Secure Firewall an eight.

My main use cases for Cisco Secure Firewall are to safeguard our network, including the IPS and all the traffic, and to control the traffic.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are very good. I can implement all my certificates, so I can open the traffic and see everything.

Cisco Secure Firewall’s ability to unify policies across our environment is at a high level. This unification of policies into one system is important for my company. We are able to consolidate all the policies instead of spreading them across many security systems.

What I appreciate the most about Cisco Secure Firewall is that it can be very elastic, as it can be configured with all the flexibility of my network needs and complexity. The service I receive from the Cisco engineer helps me implement all my needs. 

Cisco Secure Firewall allows me to safeguard Layer 7 or Layer 3 and manage the security rules with the business needs of my organization. The firewall has benefited my company overall because it safeguards and finds and stops all the malicious traffic.

Cisco Secure Firewall can be improved by simplifying the GUI, as it shouldn't be so complex.

I have been using Cisco Secure Firewall for ten years.

It's very robust. We don't have any downtime or anything. We work with a cluster with high availability, so if something goes wrong, we have it functioning.

Cisco Secure Firewall helps with the growing needs of our company as it's scalable.

Customer service and technical support for Cisco Secure Firewall are very good. I would rate them a nine out of ten.

Positive

It was a little bit difficult.

We needed a good integrator to help us, and we contacted Cisco for some help with technical issues.

We are able to safeguard our assets.

It's acceptable and comparable to other products.

We did consider other solutions before choosing Cisco Secure Firewall. We considered all the big vendors such as Palo Alto, Check Point, Fortinet, and others. Cisco won because it has the best IPS model on it, and that's the reason why we chose this firewall.

I would rate Cisco Secure Firewall an eight out of ten. To make it a ten, the complexity of the configuration compared to other vendors needs to be addressed. Overall, we're very happy with the product.

My main use case for Cisco Secure Firewall is to secure a data center.

They help keep our environment more secure. 

The features I appreciate the most about Cisco Secure Firewall are the policies, ACLs, and traffic behavior analytics. These features have benefited my organization by keeping the environment more secure within the organization.

If I assess Cisco Secure Firewall's ability to unify policies across my environment on a scale of one to ten, it would be an eight. This is very important to my organization, as we work extensively with security because we are a bank, so we can keep the data safe.

I have not recently used any new features or functionalities in Cisco Secure Firewall, however, I would want to try more visibility and observability. My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is that it can improve. There is some traffic that is encrypted that needs to be decrypted to catch something and analyze and give some analytics, so that part needs to work more.

The dashboard needs to be more intuitive and easier to navigate. What stood out to me about Cisco Secure Firewall that made me choose to use it is that it is intuitive, but I feel it could be improved further in terms of intuitiveness. It could be improved to achieve easier configuration and more efficiency.

I have been using Cisco Secure Firewall for eight years.

I would evaluate the customer service and technical support on a scale of one to ten as a ten, as they have expertise and provide solutions for the most difficult problems, so we have had a very good experience.

Positive

We did have Fortinet previously. That had a more intuitive dashboard. 

We did consider other options, including Juniper.

I did not purchase via AWS Marketplace. 

At the moment, we are not using the cloud-delivered firewall. It could be better regarding encryption and encrypting traffic. I have not seen that part and we do not use it since we use it on Fortinet, however, that would be something that helps to keep the network more secure.

I would advise other organizations considering Cisco Secure Firewall that they can trust Cisco Secure Firewall and that they should provide training for their staff to achieve better and more efficient work.

On a scale of one to ten, I would rate Cisco Secure Firewall overall as an eight.

Our main use cases for Cisco Secure Firewall are segmentation and VPNs. My involvement is more at the remote sites, setting up those firewalls for VPN, and we have centralized management for handling all the policies.

I appreciate the uniformity of being able to push the policies out with Cisco Secure Firewall. That was one of the reasons we acquired it, so we could push the policies out everywhere.

Downtime due to bugs requiring code upgrades has been problematic. That's the reason why we are moving away from Cisco Secure Firewalls.

I have been using Cisco Secure Firewall for approximately four years.

It has been problematic, primarily due to bugs in the code rather than crashes.

We're looking at Palo Alto, and we will probably be cutting over to Palo Alto, which will likely be a many-year project.

I appreciate Cisco's support and have been very happy with it. I imagine the support is the same for the firewall. I typically handle break-fix issues at the firewall level and turn them over to engineering, who then contact tech support. With switching, I call tech support directly. 

The support has improved significantly over the years, and the escalation process is very straightforward now. Even if the first engineer isn't highly knowledgeable, we get additional support and can escalate the issue.

Positive

We have been using a Meraki solution.

Licensing with Cisco Secure Firewall isn't too difficult. However, pricing seems high. We had been using a Meraki solution, and Cisco Secure Firewall seems more expensive than Meraki, even though Meraki is also cloud-based.

We're going to cut over to Palo Alto, which will probably be a many-year project, because the amount of downtime is substantial. While it doesn't affect the whole company, there is downtime in certain areas, usually due to bugs that require code upgrades to fix. That has been problematic. 

We had planned to deploy Meraki more extensively as our Cisco ASAs aged out. However, we're also deploying SDA fabric, and Meraki is currently not compatible with that solution. I recently spoke with an engineer about SDA, and his answer indicated they will be supported, but with some variance. That's why we're moving away from Meraki, but we're still not ready for Palo Alto since it has a big learning curve and is totally different. We still have deployment and upgrade needs, so we're continuing to get Cisco Firepower firewalls while implementing Palo Alto more internally. This could be a multi-year process, depending on how it progresses.

It's difficult to predict how other organizations will deploy Cisco Secure Firewall, but my advice is to ensure the code being installed is the code recommended by Cisco. My recommendation wouldn't be extremely high, as deciding to discard millions of dollars in investment makes a significant statement. I would have difficulty recommending it based on our management's decisions, especially considering we're willing to replace our core firewalls and perimeter firewalls. The Palo Alto transition entails substantial training and design work. If we're willing to get rid of Cisco Secure Firewall in favor of a different product, it says a lot.

I would rate Cisco Secure Firewall a seven out of ten. It performs necessary firewall functions, but there are issues related to bugs.