Cisco Secure Firewall ASA Virtual - PAYG

Cisco Secure Firewall  can be used for perimeter security, IDS, IPS, and VPN purposes. When discussing secure access via Cisco Secure Firewall , it helps any roaming user, whether working from home, an airport, or in the office, to securely access any workload that could be located on a private cloud, public cloud, data center, or at the edge. It bypasses the on-premise firewall, but they offer firewall as a service, which is on the cloud and enables Secure Service Edge. Perimeter security is necessary and is part of their Secure Access offering, which is Firewall as a Service coming out of the cloud.

From Cisco Secure Firewall's security offering perspective, Cisco has a very comprehensive offering. Whether it is perimeter security in the form of firewall, user security for remote users for SASE , AI security, endpoint security, network security, or workload security, this fits very well into an overall security architecture proposed by Cisco, which is called a Security Reference Architecture. They have a very comprehensive range of products that integrate very well with their firewall. I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective.

Cisco Secure Firewall includes something called Secure Cloud Control, which provides single management for consolidating policy across multiple pieces of equipment, whether it is a SASE  policy, firewall policy, or otherwise. Centralized policy management is possible within that firewall, and if you want to orchestrate the same policy across multiple security products, you can use Cisco Secure Cloud Control.

Different models exist for Cisco Secure Firewall. Every on-premise model has a limit to the throughput it can support, and up to that limit, it scales fine. After reaching that limit, you are supposed to replace the model. For on-premise solutions, this is the case. However, Firewall as a Service can scale to a very large extent because it is a cloud-based offering that can scale up to a very large number, which is not a problem.

Cisco Secure Firewall has been used and sold for at least three to four years.

Cisco Secure Firewall is quite stable. If I had to rate stability from zero to ten points for Cisco Secure Firewall, I would give it an eight.

Cloud-delivered firewall provides much better flexibility for an organization via Cisco Secure Firewall. First, you can ensure that any users coming from outside securely access any workload that the organization may be running either in a private cloud or public cloud on a hyperscaler. Second, it provides what is called local internet breakout, where any services not supposed to go through the firewall can do a local internet breakout. With Firewall as a Service, you can consume capacity as you grow, rather than trying to put one firewall for your peak load. This gives tremendous flexibility similar to the flexibility that exists in cloud consumption.

If I had to give points for technical support from Cisco, I would give it an eight. It is pretty good, and we do not face a challenge. The reason is that our own team is pretty capable technically, so we do not go back to Cisco for much support. Whenever we have requested support, they have been pretty responsive.

I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective. Cisco Secure Firewall helps with the Zero Trust Security Model. ZTNA  is a concept that has to be implemented at every tier, including the firewall. You cannot implement zero trust without a firewall also supporting it. It is an important piece in building a zero trust architecture. The review rating for this product is an eight out of ten.

Cisco Secure Firewall  provides intelligent devices that can manage security issues between IT and OT environments. IT is an information technology environment consisting of servers and data centers, while OT environment is operational technology related to PLC cabinets and machines. When integrating both to work in business processes, security issues between IT and OT must be managed, and Cisco provides excellent devices for managing this challenge.

I primarily use Cisco Secure Firewall  in manufacturing fields rather than applications. In a small area, I integrated Cisco with RADIUS for authentication purposes and TACACS, applying security rules to external access for suppliers from Europe and the USA to our environments.

I use cloud-delivered firewall in parts of our business because we have multiple locations distributed across Egypt and Germany. I needed to use a firewall in the cloud to publish security policies remotely and manage separate locations with the same vendor like Cisco.

The biggest benefit of Cisco Secure Firewall and the features that stand out to me are its excellent integration with PLC and manufacturing devices. This option cannot be found on other devices such as Sophos or FortiGate.

The unification of policies is very important to me because without unified communication between devices with the same rule and security policy, managing everything with separate technology and separate vendors would be very difficult. Cisco excels at this.

The deployment of Cisco Secure Firewall was completed in-house.

Regarding implementing a zero-trust security model, I did not pursue this option because zero-trust is new technology with significant human impact on business operations. I use multi-factor authentication instead, with devices such as YubiKey , which is a USB device for trusting device authentication with hardware, but I have not implemented zero-trust at this time.

I do see some drawbacks with the authentication portions of Cisco, which are very legacy and have not been improved for a long time, such as using 802.1X switches. These aspects must be improved.

I have been using Cisco Secure Firewall for ten years.

For some period of time, we were a partner with Cisco, and after that, we began working as a customer.

I see some ROI through savings, including time and money savings. When evaluating Cisco over a longer period, I save money because the service renewal costs are substantial compared to alternatives. If I consider FortiGate, each module costs money and each renewal costs money. When comparing Cisco with other vendors, I believe Cisco's licensing is better.

Some differences from a technical standpoint are that Cisco is more professional in creating and applying rules on devices and integrating with other infrastructure, particularly routers. If I wanted to integrate access points and switches with Sophos or FortiGate, I would have to purchase the same brand name from those vendors and not integrate with others. This is a significant limitation. With Cisco, I do not have to purchase everything from a single partner and can mix between providers to take advantage of each product's benefits.

We are currently using Cisco Secure Firewall ASA  and are planning to use Cisco Vision. Cisco provides many tools to have visibility of packets moving on the network and enables capturing certain packets for analysis, which others cannot do.

Cisco Secure Firewall is very fair according to the benefits it provides. When comparing Sophos, FortiGate, and Cisco in terms of benefits and stability, Cisco is excellent.

Cisco Secure Firewall has a degree of complexity, but I believe it is more professional in deployment because it operates at the data link layer and network layer rather than only at the application and web levels. I rate this review as a nine out of ten.

I am working with all of these vendors today, including F5, Cisco Umbrella , Cisco ASAs, Palo Alto Prismas, and Palo Alto Panoramas. I have been using all these tools currently.

I do work with Cisco Firewall and Cisco Secure Firewall .

I use Cisco SecureX with Cisco Secure Firewall  in integration. SecureX is the VPN, or Secure Client.

The biggest benefit which I currently see in Cisco Secure Firewall is that it keeps getting up to date. The signatures or the vulnerabilities, and the remediation has been releasing every 24 hours. This makes our firewall or the network very secure. When we put the updates or patches on time on our firewalls, it keeps the network really secure.

Another thing is that it is user-friendly. Everything is within the help section. Everything is clearly mentioned, so if you do not remember anything or need to put a command, it can be accessible easily through the support website of Cisco. You will not face many challenges when you are applying any policies or creating any rules, or modification of any policies within the firewall.

The ability to unify policies across the environment depends on the customer's requirement, but the exact access required for their customers and users is what matters. Based on that, we can implement the policies within the network and we obviously require approvals from certain stakeholders. Once they allow it, we will move ahead and unify those policies.

Cisco Secure Firewall absolutely helps with the implementation of the zero-trust security model. Zero trust is basically what Cisco recommends, which is to not trust even your internal network. The internal employees sometimes are trusted because the 172 network is our internal network, and we basically allow access to everything and every subnet. However, Cisco suggests us to not trust anybody. Even if it is your internal users, you should put a check on their clients as well. Cisco gives us this feature. Every traffic passing through the firewall gets a check. It does not allow anybody to pass away without inspection.

If we talk about areas for improvement, when you look at the other competitors of Cisco, such as Palo Alto and Fortinet, they are moving much ahead from Cisco. That is one thing that Cisco has to really take as a challenge because Palo Alto has introduced a lot of new features. They have integrated with AI. You really do not have to run those commands manually. The basic things have already been taken care of by that integration of AI. That is one thing that Cisco has to jump ahead and compete with their partners.

I can speak about specific examples or features such as Prisma SASE , which has been introduced by Palo Alto. That similar feature or advantage is missing in Cisco Secure Firewall yet. They must be working on it, but as of now, Palo Alto is much ahead.

I have been working with Cisco Secure Firewall for more than seven years and my overall experience in the field with firewalls is 10 years. Since 2015, I have been working with firewalls and endpoint security. With time I have upgraded my skills and with whatever the requirement is from the organization or from the client side, I put in my efforts and continue learning.

I would say it is reliable, but only when you have sufficient processing unit or when the CPU does not get high. There must be sufficient RAM on the devices and you must have purchased enough licenses and not put a lot of load on the firewall. Otherwise, it is sometimes not reliable, but that is your misconfiguration or when you have not purchased enough storage or the high-end processors for the data transfer and the packet. Then it sometimes gets unreliable. However, if you have sufficient space on your firewall and a good amount of processing unit, then I think it is good. It is reliable and stable as well. The only part is when you are putting a lot of pressure or data payload on the firewall, but the firewall does not have that capacity to handle that much traffic, then it gets stuck or sometimes gets crashed as well.

I see that Cisco Secure Firewall is very easy to scale. They provide that feature. Whenever your organization gets bigger, it is easily scalable. Whenever your users are getting increased or you have to put up more firewalls, they provide that feature. There are no limitations on that.

I do observe some ROI in Cisco Secure Firewall, such as some savings in terms of time-saving or money-saving. The support is really good. If we require a L3 level of TAC support from Cisco, they are easily available compared to other two vendors. Sometimes when we get stuck on something, if we reach out to Cisco support and their Cisco TAC technical team, they are easily available. You do not face many challenges to talk to them.

On a scale from zero to 10, I think they deserve nine points for support.

I would say it is straightforward for experienced people; it is deployable. Without many challenges they can deploy it. However, for beginners, it might be challenging for them. It requires certain technicalities and awareness of the technical part.

Some challenges may happen during deployment. Initially when you set it up, it requires a console from the scratch itself. When you are deploying any firewall, what you need is physical access of that device, wherever it is. Once that part is covered, then the configuration is either you can do it through that tool or you can do it manually. Cisco provides both options. If you want to go with the manual or if you want to go with that integration tool, with the tool it is very straightforward. However, when you have to do it manually, it takes certain pre-checks and post-checks with that device.

I would say Cisco Secure Firewall is better than Fortinet any day.

My clients' deployment model is usually on cloud. Right now, mostly devices have been moved to cloud. There are still one or two devices that are still there which I am managing. They are legacy devices. Mostly are on cloud.

I do say that visibility and control capabilities in the firewall do help to manage encrypted traffic. Mostly traffic gets encrypted. I provide that feature, SSL encryption. All the traffic that traverses through the firewall is encrypted. It cannot be readable by a third person or with any tools. Only peer-to-peer encryption is there. Only when they have the keys available, the specific users or destination, only they can decrypt it. The end-to-end encryption is there. I have that.

I would rate this review as an 8 out of 10 overall.

The challenges during the implementation of Cisco Secure Firewall  mainly involve the complexity of the rules to be migrated or the complexity of the scenarios to be implemented, which are related to OT scenarios and disconnected environments.

I benefit from using Cisco Secure Firewall  mainly because at least 99% of my customers have a Cisco environment, including switching and routing, making it easier to integrate with other Cisco components than with other vendors.

The impact of a cloud-delivered firewall on my organization's security posture depends on the environments I manage, which are primarily disconnected and focused more on industrial security rather than the cloud. While traditional IT recognizes that the delivery of cloud services is beneficial, comparing it to Azure Firewall , Google Firewall, or AWS  Firewall shows that they are not true firewalls but rather sets of rules that do not work perfectly. From my perspective, it is better to add Cisco Secure Firewall for proper coverage.

The best features of Cisco Secure Firewall that make it distinct from the rest of the vendors are mainly its Layer 4 capabilities, as it is the best in routing and switching mode, along with the way Cisco Secure Firewall works in disconnected environments.

The deployment for Cisco Secure Firewall takes no more than six to eight hours, but the fine-tuning of the solution typically takes four or five days.

Using Cisco Secure Firewall is financially beneficial as it provides clear settings for all members managing the solution, making it easy to teach the engineering team how it works and how to configure it, ultimately reducing the time needed to apply policies or make changes in the infrastructure.

I have not noticed any significant drawbacks or weak points in Cisco Secure Firewall. The deployment is not complex, but the complexity arises during fine-tuning due to customers migrating from other solutions, as copying and pasting rules is not the same across all vendors, which necessitates fine-tuning. This can be a pain point when lacking tools to assist in the migration process.

I would assess Cisco Secure Firewall's ability to unify policies across environments as complex, since different customers have varying situations. Some wish to consolidate rules in the same place, while others prefer different rule sets in different locations.

I have been working with Cisco Secure Firewall for around 20 years.

My thoughts about the technical support of Cisco are positive. The times I have opened a ticket, the support has been responsive, and for incidents rated P up to P3, the responses have been satisfactory. I have not needed to open a P2 or P1 incident.

I would rate Cisco's technical support a nine out of ten.

The number of people involved in the process depends on the customer. Sometimes I am alone doing the task, but there are times when I define the task and the customer team handles it, which can involve three, four, or six people, depending on the customer.

I am focused mainly on the security part, utilizing all of the tools such as Palo Alto, Fortinet, Check Point, Sophos, CyberArk, Delinea, Netskope , Splunk, and all the security suite from Microsoft.

I am working with both on-premises and cloud deployment models.

I have not used any new features or functionalities recently in Cisco Secure Firewall, as it usually functions as a Layer 4 firewall without applying any filtering or inspection.

My experience with the licensing model indicates that for a long time, I believed the price was reasonable, but currently, I am uncertain as all services I purchase are directly from the customer while I act as a consultant, not purchasing any components myself.

I would rate this product a nine out of ten overall.

Our company's use case for Cisco Secure Firewall  is to separate and protect the different server network ranges in our data center and to provide access to and from those services that sit in our data center to users and customers alike. We also use Cisco Secure Firewall  on the edge to provide internet access to and from the internet for our business.

The most valuable aspect of Cisco Secure Firewall for me is not a specific feature but the fact that it is quite stable as a firewall overall. It is not too buggy or disruptive when performing our day-to-day operations, and that is the main thing about it.

Centralized management of Cisco Secure Firewall benefits our organization because we have multiple firewalls, but we go to one single page or use the Firewall Management  Center to administer policies and make changes. This allows us to see what is going on from a visibility perspective, so all troubleshooting, configuration, and administration of the firewall happens at one single place, which is beneficial.

A single pane of glass for management is available.

One thing I would improve in Cisco Secure Firewall is somehow embedding the capability to use an asterisk-type of firewall rules in the access control policy. An example could be star.google.com; being able to use an asterisk for anything in the subdomain would be beneficial, as I know some of Cisco's competitors allow that on their firewalls, which eliminates the need for an additional appliance to facilitate that component.

I have been using Cisco Secure Firewall for about five years.

Currently, Cisco Secure Firewall has been up and running for about three years since its last reboot, so it is quite stable.

I find the solution to be scalable, especially with the other products that Cisco is developing. For instance, Cisco Secure Cloud now allows us to potentially take the management functions of Cisco Secure Firewall, move it into the cloud, and integrate it with other Cisco security products, managing everything from one single pane.

I have worked with Cisco's customer support.

When it comes to customer support, referring to TAC, I find that Cisco's support stands out. It is very important for us as a business to have that support when needed, and Cisco has often never failed in providing that support.

If I were to rate the support overall from one to ten, I would give it a nine.

While I rate it a nine, to make it a ten, it could be improved based on individual cases. Some support people truly embody Cisco's values in responding and assisting, but there are times when some individuals may not be as helpful as others, leading to a disconnect in the support experience.

Deploying Cisco Secure Firewalls  is quite straightforward, as Cisco provides a lot of available documentation online, extensive support, and training, which makes it easy for engineers and customers to use Cisco products effectively.

The deployment time for Cisco Secure Firewalls  varies. Currently, I am going through a refresh where we are replacing older Firepower systems with newer ones, but in the past, it has been relatively simple, typically taking within an hour or two to get everything up and running.

I have been part of the deployment of Cisco Secure Firewalls.

From a return on investment perspective, I think Cisco Secure Firewalls keep our organization safe and protect the organization's image from a governance standpoint. With cybersecurity being a big issue in the world, Cisco Secure Firewalls protect data, the environment, organization, and keep things safe. It is always reassuring for customers to know that the organization I work for invests in products like Cisco Secure Firewall to protect ourselves.

Cisco Secure Firewall is similar to insurance in that it provides peace of mind.

I rate Cisco Secure Firewalls a nine overall. While there are features I think could be added to achieve a perfect ten, I still regard it higher than its competitors. From both a technical and peace of mind perspective, Cisco Secure Firewall is the frontrunner.

I would tell someone considering purchasing Cisco Secure Firewalls that they will not be disappointed. My overall review rating for Cisco Secure Firewall is nine.