Sold by: Cisco Systems, Inc.
Deployed on AWS
Free Trial
Protect your dynamic cloud environments with consistent security, superior visibility, and advanced threat defense such as application visibility and control, deep packet inspection, IPS, malware defense, and URL filtering - powered by Cisco Talos® Threat Intelligence. Achieve deeper visibility into QUIC and TLS 1.3 traffic without breaking Layer 7 policies.
4.2
Overview
Cisco Secure Firewall Threat Defense Virtual delivers consistent security, deep visibility, and advanced threat defense options to help you maintain business continuity amidst unpredictable threats and change. Take advantage of capabilities such as application visibility and control, Snort 3 IPS, malware defense, URL filtering, and Cisco Talos® Threat Intelligence to protect against known and unknown threats across your environments. Maintain Layer 7 policies on encrypted QUIC and TLS 1.3 traffic with our Encrypted Visibility Engine.
Realize a payback period of 10 months over a three-year investment*.
Secure your dynamic environments consistently: Gain consistent security policy enforcement, deep packet inspection, and ingress and egress traffic protection across your cloud environments.
- Deeper visibility into QUIC and TLS 1.3 encrypted traffic without breaking Layer 7 policies
- Dynamic attribute support for AWS tags for situations where static IP addresses are not available
- Firewall clustering for highly-available threat defense
Achieve greater efficiency with unified firewall management: Cisco Secure Firewall Management Center gives you the freedom and choice to administer firewalls, correlate and prioritize threats, as well as quickly act on them in a single pane of glass.
- Reduce up to 95%* of network operation work streams by managing your firewall stack with Secure Firewall Management Center
- Management offered in a cloud-delivered, virtual, and on-premises form factors
- Supports REST API - a HTTP-based interface for management, policies, and monitoring
Accelerate response with Cisco SecureX: Every Secure Firewall includes entitlement for Cisco SecureX to accelerate threat detection and remediation.
- Speed up incident response with the new SecureX ribbon in Firewall Management Center, enabling SecOps to instantly pivot to the SecureX open platform
- Configure AWS VPCs manually or automatically from SecureX in response to events from Cisco Secure products
- Monitor your AWS accounts and workloads for malicious activity by integrating with Amazon GuardDuty
Introduce AWS services for added benefits:
- Combine with Amazon Gateway Load Balancer to dynamically insert scalable security into your AWS environment and reduce complexity
- Leverage Amazon Route 53 for remote access VPN
- Integrate with AWS Transit Gateway for scalable inter-VPC traffic
For supported AWS instances, please see the data sheet. To get started, see our Getting Started Guide.
*Forrester Total Economic Impact of Cisco Secure Firewall, 2022. <www.cisco.com/go/firewallTEI >
Highlights
- An AWS Security Competency approved solution providing real-time, unified, network security to protect your most critical infrastructure and data across dynamic environments.
- Delivers the most advanced threat defense options with Snort 3 IPS, visibility into encrypted QUIC and TLS 1.3 traffic, malware defense, URL filtering, deep packet inspection, and application visibility and control.
- Cisco Talos® Threat Intelligence is included, protecting against known and unknown threats from one of the world's largest commercial threat intelligence teams.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 10.0.0-140
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c5.xlarge Recommended | $1.00 |
c6a.2xlarge | $1.80 |
m5zn.xlarge | $1.00 |
c5n.xlarge | $1.00 |
c6a.4xlarge | $3.50 |
c5a.2xlarge | $1.80 |
c6i.2xlarge | $1.80 |
c5ad.xlarge | $1.00 |
c5ad.2xlarge | $1.80 |
c6in.2xlarge | $1.80 |
Vendor refund policy
The Cisco NGFWv instance can be terminated at any time to stop incurring charges.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Resources
Support
Vendor support
For Community Support, please visit the Cisco Security Firepower community using the link below and include NGFWv-AWS in the title of your discussion for the fastest response. The below listed partners can also sell support contracts. https://supportforums.cisco.com/community/12249536/firepower-firesight-system http://WWW.TRACE3.COM http://WWW.SHI.COM http://WWW.SYCOMP.COM http://WWW.COMPUTACENTER.COM (EMEAR) http://WWW.VELOCIS.IN (APJ)
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cisco Systems, Inc.
By Juniper Networks
By Barracuda Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Intrusion Prevention System
Snort 3 IPS engine for detecting and preventing network-based attacks and intrusions
Encrypted Traffic Visibility
Encrypted Visibility Engine providing Layer 7 policy enforcement and deep visibility into QUIC and TLS 1.3 encrypted traffic without decryption
Threat Intelligence Integration
Cisco Talos Threat Intelligence integration for protection against known and unknown threats
Deep Packet Inspection
Deep packet inspection capability combined with application visibility and control for comprehensive traffic analysis
Firewall Clustering
Firewall clustering support for high availability and distributed threat defense across cloud environments
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) capabilities for threat detection and mitigation
Application Security and Visibility
Application visibility and control through AppSecure with L4-L7 security services
VPN and Secure Connectivity
IPsec and full mesh VPN termination services for secure connectivity across on-premises data centers, campuses, branches, and geographically dispersed VPCs
Cloud-Native Integration
Integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, and Gateway Load Balancer (GWLB) with L3 gateway and L4 load balancer capabilities
Advanced Routing and Network Services
Cloud-grade routing capabilities with NAT, firewall, and network address translation services
Software-Defined WAN (SD-WAN) Engine
Built-in SD-WAN engine combining multiple remote access and WAN optimization technologies for secure access to cloud resources across office and mobile users.
Intrusion Prevention System (IPS)
Integrated IPS engine providing real-time network protection against a broad range of network threats.
Application-Based Traffic Control
Enterprise-grade firewalling with application-aware segmentation and traffic control based on application identity, ports, and user identity.
Network Access Control
Network access control enforcement capabilities for enforcing security policies across dispersed network environments.
VPN and Secure Connectivity
VPN technologies enabling secure remote access, secure office-to-cloud connectivity, and cloud network segmentation with support for branch office direct internet schemes.
Standard contract
No
No
No
Customer reviews
Robsen W.
License Portability and Performance-Based Models That Deliver
Reviewed on Feb 13, 2026
Review provided by G2
What do you like best about the product?
License Portability and Performance-Based Models
What do you dislike about the product?
Management Complexity, the fact that it requires dedicated central management tool to be managed remotely. as some one who works in IT reseller company, when some of our clients need 1/2 firewalls, the central management might introduce additional price. which might not be worth it considering the number of firewall to be managed. some other vendors like fortinet for example we can manage the firewall directly using GUI without the need for another central management appliance.
What problems is the product solving and how is that benefiting you?
I have deployed it for a client which is in financial sector/bank to as an internal firewall to protect the computing resources and they are happy with the performance and the support they are getting from cisco
reviewer2802570
Centralized protection across data center and edge has provided peace of mind and reliable security
Reviewed on Feb 12, 2026
Review provided by PeerSpot
What is our primary use case?
Our company's use case for Cisco Secure Firewall is to separate and protect the different server network ranges in our data center and to provide access to and from those services that sit in our data center to users and customers alike. We also use Cisco Secure Firewall on the edge to provide internet access to and from the internet for our business.
What is most valuable?
The most valuable aspect of Cisco Secure Firewall for me is not a specific feature but the fact that it is quite stable as a firewall overall. It is not too buggy or disruptive when performing our day-to-day operations, and that is the main thing about it.
Centralized management of Cisco Secure Firewall benefits our organization because we have multiple firewalls, but we go to one single page or use the Firewall Management Center to administer policies and make changes. This allows us to see what is going on from a visibility perspective, so all troubleshooting, configuration, and administration of the firewall happens at one single place, which is beneficial.
A single pane of glass for management is available.
What needs improvement?
One thing I would improve in Cisco Secure Firewall is somehow embedding the capability to use an asterisk-type of firewall rules in the access control policy. An example could be star.google.com; being able to use an asterisk for anything in the subdomain would be beneficial, as I know some of Cisco's competitors allow that on their firewalls, which eliminates the need for an additional appliance to facilitate that component.
For how long have I used the solution?
I have been using Cisco Secure Firewall for about five years.
What do I think about the stability of the solution?
Currently, Cisco Secure Firewall has been up and running for about three years since its last reboot, so it is quite stable.
What do I think about the scalability of the solution?
I find the solution to be scalable, especially with the other products that Cisco is developing. For instance, Cisco Secure Cloud now allows us to potentially take the management functions of Cisco Secure Firewall, move it into the cloud, and integrate it with other Cisco security products, managing everything from one single pane.
How are customer service and support?
I have worked with Cisco's customer support.
When it comes to customer support, referring to TAC, I find that Cisco's support stands out. It is very important for us as a business to have that support when needed, and Cisco has often never failed in providing that support.
If I were to rate the support overall from one to ten, I would give it a nine.
While I rate it a nine, to make it a ten, it could be improved based on individual cases. Some support people truly embody Cisco's values in responding and assisting, but there are times when some individuals may not be as helpful as others, leading to a disconnect in the support experience.
How would you rate customer service and support?
Positive
How was the initial setup?
Deploying Cisco Secure Firewalls is quite straightforward, as Cisco provides a lot of available documentation online, extensive support, and training, which makes it easy for engineers and customers to use Cisco products effectively.
The deployment time for Cisco Secure Firewalls varies. Currently, I am going through a refresh where we are replacing older Firepower systems with newer ones, but in the past, it has been relatively simple, typically taking within an hour or two to get everything up and running.
What about the implementation team?
I have been part of the deployment of Cisco Secure Firewalls.
What was our ROI?
From a return on investment perspective, I think Cisco Secure Firewalls keep our organization safe and protect the organization's image from a governance standpoint. With cybersecurity being a big issue in the world, Cisco Secure Firewalls protect data, the environment, organization, and keep things safe. It is always reassuring for customers to know that the organization I work for invests in products like Cisco Secure Firewall to protect ourselves.
What other advice do I have?
Cisco Secure Firewall is similar to insurance in that it provides peace of mind.
I rate Cisco Secure Firewalls a nine overall. While there are features I think could be added to achieve a perfect ten, I still regard it higher than its competitors. From both a technical and peace of mind perspective, Cisco Secure Firewall is the frontrunner.
I would tell someone considering purchasing Cisco Secure Firewalls that they will not be disappointed. My overall review rating for Cisco Secure Firewall is nine.
AmrJayyousi
Edge protection has provided strong layered defense and secure tunneling with flexible addressing
Reviewed on Feb 12, 2026
Review provided by PeerSpot
What is our primary use case?
Cisco Secure Firewall 's main use case is the edge firewall, which has great IPS and IDS capabilities, providing a solid defense layer for the organization.
What is most valuable?
I really appreciate the NAT-ting feature of Cisco Secure Firewall the most.
The main benefit of the NAT-ting feature in Cisco Secure Firewall is that when I establish a site-to-site tunnel with another endpoint from another company, I can provide them with a fake IP instead of the real IP.
Cisco Secure Firewall benefits our organization by serving as the first defense layer, which is the edge firewall as I mentioned before, helping to prevent DDoS attacks and similar threats.
What needs improvement?
I think Cisco Secure Firewall could become even better overall, but as of now, it is already in a stable status, and I do not see any significant features that need immediate attention. Perhaps something will come up in the future.
What do I think about the stability of the solution?
Cisco Secure Firewall is a stable and reliable product.
Cisco Secure Firewall remains stable because even if there are bugs, Cisco TAC engineers are consistently working to find solutions on the spot.
I am not experiencing any downtime with Cisco Secure Firewall.
There are bugs in Cisco Secure Firewall, but as I mentioned, the TAC engineers are actively working to resolve issues as quickly as possible, so the downtime is only for a short period.
I have experienced bugs with Cisco Secure Firewall, such as a sudden reboot, for example, but they resolved it on the spot.
What do I think about the scalability of the solution?
Cisco Secure Firewall scales with the growing needs of an organization and has scalability.
Cisco Secure Firewall definitely demonstrates scalability, though I cannot explain it exactly.
How are customer service and support?
I find that customer support from Cisco is good, as the TAC engineers are available all the time.
If I could rate Cisco Secure Firewall's support on a scale from one to ten, I would give it a ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment model for Cisco Secure Firewall is on-premises.
My experience with deploying Cisco Secure Firewall is that it is complicated, but if you have the experience, you can deploy it smoothly.
There is a high learning curve for the deployment of Cisco Secure Firewall.
What was our ROI?
I have seen ROI with Cisco Secure Firewall, as they definitely save time and provide peace of mind.
Cisco Secure Firewall saves time and also saves money, definitely providing peace of mind.
What other advice do I have?
My impression of the pricing and licensing of Cisco Secure Firewall is that it is not the normal pricing; it is high, but they deserve it.
They bring great value for the price because they provide excellent support, have stability, and we trust this product.
I would rate Cisco Secure Firewall a nine on a scale from one to ten. I rate it a nine because there is one point regarding the bugs that the versions of Cisco in general have.
My advice to other organizations considering Cisco Secure Firewall is to ensure that customers receive guidance from TAC engineers regarding bugs and workarounds when they are published. It is crucial to expedite the process of finding bugs before deploying new versions.
Ahmad Savanna
Edge security has protected critical services with strong intrusion prevention and URL filtering
Reviewed on Feb 12, 2026
Review provided by PeerSpot
What is our primary use case?
We are running Cisco Secure Firewall firewalls as edge devices. It is very good to have FTD, a device like FTD and FMC for management of the devices.
What is most valuable?
I am Ahmed from Palestine, working with a service provider company for mobile and landlines. Our company, Jawwal, is a service provider for Palestine with about 3,000 employees serving all people in Palestine. We used to have Cisco devices and also other vendors because our security team always asks to have multiple vendors in our company. We are very happy to have Cisco Secure Firewall devices. Our favorite features are that it is the next-generation firewall, always providing an IPS capability and multi-homing for multiple devices, clustering, and similar functionalities. We also appreciate FMC for management. It is a very good and very strong device to have in our company. We use it as edge firewalls for our company. We have three data centers spread all around the country. We always use Cisco and try to bring Cisco devices to our company because we always have something new.
Cisco Secure Firewall has many features, so the most important thing in the next-generation firewall is an IPS and URL filtering. It is a very good experience to have FTD for IPS and URL filtering.
My favorite feature inside the firewall is an IPS integrated with Threat Defense. I would like to highlight some protection. I would like to mention something about the intelligence for the firewall. We are very much looking forward to having AI included in the firewalls from Cisco, and I am looking to know how I can get benefits from AI inside Cisco Secure Firewall devices. We are always looking for improvement for the devices, and Cisco is always doing that. The most benefit for the firewalls in our company, regarding protection, intrusion prevention, and URL filtering, is a very good feature to have.
What needs improvement?
We faced some issues, though they are not very big issues in the device. When managing these devices from FMC, we have some tricky points for the device flexibility regarding upgrade from one FMC to another FMC and bringing the devices inside to be managed by this FMC. This also applies regarding the flexibility for having the data or the device when upgrading from one hardware to another hardware. To make it more easily to have this configuration from this device to another device would be beneficial.
When upgrading, Cisco always makes something called end of life for the hardware devices. When going from one device to another device, it is very hard to have this configuration exported from this device and put it in another device. This affects our service continuity, potentially causing some interruption for our service provider because we are running in a very critical environment. This may affect our user experience.
The only bad experience is that exporting and importing from one device is problematic. If trying to make a scalable device to increase capability for the device, it is very hard to export the configuration from this device to another device. We have to do it manually. This is a very bad experience, but other things are very good.
For how long have I used the solution?
We have been using this solution for more than seven years.
What do I think about the stability of the solution?
At IT, every time we may have something like this, but it is perhaps not related to the device itself. It depends on very wide other reasons. Sometimes, we have some downtimes because of something unknown, perhaps from the Linux kernel. Cisco engineers are always listening to us and contacting us for any improvement, which is why we love Cisco.
What do I think about the scalability of the solution?
In the network world, there is nothing straightforward. We always have obstacles on our way. Cisco is very good regarding availability and the stability for the device. When something happens in the device, the failover happens very quickly without any interruption. This is our experience with Cisco, and we are looking forward to having more and more. It is not straightforward because of the complexity of the network. As a device, it is straightforward, but because of the complexity of the other things, we can find it not hard, but a little bit complex. It is not related to the device itself.
How are customer service and support?
Cisco technical support is always doing a great job. While supporting us during our maintenance window for downtimes, it is very good. We are trying to have better support, and it is about financial issues because if going up with the support level, it becomes better and better. We need to make it more equitable.
How would you rate customer service and support?
Negative
Which other solutions did I evaluate?
Companies are always looking for security. If needing to have a secure firewall with high throughput and heavy-duty devices, we always have to choose Cisco devices because the reality of these devices may be better than any other vendor. Other vendors are very good also, but sometimes Cisco is more flexible than others.
What other advice do I have?
We have to use solutions such as IPS and IDS also. It is in detection and IPS for prevention also, but it is a different device, so it may have added layers for our network and making problems around that experience we have with it. It is not because of the device or the vendor, but layers in the network making some delays and making some overhead on the network. Cisco is the vendor we use. When comparing devices financially, we can see that other devices have very advanced features and other vendors have very good advantages. Cisco always wins. Maybe it is financially good because we have very high features and there are real advantages and features. Regarding throughput, some other vendors say it is fake throughput, not like Cisco. Cisco, when they say one gig, it is one gig.
We have many models such as 2000, 2003, and 4005. We have about eight devices spread around the company. I would give Cisco Secure Firewall a rating of eight out of ten because we are always looking for improvement. Cisco is very stable. From my experience, Cisco Secure Firewall is very stable. Because of the many integrations with the ICE and SGT, it is very nice to have these features. We always can see improvements on Cisco.
reviewer2802531
Centralized management has simplified secure access and still needs clearer log navigation
Reviewed on Feb 12, 2026
Review provided by PeerSpot
What is our primary use case?
My use case for Cisco Secure Firewall includes secure access into the network, remote access VPN, site-to-site VPN, NAT, and access control.
What is most valuable?
I believe the most valuable feature of having the FTD in Cisco Secure Firewall is that it is typically managed through FMC, which is a tool that allows you to manage multiple devices. The ability to manage, view, and push templates across multiple devices at one time is beneficial versus having to manually do it.
Cisco Secure Firewall helps organizations improve by making networking easier, as they have provided a graphical user interface for much of the functionality. I think people prefer the GUI and find it easier to navigate versus having to remember commands, making it excellent for both novice and senior engineers.
What needs improvement?
If I could improve Cisco Secure Firewall, I feel that even with my experience, I have difficulty navigating some of the logs and trying to find specific flows, whether it is the source address or the pre-NAT address. I find the filtering very difficult to navigate and determine exactly what field I have to put the criteria in, as there are too many fields.
For how long have I used the solution?
I probably started using Cisco Secure Firewall at the beginning of the pandemic, around 2021, while I was using ASAs before that, which had been for approximately 10 years. I have used FTD and Firepower for approximately five years and ASA for approximately 10 years.
What do I think about the stability of the solution?
I believe Cisco Secure Firewall is stable because I have never seen it crash and I have never seen it fail to forward packets.
How are customer service and support?
My experience with customer support for Cisco Secure Firewall is positive, as they are helpful. On a scale of one to ten, I would rate Cisco Secure Firewall customer support as a nine, with ten being best.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have briefly looked at some marketing materials for other firewall solutions such as Palo Alto, Fortinet, and FortiGate to understand where they are in the market, but I have never really managed or configured those platforms.
How was the initial setup?
The complexity of deploying Cisco Secure Firewall varies depending on how many you have deployed. When I first deployed it, I still had to refer to documentation and conduct some trial and error, as we had to reconfigure some elements because of the interesting environment where we had to port-channel separately instead of as one bundled channel in an HA cluster. The complexity really depends on the environment.
What about the implementation team?
I have deployed Cisco Secure Firewall with some customers.
Which other solutions did I evaluate?
I believe the market space for firewall solutions is crowded, and these vendors need to be competitive. I find that they are all quite similar.