Assessment of Cisco Secure Firewall – Policy Unification & Zero-Trust Enablement

I assess the policy unification and operational flexibility of Cisco Secure Firewall very positively, based on our hands-on deployment in the COE (Center of Excellence) lab environment where we conduct regular customer demonstrations.

1. Dynamic Policy Management in a Live Demo Environment

In our COE setup, firewall policies are frequently modified based on customer use cases.

• We regularly update existing rules or create new ones.
• Sometimes changes are required weekly.
• In certain scenarios, rule updates are needed multiple times in a single day.
• The environment is continuously adjusted to reflect customer-specific requirements.

Cisco Secure Firewall enables us to make these changes quickly and efficiently, demonstrating its operational flexibility and centralized policy control.

2. OT Network Segmentation & IDS/IPS Flexibility

Within our lab, we have a dedicated OT segment with multiple security zones configured.

To simulate real-world scenarios:

• We include attacker zones that generate controlled attack traffic.
• For some use cases, we enable IDS (detection-only) to showcase logging and monitoring.
• For other scenarios, we enable IPS signatures to demonstrate active prevention.

The ability to seamlessly switch policies from IDS-only mode to full intrusion prevention allows us to demonstrate multiple use cases using the same infrastructure without complexity.

This flexibility is particularly valuable in OT security environments where detection and prevention requirements may vary depending on operational needs.

3. Zero-Trust Architecture Demonstration

Cisco Secure Firewall plays a critical role in demonstrating Zero-Trust architecture in our lab.

Our integrated setup includes:

• Cisco Secure Firewall
• SDA fabric / trusted network switches
• Cisco Identity Services Engine (Cisco ISE)

Using Cisco ISE:

• Users are securely onboarded onto the network.
• Authentication and authorization policies are enforced.
• Role-based segmentation is applied.

If a connected user attempts unauthorized actions—such as accessing malicious destinations or generating abnormal traffic—the system responds automatically.

4. Automated Threat Containment – Practical Demonstration

For example:

• We restrict excessive ICMP traffic between segments.
• If a user continuously generates abnormal ICMP traffic,
• The firewall detects the behavior using IPS signatures.
• The firewall notifies Cisco ISE about the abnormal activity.
• Cisco ISE automatically quarantines the client into a restricted VLAN.

This process occurs without any manual intervention.

Even though our lab does not generate fully malicious real-world attacks, customers can clearly see how:

1. The firewall detects suspicious activity.
2. The integrated ecosystem communicates automatically.
3. The endpoint is isolated in real time.
4. The threat area is segmented from the rest of the network.

This provides a complete, practical Zero-Trust story:

• Secure onboarding
• Least-privilege access
• Continuous monitoring
• Automated threat response
• Dynamic segmentation

5. Unified Security Story for Customers

What makes this powerful is not just the firewall capability alone, but the integrated ecosystem:

• Identity-driven access control
• Behavioral detection
• Automated containment
• Dynamic VLAN reassignment
• Segmentation of threat zones

Cisco Secure Firewall allows us to demonstrate how a fully integrated security architecture can automatically identify, isolate, and contain threats—helping organizations minimize risk and maintain operational continuity.

One of the most valuable aspects of Cisco Secure Firewall is its deep and seamless integration within the Cisco security ecosystem.

While most next-generation firewall capabilities are broadly comparable across OEMs, the true differentiator lies in Cisco’s ecosystem-driven architecture and automation capabilities.

1. Ecosystem-Driven Security Automation (Unique Differentiator)

We have deployed Cisco Identity Services Engine (Cisco ISE) as our NAC solution and integrated it directly with Cisco Secure Firewall.

This integration enables Rapid Threat Containment (RTC):

• If the firewall detects malware activity (e.g., malicious download attempts or suspicious behavior),
• It automatically notifies Cisco ISE,
• Cisco ISE dynamically quarantines the endpoint or moves the user into a restricted security segment,
• All without manual intervention.

This closed-loop automation between detection and enforcement is a powerful advantage. It significantly reduces response time, limits lateral movement, and strengthens overall security posture.

This level of orchestration across network and security components is a major reason we prefer Cisco over other OEMs.

2. Advanced Visibility & Log Analytics

Another strong capability is the rich dashboard visibility within Cisco Secure Firewall.

• Detailed traffic analysis
• Granular log inspection
• Application-level visibility
• Improved troubleshooting capabilities

The dashboard enables faster root cause analysis and better operational decision-making.

3. AI-Driven Optimization with Cisco Secure Cloud Control

Recently, Cisco introduced Cisco Secure Cloud Control (SCC), a cloud-based unified security management platform.

With SCC, we gain access to AI-driven operations (AIOps), which provides:

• Rule optimization recommendations
• Identification of overlapping firewall rules
• Policy cleanup insights
• Performance optimization guidance

This AI-assisted intelligence improves firewall efficiency and reduces configuration complexity over time.

4. Flexible Hybrid Security Management

One of the strongest advantages of Cisco is deployment flexibility.

For customers who:

• Prefer a fully cloud-managed model → SCC provides centralized management.
• Require on-premise control due to compliance or data sovereignty → we can deploy Cisco Firepower Management Center (FMC).
• Want both on-prem control and cloud-based AI benefits → we can integrate on-prem FMC with SCC.

This hybrid capability allows organizations to:

• Maintain data control,
• Leverage AI-driven analytics,
• Manage multiple security products under a single umbrella.

This flexibility is a strong differentiator in environments with regulatory or operational constraints.

5. Improved User Experience & Modernized UI

From a configuration standpoint:

• The latest software releases have significantly enhanced the UI.
• Navigation is more intuitive.
• Policy configuration is more streamlined.
• Overall usability has improved compared to earlier versions.

This reflects Cisco’s continuous investment in platform modernization.

Feedback and Improvement Areas – Cisco Secure Firewall (Customer Perspective)

From a customer point of view, there are a few improvement areas observed while positioning Cisco Secure Firewall in competitive scenarios.

1. Dashboard & Visibility Enhancements

Customers often compare firewall dashboards across different OEMs during evaluation.

• Competing vendors typically provide more feature-rich and visually detailed dashboards.
• There is a perception that Cisco dashboards still require enhancement in terms of visualization, consolidated reporting, and built-in analytics.
• Some OEMs advertise additional security capabilities clearly within their publicly available data sheets, making competitive positioning easier.

In comparison, Cisco sometimes references separate documentation or explains how certain capabilities (such as anti-spam or antivirus functionality) can be achieved through integration or ecosystem components rather than native, built-in features. This creates a perception gap during customer discussions.

Improvement Opportunity:

• Enhance dashboard capabilities.
• Clearly articulate feature availability in public documentation and data sheets.
• Reduce dependency on cross-referenced documentation for commonly compared features.

2. Virtual Firewall / Multi-Instance Capabilities in Lower Models

Another competitive challenge relates to virtual firewall capabilities.

• Several OEMs provide virtual firewall (VDOM-like) functionality in lower-end models.
• In Cisco’s portfolio, multi-instance capability typically starts from higher-end platforms such as the 3K series or higher.
• Customers looking for smaller deployments with logical segmentation are often forced to consider higher models, resulting in a price jump.

Competitors also offer:

• Compact hardware models
• Dongle-based firewall appliances
• Smaller entry-level products with virtual segmentation

In Cisco’s case:

• To achieve similar multi-instance functionality, customers must opt for higher-tier models.
• This creates a significant pricing gap in entry-level or SMB deployments.

This pricing difference becomes a key factor when customers compare solutions. If competitors offer a lower-cost model with virtual segmentation, and Cisco requires a higher platform investment, customers may lean toward alternative OEMs.

3. Documentation Gaps – OT Protocol Visibility

In our lab environment, we have deployed Cisco Secure Firewall and are using Application Visibility and Control (AVC) for OT network monitoring.

Observations:

• OT protocols are clearly visible within application visibility.
• The firewall successfully identifies and classifies OT traffic.

However:

• This capability is not clearly mentioned in publicly available documentation.
• When a feature is available and functional, it should be explicitly documented in data sheets and feature guides.

The need for third-party integration depends on what we are looking for. Here I am saying that the integration with Cisco NAC can be done because RTC functionality is only available with Cisco ISE and the firewall integration. For other ecosystems, if we use a NAC solution that is not Cisco, we can still integrate it for user authentication, such as with VPN user authentication. But in that case, we don't achieve the same functionality, such as RTC with other NAC solutions. This is one aspect.

Another part is that if we are using it, it always happens with some NAC solutions because we have Cisco NAC and Cisco firewall; we want consistent policy across the network, whether the user is on-prem or using VPN services. If this is a unified OEM solution, in that case, we require an agent, such as the Cisco Secure Client. That allows us to easily check the posture status of the remote user and connect to the network effortlessly. But if we are using a third-party solution, we can't achieve that.

From a SIEM perspective, certain prerequisites must be fulfilled before integration with Cisco Secure Firewall can be completed. The feasibility of integration depends on the capabilities of the SIEM platform. If the SIEM solution supports the required APIs and event handling mechanisms, similar functionality can be achieved. Therefore, integration itself is generally not the challenge; the key consideration is the desired security outcome within the overall ecosystem.

If the customer does not have a SIEM solution and intends to automate quarantine actions or enforce restricted access for users, a Network Access Control (NAC) solution becomes mandatory. In this scenario, the recommended NAC solution is Cisco Identity Services Engine (Cisco ISE). Automated quarantine and dynamic access control workflows are dependent on NAC capabilities.

From a feature enhancement perspective for Cisco Secure Firewall, deeper NAC-driven integration adds significant value.

1. TrustSec / Tag-Based Policy Enforcement

Cisco ISE supports Cisco TrustSec, which enables Security Group Tag (SGT)-based segmentation.

• In traditional (legacy) networks, firewall policies are created based on IP addresses.
• With TrustSec, policies are defined based on user identity, group membership, and security tags instead of IP subnets.
• When users authenticate to the network, Cisco ISE assigns Security Group Tags (SGTs).
• These tags are shared with Cisco Secure Firewall.
• The firewall then enforces policies based on SGT-to-SGT rules rather than IP-to-IP rules.

Benefits:

• Significant reduction in the number of firewall rules
• Simplified policy management
• Improved scalability
• Easier implementation of role-based access control

This integration enhances operational efficiency and security posture.

2. Rapid Threat Containment (RTC)

Another key capability is Rapid Threat Containment (RTC).

If Cisco Secure Firewall detects malicious activity—such as malware download attempts identified via signature-based or advanced threat detection—it can notify Cisco ISE about the compromised endpoint.

Based on this input:

• Cisco ISE can automatically quarantine the user
• The endpoint can be moved to a restricted VLAN
• Access can be dynamically limited without manual intervention

This automated workflow ensures faster response time and reduces the risk of lateral movement within the network.

3. VPN and Posture Assessment

This functionality is not limited to wired or LAN users.

For VPN users:

• Authentication can be integrated with third-party NAC solutions.
• However, if posture assessment (device compliance checking) is required in addition to authentication, Cisco ISE integration with Cisco Secure Firewall becomes essential.

Cisco ISE enables:

• Endpoint posture validation
• Dynamic policy assignment
• Automated remediation workflows

I have been working with Cisco Secure Firewall for around four to five years.

For Cisco's technical support, I always rate it a ten. It's excellent.

Implementation Approach – Cisco Secure Firewall

The implementation of Cisco Secure Firewall primarily depends on customer requirements and the selected management approach. Broadly, there are two deployment models:

1. Cloud-based management
2. On-premises management

Functionally, both approaches provide similar capabilities. The difference lies mainly in deployment workflow and management architecture.

1. Cloud-Based Deployment – Simplified Onboarding

When using cloud-based management through Cisco Secure Cloud Control, onboarding a new firewall is straightforward and efficient.

Key advantages:

• Plug-and-play provisioning
• No initial CLI configuration required
• Automatic onboarding to the management platform
• Centralized visibility from the cloud console

The typical process includes:

• Activating the tenant in the cloud management portal
• Completing basic prerequisites
• Connecting the firewall to the network
• Ensuring the device receives an IP address via DHCP
• Confirming internet connectivity for cloud registration

Once connected, the device automatically appears in the management portal and can be claimed without complex manual steps. This significantly simplifies large-scale or remote deployments.

2. On-Premises Deployment – Structured Preparation

For on-premises management using Cisco Firepower Management Center (FMC), the process is similarly straightforward but requires some initial preparation.

Before onboarding the firewall:

• FMC must be installed and fully configured.
• Network reachability between FMC and the firewall must be ensured.
• Registration keys and management connectivity must be prepared.

Once these prerequisites are completed, the firewall can be onboarded and managed centrally.

3. Deployment Timeline & Practical Experience

From our practical experience:

• Basic reachability and initial configuration can typically be completed within 30 minutes to a couple of hours.
• Plug-and-play onboarding significantly reduces deployment effort.
• Advanced configurations—such as production IPS signature tuning, policy optimization, and security rule validation—may require additional time depending on the environment.

Overall, the initial onboarding process is simple and efficient. The time investment primarily depends on the complexity of the security policies and production-level tuning requirements.

Overall Assessment

Cisco Secure Firewall offers:

• Flexible deployment models (cloud or on-prem)
• Simplified plug-and-play onboarding
• Minimal CLI dependency for initial setup
• Scalable management architecture
• Efficient initial configuration timeline

Regarding the impact of the cloud-delivered firewall on my customer's security posture, considering the firewall's deployment in production is crucial. When someone deploys the firewall, they will apply some intelligence and follow best practices to deploy the solutions. But after, the person managing the firewall is sometimes adding rules based on urgency, allowing certain rules that might permit any-any traffic. To mitigate some issues, they forget to disable this rule later. This rule shouldn't remain active in the firewall. This is one aspect they can encounter.

Another issue we face with customers is that they continue with the same configuration without updating new patches. They only update the setup when something happens. This is what sometimes occurs; users don't renew their license subscriptions. If they lack an updated subscription, they won't receive updates for the latest signatures. This will create problems in the live environment. Overall, I would rate this solution an eight out of ten.

My main use cases for Cisco Secure Firewall are ensuring that the offices and the users are protected behind a firewall and that the segments on the network are created.

The feature I like the most about Cisco Secure Firewall is the management of it because I can remotely manage everything that I need to do, not only the firewall but also the access points, the switches, and other devices. When they call me, I can fix something remotely without needing to drive over there.

It is typically all in one dashboard, but if I go to Cisco Secure Access and Connect, then it becomes a little bit confusing related to what products I need to use and buy.

I think the aspect that can be improved in Cisco Secure Firewall solution is the marketing approach. As I mentioned before, it confuses me related to the umbrella portals for secure access, not the SSE part of it.

I am uncertain about how the end users go to the network and also to the internet. What was previously done in Meraki Secure Connect is now referred to with the marketing term Secure Access, which is confusing to me. I don't know which license I need. I don't know if I'm going to be transitioned or not, or if I'm supposed to migrate myself. This is confusing because I need to be in different portals nowadays still, and I don't know what the future will bring.

Even when I'm at Cisco, I ask around but they say to ask my partner to transition me, but it doesn't seem to be that simple.

I have been using Cisco Secure Firewall for two years.

I assess the stability and reliability of Cisco Secure Firewall solution as excellent. I don't have any crashes or downtime or anything like that, which is good.

I have also used Sophos, specifically Sophos firewalls, before.

The experience of deployment with Cisco Secure Firewall is very easy. I have been using Cisco Secure Firewall in the Meraki dashboard, which means I just need to connect them all and have my licenses ready. Deployment-wise, it is smooth and very straightforward.

I can say that it is always difficult to determine if I have seen a return on investment from having Cisco Secure Firewall solution. It is an insurance that I take, something I need to do, but I don't know if it has already prevented me from an attacker or anything like that.

My experience with the pricing, setup cost, and licensing is that it is all good. The initial price is good. The only issue is if I don't renew my licenses after three or five years, my box becomes useless and I can't do anything with it anymore. I need to have an active license to make sure that I can use the product. I understand that if I'm using it in a production environment, I need the support and the licenses.

However, from a sustainable point of view, if I don't have a license, I can't do anything with it anymore, even not on my local home server installation. I think that is a pity. I have never had anything without licenses, but I can imagine if I don't have a license, then it becomes like a brick.

Before choosing Cisco Secure Firewall, I considered another solution, specifically Fortinet, and I considered Cato Cloud or Cato Networks, along with other OT vendors as well, such as Moxa or Teltonika.

I chose Cisco first of all for the partner and then second of all for the pricing. The pricing was good enough to convince me to go ahead with Cisco because Cisco is a well-known brand all over the world, which I couldn't say from other OT vendors such as Moxa or Teltonika. That is why I chose Cisco.

I transitioned away from those systems with a hybrid approach. I still have small components on-site, but mostly everything is in the public cloud in Azure. Many SaaS services are also part of this.

In Azure, there is nothing for on-premises. There is nothing that the internal users are using. I have a website in AWS, but I am not using it actively, so it is outsourced.

I would give Cisco Secure Firewall more points if everything were all in one dashboard and they did not confuse me with marketing. Overall, I would rate this review an 8 out of 10.

My main use cases for Cisco Secure Firewall are mainly user access to the internet and blocking firewall sites.

With the centralized management of Cisco Secure Firewall, it's good in unifying policies across my environment. The simplicity and supportability are important to my organization as it's much easier if everything's the same as much as possible.

I appreciate that the central management of Cisco Secure Firewall is from one location, which saves a lot of time.

The IPS protection is good for us for security reasons.

The central management feature of Cisco Secure Firewall saves one location instead of having to log on to multiple locations, which speeds up deployment of any changes or requirements for monitoring.

The upgrading process of Cisco Secure Firewall is a long process on a per-firewall basis, and it would be nice if that could be improved. One firewall can take two to two and a half hours to upgrade, so we end up having to watch it. It becomes a problem; in the old firewall days, it would be about a ten-minute job. I know it's more complicated with the newer firewalls. It's just a long-winded process even if they have sorted it out a little bit with automation.

I have been using Cisco Secure Firewall for probably about eight years.

I have not had one Cisco Secure Firewall fail so far, which shows it is stable and reliable. Right now, I have not experienced any downtime, crashes, or performance issues with Cisco Secure Firewall.

Cisco Secure Firewall scales with the growing needs of my organization, as we have different models and sizes, and our central boxes are powerful enough to cover whatever we want whenever we want.

My evaluation of customer service and technical support for Cisco Secure Firewall is that I have generally hardly ever had to use them. We did two weeks ago, and it was a very quick response that identified exactly where the issue in our configuration was.

Two weeks ago, I received a very quick response from customer service, which identified exactly where the issue on our configuration was, and it went very smoothly, so out of ten, I would give it a nine.

Prior to adopting Cisco Secure Firewall, I was also using previous Cisco firewalls, and before that, we had Fortinet and Juniper.

The factors that led me to consider the change to Cisco Secure Firewall were actually price, as Cisco's was a very competitive price, and we received a very good deal.

My experience with the deployment of Cisco Secure Firewall has been generally okay.

I have seen a return on investment with Cisco Secure Firewall since we run them for a long time.

Our current Cisco Secure Firewall units have been in place for probably over three years now, and at the moment, we're not looking to replace them, indicating a good return on investment since they last and are supported quite a long time after they're released.

My experience with pricing, setup costs, and licensing for Cisco Secure Firewall shows it can be expensive, especially the bigger boxes, since they do a lot more and handle a lot more, with a big jump from the smaller firewalls to the big firewalls.

The other solutions I considered before selecting Cisco Secure Firewall include Fortinet, Juniper, and Palo Alto. We're generally a Cisco house and have been for quite a few times with the old Cisco firewalls, so it was a natural progression.

We did not purchase the product on AWS Marketplace.

We actually don't do that much encrypted inspecting traffic at the moment with Cisco Secure Firewall, which is something we want to look at. We just want to make sure we don't max out the CPU with the many jobs it does. Cisco Secure Firewall will be a building block part of our zero-trust security model, however, there will be a few other parts needed, such as Cisco Secure Access.

I have not really expanded the usage of Cisco Secure Firewall. My advice to other organizations considering Cisco Secure Firewall is that it does what it says on the tin; it works, it's reliable, and I have never had one fail, so I think it's good.

On a scale of one to ten, I rate Cisco Secure Firewall a nine.

We bundle Cisco Secure Firewall with our telco offerings as a service provider. We bundle it basically with Meraki.

We have received good feedback from our engineers. It helps them with their day-to-day operations. I need to get some more input on specific items they need to gather more information about, but so far, there are no issues.

Regarding Cisco Secure Firewall's ability to unify policies across our environment, I haven't heard any particular issues from our engineers.

The feature of Cisco Secure Firewall that I appreciate the most is its ability to be used via the cloud, so we don't have to deploy service engineers on-site at any time.

Since telcos just provide basic connectivity, bundling Cisco Secure Firewall has actually allowed us to gain more value for our customers and level up versus our competitors. It helps our customers even more because they don't have to worry about cybersecurity issues, as we put it out of the box.

We found something that prevented us from using it and integrating it a few years back, so they should really have a discussion about improving those aspects. More specifically, it's related to cybersecurity technical details. Implementing a zero-trust security model is what we need help with. We're making progress. We have different types of security for our native applications, but we're slowly looking into what Cisco can deliver. We tried to look into Z3 models before, but our cybersecurity team found some issues where it was lacking. They found some bugs or loopholes, so we wanted Cisco to address these before we fully roll out the solution. We're trying again, and hopefully, with Cisco's updates, it will be acceptable to us in the near future.

We've been using Cisco Secure Firewall since 2016.

Cisco Secure Firewall covers roughly our 2,000 employees really effectively. It's just a matter of expanding the requirements and infrastructure requirements with AWS, and I believe Cisco has some integrations that allow us to use that scale to our advantage.

My opinion is somewhat biased because we have access to Cisco's TAC, and we are very much managed by our Cisco Philippines company team. I'd give them a nine out of ten.

The biggest return on investment when using Cisco Secure Firewall is that there's no waste in any infrastructure cost and licensing costs for us. If we have to repurpose a specific box per year, we could save on cost by just transferring it to another person or project rather than pay another one-year license for it.

The pricing is very good for us, especially since we have a partnership with Cisco. The challenge is the licensing. There are competitors that offer more flexible licensing, such as daily licensing, some offer hourly, but Cisco is locked in for one, three, and five years. We don't have much flexibility, especially if we want to shift applications or shift users at any time. Hopefully, licensing becomes more flexible.

There were solutions from Fortinet. The main difference between Cisco and Fortinet is that Cisco will have more flexibility. It's just a matter of being able to put together the flexibility that we require versus what Cisco can provide at this time.

The impact of the cloud-delivered Cisco Secure Firewall on my company's security posture involves some hesitation because it's on the cloud, but we're slowly adopting certain parts of it for our cybersecurity team. We're undergoing that transition and don't have full visibility yet on how they see that as a future mode of operations versus what other companies are doing globally.

I would rate Cisco Secure Firewall an eight out of ten.

I use the solution in my company for some internal testing purposes, so I don't use it in a real environment. I use it in my dummy lab environment.

The product's user interface is an area with certain shortcomings where improvements are required.

From an improvement perspective, the product's price needs to be lowered.

I have been using Cisco Secure Firewall for three years. I am a customer of Cisco.

I have faced no issues with the stability of the product. Stability-wise, I rate the solution an eight out of ten.

The product offers good scalability.

I rate the technical support a nine out of ten.

I have experience with Sophos.

The product's initial setup phase is a little difficult.

The product's deployment phase is a good and easy process.

The solution is deployed on the cloud.

The product is expensive.

I can't describe a particular scenario where the product has improved security, but I can say that the devices from Cisco are much more trustworthy and reliable compared to other devices in the market.

The most effective feature of the product for threat prevention stems from the granularity of the control that the devices from Cisco provide to its users.

The product offers great integration capabilities.

For our company's daily operations, the user interface provided by Sophos is much better and interactive compared to the one offered by Cisco.

You can choose Sophos if you want a low-budget or budget-friendly product. You can choose Cisco if you want a high-end and highly scalable tool with great integration capabilities, especially if budget is not an issue.

I rate the overall tool an eight out of ten.

I use it every day. It's something that's part of my daily tasks every day. I log in, look at logs, and do some firewall rule updates.

We have a managed services team. I'm not part of that team, I use it for our company. I look at why things are being dropped or allowed.

I'm using an older version. They got rid of EIGRP out of FlexConfig, which was nice. Now there's policy-based routing, which is something that I have to update my firewalls or my FMC so I can utilize that product.

Right now I use the Cisco-recommended version of FMC which is 7.0.5.

I like the GUI base of Secure Firepower Management Center. Coming from an ASA where it was the ASDM, I like the FMC where you can see everything is managed through one pane of glass.

It's a single pane of glass, we have multiple firewalls. I can click and be on to the next firewall in a few seconds, really.

As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end.

We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure.

Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.

I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire.

It runs forever. I haven't had any problems with any Secure Firewall. It just runs. You don't have to worry about it crashing. All Cisco products run forever. They run themselves. You need to update them.

I'm a team of two. Either I'm looking at it, the other guy's looking at it, or no one's looking at it. It's part of my daily routine as I get in there and I make sure that I have the status quo before I move on to other projects or other tickets for the day. It's a daily process. They log the information right in.

I'll find out about scalability in a few weeks. I need to change out some firewalls that are a lower model to a higher model because of the VPN limitations. I'm going to have to do some more work and see how long it takes.

They're awesome. I talked to the guys here, I had a couple of problems that keep me up at night. I was able to come here and they're going to help me out with some different ideas. Anybody I talk to has a solution, and the problem is fixed. So it's nice. I've never had any problem with TAC. They're awesome.

I wouldn't give them a ten. Nobody is perfect. I'll give them a nine because they help me with any issues I've had. I could put a ticket in a day, and then it gets taken care of in a speedy, efficient manner, and then I'm able to move on to other things that I need to worry about.

Palo Alto seems clumsy to me. I don't like it. It shouldn't be a guessing game to know where stuff is. Cisco is laid out in front of you with your devices, your policies, and logging. You point and click and you are where you need to be.

I haven't used Check Point in a while. It's been some time but it's an okay product.

For deployment, we have different locations on the east coast, on-prem, and in the data centers. We introduced a couple of firewalls, AWS, and Azure and we're implementing those in the cloud.

On-prem is pretty easy to implement. I could lab up an FTD on my own time. It's super easy to download and install. You get 90 days to mess around in a lab environment. I'm new to the cloud stuff. I've built firewalls there, but there were other limitations. I didn't quite understand that I have to get some practice and learn about the load balancers.

We're a Cisco partner, so we get 80% off. That's a big discount and companies are always looking at ways to save money these days.

I don't really look at Talos. It's in the background. I don't really look at it. It's there and it works.

Nothing is perfect so I would rate Cisco Secure Firewall a 9.2 out of ten. I love the product. It's part of my daily routine. I'll hopefully use it until I retire.