My main use case for Cisco Secure Firewall is only as a VPN concentrator.

The only feature I find most valuable in Cisco Secure Firewall is the VPN concentrator because we use it.

The only real benefit I realize from using Cisco Secure Firewall in this use case is that it's a different vendor, so a different attack vector.

A significant drawback for Cisco Secure Firewall is the ASA software, as I have not used the Firepower software yet. The ASA software has a GUI that is extremely ugly and appears to be made in the 1980s. At 28 years old, I am not accustomed to working with something that primitive.

The update procedures do not work, and the VPN creation wizard does not work. The GUI is useless for me and frustrates me to a very high degree, which led me to switch to the CLI for configuration.

I have been using Cisco Secure Firewall for three years.

I assess the stability and reliability of this firewall as both very good. I have had no issues with stability, as once they run, they run.

Since I am not using Cisco Secure Firewall for very heavy operations such as IPS or other intensive features, it scales quite well. We have two Firepower 1150s, and we are far under the limit of what our organization needs, so it scales well with our needs.

I have used Cisco support extensively, and I used it for this product once because during the setup there was an issue with the licensing, and I needed Cisco support to help me with the licensing for the ASA.

I am always satisfied with the level of support that I received. On a scale of 1 to 10, it is a 10 because they are reactive and effective. That is all we ask for in support.

We could accomplish this with another vendor such as Palo Alto, where we would not have to pay for licensing.

When I use the CLI, everything works quite well. I attempted to do everything with the GUI at the beginning, but nothing works. I managed to set up the HA pair with no issues once I used the CLI.

We are using quite a few other vendors for firewalls, and I do not think I can disclose which firewall we use where, but we use other major vendors such as Fortinet, Palo Alto, and Check Point. We have a bit of everything in our portfolio.

If it was my choice, I would have put another firewall there with something easier to configure, more straightforward, and a cleaner interface to maintain it.

My honest advice for someone who is evaluating Cisco Secure Firewall based on my experience would be that if you can get something else, go for something else. If you are going to use it, then use the CLI because the GUI is not usable. If I had the choice, I would not be using Cisco Firepower or ASA on top of it because in my opinion and the opinion of my colleagues and my management, it is not the best device for the role it is playing.

My overall rating for Cisco Secure Firewall is 5 out of 10.