I like its system management and filtering options as a layer seven firewall. You can also use a multi-mode environment, which means you can use multi-ISP. You can utilize that particular standard, and that is helpful.

Moreover, there is an SDM in Cisco, though we are using Cisco FMC. FMC manages multiple FDT devices, and an entire organization can be managed over Cisco.

Some duplicated values and security standards are not working in some high-application protocols with Cisco's next-generation firewalls.

I have worked with Cisco Secure Firewall Management Center for five years.

Sometimes we face issues because VDP updates are happening frequently from Cisco. At that time, I have sometimes seen it rebooting FDT devices. It stabilizes once the solution updates the new policies. It is stabilizing now, whereas earlier, there were some bugs.

The solution is very easy to scale. Three people in my organization are working on it.

The core customer support is good, but they don't help us immediately. For example, if it is a P1 issue, they do not contact me immediately because it takes time to contact us. It will take time to resolve the issue if it's an emergency.

The installation is not that easy and not that tough also. When you learn Cisco, you can do the initial setup step by step. Some specific knowledge of rules is required to set up the solution. The deployment process takes more than a week, and five engineers are required to deploy it. Only two engineers are enough to maintain the product.

The solution is expensive. We have a multi-license, and we pay extra for support.

It is better to go with Palo Alto right now. Palo Alto is better from a price point-of-view, and some applications are better with Palo Alto than Cisco. However, Cisco is easy to learn compared to other solutions, and many people are learning to use Cisco. There are many documents for Cisco on the Internet. I rate Cisco Secure Firewall Management Center a nine out of ten.

We use the product as a traditional firewall. We also use it for advanced malware detection. The tool detects and blocks any malware that tries to penetrate the environment. The product also provides application visibility and control. It is a Layer 7 firewall. We know what kind of application traffic is being transmitted to the tool. We also have Next-Generation Intrusion Prevention System. Any intrusions from outside or inside are detected and mitigated by the solution.

Advanced Malware Protection and Intrusion Prevention System are valuable features. These features are more productive because they operate on signatures. We also have a threat intelligence feed from Talos. Talos provides a lot of rich threat intelligence feeds for blocking off indicators of compromises.

The product must improve its performance. When we push policies from the console, it takes a lot of time. It takes five to seven minutes to push one policy. If someone pushes a wrong policy and there is an outage in the banking system, they would have to wait six to seven minutes to revert it. We have highlighted this issue to Cisco.

A year ago, we told Cisco that we need APIs for integration with SOAR for pushing policies. We cannot push policies or run playbooks from SOAR to block any IOCs on the web and email gateway because Cisco doesn’t expose the APIs. It is one thing for which we have been following up with Cisco for the last year, but I don't think they've developed the API integration. Palo Alto and Fortinet provide this feature to their users.

I have been using the solution for the last five to six years.

We haven't seen any performance degradation or outages on the tool. It is stable.

The tool is scalable.

Cisco's support and services are far superior to any other security product in Pakistan. We have a Cisco-based team stationed in Pakistan. That's one of the reasons why we opted for the product. Cisco has a huge knowledge base. The technical support is excellent.

We were using Juniper. We replaced it with Cisco ASA. After 2015, when next-generation firewalls were introduced, we switched to them.

The initial setup was easy. Integrating Cisco within the existing network is not a challenge. Cisco products are easily integrated, especially when we have a Cisco-based ecosystem. I don't see any challenge in it. Integrating Cisco with SOAR is a challenge.

The return on investment is good.

The solution’s pricing is reasonable. The licensing cost depends on the versions, the capacity we need, and the licensing model. We pay separately for each Cisco tool. We use many Cisco products. When we procure a Cisco license or a product, we procure a three-year subscription cost and capitalize it with the procurement of the product. After three years, we pay an annual subscription fee for the products.

Pakistan’s geography has some limitations because we don't get the support and services from Palo Alto, but we get it from Cisco. Apart from routers and switches, we have a lot of Cisco products. We have Cisco Firepower Next-Generation Firewall on the perimeter. We have Cisco at the core level as a data center firewall. We also have an email security gateway and Stealthwatch. These are good and stable products. However, when it comes to security, Palo Alto and Fortinet outweigh Cisco.

The solution is good and stable. We need a five-year roadmap of whether we want to develop a security operation center or integrate the tool with other products. We need to consider these aspects before choosing the solution. However, there won't be a challenge if we go across the board with Cisco products.

As far as security is concerned, Cisco has invested heavily in security for the last five to six years. We opted for a red team/blue team service from Cisco and evaluated it. During the evaluation phase, we found out that Cisco is not really good at it. They started the service two to three years ago. So we opted for another vendor.

Similarly, Cisco has to improve Cisco Secure Managed Detection and Response because it's a recent service. I don't find value in it when compared with FireEye or CrowdStrike. Cisco is not a services company. It's a product company that has evolved into a services company. Customers value different services. Cisco needs to improve its services.

Overall, I rate the solution an eight or nine out of ten.

I'm comfortable using it. It's okay; I use it quite frequently. I kept logs, but they indicate that suddenly the interface is overwhelmed with traffic, which leads to two types of errors. I generate a weekly report that I usually send to tech support. The main issue may be that the software is outdated or has some bugs.

We have used it before, and I'm comfortable managing this type of device. So I have requested our management to purchase a license and update the maintenance contract since I need to support that equipment and perform updates, patches, firmware, and other tasks.

I need to prepare the report based on the previous contact and make a request to the upper management. They decided, and as I mentioned earlier, I need to find a local partner. So I have discussed many times with the top partners, but I got declined.

Since it became unlicensed, there have been constant issues that became problematic. I can't understand why it happened. It was stable, stable, stable, and suddenly, there was a huge influx of traffic from the outside interface.

And basically, the services get disabled. I see SLA agents crashing and Smart Life Protection errors occurring. I believe it's due to the lack of license, but I can't explain why it's happening. So there have been many issues with stability.

It's not very user-friendly and can be somewhat disorganized.

In additional features, I think the login process could be improved. It's currently a big challenge, and creating proper and easy-to-generate reports is not very straightforward. There are some gaps that need to be addressed.

It has been working since 2019, but recently, for the past year, we have encountered many issues with the software. It's currently completely out of license. So I usually have a backup, you know, to retrieve when it crashes. However, even with the backup, it doesn't work properly. There have been errors and disconnects for about two weeks. I'm currently using version 7.0.1.

We have Cisco Firepower 2100 series devices, and the actual software that manages the equipment is the Firepower Management Center. It's a tool with a visual environment on VMware bundle. That type of VM requires licensing.

It's hard to determine an exact rating for the stability of the solution because it depends on the specific version we use. For example, with the previous version, we encountered some issues, such as high CPU load.

However, after upgrading to version 7.0.1, those issues were resolved. So, overall, I believe the software has shown improvement compared to the previous management center. I would rate it around six out of ten.

It's a fine solution in terms of scalability. It offers extensive scalability and flexibility. I would rate it a ten out of ten. There are around 1500 end users.

Personally, I have not yet used the support directly since a third-party company has a contract with our organization. They handle most of the support and account management. In case we require support, we reach out to our partner for assistance.

The installation is relatively easy. I haven't found any issues with the installation. It's straightforward to install and deploy. I use a certain tool to install this product, then retrieve the backup from the SCUs.

It takes about fifteen minutes to deploy. It's just me handling the deployments. Moreover, I can manage the maintenance myself. However, for advanced troubleshooting or remote technical support, we would need experts to handle some advanced issues. So, for the standard maintenance, I can manage it myself.

I would say it's quite an expensive product. However, it could be considered relatively cheaper when compared to some other vendors in the market.

I would say it's around six out of ten, so it's quite pricey. The license cost was approximately $148,000 for a two-year or three-year usage period. Personally, I have not paid any additional costs because I started working after the licensing was already in place.

I would definitely recommend the product. However, I must emphasize that there are areas where the software itself could be improved. Based on feedback from other colleagues in my line of work, it should be more user-friendly and better organized. On the positive side, it allows for great customization and the ability to create quick reports or logs using templates.

Overall, I would rate it an eight out of ten.