Cisco Secure Firewall ASA Virtual - BYOL

My main use cases for Cisco Secure Firewall vary between branch office, remote connectivity for site-to-site tunnels, partner organizations that we want to connect and share information with, and also protecting internal sensitive workloads and providing secure access to the internet.

The features that I appreciate most about Cisco Secure Firewall include the security intelligence that is incorporated into it. Not only can I rely on information coming directly from Cisco from everything they see across all their customers, but I am also able to use many of the same underpinnings they have built out to incorporate information from other sources.

These features have benefited my organization significantly. For example, they certainly reduce the risk impacting endpoints because if something arises where we have a device reaching out to something that presents a risk, that intelligence helps with assessing and blocking that communication. This way, we do not have as high of an impact for a potential incident that we need to clean up.

I assess the operational efficiency of Cisco in my IT environment as needing some optimization, but at least some of the tools are incorporating AI to help with finding opportunities for optimization to make the product perform better.

My impression of the end-to-end visibility offered by Cisco is that there are certainly many different options available, and not everyone can afford to have everything in the Cisco portfolio to incorporate all of that to get full visibility. However, from the portfolio suite, there is certainly a lot there to enable customers to have visibility.

My experience with deploying Cisco Secure Firewall has had the biggest challenges in relation to device clustering. Having edge deployment scenarios where you have high connection counts, high user counts, and a need for high availability and load balancing across that has been very complicated to set up correctly. Even when it is set up correctly, there are still times when I have a firewall cluster experiencing issues that require opening a TAC case. This is frustrating considering the solution has been in place for years and suddenly starts to have issues, even when everything looks completely healthy in the health dashboards.

If I could give Cisco Secure Firewall a 12, I would. I rate it as an eight. It still has some growing pains, especially trying to combine two different product lines with Snort and Cisco ASA. Not having feature parity across the entire gamut yet is still a pain. On the software side, you still have to understand the engineering behind it, particularly how the product works at the different layers, because it is not necessarily one cohesive product base yet. It is still multiple components stacked on each other.

I have been serving the same customer for 26 years using Cisco Secure Firewall with my latest company.

I assess the stability and reliability of Cisco Secure Firewall as having been fairly reliable. When there are issues, it is easy enough for us to engage with TAC and replace hardware quickly.

From my perspective, many of the issues that presented a challenge have already been addressed or will be addressed soon with Cisco Secure Firewall, such as decrypting certain types of traffic like QUIC, which has traditionally been a challenge. With no solution there previously, you were having to outright block that traffic, which does cause an impact. Cisco is taking the right steps to help make those issues less impactful when they do arise. I do not have anything that comes to mind that I would say needs to be addressed urgently.

I evaluate customer support and tech support as excellent, and I would rate it as a very high number on a scale of one to ten. There were a few years, especially following COVID, where it was very challenging even for severity three incidents that we had open where it would take up to a month to have some initial contact, which was very disheartening. However, now with that same level of severity, you are getting a callback within 30 minutes. My most recent case that I had to engage on, the engineer went way above and beyond what I had asked for, and I was very happy with the support that they have given us.

Prior to adopting Cisco Secure Firewall, I have always had Cisco firewalls in the environment across my entire tenure. It has never been a complete rip and replace. We did have a point in time where at the edge we had Check Point firewalls. They worked well, but when it came time for replacement, we put Check Point against Cisco and Cisco won out, which I was happy about because I prefer Cisco.

My experience with pricing, setup, and cost licensing is that cost is always an issue for everyone. I think it has gotten easier, especially when it comes to larger customers with enterprise agreements. For example, my organization, while we have 5,000 users and around 18,000 endpoints, there was a time when we were considered not big enough to take advantage of an enterprise agreement. Considering the amount of product that we buy, that was a bit disheartening. But now, with more flexible options for purchasing and enterprise agreements, it has made it easier for us to not only purchase product but also have a clear idea of what we are allowed for growth and have something that is predictable for the cost of that management piece. Cisco has done a really good job with that.

I really do not face any specific challenges with hybrid and distributed enterprise networks that Cisco addresses at the moment, so it does not really apply to us. I rate Cisco Secure Firewall as an eight out of ten.

My main use for Cisco Secure Firewall is primarily for our internal VMs and similar infrastructure.

What I like the most about Cisco Secure Firewall is that it performs better than our previous product. We had a lot of latency issues and general problems with our previous solution, but this firewall functions much better.

Cisco optimizes the experience by providing a single pane of glass for our GUI and firewall management, which is probably the best feature.

I assess the operational efficiency of Cisco in my IT environment as very strong, as it integrates well with most of our existing infrastructure since we are already a Cisco shop.

Cisco does optimize the experience in a hybrid or distributed enterprise setup.

I evaluate customer service and technical support as quite good. The documentation could use some improvement overall, as there are some errors in it. However, when we interact with support personnel and the AI agent, the experience is usually very good.

I have been using Cisco Secure Firewall for about six months, having received our firewalls during that time.

I have not experienced any downtime or crashes.

Cisco Secure Firewall scales well with the growing needs of my organization and certainly scales beyond what we needed.

I evaluate customer service and technical support as quite good. The documentation could use some improvement overall, as there are some errors in it. However, when we interact with support personnel and the AI agent, the experience is usually very good.

Prior to Cisco, we were using a few different options, but much of our infrastructure was Grandpea and Upsense.

Deploying Cisco Secure Firewall was as painless as swapping an internal firewall can be.

I have seen ROI mainly because our firewall runs our internal infrastructure, and we offer some services behind it, so overall, I would say the ROI is positive.

My experience with price, setup costs, licensing, and related factors was beyond my direct involvement, but I know it came down to a deal that included other products. Overall, we were very happy with the arrangement.

What stood out to me during the evaluation process was that choosing Cisco made sense primarily because we are already a Cisco shop and are familiar with their sales representatives, products, and dashboards.

I give Cisco Secure Firewall an overall rating of eight out of ten.

I have two different perspectives about my use cases for Cisco Secure Firewall. The first one is the device frontier, creating all the connections between on-premise, cloud, on-premise to on-premise, VPNs, NAT and also rules for secure endpoints or user endpoints for downloading malicious files or visiting different websites.

The other use case was threat intelligence, which I mostly used Snort rules or created Snort rules on the firewall to understand or catch early attackers before they started the attack.

Snort is one of the features of Cisco Secure Firewall that I know is an open-source rule, but it is really cool that the firewall allows you to create your own rules using this protocol for threat intelligence.

The flow of Cisco Secure Firewall is something that I have a lot of experience creating policies with, but the way the policies work is unusual. For example, they are using every single policy that cascades between each other, and other vendors do not use that kind of flow. Other vendors allow you to create one rule for a specific thing without needing to iterate something from another policy. That is something I do not dislike, but it is hard to work with that kind of flow.

As I mentioned, Cisco Secure Firewall's flow is easier with Palo Alto to create things and configure things, also with the policies. But this vendor does not have the possibility for Snort, so I need to work with what the vendor gives to me and it is not really free to use. On the basic configurations and day-to-day tasks that we are having using this tool, it is much easier to use Palo Alto than Cisco Secure Firewall. Cisco has the feature that is Snort, but it is more easy to use Palo Alto in general.

Compared to the license of Cisco Secure Firewall, it was expensive. Right now compared with Palo Alto, Cisco Secure Firewall is kind of expensive. Basically, the license for the VPNs is for all the interfaces, and that is the thing that is really expensive compared with Palo Alto.

I am not using Cisco Secure Firewall too much now because I left my previous company, but in previous companies I worked with Cisco Secure Firewall for four to five years.

There was basically one downtime with Cisco Secure Firewall that was for a DDoS attack. I think that it was due to a bad configuration from our side. Without those configurations, there were no issues. I would say that the product is pretty much stable and the issue was our fault.

Cisco Secure Firewall is scalable, but if you have the money for the license, then it is scalable.

I have had to contact Cisco technical support two times. One time was to integrate the firewall with the WLC, Wireless LAN controller, for wireless issues, and the other time was for the license that was not activated due to something that happened with the payments.

The first case on the WLC for Cisco Secure Firewall was not very good because it took more than one week with the first call and emails back and forth to resolve the issue. The answers from the technical assistance center gave me the sense that they did not really know what we needed to do or what we needed for escalations. On the other hand, for the payment issues for the license, that team was really clear and resolved the issue in less than 12 hours.

With my experience with those two support cases, I would rate Cisco technical support a seven on a scale from one to ten.

I have experience with Cisco in two parts. I worked with Cisco as the SM for one of the companies in Colombia, and I have also worked with other customers that use Cisco. I have been on both sides.

There are two ways for the initial deployment of Cisco Secure Firewall. We have the on-premise device, when I was working in that company, and we also deployed one of the solutions for Threat Defense on Azure. I think that it is easier for on-premise because you have direct connections, and if something happens troubleshooting all the initial IPs is better that way. It is pretty smooth to update it or create that firewall on Azure. On AWS, it is easy. They have some troubles with the Linux instance, but on Azure, it is pretty smooth.

Cisco Secure Firewall is all about taking care for Cisco right now. Previously it was not, but right now it is.

Compared to the license of Cisco Secure Firewall, it was expensive. Right now compared with Palo Alto, Cisco Secure Firewall is kind of expensive. Basically, the license for the VPNs is for all the interfaces, and that is the thing that is really expensive compared with Palo Alto.

I have used Fortinet and Palo Alto as alternatives to Cisco Secure Firewall.

It is hard to say, but right now I have been working with Palo Alto. That is currently my best option and I learned a lot from this vendor compared to Cisco Secure Firewall.

I have experience with Cisco in two parts. I worked with Cisco as the SM for one of the companies in Colombia, and I have also worked with other customers that use Cisco. I have been on both sides.

The last time with Cisco I was a partner.

My overall review rating for Cisco Secure Firewall is nine out of ten.

Cisco Secure Firewall serves as our primary line of defense when receiving traffic for the customers that we serve, and from there, it is distributed across our network. It is the main firewall for the division of service that we manage the network for.

Cisco Secure Firewall performs very well in that the web interface is manageable when deploying configurations because it is very easy to set up. I don't have to write all those lines of configuration codes directly on the devices, but I can do it on a visual interface where I can double-check before pushing any configuration through, and that is very useful. When setting VPN connections, the filtering during troubleshooting is particularly helpful, as the Cisco IOS CLI has never been very capable when filtering during troubleshooting of a deep issue, and the interface is very helpful when it comes to that.

There are quite a lot of bugs when opening sub-windows, as sometimes I cannot extend the size to read more information, and when writing a long line of text, it can be annoying.

There are quite a lot of bugs when opening sub-windows, as sometimes I cannot extend the size to read more information, and when writing a long line of text, it can be annoying.

I have been using Cisco Secure Firewall for approximately three or four years now.

I have seen some instability regarding Cisco Secure Firewall. This may have been on us because we had a provisioning capacity issue and had to make an upgrade to serve the needs of our network. We experienced the issue due to a memory issue with one of our firewall pairs. Despite that issue, the devices are very reliable and stable under normal functioning.

Cisco Secure Firewall is very scalable. It is almost transparent from both customer and service technician perspectives, and I would give Cisco a 10 for scalability. This has been one of its strengths in their history.

I have contacted the technical support or customer support of Cisco regarding this solution. The speed of the support was appropriate. The quality was challenging to assess because when given a problem to resolve, there are so many details to recover and so much context of the company's usage to understand that it is not as simple as saying the official support of Cisco must have a magic wand to resolve the issue. At the end of the day, they were not able to provide the proper insight that we needed to resolve the issue we were facing at the time.

It is worth mentioning that our head of network is one of the toughest professionals I have come across when it comes to networking, and this may have made it more difficult for them because every person who came on the line was way ahead of them. When trying to get to a solution and having to repeat myself, I can come into a call not knowing everything, and recovery scripts must be run to gather information, analyze it, and then come back with a solution. In the end, it did not work, and we had to use another workaround developed by us. I would not say the support was bad; it was efficient in communication, but the final solution was not satisfactory.

I have never used any direct alternative to Cisco Secure Firewall, although there were discussions about switching to another vendor. After a lot of discussion, we remained with Cisco for its capabilities and some other details. It came into consideration to switch to another vendor for administrative decisions because Cisco solutions are quite expensive, and other vendors might do the job for a considerably lower amount, but Cisco remained. We never managed to use an alternative.

The initial deployment was most difficult because there were some compatibility issues. At the time I came to the team, we were transitioning from Cisco ASA to the new Firepower solution, and the tools for migrating the configuration about the objects were not working properly. I did not have the time to work out why since I was not the main architect of the network and was in a lesser role, but this was one of the main challenges I worked on. We had to do a lot of scripting and manual work to migrate the objects and configure the new solution because Cisco ASA was not very capable of extracting the information to push to a newer generation of firewalls.

We handle maintenance on Cisco Secure Firewall ourselves. We require maintenance and upgrades, and we do it ourselves.

I would rate this product an 8 out of 10 overall.

I primarily use Cisco Secure Firewall for two main purposes. The first is perimeter security, particularly for all locations, especially data centers where we determined that SASE would be overkill. I secure all traffic from the firewalls for servers hosted in data centers, with a small group of users working and having their internet egress out of data centers. Perimeter security for secure internet access is the predominant use case.

The second purpose is segmentation. We have different zones depending upon the criticality of applications. We have a DMZ, an internal DMZ, and other zones. The primary task is to ensure that whenever there is a difference in the trust level from one zone to another, we have a firewall in between. These firewalls provide next-generation advanced threat prevention, firewall rules, stateful firewall rules, and we use Snort 3 for IPS/IDS detections. We are using all the features that Cisco Secure Firewall has to offer.

For all inline traffic, Cisco Secure Firewall definitely delivers. The IPS engine is based upon a Snort 3 license and uses signature-based scanning. Behavioral detection exists to an extent, but it is not an ideal replacement for a traditional NDR (Network Detect and Response). It does not do AI-based modeling at the same level as traditional NDRs, but it is definitely decent. All signature scanning looks at the traffic, and if decryption is applied, post-decryption scanning examines the payload and matches signatures. If a signature is found, an alert is generated. It is a good solution, though not Suricata, but Snort 3 works differently and gets the job done.

Cisco Secure Firewall is a next-generation firewall, and you must leverage all that can be leveraged for preventing lateral movement attacks and all these things that traditional security rules and firewall rules cannot address. Snort 3 and adaptive security bring behavioral and anomaly-based detections. Again, this is not as elaborate as NDR, but it is designed as a firewall and does the job effectively.

Cisco Secure Firewall provides deep packet inspection, so I get deep visibility into every single packet. If attackers or insiders are smart enough to change the protocol behavior or tunnel the traffic through DNS tunneling or similar methods, the firewall can easily detect them. Deep packet visibility and deep packet inspection are crucial, as that is where it all starts. Additional features include DNS security and advanced IPS (NGIPS), which perform signature-based scanning. These feeds are updated in real time by Cisco Talos and integrated across all firewalls. While I would not say this protects against zero-day attacks, it is very close. It helps with lateral movement-based attacks because of the segmentation these firewalls enforce. It definitely cannot help with TLS 1.3, as no firewall can. There are many nuances involved. The key valuable features are deep packet visibility and inspection, the ability to enforce at all layers of the server model, and the ease of applying signature-based scanning along with behavioral-based detection, though not extensive.

Regarding integration options with user IDs, with the emergence of zero-trust network access and new paradigms, you must configure policies based upon who the user is and not IP addresses. Cisco Secure Firewall does support this and can integrate with Active Directory and Entra ID. However, based on my comparisons with Palo Alto next-generation firewalls, which I work with extensively, the number of options available with Palo Alto is quite extensive. You can integrate with any identity provider, but with Palo Alto it is not just traditional LDAP server and user ID and IP mapping constructs. There is room for improvement in this area.

Based on my experience with Palo Alto and a couple of its competitors, there is room for improvement with the integrations with identity providers. The number of options and integration partners available with Palo Alto is more extensive compared to Cisco Secure Firewall. This is not because Cisco lacks these capabilities, but rather because other vendors are doing better things in this area. However, this is on Cisco's roadmap. I had contact with their sales teams and alliance teams, and they have these improvements carved out in their roadmap.

Cisco Secure Firewall evolved from Cisco ASA, and then Cisco purchased Sourcefire. They integrated ASA with Sourcefire, and now they have Firepower. The current form of Cisco Secure Firewall represents this evolution. I have worked with Cisco Firewalls since 2013 or 2014.

When Cisco acquired Sourcefire and turned it into Firepower, it was a very problematic device. We had challenges every single day, with connectivity issues between the firewall and FMC (the management plane). The connection used to break, and we had to perform upgrades. Feature releases used to cause issues. Lately, this has not been the case.

It was really problematic back then. Lately, we have not had significant service outages. The firewall is stable now. There are multiple firewall clusters that we have not rebooted in more than a year, which speaks volumes about stability. We receive regular feature releases and upgrades, and we get security advisories. Cisco has definitely done an excellent job in the last two to three years. Before that, it was not a very good product, and many places were moving away from Cisco Firewalls to Palo Alto or Fortinet due to stability issues. Currently, if I were purchasing Cisco Secure Firewall because I already have a Cisco footprint, I would not hesitate based upon stability alone.

Given the business we run, I do not think we have hit the bottleneck yet. Every time we detect a potential issue, we proactively monitor performance and have thresholds clearly demarcated. If traffic crosses a particular threshold, we provision a new instance. Until now, we have not hit those hard limits where we are helpless and unable to scale out. It still works for us. However, if we were handling several hundred gigabits of outbound or east-west traffic, I would think harder and look for better designs and a more distributed approach rather than using a single cluster and forcing it to scale out indefinitely. That is more of a design consideration. In our current context, we have not hit those thresholds. There are a couple of on-premise locations where we did hit limits, but that was because we sent out more traffic than we planned for, and we simply had to replace those devices. That is not a product problem.

Cisco Secure Firewall offers many deployment options depending on the architecture and functionality required. If it is a cloud deployment, you can achieve native load balancing with active-standby, active-active, and active-active configurations with cloud-native load balancers such as AWS Gateway Load Balancer or Network Load Balancer. The same deployment options apply to Azure and GCP. Cisco offers cloud firewall functions where they provide templates and onboarding options to spin up firewalls and scale them out as part of auto-scaling instances. These capabilities are on par with what competitors are offering. On-premise deployments, of course, are hardware-based, and you can achieve active-active and active-standby configurations. This depends on latency requirements, security requirements, and the capabilities you want to leverage. Proper sizing is essential. Cisco Secure Firewall is highly scalable in cloud environments. On-premise deployments are bound by the restrictions inherent to all hardware firewalls, but with proper sizing, they perform fairly.

One of my clients did deploy cloud firewalls on AWS, and I believe they did the same for Azure Marketplace. I am not certain about the specific pricing, but it is clearly outlined. You can choose between BYOL (bring your own license) or pay-as-you-go models. During unit testing and the initial PoC, we selected pay-as-you-go. Later, the client teams purchased from AWS Marketplace and leveraged committed spend with AWS to acquire the cloud firewall clusters. This option is available.

Based on my experience with Palo Alto and a couple of its competitors, there is room for improvement with the integrations with identity providers. The number of options and integration partners available with Palo Alto is more extensive compared to Cisco Secure Firewall. This is not because Cisco Secure Firewall lacks these capabilities, but rather because other vendors are doing better things in this area. However, this is on Cisco's roadmap.

I manage a few dozen firewalls, close to 100 in total. You cannot manage each firewall manually, especially if you have local IT teams scattered across locations. It would be too much work. Centralized management attempts to align with what Gartner describes as a hybrid mesh. You hook the firewalls to the centralized management and integrate them with the device management platform. All you have to do is manage your security policies, rules, IPS signatures, and configurations from that central console. You can also take backups, restore them, and if you want to replace a device, you do it from this same console. This definitely reduces administrative overhead, costs, and the number of people you must employ to manage your firewall infrastructure.

The time we need to spend to triage any incidents or potential events is significantly reduced. Before events become incidents, we already have complete insights into who or which IP or source was attempting to reach what, whether it was crypto mining, and we receive all details about the category of URLs or endpoints on the internet the user was trying to access, including whether they were suspicious or potentially benign. The ability to classify these is crucial, and nothing can be done without Talos. However, you must size your firewall properly, because you are ingesting all these feeds from Cisco Talos, and if your firewall is a small model or not sized perfectly, performance can become unstable. You must perform capacity planning well. All third-party threat intelligence feeds vary in quality, but Cisco Talos is definitely one of the most mature threat intelligence feeds that has been around for quite some time and has a decent reputation.

Based on quotes I have seen in the last couple of months, Cisco Secure Firewall is fairly priced. I sometimes find Palo Alto is more expensive than Cisco. Of course, the money you pay is for the capabilities you get. If it is an apple-to-apple comparison, Cisco Secure Firewall is fairly priced. I have no concerns about the pricing. My overall rating for Cisco Secure Firewall is 7.5 out of 10.

My main use case for Cisco Secure Firewall is to protect corporate internet access from malicious people.

I can provide a specific example of how I use Cisco Secure Firewall to protect my corporate internet system from malicious activity: I block malicious sites and create rules to detect them.

I also use it to provide remote access for vendors and IT support people.

The best features Cisco Secure Firewall offers in my experience are its GUI, clear definition, and process to create rules.

The GUI is clear and I am able to follow the description of processes such as backup, creation of rules, and other management processes.

This has helped my team feel more confident that we are protected from malicious intruders, and I have noticed specific positive outcomes and changes since using Cisco Secure Firewall.

I believe Cisco Secure Firewall can be improved, particularly regarding the specifications such as the memory that is used on entry-level firewalls, because sometimes when doing an upgrade or changing configuration, issues arise.

On the performance side, I notice that the upgrade to a different version is slow, so hopefully improved CPU and RAM will help performance.

I have been using Cisco Secure Firewall for three years.

Cisco Secure Firewall is stable in my experience.

The hardware is working and we have not encountered the firewall failing because of a firmware upgrade.

We have not needed the scalability feature of Cisco Secure Firewall as of now.

I have not needed to reach out to Cisco support for any issues.

I have not switched from another vendor or used another firewall vendor prior to Cisco.

Before choosing Cisco Secure Firewall, we did not evaluate other options.

I would advise others looking into using Cisco Secure Firewall that it is easy to use and manage, easy to create rules, and upgrade the firmware, and it is reliable; I have not encountered any failure on my Cisco firewall so far. I rate this product an 8 out of 10.

I have mainly worked with Cisco Firewall, specifically FTD and FMC, controlling the Firewall Threat Defenses from FMC, using Talos and Cisco ISE for approximately two and a half to three years. I completed a comprehensive re-architecture and added different vendors for a company called Gaming Laboratories International, where I extensively used their products.

For a span of two years, I extensively used Cisco products, ranging from switching and routers to firewall solutions for Gaming Laboratories International. For the last year, I have mainly worked with Palo Alto and Cato products, transitioning toward SD-WAN and SASE solutions.

At Gaming Laboratories International, I inherited a poorly designed network architecture and completely re-architected the network using Cisco Secure Firewall FTD and FMC across 45 different offices around the globe, spanning 435 jurisdictions at that time. My team and I used Cisco Secure Firewall as our internal firewall, securing the internal perimeter and protecting our DMZ from the inside. On the outside, we implemented Palo Alto because Cisco Secure Firewall could not handle the capabilities we required, such as application identification, which Palo Alto truly excels at.

Cisco Secure Firewall is quite scalable, and I have found it relatively easy to set up high availability. I have truly enjoyed the flexibility, without the need to use StackWise cables but simple Ethernet cables.

The benefit of Cisco Secure Firewall lies in keeping it to the basics through hardware, which costs a bit more, but the real problem emerges when integrating other platforms and their licensing, which is quite expensive. When calculating the total costs, including ISE, DNA Center, and hardware maintenance, it becomes exorbitant for medium-sized enterprises. It may work for large enterprises already entrenched in Cisco products.

The biggest inefficiency with Cisco Secure Firewall, to be honest, is the licensing—too many licenses for too many different products. There is not a single platform, which is essential nowadays. Cisco Secure Firewall is a bit of a colossus where they add weight on top of it, and I believe it amounts to simply placing products next to each other, which is not a very good solution from the perspective of a network security engineer.

There are many features I would personally remove, amend, or create differently from an engineering perspective. The Frankenstein architecture needs to stop and focus on AI. Nowadays, with different products, it is essential to have a single platform for better data and line application control. Everything about AI is to control application usage and how users interact with your systems.

The process with FMC is quite a hurdle, and attempting to integrate it with DNA Center or ISE turns into a nightmare. There is a stark contrast with Palo Alto and Prisma—everything just flows.

When setting up Cisco Secure Firewall, I encounter significant challenges, especially with on-premise Next-Generation Firewalls. There is lacking clarity in documentation, particularly when changing internet service providers or external IP addresses. This lack of guidance often leads to being locked out or corrupting files within the Next-Generation Firewall, resulting in wasted time troubleshooting.

I worked with Cisco Secure Firewall more than a year ago, exactly eleven months, to be precise.

I am really happy with the performance and capabilities of Cisco Secure Firewall to manage heavy workloads. Although it performs well, integrating the software with existing systems often creates complications.

Cisco Secure Firewall is quite scalable, and I have found it relatively easy to set up high availability.

Cisco's customer service and technical support respond in a timely manner, which is good. However, they do not always come up with effective solutions. Many times, I need to dig deep to find solutions due to the complexity of the environments where I work, especially in game development.

I would rate Cisco technical support as a seven. They deserve a six or seven for their efforts, but I feel sympathy for them given the challenging circumstances they work under.

At the moment, I do not use Cisco Secure Firewall at all. For the last eleven months, I have been working solely with Palo Alto Next-Generation Firewall, Prisma Access, and Cato. I am primarily integrating Cato for companies, and I have witnessed its rise over Cisco Secure Firewall because of its simplicity, ease of management, and deployment cost and time efficiency.

When setting up Cisco Secure Firewall, I encounter significant challenges, especially with on-premise Next-Generation Firewalls. There is lacking clarity in documentation, particularly when changing internet service providers or external IP addresses.

For high traffic rates and heavy CPU consumption, Cisco Secure Firewall could fit well. However, security can lead to lock-out situations, so those considering Cisco Secure Firewall should thoroughly assess their needs. SASE solutions are dominating the market; I primarily work with Cato, which finds traction in eight out of ten meetings I have with customers, with Palo Alto depending on the desired security posture.

I suggested in the design, and that was approved to be moved internally because Palo Alto had better capabilities to handle security concerns. Cisco Secure Firewall overly relies on administrators to do the heavy lifting to connect those platforms with open-source or third-party solutions. Licensing is a recurring issue—it would be much easier if there were a package, but that is not the case.

When we do not talk about money, time has become the critical factor where Cato massively outperforms Cisco Secure Firewall. I would rate this review a five point five overall.

We have two deployment models for the use case: one is a perimeter firewall and one is a data center firewall. If you have a perimeter, you will position Cisco Secure Firewall as a perimeter firewall; it fits more in data as a data center firewall because in a data center firewall, you are inspecting incoming traffic and you need a very good IPS, so Cisco Secure Firewall is very effective as a data center firewall.

The best feature in Cisco Secure Firewall is the stability; we have a stable product with no lagging or crashing, unlike others. Additionally, the IPS is the next-generation IPS from Cisco, which has many features and many signatures with updated signatures for my IPS.

I switched to Cisco Secure Firewall to get very good IPS signatures and next-generation IPS; that is a market leader from Cisco.

The stability is very good. I do not experience any downtime, crashes, or performance issues; that is the best feature from Cisco Secure Firewall.

Most of the time, Cisco provides features on some versions and the updated versions will move them; for example, we can do firewall policies based on users, which is from Active Directory. It should be from Cisco ISE, so it is a very bad drawback from Cisco Secure Firewall. Not all customers have Cisco ISE, and we need to integrate to make a policy on users, not just by IP, but with users also. We had integration before with LDAP and Active Directory, but on some versions, Cisco requires us to do it through Cisco ISE.

I have five years of experience with Cisco Secure Firewall overall.

The stability is very good. I do not experience any downtime, crashes, or performance issues; that is the best feature from Cisco Secure Firewall.

Cisco Secure Firewall is providing scalability. I rate the scalability as a number 10.

I rate the technical support a number 10.

Compared to Fortinet, we have a complex configuration, but we still have a stable product rather than Fortinet's product.

Cisco Secure Firewall requires maintenance. Maintaining it is slightly complex; it is not easy or very easy.

I am a customer. It was purchased through a partner. I was satisfied with my experience with the partner.

I have seen a return on investment of 50.

The pricing for Cisco Secure Firewall is very good, and we got many discounts from them.

Cisco Secure Firewall is deployed on-premises. We have a team of four users using the solution. I rate this review a 10.

I use Cisco Secure Firewall essentially as a firewall and for a secure access VPN solution. I need Cisco Secure Firewall to fulfill that role; I need it for secure access, and it performs the firewalling I need it to do in the network segment where it is located.

I have seen a return on investment with Cisco Secure Firewall. Generally, where it sits in my network, there are other vendors as well, but Cisco Secure Firewall is a better product and easier to manage than those alternatives. It does more of the features that I want it to do to be more secure, and I will move the other vendors into Cisco Secure Firewall.

The biggest challenge I have with Cisco Secure Firewall is that I often need to look in a few places to find what I want to do or I find myself searching for where a particular feature is located. I know what I want to accomplish, but I cannot always find it easily; it takes some time looking around. Because I do not use Cisco Secure Firewall as heavily as other vendors, I find it a little harder to navigate, though I would caveat that with the possibility that with more use, it would become easier for me to navigate and accomplish what I want to do. I am not sure how I would specifically improve that aspect, but it is probably the biggest day-to-day challenge I have with it.

I have been using Cisco Secure Firewall for about a year, maybe just over.

Stability of Cisco Secure Firewall is generally very good.

In terms of scalability, because it is there for the secure access solution as well, it was right-sized when it was put in, so I have not had any scalability challenges for what I do. My organization is fairly static in terms of scale, so users and that type of thing do not scale up and down quickly; it is more slow-moving in that regard.

I have not done a whole lot of customer support with Cisco Secure Firewall.

Before Cisco Secure Firewall, I used Juniper as a vendor; I have used them with other vendors as well, but where I am using Cisco Secure Firewall, they are sort of a direct competitor with Juniper.

It took a couple of months to deploy Cisco Secure Firewall; that was the same for secure access, as it was all part of the same rollout. What took those months to deploy was probably more internal change controls; it is just slower moving, as I have done a lot of testing deployments in lab environments, so it is less of a technology issue and more of the constraints of where I work that slow it down.

I did not implement Cisco Secure Firewall personally, but I was there for the implementation.

I have seen a return on investment with Cisco Secure Firewall. Generally, where it sits in my network, there are other vendors as well, but Cisco Secure Firewall is a better product and easier to manage than those alternatives. It does more of the features that I want it to do to be more secure, and I will move the other vendors into Cisco Secure Firewall.

Integration with other systems is fairly slow-moving and static in that way. I would rate this review an 8.