I use Cisco Secure Firewall essentially as a firewall and for a secure access VPN solution. I need Cisco Secure Firewall to fulfill that role; I need it for secure access, and it performs the firewalling I need it to do in the network segment where it is located.

I have seen a return on investment with Cisco Secure Firewall. Generally, where it sits in my network, there are other vendors as well, but Cisco Secure Firewall is a better product and easier to manage than those alternatives. It does more of the features that I want it to do to be more secure, and I will move the other vendors into Cisco Secure Firewall.

The biggest challenge I have with Cisco Secure Firewall is that I often need to look in a few places to find what I want to do or I find myself searching for where a particular feature is located. I know what I want to accomplish, but I cannot always find it easily; it takes some time looking around. Because I do not use Cisco Secure Firewall as heavily as other vendors, I find it a little harder to navigate, though I would caveat that with the possibility that with more use, it would become easier for me to navigate and accomplish what I want to do. I am not sure how I would specifically improve that aspect, but it is probably the biggest day-to-day challenge I have with it.

I have been using Cisco Secure Firewall for about a year, maybe just over.

Stability of Cisco Secure Firewall is generally very good.

In terms of scalability, because it is there for the secure access solution as well, it was right-sized when it was put in, so I have not had any scalability challenges for what I do. My organization is fairly static in terms of scale, so users and that type of thing do not scale up and down quickly; it is more slow-moving in that regard.

I have not done a whole lot of customer support with Cisco Secure Firewall.

Before Cisco Secure Firewall, I used Juniper as a vendor; I have used them with other vendors as well, but where I am using Cisco Secure Firewall, they are sort of a direct competitor with Juniper.

It took a couple of months to deploy Cisco Secure Firewall; that was the same for secure access, as it was all part of the same rollout. What took those months to deploy was probably more internal change controls; it is just slower moving, as I have done a lot of testing deployments in lab environments, so it is less of a technology issue and more of the constraints of where I work that slow it down.

I did not implement Cisco Secure Firewall personally, but I was there for the implementation.

I have seen a return on investment with Cisco Secure Firewall. Generally, where it sits in my network, there are other vendors as well, but Cisco Secure Firewall is a better product and easier to manage than those alternatives. It does more of the features that I want it to do to be more secure, and I will move the other vendors into Cisco Secure Firewall.

Integration with other systems is fairly slow-moving and static in that way. I would rate this review an 8.

Assessment of Cisco Secure Firewall – Policy Unification & Zero-Trust Enablement

I assess the policy unification and operational flexibility of Cisco Secure Firewall very positively, based on our hands-on deployment in the COE (Center of Excellence) lab environment where we conduct regular customer demonstrations.

1. Dynamic Policy Management in a Live Demo Environment

In our COE setup, firewall policies are frequently modified based on customer use cases.

• We regularly update existing rules or create new ones.
• Sometimes changes are required weekly.
• In certain scenarios, rule updates are needed multiple times in a single day.
• The environment is continuously adjusted to reflect customer-specific requirements.

Cisco Secure Firewall enables us to make these changes quickly and efficiently, demonstrating its operational flexibility and centralized policy control.

2. OT Network Segmentation & IDS/IPS Flexibility

Within our lab, we have a dedicated OT segment with multiple security zones configured.

To simulate real-world scenarios:

• We include attacker zones that generate controlled attack traffic.
• For some use cases, we enable IDS (detection-only) to showcase logging and monitoring.
• For other scenarios, we enable IPS signatures to demonstrate active prevention.

The ability to seamlessly switch policies from IDS-only mode to full intrusion prevention allows us to demonstrate multiple use cases using the same infrastructure without complexity.

This flexibility is particularly valuable in OT security environments where detection and prevention requirements may vary depending on operational needs.

3. Zero-Trust Architecture Demonstration

Cisco Secure Firewall plays a critical role in demonstrating Zero-Trust architecture in our lab.

Our integrated setup includes:

• Cisco Secure Firewall
• SDA fabric / trusted network switches
• Cisco Identity Services Engine (Cisco ISE)

Using Cisco ISE:

• Users are securely onboarded onto the network.
• Authentication and authorization policies are enforced.
• Role-based segmentation is applied.

If a connected user attempts unauthorized actions—such as accessing malicious destinations or generating abnormal traffic—the system responds automatically.

4. Automated Threat Containment – Practical Demonstration

For example:

• We restrict excessive ICMP traffic between segments.
• If a user continuously generates abnormal ICMP traffic,
• The firewall detects the behavior using IPS signatures.
• The firewall notifies Cisco ISE about the abnormal activity.
• Cisco ISE automatically quarantines the client into a restricted VLAN.

This process occurs without any manual intervention.

Even though our lab does not generate fully malicious real-world attacks, customers can clearly see how:

1. The firewall detects suspicious activity.
2. The integrated ecosystem communicates automatically.
3. The endpoint is isolated in real time.
4. The threat area is segmented from the rest of the network.

This provides a complete, practical Zero-Trust story:

• Secure onboarding
• Least-privilege access
• Continuous monitoring
• Automated threat response
• Dynamic segmentation

5. Unified Security Story for Customers

What makes this powerful is not just the firewall capability alone, but the integrated ecosystem:

• Identity-driven access control
• Behavioral detection
• Automated containment
• Dynamic VLAN reassignment
• Segmentation of threat zones

Cisco Secure Firewall allows us to demonstrate how a fully integrated security architecture can automatically identify, isolate, and contain threats—helping organizations minimize risk and maintain operational continuity.

One of the most valuable aspects of Cisco Secure Firewall is its deep and seamless integration within the Cisco security ecosystem.

While most next-generation firewall capabilities are broadly comparable across OEMs, the true differentiator lies in Cisco’s ecosystem-driven architecture and automation capabilities.

1. Ecosystem-Driven Security Automation (Unique Differentiator)

We have deployed Cisco Identity Services Engine (Cisco ISE) as our NAC solution and integrated it directly with Cisco Secure Firewall.

This integration enables Rapid Threat Containment (RTC):

• If the firewall detects malware activity (e.g., malicious download attempts or suspicious behavior),
• It automatically notifies Cisco ISE,
• Cisco ISE dynamically quarantines the endpoint or moves the user into a restricted security segment,
• All without manual intervention.

This closed-loop automation between detection and enforcement is a powerful advantage. It significantly reduces response time, limits lateral movement, and strengthens overall security posture.

This level of orchestration across network and security components is a major reason we prefer Cisco over other OEMs.

2. Advanced Visibility & Log Analytics

Another strong capability is the rich dashboard visibility within Cisco Secure Firewall.

• Detailed traffic analysis
• Granular log inspection
• Application-level visibility
• Improved troubleshooting capabilities

The dashboard enables faster root cause analysis and better operational decision-making.

3. AI-Driven Optimization with Cisco Secure Cloud Control

Recently, Cisco introduced Cisco Secure Cloud Control (SCC), a cloud-based unified security management platform.

With SCC, we gain access to AI-driven operations (AIOps), which provides:

• Rule optimization recommendations
• Identification of overlapping firewall rules
• Policy cleanup insights
• Performance optimization guidance

This AI-assisted intelligence improves firewall efficiency and reduces configuration complexity over time.

4. Flexible Hybrid Security Management

One of the strongest advantages of Cisco is deployment flexibility.

For customers who:

• Prefer a fully cloud-managed model → SCC provides centralized management.
• Require on-premise control due to compliance or data sovereignty → we can deploy Cisco Firepower Management Center (FMC).
• Want both on-prem control and cloud-based AI benefits → we can integrate on-prem FMC with SCC.

This hybrid capability allows organizations to:

• Maintain data control,
• Leverage AI-driven analytics,
• Manage multiple security products under a single umbrella.

This flexibility is a strong differentiator in environments with regulatory or operational constraints.

5. Improved User Experience & Modernized UI

From a configuration standpoint:

• The latest software releases have significantly enhanced the UI.
• Navigation is more intuitive.
• Policy configuration is more streamlined.
• Overall usability has improved compared to earlier versions.

This reflects Cisco’s continuous investment in platform modernization.

Feedback and Improvement Areas – Cisco Secure Firewall (Customer Perspective)

From a customer point of view, there are a few improvement areas observed while positioning Cisco Secure Firewall in competitive scenarios.

1. Dashboard & Visibility Enhancements

Customers often compare firewall dashboards across different OEMs during evaluation.

• Competing vendors typically provide more feature-rich and visually detailed dashboards.
• There is a perception that Cisco dashboards still require enhancement in terms of visualization, consolidated reporting, and built-in analytics.
• Some OEMs advertise additional security capabilities clearly within their publicly available data sheets, making competitive positioning easier.

In comparison, Cisco sometimes references separate documentation or explains how certain capabilities (such as anti-spam or antivirus functionality) can be achieved through integration or ecosystem components rather than native, built-in features. This creates a perception gap during customer discussions.

Improvement Opportunity:

• Enhance dashboard capabilities.
• Clearly articulate feature availability in public documentation and data sheets.
• Reduce dependency on cross-referenced documentation for commonly compared features.

2. Virtual Firewall / Multi-Instance Capabilities in Lower Models

Another competitive challenge relates to virtual firewall capabilities.

• Several OEMs provide virtual firewall (VDOM-like) functionality in lower-end models.
• In Cisco’s portfolio, multi-instance capability typically starts from higher-end platforms such as the 3K series or higher.
• Customers looking for smaller deployments with logical segmentation are often forced to consider higher models, resulting in a price jump.

Competitors also offer:

• Compact hardware models
• Dongle-based firewall appliances
• Smaller entry-level products with virtual segmentation

In Cisco’s case:

• To achieve similar multi-instance functionality, customers must opt for higher-tier models.
• This creates a significant pricing gap in entry-level or SMB deployments.

This pricing difference becomes a key factor when customers compare solutions. If competitors offer a lower-cost model with virtual segmentation, and Cisco requires a higher platform investment, customers may lean toward alternative OEMs.

3. Documentation Gaps – OT Protocol Visibility

In our lab environment, we have deployed Cisco Secure Firewall and are using Application Visibility and Control (AVC) for OT network monitoring.

Observations:

• OT protocols are clearly visible within application visibility.
• The firewall successfully identifies and classifies OT traffic.

However:

• This capability is not clearly mentioned in publicly available documentation.
• When a feature is available and functional, it should be explicitly documented in data sheets and feature guides.

The need for third-party integration depends on what we are looking for. Here I am saying that the integration with Cisco NAC can be done because RTC functionality is only available with Cisco ISE and the firewall integration. For other ecosystems, if we use a NAC solution that is not Cisco, we can still integrate it for user authentication, such as with VPN user authentication. But in that case, we don't achieve the same functionality, such as RTC with other NAC solutions. This is one aspect.

Another part is that if we are using it, it always happens with some NAC solutions because we have Cisco NAC and Cisco firewall; we want consistent policy across the network, whether the user is on-prem or using VPN services. If this is a unified OEM solution, in that case, we require an agent, such as the Cisco Secure Client. That allows us to easily check the posture status of the remote user and connect to the network effortlessly. But if we are using a third-party solution, we can't achieve that.

From a SIEM perspective, certain prerequisites must be fulfilled before integration with Cisco Secure Firewall can be completed. The feasibility of integration depends on the capabilities of the SIEM platform. If the SIEM solution supports the required APIs and event handling mechanisms, similar functionality can be achieved. Therefore, integration itself is generally not the challenge; the key consideration is the desired security outcome within the overall ecosystem.

If the customer does not have a SIEM solution and intends to automate quarantine actions or enforce restricted access for users, a Network Access Control (NAC) solution becomes mandatory. In this scenario, the recommended NAC solution is Cisco Identity Services Engine (Cisco ISE). Automated quarantine and dynamic access control workflows are dependent on NAC capabilities.

From a feature enhancement perspective for Cisco Secure Firewall, deeper NAC-driven integration adds significant value.

1. TrustSec / Tag-Based Policy Enforcement

Cisco ISE supports Cisco TrustSec, which enables Security Group Tag (SGT)-based segmentation.

• In traditional (legacy) networks, firewall policies are created based on IP addresses.
• With TrustSec, policies are defined based on user identity, group membership, and security tags instead of IP subnets.
• When users authenticate to the network, Cisco ISE assigns Security Group Tags (SGTs).
• These tags are shared with Cisco Secure Firewall.
• The firewall then enforces policies based on SGT-to-SGT rules rather than IP-to-IP rules.

Benefits:

• Significant reduction in the number of firewall rules
• Simplified policy management
• Improved scalability
• Easier implementation of role-based access control

This integration enhances operational efficiency and security posture.

2. Rapid Threat Containment (RTC)

Another key capability is Rapid Threat Containment (RTC).

If Cisco Secure Firewall detects malicious activity—such as malware download attempts identified via signature-based or advanced threat detection—it can notify Cisco ISE about the compromised endpoint.

Based on this input:

• Cisco ISE can automatically quarantine the user
• The endpoint can be moved to a restricted VLAN
• Access can be dynamically limited without manual intervention

This automated workflow ensures faster response time and reduces the risk of lateral movement within the network.

3. VPN and Posture Assessment

This functionality is not limited to wired or LAN users.

For VPN users:

• Authentication can be integrated with third-party NAC solutions.
• However, if posture assessment (device compliance checking) is required in addition to authentication, Cisco ISE integration with Cisco Secure Firewall becomes essential.

Cisco ISE enables:

• Endpoint posture validation
• Dynamic policy assignment
• Automated remediation workflows

I have been working with Cisco Secure Firewall for around four to five years.

For Cisco's technical support, I always rate it a ten. It's excellent.

Implementation Approach – Cisco Secure Firewall

The implementation of Cisco Secure Firewall primarily depends on customer requirements and the selected management approach. Broadly, there are two deployment models:

1. Cloud-based management
2. On-premises management

Functionally, both approaches provide similar capabilities. The difference lies mainly in deployment workflow and management architecture.

1. Cloud-Based Deployment – Simplified Onboarding

When using cloud-based management through Cisco Secure Cloud Control, onboarding a new firewall is straightforward and efficient.

Key advantages:

• Plug-and-play provisioning
• No initial CLI configuration required
• Automatic onboarding to the management platform
• Centralized visibility from the cloud console

The typical process includes:

• Activating the tenant in the cloud management portal
• Completing basic prerequisites
• Connecting the firewall to the network
• Ensuring the device receives an IP address via DHCP
• Confirming internet connectivity for cloud registration

Once connected, the device automatically appears in the management portal and can be claimed without complex manual steps. This significantly simplifies large-scale or remote deployments.

2. On-Premises Deployment – Structured Preparation

For on-premises management using Cisco Firepower Management Center (FMC), the process is similarly straightforward but requires some initial preparation.

Before onboarding the firewall:

• FMC must be installed and fully configured.
• Network reachability between FMC and the firewall must be ensured.
• Registration keys and management connectivity must be prepared.

Once these prerequisites are completed, the firewall can be onboarded and managed centrally.

3. Deployment Timeline & Practical Experience

From our practical experience:

• Basic reachability and initial configuration can typically be completed within 30 minutes to a couple of hours.
• Plug-and-play onboarding significantly reduces deployment effort.
• Advanced configurations—such as production IPS signature tuning, policy optimization, and security rule validation—may require additional time depending on the environment.

Overall, the initial onboarding process is simple and efficient. The time investment primarily depends on the complexity of the security policies and production-level tuning requirements.

Overall Assessment

Cisco Secure Firewall offers:

• Flexible deployment models (cloud or on-prem)
• Simplified plug-and-play onboarding
• Minimal CLI dependency for initial setup
• Scalable management architecture
• Efficient initial configuration timeline

Regarding the impact of the cloud-delivered firewall on my customer's security posture, considering the firewall's deployment in production is crucial. When someone deploys the firewall, they will apply some intelligence and follow best practices to deploy the solutions. But after, the person managing the firewall is sometimes adding rules based on urgency, allowing certain rules that might permit any-any traffic. To mitigate some issues, they forget to disable this rule later. This rule shouldn't remain active in the firewall. This is one aspect they can encounter.

Another issue we face with customers is that they continue with the same configuration without updating new patches. They only update the setup when something happens. This is what sometimes occurs; users don't renew their license subscriptions. If they lack an updated subscription, they won't receive updates for the latest signatures. This will create problems in the live environment. Overall, I would rate this solution an eight out of ten.

Cisco Secure Firewall can be used for perimeter security, IDS, IPS, and VPN purposes. When discussing secure access via Cisco Secure Firewall, it helps any roaming user, whether working from home, an airport, or in the office, to securely access any workload that could be located on a private cloud, public cloud, data center, or at the edge. It bypasses the on-premise firewall, but they offer firewall as a service, which is on the cloud and enables Secure Service Edge. Perimeter security is necessary and is part of their Secure Access offering, which is Firewall as a Service coming out of the cloud.

From Cisco Secure Firewall's security offering perspective, Cisco has a very comprehensive offering. Whether it is perimeter security in the form of firewall, user security for remote users for SASE, AI security, endpoint security, network security, or workload security, this fits very well into an overall security architecture proposed by Cisco, which is called a Security Reference Architecture. They have a very comprehensive range of products that integrate very well with their firewall. I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective.

Cisco Secure Firewall includes something called Secure Cloud Control, which provides single management for consolidating policy across multiple pieces of equipment, whether it is a SASE policy, firewall policy, or otherwise. Centralized policy management is possible within that firewall, and if you want to orchestrate the same policy across multiple security products, you can use Cisco Secure Cloud Control.

Different models exist for Cisco Secure Firewall. Every on-premise model has a limit to the throughput it can support, and up to that limit, it scales fine. After reaching that limit, you are supposed to replace the model. For on-premise solutions, this is the case. However, Firewall as a Service can scale to a very large extent because it is a cloud-based offering that can scale up to a very large number, which is not a problem.

Cisco Secure Firewall has been used and sold for at least three to four years.

Cisco Secure Firewall is quite stable. If I had to rate stability from zero to ten points for Cisco Secure Firewall, I would give it an eight.

Cloud-delivered firewall provides much better flexibility for an organization via Cisco Secure Firewall. First, you can ensure that any users coming from outside securely access any workload that the organization may be running either in a private cloud or public cloud on a hyperscaler. Second, it provides what is called local internet breakout, where any services not supposed to go through the firewall can do a local internet breakout. With Firewall as a Service, you can consume capacity as you grow, rather than trying to put one firewall for your peak load. This gives tremendous flexibility similar to the flexibility that exists in cloud consumption.

If I had to give points for technical support from Cisco, I would give it an eight. It is pretty good, and we do not face a challenge. The reason is that our own team is pretty capable technically, so we do not go back to Cisco for much support. Whenever we have requested support, they have been pretty responsive.

I do not view Cisco security offerings only from a firewall perspective, but from an overall offering perspective. Cisco Secure Firewall helps with the Zero Trust Security Model. ZTNA is a concept that has to be implemented at every tier, including the firewall. You cannot implement zero trust without a firewall also supporting it. It is an important piece in building a zero trust architecture. The review rating for this product is an eight out of ten.

Cisco Secure Firewall provides intelligent devices that can manage security issues between IT and OT environments. IT is an information technology environment consisting of servers and data centers, while OT environment is operational technology related to PLC cabinets and machines. When integrating both to work in business processes, security issues between IT and OT must be managed, and Cisco provides excellent devices for managing this challenge.

I primarily use Cisco Secure Firewall in manufacturing fields rather than applications. In a small area, I integrated Cisco with RADIUS for authentication purposes and TACACS, applying security rules to external access for suppliers from Europe and the USA to our environments.

I use cloud-delivered firewall in parts of our business because we have multiple locations distributed across Egypt and Germany. I needed to use a firewall in the cloud to publish security policies remotely and manage separate locations with the same vendor like Cisco.

The biggest benefit of Cisco Secure Firewall and the features that stand out to me are its excellent integration with PLC and manufacturing devices. This option cannot be found on other devices such as Sophos or FortiGate.

The unification of policies is very important to me because without unified communication between devices with the same rule and security policy, managing everything with separate technology and separate vendors would be very difficult. Cisco excels at this.

The deployment of Cisco Secure Firewall was completed in-house.

Regarding implementing a zero-trust security model, I did not pursue this option because zero-trust is new technology with significant human impact on business operations. I use multi-factor authentication instead, with devices such as YubiKey, which is a USB device for trusting device authentication with hardware, but I have not implemented zero-trust at this time.

I do see some drawbacks with the authentication portions of Cisco, which are very legacy and have not been improved for a long time, such as using 802.1X switches. These aspects must be improved.

I have been using Cisco Secure Firewall for ten years.

For some period of time, we were a partner with Cisco, and after that, we began working as a customer.

I see some ROI through savings, including time and money savings. When evaluating Cisco over a longer period, I save money because the service renewal costs are substantial compared to alternatives. If I consider FortiGate, each module costs money and each renewal costs money. When comparing Cisco with other vendors, I believe Cisco's licensing is better.

Some differences from a technical standpoint are that Cisco is more professional in creating and applying rules on devices and integrating with other infrastructure, particularly routers. If I wanted to integrate access points and switches with Sophos or FortiGate, I would have to purchase the same brand name from those vendors and not integrate with others. This is a significant limitation. With Cisco, I do not have to purchase everything from a single partner and can mix between providers to take advantage of each product's benefits.

We are currently using Cisco Secure Firewall ASA and are planning to use Cisco Vision. Cisco provides many tools to have visibility of packets moving on the network and enables capturing certain packets for analysis, which others cannot do.

Cisco Secure Firewall is very fair according to the benefits it provides. When comparing Sophos, FortiGate, and Cisco in terms of benefits and stability, Cisco is excellent.

Cisco Secure Firewall has a degree of complexity, but I believe it is more professional in deployment because it operates at the data link layer and network layer rather than only at the application and web levels. I rate this review as a nine out of ten.

The challenges during the implementation of Cisco Secure Firewall mainly involve the complexity of the rules to be migrated or the complexity of the scenarios to be implemented, which are related to OT scenarios and disconnected environments.

I benefit from using Cisco Secure Firewall mainly because at least 99% of my customers have a Cisco environment, including switching and routing, making it easier to integrate with other Cisco components than with other vendors.

The impact of a cloud-delivered firewall on my organization's security posture depends on the environments I manage, which are primarily disconnected and focused more on industrial security rather than the cloud. While traditional IT recognizes that the delivery of cloud services is beneficial, comparing it to Azure Firewall, Google Firewall, or AWS Firewall shows that they are not true firewalls but rather sets of rules that do not work perfectly. From my perspective, it is better to add Cisco Secure Firewall for proper coverage.

The best features of Cisco Secure Firewall that make it distinct from the rest of the vendors are mainly its Layer 4 capabilities, as it is the best in routing and switching mode, along with the way Cisco Secure Firewall works in disconnected environments.

The deployment for Cisco Secure Firewall takes no more than six to eight hours, but the fine-tuning of the solution typically takes four or five days.

Using Cisco Secure Firewall is financially beneficial as it provides clear settings for all members managing the solution, making it easy to teach the engineering team how it works and how to configure it, ultimately reducing the time needed to apply policies or make changes in the infrastructure.

I have not noticed any significant drawbacks or weak points in Cisco Secure Firewall. The deployment is not complex, but the complexity arises during fine-tuning due to customers migrating from other solutions, as copying and pasting rules is not the same across all vendors, which necessitates fine-tuning. This can be a pain point when lacking tools to assist in the migration process.

I would assess Cisco Secure Firewall's ability to unify policies across environments as complex, since different customers have varying situations. Some wish to consolidate rules in the same place, while others prefer different rule sets in different locations.

I have been working with Cisco Secure Firewall for around 20 years.

My thoughts about the technical support of Cisco are positive. The times I have opened a ticket, the support has been responsive, and for incidents rated P up to P3, the responses have been satisfactory. I have not needed to open a P2 or P1 incident.

I would rate Cisco's technical support a nine out of ten.

The number of people involved in the process depends on the customer. Sometimes I am alone doing the task, but there are times when I define the task and the customer team handles it, which can involve three, four, or six people, depending on the customer.

I am focused mainly on the security part, utilizing all of the tools such as Palo Alto, Fortinet, Check Point, Sophos, CyberArk, Delinea, Netskope, Splunk, and all the security suite from Microsoft.

I am working with both on-premises and cloud deployment models.

I have not used any new features or functionalities recently in Cisco Secure Firewall, as it usually functions as a Layer 4 firewall without applying any filtering or inspection.

My experience with the licensing model indicates that for a long time, I believed the price was reasonable, but currently, I am uncertain as all services I purchase are directly from the customer while I act as a consultant, not purchasing any components myself.

I would rate this product a nine out of ten overall.

Our company's use case for Cisco Secure Firewall is to separate and protect the different server network ranges in our data center and to provide access to and from those services that sit in our data center to users and customers alike. We also use Cisco Secure Firewall on the edge to provide internet access to and from the internet for our business.

The most valuable aspect of Cisco Secure Firewall for me is not a specific feature but the fact that it is quite stable as a firewall overall. It is not too buggy or disruptive when performing our day-to-day operations, and that is the main thing about it.

Centralized management of Cisco Secure Firewall benefits our organization because we have multiple firewalls, but we go to one single page or use the Firewall Management Center to administer policies and make changes. This allows us to see what is going on from a visibility perspective, so all troubleshooting, configuration, and administration of the firewall happens at one single place, which is beneficial.

A single pane of glass for management is available.

One thing I would improve in Cisco Secure Firewall is somehow embedding the capability to use an asterisk-type of firewall rules in the access control policy. An example could be star.google.com; being able to use an asterisk for anything in the subdomain would be beneficial, as I know some of Cisco's competitors allow that on their firewalls, which eliminates the need for an additional appliance to facilitate that component.

I have been using Cisco Secure Firewall for about five years.

Currently, Cisco Secure Firewall has been up and running for about three years since its last reboot, so it is quite stable.

I find the solution to be scalable, especially with the other products that Cisco is developing. For instance, Cisco Secure Cloud now allows us to potentially take the management functions of Cisco Secure Firewall, move it into the cloud, and integrate it with other Cisco security products, managing everything from one single pane.

I have worked with Cisco's customer support.

When it comes to customer support, referring to TAC, I find that Cisco's support stands out. It is very important for us as a business to have that support when needed, and Cisco has often never failed in providing that support.

If I were to rate the support overall from one to ten, I would give it a nine.

While I rate it a nine, to make it a ten, it could be improved based on individual cases. Some support people truly embody Cisco's values in responding and assisting, but there are times when some individuals may not be as helpful as others, leading to a disconnect in the support experience.

Deploying Cisco Secure Firewalls is quite straightforward, as Cisco provides a lot of available documentation online, extensive support, and training, which makes it easy for engineers and customers to use Cisco products effectively.

The deployment time for Cisco Secure Firewalls varies. Currently, I am going through a refresh where we are replacing older Firepower systems with newer ones, but in the past, it has been relatively simple, typically taking within an hour or two to get everything up and running.

I have been part of the deployment of Cisco Secure Firewalls.

From a return on investment perspective, I think Cisco Secure Firewalls keep our organization safe and protect the organization's image from a governance standpoint. With cybersecurity being a big issue in the world, Cisco Secure Firewalls protect data, the environment, organization, and keep things safe. It is always reassuring for customers to know that the organization I work for invests in products like Cisco Secure Firewall to protect ourselves.

Cisco Secure Firewall is similar to insurance in that it provides peace of mind.

I rate Cisco Secure Firewalls a nine overall. While there are features I think could be added to achieve a perfect ten, I still regard it higher than its competitors. From both a technical and peace of mind perspective, Cisco Secure Firewall is the frontrunner.

I would tell someone considering purchasing Cisco Secure Firewalls that they will not be disappointed. My overall review rating for Cisco Secure Firewall is nine.

Cisco Secure Firewall's main use case is the edge firewall, which has great IPS and IDS capabilities, providing a solid defense layer for the organization.

I really appreciate the NAT-ting feature of Cisco Secure Firewall the most.

The main benefit of the NAT-ting feature in Cisco Secure Firewall is that when I establish a site-to-site tunnel with another endpoint from another company, I can provide them with a fake IP instead of the real IP.

Cisco Secure Firewall benefits our organization by serving as the first defense layer, which is the edge firewall as I mentioned before, helping to prevent DDoS attacks and similar threats.

I think Cisco Secure Firewall could become even better overall, but as of now, it is already in a stable status, and I do not see any significant features that need immediate attention. Perhaps something will come up in the future.

Cisco Secure Firewall is a stable and reliable product.

Cisco Secure Firewall remains stable because even if there are bugs, Cisco TAC engineers are consistently working to find solutions on the spot.

I am not experiencing any downtime with Cisco Secure Firewall.

There are bugs in Cisco Secure Firewall, but as I mentioned, the TAC engineers are actively working to resolve issues as quickly as possible, so the downtime is only for a short period.

I have experienced bugs with Cisco Secure Firewall, such as a sudden reboot, for example, but they resolved it on the spot.

Cisco Secure Firewall scales with the growing needs of an organization and has scalability.

Cisco Secure Firewall definitely demonstrates scalability, though I cannot explain it exactly.

I find that customer support from Cisco is good, as the TAC engineers are available all the time.

If I could rate Cisco Secure Firewall's support on a scale from one to ten, I would give it a ten.

The deployment model for Cisco Secure Firewall is on-premises.

My experience with deploying Cisco Secure Firewall is that it is complicated, but if you have the experience, you can deploy it smoothly.

There is a high learning curve for the deployment of Cisco Secure Firewall.

I have seen ROI with Cisco Secure Firewall, as they definitely save time and provide peace of mind.

Cisco Secure Firewall saves time and also saves money, definitely providing peace of mind.

My impression of the pricing and licensing of Cisco Secure Firewall is that it is not the normal pricing; it is high, but they deserve it.

They bring great value for the price because they provide excellent support, have stability, and we trust this product.

I would rate Cisco Secure Firewall a nine on a scale from one to ten. I rate it a nine because there is one point regarding the bugs that the versions of Cisco in general have.

My advice to other organizations considering Cisco Secure Firewall is to ensure that customers receive guidance from TAC engineers regarding bugs and workarounds when they are published. It is crucial to expedite the process of finding bugs before deploying new versions.

We are running Cisco Secure Firewall firewalls as edge devices. It is very good to have FTD, a device like FTD and FMC for management of the devices.

I am Ahmed from Palestine, working with a service provider company for mobile and landlines. Our company, Jawwal, is a service provider for Palestine with about 3,000 employees serving all people in Palestine. We used to have Cisco devices and also other vendors because our security team always asks to have multiple vendors in our company. We are very happy to have Cisco Secure Firewall devices. Our favorite features are that it is the next-generation firewall, always providing an IPS capability and multi-homing for multiple devices, clustering, and similar functionalities. We also appreciate FMC for management. It is a very good and very strong device to have in our company. We use it as edge firewalls for our company. We have three data centers spread all around the country. We always use Cisco and try to bring Cisco devices to our company because we always have something new.

Cisco Secure Firewall has many features, so the most important thing in the next-generation firewall is an IPS and URL filtering. It is a very good experience to have FTD for IPS and URL filtering.

My favorite feature inside the firewall is an IPS integrated with Threat Defense. I would like to highlight some protection. I would like to mention something about the intelligence for the firewall. We are very much looking forward to having AI included in the firewalls from Cisco, and I am looking to know how I can get benefits from AI inside Cisco Secure Firewall devices. We are always looking for improvement for the devices, and Cisco is always doing that. The most benefit for the firewalls in our company, regarding protection, intrusion prevention, and URL filtering, is a very good feature to have.

We faced some issues, though they are not very big issues in the device. When managing these devices from FMC, we have some tricky points for the device flexibility regarding upgrade from one FMC to another FMC and bringing the devices inside to be managed by this FMC. This also applies regarding the flexibility for having the data or the device when upgrading from one hardware to another hardware. To make it more easily to have this configuration from this device to another device would be beneficial.

When upgrading, Cisco always makes something called end of life for the hardware devices. When going from one device to another device, it is very hard to have this configuration exported from this device and put it in another device. This affects our service continuity, potentially causing some interruption for our service provider because we are running in a very critical environment. This may affect our user experience.

The only bad experience is that exporting and importing from one device is problematic. If trying to make a scalable device to increase capability for the device, it is very hard to export the configuration from this device to another device. We have to do it manually. This is a very bad experience, but other things are very good.

We have been using this solution for more than seven years.

At IT, every time we may have something like this, but it is perhaps not related to the device itself. It depends on very wide other reasons. Sometimes, we have some downtimes because of something unknown, perhaps from the Linux kernel. Cisco engineers are always listening to us and contacting us for any improvement, which is why we love Cisco.

In the network world, there is nothing straightforward. We always have obstacles on our way. Cisco is very good regarding availability and the stability for the device. When something happens in the device, the failover happens very quickly without any interruption. This is our experience with Cisco, and we are looking forward to having more and more. It is not straightforward because of the complexity of the network. As a device, it is straightforward, but because of the complexity of the other things, we can find it not hard, but a little bit complex. It is not related to the device itself.

Cisco technical support is always doing a great job. While supporting us during our maintenance window for downtimes, it is very good. We are trying to have better support, and it is about financial issues because if going up with the support level, it becomes better and better. We need to make it more equitable.

Companies are always looking for security. If needing to have a secure firewall with high throughput and heavy-duty devices, we always have to choose Cisco devices because the reality of these devices may be better than any other vendor. Other vendors are very good also, but sometimes Cisco is more flexible than others.

We have to use solutions such as IPS and IDS also. It is in detection and IPS for prevention also, but it is a different device, so it may have added layers for our network and making problems around that experience we have with it. It is not because of the device or the vendor, but layers in the network making some delays and making some overhead on the network. Cisco is the vendor we use. When comparing devices financially, we can see that other devices have very advanced features and other vendors have very good advantages. Cisco always wins. Maybe it is financially good because we have very high features and there are real advantages and features. Regarding throughput, some other vendors say it is fake throughput, not like Cisco. Cisco, when they say one gig, it is one gig.

We have many models such as 2000, 2003, and 4005. We have about eight devices spread around the company. I would give Cisco Secure Firewall a rating of eight out of ten because we are always looking for improvement. Cisco is very stable. From my experience, Cisco Secure Firewall is very stable. Because of the many integrations with the ICE and SGT, it is very nice to have these features. We always can see improvements on Cisco.

My use case for Cisco Secure Firewall includes secure access into the network, remote access VPN, site-to-site VPN, NAT, and access control.

I believe the most valuable feature of having the FTD in Cisco Secure Firewall is that it is typically managed through FMC, which is a tool that allows you to manage multiple devices. The ability to manage, view, and push templates across multiple devices at one time is beneficial versus having to manually do it.

Cisco Secure Firewall helps organizations improve by making networking easier, as they have provided a graphical user interface for much of the functionality. I think people prefer the GUI and find it easier to navigate versus having to remember commands, making it excellent for both novice and senior engineers.

If I could improve Cisco Secure Firewall, I feel that even with my experience, I have difficulty navigating some of the logs and trying to find specific flows, whether it is the source address or the pre-NAT address. I find the filtering very difficult to navigate and determine exactly what field I have to put the criteria in, as there are too many fields.

I probably started using Cisco Secure Firewall at the beginning of the pandemic, around 2021, while I was using ASAs before that, which had been for approximately 10 years. I have used FTD and Firepower for approximately five years and ASA for approximately 10 years.

I believe Cisco Secure Firewall is stable because I have never seen it crash and I have never seen it fail to forward packets.

My experience with customer support for Cisco Secure Firewall is positive, as they are helpful. On a scale of one to ten, I would rate Cisco Secure Firewall customer support as a nine, with ten being best.

I have briefly looked at some marketing materials for other firewall solutions such as Palo Alto, Fortinet, and FortiGate to understand where they are in the market, but I have never really managed or configured those platforms.

The complexity of deploying Cisco Secure Firewall varies depending on how many you have deployed. When I first deployed it, I still had to refer to documentation and conduct some trial and error, as we had to reconfigure some elements because of the interesting environment where we had to port-channel separately instead of as one bundled channel in an HA cluster. The complexity really depends on the environment.

I have deployed Cisco Secure Firewall with some customers.

I believe the market space for firewall solutions is crowded, and these vendors need to be competitive. I find that they are all quite similar.

Cisco Secure Firewall is used for securing perimeters, such as internal or external perimeters of the network.

I consider a valuable feature of Cisco Secure Firewall to be that it serves its purpose. ASA is nice, but it is outdated now. When it comes to FTD, complexity is one of the things. I am not sure they should build it from scratch.

Cisco Secure Firewall has helped improve my company over the last 15 years. Nowadays, you cannot live without a firewall. We are currently moving to another vendor.

Navigating through Cisco Secure Firewall is not intuitive. Complexity is another significant issue that needs to be addressed.

I have been using Cisco Secure Firewall for 15 years.

Cisco Secure Firewall is working with some bugs and glitches, but it is stable overall. ASA is a super stable firewall, even though it is outdated nowadays. FTD is working fine with some glitches.

Scalability depends on which Cisco Secure Firewall you are buying. For the enterprise level, it is scalable, but not significantly.

I have contacted Cisco support about these issues and opened many TAC cases for the firewalls.

I would evaluate Cisco support as good. Cisco is the best there. However, they need to rebuild this product. I love Cisco products, but when it comes to the firewall, I do not.

We are transitioning to Palo Alto.

I find Palo Alto to be much easier to operate and much more stable. If you want to incorporate FTD with another Cisco product, then you need to go with Cisco to have the full ecosystem. Since we do not have that requirement, we are going to another vendor, which is definitely easier to handle.

I have knowledge about the pricing and licensing.

A couple of days ago, I was working on a project and received a quote for the FTD 1230. For the same level with Palo Alto, even though we had a huge discount with Cisco, it turned out to be more expensive than Palo Alto. The pricing is quite expensive. My overall review rating for this product is 6.