Cisco Secure Firewall Valuable Features

Paul Nduati - PeerSpot reviewer
Assistant Ict Manager at a transportation company with 51-200 employees

I love the ASDM (Adaptive Security Device Manager) which is the management suite. It's a GUI and you're able to see everything at a glance without using the command line. There are those who love the CLI, but with ASDM it is easier to see where everything is going and where the problems are.

The ASDM makes it very easy to navigate and manage the firewall. You can commit changes with it or apply them before you save them to be sure that you're doing the right thing. You can perform backups easily from it.

It also has a built-in Packet Tracer tool, ping, and traceroute, all in a graphical display. We are really able to troubleshoot very quickly when there are issues. With the Packet Tracer, you're able to define which packet you're tracing, from which interface to which other one, and you're able to see an animation that shows where the traffic is either blocked or allowed. 

In addition, it has a monitoring module, which also is a very good tool for troubleshooting. When you fill in the fields, you can see all the related items that you're looking for. In that sense, it gives you deep packet inspection. I am happy with what it gives me.

It also has a dashboard when you log in, and that gives you a snapshot of all the interfaces, whether they're up or down, at a glance. You don't need to spend a lot of time trying to figure out issues.

View full review »
SB
Director & CIO of IT services at Connectivity IT Services Private Limited

ASA integrates with Firepower, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall. 

Deep Packet Inspection looks at the header information and inspects the contents of a particular packet. We can also look at traffic management. It can control end-user applications, and we can check device performance when we do this type of regression on our resources. This is what we look at with a DPI. It can help us reduce the overall OpEx and CapEx.

Traditionally, we needed multiple software and hardware tools. With these features, we can snoop into our network and understand each packet at a header level. That's called the service control engine.

Within Cisco's Service Control Engine Architecture, there's something called the Preferred Architecture, which has a supervisor engine. It's more of a network management tool. Cisco makes it more convenient to manage our resources. It has a nice UI, or we can go into the command-line level. 

Cisco's micro-segmentation features are helpful for access control layers and virtual LAN policy enforcement. That's how we segregate it. Micro-segmentation is focused on the application layer. When we design a policy that is more automated or granular, and we have a specific business requirement, we get into micro-segmentation. Otherwise, the majority of the implementation will be generic network segmentation.

Dynamic classification is also essential given the current security risks and the attacks. We cannot wait for it to tell us if it's a false positive or a real threat. In those cases, dynamic classification is essential, especially at a MAC level.
When using WiFi, we may have a suspicious guest, and we cannot wait for someone to stop it manually. The firewall needs to at least block the traffic and send an alert.

In cases like these, integration with Cisco ISE is handy. If the firewall alone doesn't help, you must redesign your architecture to include various associated products as you increase your requirements. For example, you may have to get into multiple servers, so you'll need an ISE for identity management. 

As you start scaling up your requirements, you go beyond a firewall. You start from an L1 layer and go to the L7 sitting at the organization's gateway. When you talk about dynamic policy implementation, that's where you start to get serious about your operations and can change things suddenly when an attack is happening.

With ISE integration, you get another dynamic classification if an endpoint connects immediately. ISE has a lot of authorization rules, so it applies a filter. The dynamic policy capabilities enable tighter integration at the application workload level. Snort 3 IPS enables you to run more rules without sacrificing performance, and IPS puts you one step ahead of any threats to the organization.

View full review »
Mohamed Al Maawali - PeerSpot reviewer
Infrastructure Planner at Petroleum Development Oman

I'm not a security person. I'm a planner, and we were interested in the advanced features of the firewall to allow us to manage the traffic. At the current stage of implementation, their help in implementing a policy has been valuable. It simplified the implementation. Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.

View full review »
Buyer's Guide
Cisco Secure Firewall
March 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
763,955 professionals have used our research since 2012.
Tushar Gaba - PeerSpot reviewer
Technical Solutions Architect at NIL Data Communications

The best features would obviously be the ones that are most used: the perimeter security, allowing/blocking of traffic, NAT-ing, and routing, or making it easy as compared to a router. If you were to do the similar features on a router, it would be way more extensive and difficult as compared to a firewall. These are the majority of the features that anyone would begin with.

But of course, they expanded to other features like IPS or cyber security or looking at vulnerabilities or scanning, port scans. Those are the advanced things.

[In terms of overall performance] in the last decade or so, especially in the last three or four years, the scale of where the architecture has been—all the numbers, the stats, everything—has gone up exponentially. It's all because of the innovations that are always happening, and not just at the hardware level, but particularly at the software level. Of course, we can always look at the data sheets and talk about the numbers, but all I can say, in my experience, is that the numbers have really gone up, and the speed at which the numbers have gone up in the last couple of years or so, is really progressive. That's really good to see.

View full review »
BB
Cybersecurity Designer at a financial services firm with 1,001-5,000 employees

I would say the most valuable aspect of Cisco Secure Firewall is how scalable the solution is. If we need to spin up a new environment, we can very easily and quickly scale the number of firewall instances that are available for that environment. Using clustering, we just add a few nodes and away we go. 

In terms of time-saving or cost of ownership, the types of information that we can get out of the Cisco Secure Firewall suite of products means that our security responders and our security operations center are able to detect threats much faster and are able to respond to them in a much more comprehensive and speedy manner. 

In terms of application visibility, it's very good. There is still room for improvement, and we tend to complement the Cisco Secure Firewall with another tool link to help us do some application discovery. That said, with Firepower, we are able to do the introductory part of the discovery part natively. 

In terms of detecting and remediating threats, I would say on the whole, it is excellent. When we made the decision to go with the Cisco Secure Firewall compared to some other vendors, the integration with other third-party tools, and vulnerability management, for example, was a real benefit. It meant that we could have a single view of where those three threats were coming from and what type of threats would be realized on our network.

In recent years through the integration of Firepower threat defense to manage some of the firewalls. We were able to do away with some of our existing firewall management suite. We do still need to use some third-party tools, but that list is decreasing over time. 

View full review »
Josh Schmookler - PeerSpot reviewer
Network Engineer at Aton Computing

FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent.

View full review »
SM
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
  • The normal firewalling features are very good. You can easily create objects and work with them. 
  • The AnyConnect software for remote VPN is an added feature on the firewall that works very well in our environment.
  • The IPS is another important feature that I use. It doesn't impact the overall performance of the ASAs.

All of these features work fine.

Cisco ASA works very nicely from an administration perspective. The management of the device is very nice. The ASDM (Adaptive Security Device Manager) is the software that we use and it is very easy to configure using the GUI. If you are familiar with the ASDM software, it's very easy for anyone to handle. The CLI isn't different from other Cisco CLIs, so that makes it easy as well.

Also, the visibility when doing packet inspection on the ASA, using the ASDM GUI, works well. You can go to the monitoring part and see the live logs, the syslogs. All the traffic events are displayed in the syslog. You can filter on whatever event you are interested in and it is visible to you in no time. It provides a real-time display of the traffic. Troubleshooting issues is very easy using ASDM. 

In addition, if you want to do some captures at the interface level, there's a packet tracer, a tool within the ASDM and the ASA, which is available on both the GUI and the CLI. That is on the newer firewalls as well and it's very nice. It shows you the life cycle of a packet within the firewall, from entry to the exit, and how many steps it goes through. It really helps while troubleshooting. I'm very satisfied with that.

View full review »
Anthony Smith - PeerSpot reviewer
Principal Security Consultant at Vohkus

Without a doubt, the best features are the reporting and analytics. Some vendors provide the same feature set, but their product won't give you the power to figure out what's going on in your network. Whereas with Cisco Secure Firewall, especially with the management platform on top, you can have all of the analytics and see exactly what is going on. You can see not only the source and destination but also the application, the URL, the type of policy it's hitting, the specific rule it's hitting, and the amount of data transferred from it. Apart from that, you get all of the risk reports. You can see how much bad stuff is coming into the network at present and whether there's anything you need to act on immediately. That data is at your fingertips, and it's by far the best feature and the best selling point of Cisco Secure Firewall.

Cisco Secure Firewall has reduced our clients' mean time to repair because they are able to find possible issues quickly. The power of the reporting, the dashboards, and all of the analytics in the background also helps to alert and quickly act on the threat.

My impression of Cisco Talos is that it's well-regarded in the industry. Cisco is so well regarded that we know their security intelligence is up-to-date. Our clients have peace of mind because they have Cisco Talos in the background and know that Cisco Secure Firewall is up-to-date with the latest threats. They can be sure that they're acting on the best available data.

View full review »
Isaiah Etuk - PeerSpot reviewer
Chief Digital & Technical Officer at Capital Express Assurance Limited

Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often. Sometimes, when users complain that they are not able to see a particular thing, we log in to check the scan and see what it has scanned and filtered. It is usually something it has filtered out. It works perfectly.

View full review »
AlexEng - PeerSpot reviewer
Systems Engineer at a healthcare company with 201-500 employees

Most firewalls do the same things, more or less. Because we have to compete with other vendors, it's the things that are different that are important. With Cisco, it's the security intelligence part. It's quite simple to configure and it's very effective. It cuts down on a lot of trouble in the early phases.

IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors.

I also like that, in recent years, they have been developing the solution very quickly and adding a lot of new, cool features. I really love the new web interface of Cisco Secure Firewall Management Center. It looks like a modern web-user interface compared to the previous one. And the recent release, 7.2, provided even more improvements. I like that you have the option to switch between a simplified view and the classic view of firewall policies. That was a good decision.

View full review »
KB
CTO at Intelcom

The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks. We also have Umbrella with Secure DNS because all the threats nowadays are coming from email servers. We also have the DSA solution to limit the threats coming from ransomware. Combining all of these with Talos provides the best security solution.

View full review »
JB
Enterprise Architect at People Driven Technology Inc

I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool.

From the Firepower solution, all the features that you would think of when you're thinking about a Firewall [are valuable], including some that I stated: content filtering, the IPS, IDS, and malware prevention. All of those are big use cases and great features that work well.

View full review »
BL
Enterprise Architect at a tech services company with 51-200 employees

I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words.

View full review »
Simon Watkins - PeerSpot reviewer
Senior Network Architect at Prosperity247

One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important.

View full review »
DavidMayer - PeerSpot reviewer
Solution Architect at a energy/utilities company with 1,001-5,000 employees

The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.

View full review »
Ken Mohammed - PeerSpot reviewer
UC Solutions Engineer at Diversified

I like that you can get really granular, as far as your access lists and access control go. 

You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI-based.

View full review »
NH
Network Engineer at a healthcare company with 10,001+ employees

Being able to use it as a policy-based VPN is valuable. It's very easy to understand. 

It's very easy to troubleshoot. It may be because I'm comfortable with it or because I've used it for so long, but it's easy to use for me. I don't have any problems with how to set it up or use it.

View full review »
MC
System programmer 2 at a government with 10,001+ employees

The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on.

The security correlation events and the network map help me to drill down on a host at will.

I really like the flexibility of the policies such as those you can use and the layer three policies with which you can block applications. It's really versatile. I like the security zones.

Cybersecurity resilience is our main focus right now. Because we're a government organization, everybody's really nervous about security and what the ramifications are. My device generates all the logs that our security team goes through and correlates all the events, so it's really important right now.

View full review »
MW
Executive Vice President, Head of Global Internet Network (GIN) at a tech services company with 10,001+ employees

Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers. I'm from Germany, and in Germany, people are very concerned about privacy. We have a bunch of public customers, and they have an issue with decrypting traffic, even if it's only for security analysis. They have some fears. So, they are quite interested in the capability to detect threats without decrypting traffic.

View full review »
Chuck Holley - PeerSpot reviewer
Director of Networking at Albemarle Corporation

The most valuable feature is zone segmentation, which we utilize through the Firepower management console. This allows for centralized management, which proves highly useful. In the past, when using Cisco Firewalls, we had to manage them independently. However, now we have a single unified interface to manage all our Cisco Firewalls worldwide.

View full review »
Jure Martinčič - PeerSpot reviewer
Engineer Specialist at Telekom Slovenije

The next-generation features, like IPS, among others, are the most valuable. IPS is mandatory in modern networks for protection against malicious attacks and network anomalies.

Also, it gives you great visibility when doing deep packet inspection, but you have to do HTTP inspection. If you don't do HTTP inspection, the visibility is not complete. That is the case for every firewall vendor.

View full review »
PS
System Engineer at Telekom Deutschland GmbH

Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.

View full review »
Joseph Lofaso - PeerSpot reviewer
Senior Network Engineer at Pinellas County Government

The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall.

View full review »
Ryan Page - PeerSpot reviewer
IT Network Manager at MLSE

It is very good at what it does. It is a very dependable, long-standing product that you can trust. You know exactly how it works. It has been in the market for a lot longer than I have. So, it is great at its core functionality.

View full review »
Robert LaCroix - PeerSpot reviewer
Network Engineer at Red River

As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end. 

We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure. 

Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.  

I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire. 

View full review »
JATINNAGPAL - PeerSpot reviewer
Manager/Security Operations Center Manager at RailTel Corporation of India Ltd

The content filtering is good. 

View full review »
Daniel Going - PeerSpot reviewer
Managing architect at Capgemini

The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port.

View full review »
Marijo Sutlovic - PeerSpot reviewer
Head of Information Security at Otp banka d.d.

The security features that protect our networks are the most valuable for me and my department, as we are responsible for the security of our network. We investigate cases and analyze traffic to see what's going on. These features are also very valuable when we are investigating communication between some services in the bank and what's happening in the network.

We are very satisfied with Cisco Secure Firewall for securing our infrastructure from end to end so we can detect and remediate threats. We have not seen a lot of false positives, and we haven't seen many situations when the traffic was interrupted without a proper cause. We are confident that the signatures that Cisco Secure Firewall uses are very good and reliable. For us, this is very important because we are a relatively small security team, and we don't have much manpower to be able to analyze every signature or event. By default, Cisco Secure Firewall is reliable, and that is the most important factor for us. Cisco is a large company that invests in security, and if it has reliable signatures and processes in intrusion detection, then that is very good for us.

Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network.

View full review »
Tim Maina - PeerSpot reviewer
Network Engineer at a tech vendor with 5,001-10,000 employees

The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot. As a troubleshooting tool, Packet Tracer is one of the things that I like. It comes up in all my interviews. When I want to figure out if someone knows how to use the ASA, I ask them about use cases when they use the Packet Tracer.

View full review »
CW
Security Engineer at a government with 501-1,000 employees

The product is easy to manage and simple. It works with the rest of our Cisco products. You can drop in new ones if you need more performance. The training and documentation provided are good.

View full review »
SV
Network Support Engineer at a manufacturing company with 51-200 employees

The most valuable feature is the threat defense. This product works well for threat defense but for everything else, we use Cisco ASA.

View full review »
ZK
Sr. NetOps Engineer at Smart Cities

The primary benefits of using Cisco Secure solutions are time-saving, a robust API, and convenience for the security team. 

View full review »
RV
Principal Network Engineer at a retailer with 10,001+ employees

I like the basic firewall features. We use Cisco Firepower to separate PCI from corporate, so we're not using it at the edge. If we were to use Firepower at the edge, then we would enable other features like IDS and SSL inspection. However, since we only use it as an internal firewall, plain level-four firewalling is enough for us.

Cisco Firepower is useful for securing our infrastructure from end to end so that we can detect and remediate any threats. I like the Cisco products because they are very stable and what you see is what you get. There are no vague or gray areas. We log all of our logs to Splunk, for example, and everything we see in Splunk is very useful. Finding errors or finding reasons why something is or is not working is very easy.

This solution helped to free up our IT staff's time so that they can focus on other projects. The management platform makes deployment and management, that is, day-to-day changes, very easy.

Cisco Firepower saved our organization's time because it has role-based access. We can give some engineers the ability to do day-to-day tasks and give more experienced engineers more in-depth tasks.

We have been able to consolidate our tools and applications. The FTD tool also manages our Firepower IDS nodes. As a result, we have a consolidated single pane of glass for all of our Cisco Firepower security tools.

View full review »
SG
Network Automation Engineer at a financial services firm with 1,001-5,000 employees

For our very specific use case, for remote access for VPN, ASAs are very good.

Cisco also introduces new features and new encryption techniques.

View full review »
Augustus Herriot - PeerSpot reviewer
Senior Infrastructure Engineer at a insurance company with 10,001+ employees
  • Speed
  • Its capabilities
  • Versatility
View full review »
FS
Networking Project Management Specialist at Bran for Programming and Information Technology

Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial.

View full review »
ArunSingh7 - PeerSpot reviewer
Computer Operator at a retailer with 5,001-10,000 employees

I won't be able to speak about the strong points of the product. I will need the input from my team to be able to speak about the advantages of the product. The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market.

View full review »
KH
Systems Engineer at a engineering company with 5,001-10,000 employees

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

View full review »
reviewer1448693099 - PeerSpot reviewer
Senior Network Engineer at a comms service provider with 1-10 employees

The ASA has seen significant improvement due to the IPS. 

The ability to troubleshoot more easily through the gate is valuable.

View full review »
Ahmed Alsharafi - PeerSpot reviewer
Solution Architect at Dimension Data

The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

View full review »
RS
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees

AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.

View full review »
Jordan De Sousa - PeerSpot reviewer
Network Manager at a computer software company with 501-1,000 employees

The most valuable MX features are the ease of deployment and a great dashboard. The most valuable Cisco Secure Firewall features are options, features, and ease of deployment because it's an appliance.

View full review »
TI
Senior Network Consultant at a healthcare company with 1,001-5,000 employees

When I was managing these firewalls, I found them easy to understand, easy to deploy, and easy to maintain as compared to some of the other firewalls I have been involved with earlier. The opinion of my coworkers is that it's easy and quick to establish new zones, expand, and maintain.

View full review »
PC
Senior Engineer at Teracai Corporation

The GUI makes configuring it much simpler than the command line.

View full review »
Samson Belete - PeerSpot reviewer
Network Engineer at a financial services firm with 5,001-10,000 employees

The most valuable feature is the IPS. We also like the AnyConnect feature.

We monitor daily the final inspection activities and intelligence on Firepower. We also send logs from Firepower to our monitoring server, which is a nice feature.

View full review »
DonaldFitzai - PeerSpot reviewer
Network Administrator at Cluj County Council

I like the ease of administration and the overall speed of processing web traffic. The modules help protect and administer web traffic. ASA Firewall's deep packet inspection gives me visibility regardless of whether I have the agent installed on all the workstations. I can see incoming web traffic and control access to suspicious or dangerous sites. I can apply a filter or make rules to restrict categories of websites.

View full review »
FC
Global Network Architect at a agriculture with 10,001+ employees

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

View full review »
IK
Network Engineer at a tech services company with 5,001-10,000 employees

The monitoring dashboard is valuable to us for troubleshooting. It lets us see if the packets get from the source to the destination correctly.

View full review »
BB
Network Engineer at a university with 1,001-5,000 employees

The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.

View full review »
SV
Critical Infrastructure at Wintek Corporation

Our top three features are the high-availability features, the VPN and the IPSec.

It has fantastic visibility. It's a 10 out of 10. 

Cisco Secure Firewall is fantastic at securing our infrastructure from end to end so we can detect and remediate threats. We have already caught things that have tried to get in. 

Cisco Secure Firewall has improved resilience by a huge margin. It has been a great help.

Cisco Secure Firewall has freed staff because we don't have IT staff worrying about a lot of the threats. We trust the device that we are going to catch the threat. We are going to get a notification and be able to act upon that. Cisco Secure Firewall has saved at least 25 hours a week

The newer versions have made it so that we do not have to worry about other appliances with feature sets that are already built into the Cisco firewall.

The solution has had a huge effect, especially from physical density when it comes to securing our infrastructure. A lot of people don't think about power availability and cooling aspects. You have a limit to how much power you can push, and every little bit helps. 

We chose Cisco because of its understanding, customer service, warranties, and the quality of the product

View full review »
AS
Senior Network Architect at a tech services company with 10,001+ employees

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

View full review »
Fredrik Vikstrom - PeerSpot reviewer
IT Architect at Skellefteå Kommun

Its efficiency and security are the most important. We are more efficient and more secure.

We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.

View full review »
TO
Solutions Architect at Acacia Group Company

The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs.

View full review »
CN
Infrastructure Architect - Network at a manufacturing company with 1,001-5,000 employees

I like the central management and IPS features. Having everything in one place is very valuable.

Cisco Secure Firewall is very good at detecting threats. We see a lot getting blocked by the IPS in our DMZ, that is, our internet-facing web service.

It helped free up IT staff time. Before, we would have to manually configure every single firewall. Every time we configure something on a firewall, it takes five to ten minutes, and we have more than 50 firewalls around the globe. We do changes every week, and the automated policy and upgrades saved us a lot of time.

In terms of the organization, we have been able to save time by getting things out faster. However, the only downside is that the policy push takes quite a while. Thus, a quick fix still takes at least 15 minutes, and troubleshooting can take time as well.

View full review »
MM
Founder CCIE

What I found the most valuable about Cisco Secure Firewall is that if a client is educated about the solution, it can help him or her avoid many problems and mistakes. 

View full review »
BW
Network Security Team Lead at a government with 10,001+ employees

The VPN is our most widely used feature for Cisco Secure Firewall. Since we were forced into a hybrid working situation by COVID a few years back, VPN is the widely used feature because everybody is working remotely for our agency. So it came in very handy.

View full review »
JK
Specialist WINTEL Services at Descon Engineering Limited

The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly. 

View full review »
FH
Product Owner at a manufacturing company with 10,001+ employees

Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging. 

View full review »
CE
Network engineer at a government with 10,001+ employees

The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

View full review »
KB
Data center design at a comms service provider with 10,001+ employees

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

View full review »
CT
Analytical Engineer at a pharma/biotech company with 10,001+ employees

The most valuable features are the remote VPN and site-to-site VPN tunnels.

I use the solution to write policies and analyze the data coming in via the firewalls.

View full review »
Orla Larsen - PeerSpot reviewer
Network specialist at a retailer with 10,001+ employees

The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.

View full review »
MK
Security admin at a wholesaler/distributor with 10,001+ employees

This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.

Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.

View full review »
MF
Network Engineer at a financial services firm with 10,001+ employees

All the features except IPS are valuable. IPS is not a part of my job.

View full review »
NJ
CTO at a tech vendor with 1-10 employees

Our clients have been able to consolidate infrastructure products such as Talus for hardware encryption and Dell EMC for D2D de-duplication and backup.

View full review »
MS
VSO at Navitas Life Sciences

The ability to encrypt and decrypt is great.

The dashboards are excellent.

We really like the reporting aspect of the product. 

It is stable. 

We found the initial setup to be easy.

View full review »
TM
Solutions Consultant at a comms service provider with 10,001+ employees

We like the standard firewall features. It's quite a capable box for UTM.

View full review »
RW
System Administrator at a healthcare company with 501-1,000 employees

Collaboration with other Cisco products such as ISE and others is the most valuable feature.

View full review »
HG
Daglig leder at a tech services company with 1-10 employees

We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works.

View full review »
PK
System Engineer

I think that the firewall feature is the most valuable to me as it is one of the oldest features for this solution. We also appreciate how stable the VPN is.

View full review »
Rene Geiss - PeerSpot reviewer
Network Engineer at a computer software company with 51-200 employees

I like its integration with the AnyConnect client. I also like how modular it is. For example, I can easily integrate the Umbrella add-on into it. We are planning on adding Umbrella. We haven't added it yet, but we have researched it.

View full review »
Ibrahim Elmetwaly - PeerSpot reviewer
Presales Manager at IT Valley

For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with.

View full review »
Michael Mitchell - PeerSpot reviewer
Network Engineer at Utah broadband

It is pretty user-friendly and straightforward to use.

It is secure and very reliable.

I like the heartbeat between the two devices that we have. Because if something fails, it immediately fails over.

View full review »
HR
Director of network ops at a non-profit with 51-200 employees

The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network.

View full review »
James-Buchanan - PeerSpot reviewer
Infrastructure Architect at a healthcare company with 10,001+ employees

It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.

View full review »
BL
Network Engineer at a construction company with 1,001-5,000 employees

Cisco Secure Firewall is reliable, which is why we opted for it during the pandemic for our remote users.

View full review »
JP
Network Engineer at Ulta Beauty

Their CLI is pretty good. 

View full review »
MH
Security architect at a computer software company with 51-200 employees

The CLI is the most valuable feature. We are moving towards FTD, which is more GUI based. The value of this solution lies in the fact that it is a standard platform that's been around for years and is always improving. This is important to us due to the necessity of ensuring cyber security. 

View full review »
MH
IT Service Technician at Scaltel AG

The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic.

It also secures the internal network to allow specific client traffic or machine traffic.

Cisco Secure Firewall helped reduce our clients' meantime to repair by 40%. This is because they can easily segment the network. It's easy to troubleshoot because of micro-segmentation.

View full review »
HN
Network Lead at a tech company with 10,001+ employees

What I like about Cisco Secure Firewall is that you get to integrate it into one box. For example, you can have one big switch with a model inside of it. This makes it easy to manage. 

View full review »
ON
Network & Systems Administrator Individual Contributor at T-Systems

It's an almost perfect solution.

The configuration is very easy.

The management aspect of the product is very straightforward.

The solution offers very good protection. 

The user interface itself is very nice and quite intuitive.

View full review »
Imran Rashid - PeerSpot reviewer
IT/Solutions Architect at a financial services firm with self employed

I like that Cisco Firepower NGFW Firewall is reliable. Support is also good. 

View full review »
DJ
Network Systems Manager at a computer software company with 5,001-10,000 employees

The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.

View full review »
Ahmet Orkun Kenber - PeerSpot reviewer
Technical Network Expert at NXP Semiconductors Netherlands B.V. Internet EMEA

The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.

View full review »
JC
Engineer at a tech services company with 501-1,000 employees

The security features are the most valuable. My customers find the security products very useful because nowadays there are many threats from the internet and other malicious users. The security products really help.

So far, Cisco Secure for securing infrastructure from end-to-end so that we can detect and remediate threats is good enough.

View full review »
ZM
Network Engineer at EURODESIGN

I work with Cisco and other partners, but the Cisco team is the best team in our country. When I call them, they always help us. 

View full review »
FS
Security engineer at a energy/utilities company with 10,001+ employees

The IPS solution helps us to not only navigate north-south traffic, but also east-west traffic.

View full review »
GD
Cybersecurity Architect at a financial services firm with 5,001-10,000 employees

The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment.

Its resilience helps offer being able to react and self-heal.

View full review »
Achilleas Katsaros - PeerSpot reviewer
Head of IT Network Fixed & Mobile at OTE Group

The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs. 

View full review »
AliTadir - PeerSpot reviewer
Owner at Nexgen IT Solutions

The most valuable feature is the Intrusion Prevention System.

View full review »
LA
Lead Network Engineer

They are easy to maintain.

View full review »
ME
Director of network engineering

Cisco ASA Firewall is a well-known product. They're always updating it, and you know what they're doing and that it works.

View full review »
Nagendra Nekkala - PeerSpot reviewer
Senior Manager ICT & Innovations at Bangalore International Airport Limited

Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.

View full review »
Francisco Gaytan Magana - PeerSpot reviewer
Network Architecture Design Engineer at a comms service provider with 10,001+ employees

The IP filter configuration for specific political and Static NAT has been most valuable.

View full review »
Catalin Enea - PeerSpot reviewer
System Engineer at a computer software company with 5,001-10,000 employees

The network products help save time if they are well configured at the beginning. They help increase security and protect the company's data.

View full review »
WN
CTO at a government with 10,001+ employees

Cisco Secure Firewall is robust and reliable.

View full review »
DJ
IT Consultant at ACP IT Solutions AG

The most valuable features are remote access, site-to-site VPN, and next-generation features.

View full review »
PR
Senior Network Engineer at a manufacturing company with 1,001-5,000 employees

So far, the remote VPN access has been a perfect solution for our company.

View full review »
Juan Carlos Saavedra - PeerSpot reviewer
Coordinador de Tecnología at a tech vendor with 1,001-5,000 employees
  • Anti-malware protection
  • Web Filtering
  • VPN Remote-Access

The most valuable feature is the anti-malware protection. It protects the endpoints on my network.

We use the application visibility and control feature of Cisco firewalls.

View full review »
MZ
Senior Network Administrator at a comms service provider with 201-500 employees

Their performance is most valuable.

View full review »
BW
Network analysis at a government with 1,001-5,000 employees

The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.

View full review »
FV
Admin Network Engineer at Grupo xcaret

Its security is easy to use.

View full review »
MS
Network Architect at a tech vendor with 10,001+ employees

The access list is the most valuable feature of this solution. 

View full review »
EL
Network Engineer at a government with 10,001+ employees

I like that it is easy to change the settings.

View full review »
CD
Senior Solution Architect at Teras Solutions Limited

We use the solution for deep packet inspection, Internet Edge functionality, IDS, and IDP.

View full review »
Md Mahbubul Alam - PeerSpot reviewer
Head of Information Security Division at Prime Bank Ltd.

URL filtering is valuable.

View full review »
Buyer's Guide
Cisco Secure Firewall
March 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
763,955 professionals have used our research since 2012.