Cisco Secure Firewall Valuable Features

JT
Network Administration Lead at Forest County Potawatomi Community

The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through the IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network. Those items are capable being exploited although they were not actually being exploited. Being able to see what those exploits are, the potential for vulnerabilities and exploits, is critical for us.

View full review »
RV
Principal Network Engineer at a retailer with 10,001+ employees

I like the basic firewall features. We use Cisco Firepower to separate PCI from corporate, so we're not using it at the edge. If we were to use Firepower at the edge, then we would enable other features like IDS and SSL inspection. However, since we only use it as an internal firewall, plain level-four firewalling is enough for us.

Cisco Firepower is useful for securing our infrastructure from end to end so that we can detect and remediate any threats. I like the Cisco products because they are very stable and what you see is what you get. There are no vague or gray areas. We log all of our logs to Splunk, for example, and everything we see in Splunk is very useful. Finding errors or finding reasons why something is or is not working is very easy.

This solution helped to free up our IT staff's time so that they can focus on other projects. The management platform makes deployment and management, that is, day-to-day changes, very easy.

Cisco Firepower saved our organization's time because it has role-based access. We can give some engineers the ability to do day-to-day tasks and give more experienced engineers more in-depth tasks.

We have been able to consolidate our tools and applications. The FTD tool also manages our Firepower IDS nodes. As a result, we have a consolidated single pane of glass for all of our Cisco Firepower security tools.

View full review »
Jordan De Sousa - PeerSpot reviewer
Network Manager at a computer software company with 501-1,000 employees

The most valuable MX features are the ease of deployment and a great dashboard. The most valuable Cisco Secure Firewall features are options, features, and ease of deployment because it's an appliance.

View full review »
Buyer's Guide
Cisco Secure Firewall
March 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Daniel Going - PeerSpot reviewer
Managing architect at Capgemini

The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port.

View full review »
Josh Schmookler - PeerSpot reviewer
Network Engineer at Aton Computing

FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent.

View full review »
SB
Director & CIO of IT services at Connectivity IT Services Private Limited

ASA integrates with Firepower, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall. 

Deep Packet Inspection looks at the header information and inspects the contents of a particular packet. We can also look at traffic management. It can control end-user applications, and we can check device performance when we do this type of regression on our resources. This is what we look at with a DPI. It can help us reduce the overall OpEx and CapEx.

Traditionally, we needed multiple software and hardware tools. With these features, we can snoop into our network and understand each packet at a header level. That's called the service control engine.

Within Cisco's Service Control Engine Architecture, there's something called the Preferred Architecture, which has a supervisor engine. It's more of a network management tool. Cisco makes it more convenient to manage our resources. It has a nice UI, or we can go into the command-line level. 

Cisco's micro-segmentation features are helpful for access control layers and virtual LAN policy enforcement. That's how we segregate it. Micro-segmentation is focused on the application layer. When we design a policy that is more automated or granular, and we have a specific business requirement, we get into micro-segmentation. Otherwise, the majority of the implementation will be generic network segmentation.

Dynamic classification is also essential given the current security risks and the attacks. We cannot wait for it to tell us if it's a false positive or a real threat. In those cases, dynamic classification is essential, especially at a MAC level.
When using WiFi, we may have a suspicious guest, and we cannot wait for someone to stop it manually. The firewall needs to at least block the traffic and send an alert.

In cases like these, integration with Cisco ISE is handy. If the firewall alone doesn't help, you must redesign your architecture to include various associated products as you increase your requirements. For example, you may have to get into multiple servers, so you'll need an ISE for identity management. 

As you start scaling up your requirements, you go beyond a firewall. You start from an L1 layer and go to the L7 sitting at the organization's gateway. When you talk about dynamic policy implementation, that's where you start to get serious about your operations and can change things suddenly when an attack is happening.

With ISE integration, you get another dynamic classification if an endpoint connects immediately. ISE has a lot of authorization rules, so it applies a filter. The dynamic policy capabilities enable tighter integration at the application workload level. Snort 3 IPS enables you to run more rules without sacrificing performance, and IPS puts you one step ahead of any threats to the organization.

View full review »
EV
IT Technical Manager at Adventist Health

The features that we find the biggest bang for the buck are for Firepower overall. We're looking at AnyConnect, which is one of the big features. The other valuable features are IPS along with the Geotagging and the Geosync features, and of course the firewall, the basic subset of firewall infrastructure and policy management.

We've looked at other vendors, but Cisco by far has taken the lead with a holistic approach where we don't have to manage multiple different edges at one time. We can actually push policy out from our core out to the edge. The policy can be as granular as we need it to be. So the administration, also the upgradability of the edge is for us because we need to have it 24/7. The upgradability is also another piece of management, logging, and all the other little aspects of the monitoring part.

Using deep packet inspection, especially with 7.0, since it's just come out in 7.0, we're able to see much more granularly into the packet where before we could actually give a general overview using NetFlow. This gives us much more granularity into what is exactly happening on our network and snapping in the Cisco StealthWatch piece gives us the end-to-end way of monitoring our network and making sure that it's secure.

The overall ease of use when it comes to managing Cisco Secure Firewall is one of the reasons that we ended up going with Cisco because the ease of use, basically having one UI to be able to control all of our end devices, policy, geolocation, AnyConnect, all the different pieces of that in one area has been phenomenal.

Cisco Secure Firewall helped to reduce our firewall operational costs because previously if we were not using Cisco's Firepower, we would have had either Cisco ASA or another manufacturer, and we would have had those everywhere. We would have had still two at every site, several within our infrastructure, and the management of those is much more difficult because it's done by one-off.

As far as saving Adventist Health money, I would have to say that it's not necessarily the actual physical product, but the time, labor that we would have had to have to be able to monitor and administer that, and also the time to find malicious issues and security areas that we were unable to see before. So, it's tough to put a cost on that, but it would probably be several hundred thousand dollars overall if you're looking at whether we got hit with malware or with some of the other issues that we're seeing, especially within healthcare. If we were hacked, that would cost us millions.

View full review »
James-Buchanan - PeerSpot reviewer
Infrastructure Architect at a healthcare company with 10,001+ employees

It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.

View full review »
Robert LaCroix - PeerSpot reviewer
Network Engineer at Red River

As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end. 

We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure. 

Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.  

I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire. 

View full review »
DonaldFitzai - PeerSpot reviewer
Network Administrator at Cluj County Council

I like the ease of administration and the overall speed of processing web traffic. The modules help protect and administer web traffic. ASA Firewall's deep packet inspection gives me visibility regardless of whether I have the agent installed on all the workstations. I can see incoming web traffic and control access to suspicious or dangerous sites. I can apply a filter or make rules to restrict categories of websites.

View full review »
Anthony Smith - PeerSpot reviewer
Principal Security Consultant at Vohkus

Without a doubt, the best features are the reporting and analytics. Some vendors provide the same feature set, but their product won't give you the power to figure out what's going on in your network. Whereas with Cisco Secure Firewall, especially with the management platform on top, you can have all of the analytics and see exactly what is going on. You can see not only the source and destination but also the application, the URL, the type of policy it's hitting, the specific rule it's hitting, and the amount of data transferred from it. Apart from that, you get all of the risk reports. You can see how much bad stuff is coming into the network at present and whether there's anything you need to act on immediately. That data is at your fingertips, and it's by far the best feature and the best selling point of Cisco Secure Firewall.

Cisco Secure Firewall has reduced our clients' mean time to repair because they are able to find possible issues quickly. The power of the reporting, the dashboards, and all of the analytics in the background also helps to alert and quickly act on the threat.

My impression of Cisco Talos is that it's well-regarded in the industry. Cisco is so well regarded that we know their security intelligence is up-to-date. Our clients have peace of mind because they have Cisco Talos in the background and know that Cisco Secure Firewall is up-to-date with the latest threats. They can be sure that they're acting on the best available data.

View full review »
PS
System Engineer at Telekom Deutschland GmbH

Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.

View full review »
JB
Enterprise Architect at People Driven Technology Inc

I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool.

From the Firepower solution, all the features that you would think of when you're thinking about a Firewall [are valuable], including some that I stated: content filtering, the IPS, IDS, and malware prevention. All of those are big use cases and great features that work well.

View full review »
RH
Director of Information Technology at a government with 501-1,000 employees

The solution provides us with application visibility and control and, at this stage, we are happy with it. Similarly, we are very happy with Cisco Firepower Management Center. We're still at an early stage, but we haven't seen any problems with the Cisco products. We are still switching on features and looking at how they are working.

When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.

We also believe that Cisco is updated about all security issues and threats and efficient enough to provide us with the features and protection we need.

View full review »
JS
Senior Network Engineer at Orvis

The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment.

I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be.

We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols.

One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades.

View full review »
Ahmet Orkun Kenber - PeerSpot reviewer
Technical Network Expert at NXP Semiconductors Netherlands B.V. Internet EMEA

The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.

View full review »
Joseph Lofaso - PeerSpot reviewer
Senior Network Engineer at Pinellas County Government

The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall.

View full review »
KB
CTO at Intelcom

The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks. We also have Umbrella with Secure DNS because all the threats nowadays are coming from email servers. We also have the DSA solution to limit the threats coming from ransomware. Combining all of these with Talos provides the best security solution.

View full review »
Fredrik Vikstrom - PeerSpot reviewer
IT Architect at Skellefteå Kommun

Its efficiency and security are the most important. We are more efficient and more secure.

We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.

View full review »
Mohamed Al Maawali - PeerSpot reviewer
Infrastructure Planner at Petroleum Development Oman

I'm not a security person. I'm a planner, and we were interested in the advanced features of the firewall to allow us to manage the traffic. At the current stage of implementation, their help in implementing a policy has been valuable. It simplified the implementation. Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.

View full review »
Chuck Holley - PeerSpot reviewer
Director of Networking at Albemarle Corporation

The most valuable feature is zone segmentation, which we utilize through the Firepower management console. This allows for centralized management, which proves highly useful. In the past, when using Cisco Firewalls, we had to manage them independently. However, now we have a single unified interface to manage all our Cisco Firewalls worldwide.

View full review »
Ahmed Alsharafi - PeerSpot reviewer
Solution Architect at Dimension Data

The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network. 

View full review »
MR
Security Officer at a government

For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. 

Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos.

We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point.

View full review »
BB
Cybersecurity Designer at a financial services firm with 1,001-5,000 employees

I would say the most valuable aspect of Cisco Secure Firewall is how scalable the solution is. If we need to spin up a new environment, we can very easily and quickly scale the number of firewall instances that are available for that environment. Using clustering, we just add a few nodes and away we go. 

In terms of time-saving or cost of ownership, the types of information that we can get out of the Cisco Secure Firewall suite of products means that our security responders and our security operations center are able to detect threats much faster and are able to respond to them in a much more comprehensive and speedy manner. 

In terms of application visibility, it's very good. There is still room for improvement, and we tend to complement the Cisco Secure Firewall with another tool link to help us do some application discovery. That said, with Firepower, we are able to do the introductory part of the discovery part natively. 

In terms of detecting and remediating threats, I would say on the whole, it is excellent. When we made the decision to go with the Cisco Secure Firewall compared to some other vendors, the integration with other third-party tools, and vulnerability management, for example, was a real benefit. It meant that we could have a single view of where those three threats were coming from and what type of threats would be realized on our network.

In recent years through the integration of Firepower threat defense to manage some of the firewalls. We were able to do away with some of our existing firewall management suite. We do still need to use some third-party tools, but that list is decreasing over time. 

View full review »
MW
Executive Vice President, Head of Global Internet Network (GIN) at a tech services company with 10,001+ employees

Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers. I'm from Germany, and in Germany, people are very concerned about privacy. We have a bunch of public customers, and they have an issue with decrypting traffic, even if it's only for security analysis. They have some fears. So, they are quite interested in the capability to detect threats without decrypting traffic.

View full review »
DavidMayer - PeerSpot reviewer
Solution Architect at a energy/utilities company with 1,001-5,000 employees

The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.

View full review »
FH
Product Owner at a manufacturing company with 10,001+ employees

Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging. 

View full review »
Paul Nduati - PeerSpot reviewer
Assistant Ict Manager at a transportation company with 51-200 employees

I love the ASDM (Adaptive Security Device Manager) which is the management suite. It's a GUI and you're able to see everything at a glance without using the command line. There are those who love the CLI, but with ASDM it is easier to see where everything is going and where the problems are.

The ASDM makes it very easy to navigate and manage the firewall. You can commit changes with it or apply them before you save them to be sure that you're doing the right thing. You can perform backups easily from it.

It also has a built-in Packet Tracer tool, ping, and traceroute, all in a graphical display. We are really able to troubleshoot very quickly when there are issues. With the Packet Tracer, you're able to define which packet you're tracing, from which interface to which other one, and you're able to see an animation that shows where the traffic is either blocked or allowed. 

In addition, it has a monitoring module, which also is a very good tool for troubleshooting. When you fill in the fields, you can see all the related items that you're looking for. In that sense, it gives you deep packet inspection. I am happy with what it gives me.

It also has a dashboard when you log in, and that gives you a snapshot of all the interfaces, whether they're up or down, at a glance. You don't need to spend a lot of time trying to figure out issues.

View full review »
Augustus Herriot - PeerSpot reviewer
Senior Infrastructure Engineer at a insurance company with 10,001+ employees
  • Speed
  • Its capabilities
  • Versatility
View full review »
AK
Senior Information Security Analyst at a manufacturing company with 10,001+ employees

I have found the most valuable feature to be the access control and IPsec VPN. There are a lot of people moving towards the next-generation versions of firewalls which have some advanced features such as this one. You can define rules based on the application instead of how they are traditionally are done. There are more general and traffic controls, and additional features for intrusion prevention for malware analysis.

View full review »
reviewer1448693099 - PeerSpot reviewer
Senior Network Engineer at a comms service provider with 1-10 employees

The ASA has seen significant improvement due to the IPS. 

The ability to troubleshoot more easily through the gate is valuable.

View full review »
NH
Network Engineer at a healthcare company with 10,001+ employees

Being able to use it as a policy-based VPN is valuable. It's very easy to understand. 

It's very easy to troubleshoot. It may be because I'm comfortable with it or because I've used it for so long, but it's easy to use for me. I don't have any problems with how to set it up or use it.

View full review »
Marijo Sutlovic - PeerSpot reviewer
Head of Information Security at Otp banka d.d.

The security features that protect our networks are the most valuable for me and my department, as we are responsible for the security of our network. We investigate cases and analyze traffic to see what's going on. These features are also very valuable when we are investigating communication between some services in the bank and what's happening in the network.

We are very satisfied with Cisco Secure Firewall for securing our infrastructure from end to end so we can detect and remediate threats. We have not seen a lot of false positives, and we haven't seen many situations when the traffic was interrupted without a proper cause. We are confident that the signatures that Cisco Secure Firewall uses are very good and reliable. For us, this is very important because we are a relatively small security team, and we don't have much manpower to be able to analyze every signature or event. By default, Cisco Secure Firewall is reliable, and that is the most important factor for us. Cisco is a large company that invests in security, and if it has reliable signatures and processes in intrusion detection, then that is very good for us.

Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network.

View full review »
Orla Larsen - PeerSpot reviewer
Network specialist at a retailer with 10,001+ employees

The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.

View full review »
FC
Global Network Architect at a agriculture with 10,001+ employees

It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.

View full review »
CN
Infrastructure Architect - Network at a manufacturing company with 1,001-5,000 employees

I like the central management and IPS features. Having everything in one place is very valuable.

Cisco Secure Firewall is very good at detecting threats. We see a lot getting blocked by the IPS in our DMZ, that is, our internet-facing web service.

It helped free up IT staff time. Before, we would have to manually configure every single firewall. Every time we configure something on a firewall, it takes five to ten minutes, and we have more than 50 firewalls around the globe. We do changes every week, and the automated policy and upgrades saved us a lot of time.

In terms of the organization, we have been able to save time by getting things out faster. However, the only downside is that the policy push takes quite a while. Thus, a quick fix still takes at least 15 minutes, and troubleshooting can take time as well.

View full review »
Isaiah Etuk - PeerSpot reviewer
Chief Digital & Technical Officer at Capital Express Assurance Limited

Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often. Sometimes, when users complain that they are not able to see a particular thing, we log in to check the scan and see what it has scanned and filtered. It is usually something it has filtered out. It works perfectly.

View full review »
FM
Practice Lead at IPConsul

The IPS is one of the top features that I love.

The dashboard of the Firepower Management Center (FMC) has improved. The UI has been updated to look like a 2021 UI, instead of what it was before. It is easy to use and navigate. In the beginning, the push of the config was very slow. Now, we are able to push away some conflicts very quickly. We are also getting new features with each release. For example, when you are applying something and have a bad configuration, then you can quickly roll back to when it was not there. So, there have been a lot of improvements in terms of UI and configuration.

View full review »
Ramish Ali - PeerSpot reviewer
Assistant Director IT at Punjab Education Foundation

Overall, the solution works very well.

The solution is quite fast. We found that the speed was good and the throughput was good.

The stability has been very good.

The solution can scale as necessary.

The product is quite robust and durable. 

View full review »
BW
Network Security Team Lead at a government with 10,001+ employees

The VPN is our most widely used feature for Cisco Secure Firewall. Since we were forced into a hybrid working situation by COVID a few years back, VPN is the widely used feature because everybody is working remotely for our agency. So it came in very handy.

View full review »
WN
CTO at a government with 10,001+ employees

Cisco Secure Firewall is robust and reliable.

View full review »
ZK
Sr. NetOps Engineer at Smart Cities

The primary benefits of using Cisco Secure solutions are time-saving, a robust API, and convenience for the security team. 

View full review »
SV
Critical Infrastructure at Wintek Corporation

Our top three features are the high-availability features, the VPN and the IPSec.

It has fantastic visibility. It's a 10 out of 10. 

Cisco Secure Firewall is fantastic at securing our infrastructure from end to end so we can detect and remediate threats. We have already caught things that have tried to get in. 

Cisco Secure Firewall has improved resilience by a huge margin. It has been a great help.

Cisco Secure Firewall has freed staff because we don't have IT staff worrying about a lot of the threats. We trust the device that we are going to catch the threat. We are going to get a notification and be able to act upon that. Cisco Secure Firewall has saved at least 25 hours a week

The newer versions have made it so that we do not have to worry about other appliances with feature sets that are already built into the Cisco firewall.

The solution has had a huge effect, especially from physical density when it comes to securing our infrastructure. A lot of people don't think about power availability and cooling aspects. You have a limit to how much power you can push, and every little bit helps. 

We chose Cisco because of its understanding, customer service, warranties, and the quality of the product

View full review »
Achilleas Katsaros - PeerSpot reviewer
Head of IT Network Fixed & Mobile at OTE Group

The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs. 

View full review »
Samson Belete - PeerSpot reviewer
Network Engineer at a financial services firm with 5,001-10,000 employees

The most valuable feature is the IPS. We also like the AnyConnect feature.

We monitor daily the final inspection activities and intelligence on Firepower. We also send logs from Firepower to our monitoring server, which is a nice feature.

View full review »
DC
Senior Network Security Engineer at a tech services company with 11-50 employees
  • Ease of operability
  • Security protection

It is usually a central gateway into an organization. Trying to keep it as secure as possible and have easy to use operability is always good. That way, you can manage the device.

The solution has very good visibility when doing deep packet inspection. It's great because I can get packet captures out of the device. Because if an intrusion fires, I can see the packet that it fired in. So, I can dive into it and look at what is going on, what fired it, or what caused it.

Cisco Secure Firewall is fine and works when it comes to integration of network and workload micro-segmentation. 

The integration of network and workload micro-segmentation is very good when it comes to visibility in our environment. It is about how you set it up and the options that you set it up for, e.g., you can be as detailed as you like or not at all, which is good.

Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity.

View full review »
MB
Cyber Security Practice Lead at Eazi Security

The most valuable feature is the Next-Generation Intrusion Prevention System. For customers who don't have a SIEM platform, Firepower Management Center offers some SIEM-like functionality that clearly categorizes intrusion prevention alerts. So, they are rated with flags, from zero to four. If I see a level 1 flag, then this means that the attempted intrusion, not only relates to a real vulnerability, but we likely have a system in our environment somewhere that could be exploited by that vulnerability. In that sense, it helps us quickly target which intrusions should be investigated versus what is noise. A level 2 flag just identifies where an intrusion relates to a known vulnerability. It doesn't mean that you are vulnerable to it, because you may not have the particular hardware/software combination that the vulnerability relates to. Therefore, being able to quickly determine where to focus your investigation is important.

All Cisco security technologies have API integrations. We have all Cisco security products for all our customers integrated into SecureX for overall visibility of threat detections across all security appliances. Cisco Advanced Malware Protection is a good example. It is not just a product but a capability that has been integrated into multiple products or technologies. We see in Firepower that we can benefit from Advanced Malware Protection at a network level, but that same technology is also available on email security as well as endpoint security. So, if a threat is detected in one place that can be blocked everywhere, almost at the same time, then the integration is very good. 

If we look at something like Cisco Umbrella, then we see Umbrella integrated with Cisco Meraki appliances, both on firewalls and access points. So, there does seem to be a good level of integration.

Integrations are primarily API-driven. You just generate an API. You have an identifier and generate an API key. It is normally five minutes or under to integrate something. Cisco has SecureX, which is their security management platform. They also have Cisco SecureX threat response, which is a threat hunting tool. With both of these tools, they can take the API keys from any Cisco products as well as some third-party products, then you can integrate them in just a couple of minutes. It is pretty easy.

View full review »
MK
IT Administrator / Security Analyst at a healthcare company with 11-50 employees

We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government. My experience with Talos has been, they're pretty on top of things. Another driving factor towards Cisco: We get feeds every hour, automatically refreshed, and updated into the firewall.

If I had to rely on one security intelligence, which I wouldn't, but if I had to, I'm sure it would be Talos. The fact that it gets hourly updates from Talos gives me some peace of mind.

The real strength for the Cisco next-generation firewall is it'll do pretty much anything you want it to do, although it requires expertise and proper implementation. It's not an off-the-shelf product. For instance, there are some firewalls that may be easier to set up because they don't have the complexity, but at the same time, they don't have the feature set that the Cisco firewall has.

The firewall does DNS inspection, and you can create policies there.

The firewall integrates seamlessly and fully with our SIEM. We use a Rapid7 SIEM inside IDR and it now integrates seamlessly with that. Cisco's doing a lot more with APIs and automation, which we've been leveraging.

In terms of application visibility and control, I used the firewall and I also use Umbrella, but it depends on what it is that I'm seeing. One component that I use is network discovery. When you configure the policy properly, it'll go out and do network discovery so you're not loading up a bunch of rules you don't necessarily need. Instead, you're targeting rules that Cisco will say, "Hey, because of network discovery, we found that with this bind to whichever version server, we recommend you apply this ruleset." This is something that's been very helpful. You don't necessarily have to download every rule set, depending on your environment.

I have used it for application control. Right now, we're in the midst of doing tighter integration with ISE and the integration is very good. This is something that we would expect, given that it's a Cisco product.

I use the automated policy application and enforcement every chance I get. Using an automation approach, I would rather have a machine isolated even if it's a false positive because that can happen much faster than I can get an alert and react to it. On my end, I'm trying to automate everything that I can, and I haven't experienced a false positive yet.

Anything that's machine learning-based with automation, that's where I'm focusing a fair amount of attention. Another advantage to having Cisco is that their installed base is so huge. With machine learning, you're benefiting from that large base because the bigger their reach is, the bigger and better the dataset is for machine learning.

At some point, you have to trust that the data set is good. What's impressed me about Cisco is with all of our Cisco products, whether it's AMP or whatever, they're really putting an emphasis on automation, including workflows. For someone like me, if I get an alert in the middle of the night and I see it at 6:00 AM, it is going to be a case of valuable time lost, so anything that I can do to make my life easier, I'll definitely do it.

View full review »
AI
Head of Technology at Computer Services Ltd.

Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching.

I would say the Cisco Firepower NGFW actually gives superior intelligent behavior to transfer its active/passive infrastructure. Overall, Cisco Firepower NGFW has been a good power element in our systems due to its central location.

View full review »
Ken Mohammed - PeerSpot reviewer
UC Solutions Engineer at Diversified

I like that you can get really granular, as far as your access lists and access control go. 

You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI-based.

View full review »
Ryan Page - PeerSpot reviewer
IT Network Manager at MLSE

It is very good at what it does. It is a very dependable, long-standing product that you can trust. You know exactly how it works. It has been in the market for a lot longer than I have. So, it is great at its core functionality.

View full review »
JATINNAGPAL - PeerSpot reviewer
Manager/Security Operations Center Manager at RailTel Corporation of India Ltd

The content filtering is good. 

View full review »
Nagendra Nekkala - PeerSpot reviewer
Senior Manager ICT & Innovations at Bangalore International Airport Limited

Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.

View full review »
ArunSingh7 - PeerSpot reviewer
Computer Operator at a retailer with 5,001-10,000 employees

I won't be able to speak about the strong points of the product. I will need the input from my team to be able to speak about the advantages of the product. The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market.

View full review »
CW
Security Engineer at a government with 501-1,000 employees

The product is easy to manage and simple. It works with the rest of our Cisco products. You can drop in new ones if you need more performance. The training and documentation provided are good.

View full review »
Rene Geiss - PeerSpot reviewer
Network Engineer at a computer software company with 51-200 employees

I like its integration with the AnyConnect client. I also like how modular it is. For example, I can easily integrate the Umbrella add-on into it. We are planning on adding Umbrella. We haven't added it yet, but we have researched it.

View full review »
Catalin Enea - PeerSpot reviewer
System Engineer at a computer software company with 5,001-10,000 employees

The network products help save time if they are well configured at the beginning. They help increase security and protect the company's data.

View full review »
JP
Network Engineer at Ulta Beauty

Their CLI is pretty good. 

View full review »
HP
Senior Solutions Consultant at a comms service provider with 10,001+ employees

All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features. 

The implementation is pretty straightforward.

View full review »
PC
Security Architect

The IPS, as well as the malware features, are the two things that we use the most and they're very valuable.

Cisco Talos is also very good. I had the chance to meet them at Cisco Live and during the Talos Threat Research Summit. I don't know if they are the leader in the threat intelligence field but they are very competent. They are also very good at explaining complicated things easily. We use all of their blacklist, threat intelligence, and malware stuff on our FTDs. We also use the website from Talos where you can get web reputation and IP reputation.

View full review »
Ibrahim Elmetwaly - PeerSpot reviewer
Presales Manager at IT Valley

For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with.

View full review »
MH
IT Service Technician at Scaltel AG

The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic.

It also secures the internal network to allow specific client traffic or machine traffic.

Cisco Secure Firewall helped reduce our clients' meantime to repair by 40%. This is because they can easily segment the network. It's easy to troubleshoot because of micro-segmentation.

View full review »
DJ
IT Consultant at ACP IT Solutions AG

The most valuable features are remote access, site-to-site VPN, and next-generation features.

View full review »
FS
Security engineer at a energy/utilities company with 10,001+ employees

The IPS solution helps us to not only navigate north-south traffic, but also east-west traffic.

View full review »
PR
Senior Network Engineer at a manufacturing company with 1,001-5,000 employees

So far, the remote VPN access has been a perfect solution for our company.

View full review »
Jure Martinčič - PeerSpot reviewer
Engineer Specialist at Telekom Slovenije

The next-generation features, like IPS, among others, are the most valuable. IPS is mandatory in modern networks for protection against malicious attacks and network anomalies.

Also, it gives you great visibility when doing deep packet inspection, but you have to do HTTP inspection. If you don't do HTTP inspection, the visibility is not complete. That is the case for every firewall vendor.

View full review »
SM
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
  • The normal firewalling features are very good. You can easily create objects and work with them. 
  • The AnyConnect software for remote VPN is an added feature on the firewall that works very well in our environment.
  • The IPS is another important feature that I use. It doesn't impact the overall performance of the ASAs.

All of these features work fine.

Cisco ASA works very nicely from an administration perspective. The management of the device is very nice. The ASDM (Adaptive Security Device Manager) is the software that we use and it is very easy to configure using the GUI. If you are familiar with the ASDM software, it's very easy for anyone to handle. The CLI isn't different from other Cisco CLIs, so that makes it easy as well.

Also, the visibility when doing packet inspection on the ASA, using the ASDM GUI, works well. You can go to the monitoring part and see the live logs, the syslogs. All the traffic events are displayed in the syslog. You can filter on whatever event you are interested in and it is visible to you in no time. It provides a real-time display of the traffic. Troubleshooting issues is very easy using ASDM. 

In addition, if you want to do some captures at the interface level, there's a packet tracer, a tool within the ASDM and the ASA, which is available on both the GUI and the CLI. That is on the newer firewalls as well and it's very nice. It shows you the life cycle of a packet within the firewall, from entry to the exit, and how many steps it goes through. It really helps while troubleshooting. I'm very satisfied with that.

View full review »
it_user68991 - PeerSpot reviewer
Manager of Engineering with 1,001-5,000 employees

Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a breeze. Failovers between units are flawless. FirePower add-ons deepen security with intrusion prevention (IPS), anti-malware protection (AMP), and URL filtering. These particular services can run as a hardware or software module within the ASA. Unlike ASA with CSM, these modules are managed by FireSight, a single pane for all of your FirePower nodes. It’s intuitive and easy to use, but still lacks some automation capabilities (e.g., bulk edits, etc.).

View full review »
TO
Solutions Architect at Acacia Group Company

The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs.

View full review »
KH
Systems Engineer at a engineering company with 5,001-10,000 employees

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

View full review »
FS
Networking Project Management Specialist at Bran for Programming and Information Technology

Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial.

View full review »
MK
Security admin at a wholesaler/distributor with 10,001+ employees

This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.

Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.

View full review »
GU
Senior Network Engineer at BCD Travel

If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.

View full review »
MB
Director IT Security at a wellness & fitness company with 5,001-10,000 employees

Intrusion prevention is its most valuable feature because of its effectiveness. Cisco is the largest security company and one of the largest threat intelligence services with Talos. Cisco can identify and immediately apply any new threat information into signature sets for their Intrusion Prevention tools, including endpoint. In our case, we are talking about Firepower. That scope is what results in is an almost immediate application of application prevention signatures against any upcoming network attacks. So, if there is a new vulnerability, some sort of high critical value globally, the Cisco team is typically able to identify and write corresponding detection or prevention signatures, then apply them across their toolset.

It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.

We are using Cisco Cloud Email Security and DNS security from Cisco as well as endpoint protection. The integration between these products is pretty good. The benefit is the ability of all these disparate tools to talk to each other and be able to take action, sort of feeding each other with newly intelligent detection mechanisms and passing that information on to the next tool, then taking action on that next tool based on information identified on the first tool. That is really the biggest benefit of using the ecosystem. So, we've optimized it. We leveraged Cisco's tech response, which connects with each of these tools. We definitely find value every day.

It was very easy to integrate with the SIEM, which is really our primary use case. Besides the Cisco ecosystem, it is integrating with a standalone separate SIEM solution, which is Splunk in our case. This was an easy, simple approach to accomplish. We had no issues or problems with that.

View full review »
MS
VSO at Navitas Life Sciences

The advance malware protection (AMP) is valuable because we didn't previously have this when we had an enterprise gateway. Depending on the end user, they could have EDR or antivirus. Now, we have enabled Cisco AMP, which give us more protection at the gateway level. 

The application visibility is also valuable. Previously, with each application, we would prepare and develop a report based on our knowledge. E.g., there are a couple business units using the SAS application, but we lacked visibility into the application layer and usage. We use to have to configure the IP or URL to give us information about usage. Now, we have visibility into concurrent SAS/Oracle sessions. This solution gives us more visibility into the inbound/outbound traffic being managed. This application visibility is something new for us and very effective because we are using Office 365 predominantly as our productivity tool. Therefore, when users are accessing any of the Office 365 apps, this is directly identified and we can see the usage pattern. It gives us more visibility into our operations, as I can see information in real-time on the dashboards.

View full review »
KB
Data center design at a comms service provider with 10,001+ employees

One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.

View full review »
Md Mahbubul Alam - PeerSpot reviewer
Head of Information Security Division at Prime Bank Ltd.

URL filtering is valuable.

View full review »
MZ
Senior Network Administrator at a comms service provider with 201-500 employees

Their performance is most valuable.

View full review »
CT
Analytical Engineer at a pharma/biotech company with 10,001+ employees

The most valuable features are the remote VPN and site-to-site VPN tunnels.

I use the solution to write policies and analyze the data coming in via the firewalls.

View full review »
Simon Watkins - PeerSpot reviewer
Senior Network Architect at Prosperity247

One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important.

View full review »
LS
Network Administrator at Bodiva

The most valuable feature we have found to be the VPN because we use it often. Additionally, overall the solution is user-friendly and especially the ASDM GUI.

View full review »
SN
IT Manager, Infrastructure, Solution Architecture at ADCI Group

The Cisco security rules are very strict and very strong.

I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.

View full review »
BG
System Administrator at ISET

For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections.

View full review »
TI
Senior Network Consultant at a healthcare company with 1,001-5,000 employees

When I was managing these firewalls, I found them easy to understand, easy to deploy, and easy to maintain as compared to some of the other firewalls I have been involved with earlier. The opinion of my coworkers is that it's easy and quick to establish new zones, expand, and maintain.

View full review »
RW
System Administrator at a healthcare company with 501-1,000 employees

Collaboration with other Cisco products such as ISE and others is the most valuable feature.

View full review »
PC
Senior Engineer at Teracai Corporation

The GUI makes configuring it much simpler than the command line.

View full review »
AE
Technical Consultant at Zak Solutions for Computer Systems

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There is one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

View full review »
IK
Network Engineer at a tech services company with 5,001-10,000 employees

The monitoring dashboard is valuable to us for troubleshooting. It lets us see if the packets get from the source to the destination correctly.

View full review »
Francisco Gaytan Magana - PeerSpot reviewer
Network Architecture Design Engineer at a comms service provider with 10,001+ employees

The IP filter configuration for specific political and Static NAT has been most valuable.

View full review »
Tim Maina - PeerSpot reviewer
Network Engineer at a tech vendor with 5,001-10,000 employees

The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot. As a troubleshooting tool, Packet Tracer is one of the things that I like. It comes up in all my interviews. When I want to figure out if someone knows how to use the ASA, I ask them about use cases when they use the Packet Tracer.

View full review »
AlexEng - PeerSpot reviewer
Systems Engineer at a healthcare company with 201-500 employees

Most firewalls do the same things, more or less. Because we have to compete with other vendors, it's the things that are different that are important. With Cisco, it's the security intelligence part. It's quite simple to configure and it's very effective. It cuts down on a lot of trouble in the early phases.

IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors.

I also like that, in recent years, they have been developing the solution very quickly and adding a lot of new, cool features. I really love the new web interface of Cisco Secure Firewall Management Center. It looks like a modern web-user interface compared to the previous one. And the recent release, 7.2, provided even more improvements. I like that you have the option to switch between a simplified view and the classic view of firewall policies. That was a good decision.

View full review »
RG
Network & Security Engineer at Oman LNG L.L.C.

It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS. To make out network fully secure, we have zone-based security and subnets.

It is user-friendly with a lot of features. It has a CLI, which is helpful for troubleshooting. It also has a GUI. It is easy to work with this firewall if you have worked with any Cisco firewall.

With Cisco FMC, we can see the network's health and status. We can create a dashboard to view the network configuration, security policies, and network interfaces that are running or are up or down. We can also see network utilization and bandwidth utilization. We can see if there are any attacks from the outside network to the inside network. We can arrange the icons in the dashboard. For troubleshooting, we can also log in to the FMC CLI, and based on the source and destination, we can ping the firewall and the source. 

View full review »
MB
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees

I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.

View full review »
MB
Head of Network Administration Section at Zemen Bank S.C.

The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals.

IPS is also valuable for intrusion detection and prevention. It is a paid module that can be added. I'm using it for security, VLAN management, segregation management, and so on.

It is easy to use. In our region and our country, Cisco is well known, and most of the companies are using Cisco products. We have been using Cisco devices for a while, and our company primarily has Cisco devices. So, we are familiar with it, which makes it very easy to use for us. Even when we compare it with other products, it is easier to use.

It is easy for us to manage it because it is a familiar product, and it has been a part of our environment. Now, other products are providing free training, free access, and free license, because of which things are changing. So, you can easily become familiar with other products.

View full review »
RF
Data Analyst at a hospitality company with 201-500 employees

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

View full review »
Vinay-Singh - PeerSpot reviewer
Manager IT & Security at mCarbon Tech Innovations Pvt., Ltd.

I like all of the features.

View full review »
CM
IT Manager at Citizens Bank

I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

View full review »
MC
System programmer 2 at a government with 10,001+ employees

The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on.

The security correlation events and the network map help me to drill down on a host at will.

I really like the flexibility of the policies such as those you can use and the layer three policies with which you can block applications. It's really versatile. I like the security zones.

Cybersecurity resilience is our main focus right now. Because we're a government organization, everybody's really nervous about security and what the ramifications are. My device generates all the logs that our security team goes through and correlates all the events, so it's really important right now.

View full review »
RS
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees

AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.

View full review »
AS
Senior Network Architect at a tech services company with 10,001+ employees

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

View full review »
CE
Network engineer at a government with 10,001+ employees

The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.

View full review »
AR
Lead Network Engineer at a government with 1,001-5,000 employees

The 2100 models are extremely useful for us.

It's got the capabilities of amassing a lot of throughput with remote access and VPNs. 

View full review »
ZK
Lead Network Security Engineer at TechnoCore LTD

The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. 

Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more.

All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update.

View full review »
KUMAR SAIN - PeerSpot reviewer
Sr. Network and Security Engineer at Shopper Local, LLC

Cisco provides the most solutions.

We use some of our Cisco firewalls offsite. They provide DDoS  protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy.

View full review »
NM
Supervisor of Computer Operations at Neil McFadyen
  • Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. 
  • I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
  • Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
  • I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
  • I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
  • I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
  • It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
  • The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
  • While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.
View full review »
CD
Senior Solution Architect at Teras Solutions Limited

We use the solution for deep packet inspection, Internet Edge functionality, IDS, and IDP.

View full review »
BL
Network Engineer at a construction company with 1,001-5,000 employees

Cisco Secure Firewall is reliable, which is why we opted for it during the pandemic for our remote users.

View full review »
HG
Daglig leder at a tech services company with 1-10 employees

We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works.

View full review »
HN
Network Lead at a tech company with 10,001+ employees

What I like about Cisco Secure Firewall is that you get to integrate it into one box. For example, you can have one big switch with a model inside of it. This makes it easy to manage. 

View full review »
TM
Solutions Consultant at a comms service provider with 10,001+ employees

We like the standard firewall features. It's quite a capable box for UTM.

View full review »
JK
Specialist WINTEL Services at Descon Engineering Limited

The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly. 

View full review »
Imran Rashid - PeerSpot reviewer
IT/Solutions Architect at a financial services firm with self employed

I like that Cisco Firepower NGFW Firewall is reliable. Support is also good. 

View full review »
AM
Network Engineer at LEPL Smart Logic

I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.

Its IPS engine also works very fine. I don't have much experience with it because I am an IT integrator, and we only configured it, but the company for which we configured these firewalls used this feature, and they say that IPS works very fine. They were also very pleased with its reporting. They said that its reporting is better than other firewalls they have had.

View full review »
EH
CEO at NPI Technology Management

Cisco's support is great. 

For experienced users, they are pretty much able do anything they want in the interface with few restrictions.

The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made." 

We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.

Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.

View full review »
EV
IT Infrastructure Specialist at RANDON S.A

For us, the main feature is due to the fact that we have internet connections for all these sites, and we use the internet to communicate with our data center using VPN. So the VPN support in these boxes is one of the most valuable features.

Also, with the firewall itself, the protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites, to support the business and give us peace of mind. If we do have an incident, since we don't have any IT personnel there for support, we need to do everything remotely.

It provides us with application visibility and control. We can see, on the dashboard, all the applications that are most used and which are under some sort of risk or vulnerability. From my perspective, which is more related to the network itself and the infrastructure, not the security aspect, it helps a lot when we need to check some situation or issue that could be related to any attack or any violation. We can see that there are one or two or three applications that are the top-consuming applications. We can use this information to analyze if there is a deviation or if it's something that we need to consider as normal behavior and increase the bandwidth on the site. It's very important to have this analytic view of what's happening. That's especially true for us, since we have information on all these remote sites but we don't have IT resources on-premises. Having this view of all the sites in the same pane of glass is very important.

It's not just the visibility of things, but the management of application behavior is very important. If I see that, for example, Facebook is consuming too much bandwidth, I can make a policy on the console here and deploy it to our remote offices. So the application visibility feature is one of the key parts of the solution.

NGFW's ability to provide visibility into threats is also one of the important features. Although we have several applications that are based on-premises — we have databases and file servers that only exist inside the company or inside those remote sites — we see more traffic going to and coming from the internet every day. It's not optional anymore to have visibility into all this traffic. More and more, we are moving things to Office 365 or other SaaS platforms which are hosted on the internet. We need to see this traffic crossing our network. It's a top priority for us.

When it comes to Talos, I recognized the importance of it before they were even calling it Cisco Talos. As a user of the URL filtering product, the IronPort appliances, for six or seven years, perhaps or more, I was introduced, at that time, to a community that was called SenderBase.org, which was like the father of the Cisco Talos. Knowing them from that time, and now, the work they do is very important. It provides knowledge of what is happening in the security space. The information they can collect from all the hardware and software they have deployed with their customers is great. But the intelligence they also have to analyze and provide fixes for things like Zero-day attacks, for example, is crucial. They are able to map and categorize risks. They're unbeatable, currently. Although we know that other vendors have tried to replicate this service or feature, the history they have and the way they do their work, make it unbeatable currently.

View full review »
LF
Security Governance at a comms service provider with 1,001-5,000 employees

All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers

View full review »
PK
System Engineer

I think that the firewall feature is the most valuable to me as it is one of the oldest features for this solution. We also appreciate how stable the VPN is.

View full review »
MM
Founder CCIE

What I found the most valuable about Cisco Secure Firewall is that if a client is educated about the solution, it can help him or her avoid many problems and mistakes. 

View full review »
MS
VSO at Navitas Life Sciences

The ability to encrypt and decrypt is great.

The dashboards are excellent.

We really like the reporting aspect of the product. 

It is stable. 

We found the initial setup to be easy.

View full review »
Michael Mitchell - PeerSpot reviewer
Network Engineer at Utah broadband

It is pretty user-friendly and straightforward to use.

It is secure and very reliable.

I like the heartbeat between the two devices that we have. Because if something fails, it immediately fails over.

View full review »
MC
Engineering Services Manager at a tech services company with 201-500 employees

It may sound a bit strange, but one of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.

Also, the new UI is always getting better from version to version. In the beginning, when it came to managing Cisco Secure Firewall, it wasn't always the easiest, but with 6.7 and 7.0, it's gotten easier and easier. It's a pretty easy system to manage. It's especially beneficial for people who are familiar with ASA logic because a lot of the Firepower logic is the same. For those people, they're just relearning where the buttons are, as opposed to having to figure out how to configure things.

I've used the backup VTI tunnel and that's a feature that lets me create some redundancy for my route-based stuff and it works pretty well. I haven't had any issues with it

Firepower 7.0 also has fantastic Dynamic Access Policies that allow me to replicate a lot of the configurations that were missing and that made it difficult to move off the old ASA platform for some customers. The addition of that capability has removed that limitation and has allowed me to move forward with implementing 7.0. 

Snort 3 is one of the biggest points on Firepower 7.0. I've been using Snort 3 for quite a while and, while I don't have a ton of customers on it, I do have some who are running on it and it's worked out pretty well. In their use cases, there wasn't a lot of risk, so that's why we started with it. Snort 3 has some huge advantages when it comes to performance and policy and how it's applying things and processing the flows.

Dynamic Objects have also been really critical. They're very valuable. Version to version, they're adding a lot more features onto Dynamic Objects, and I'm a big fan. 

I've also used the Upgrade Wizard quite a bit to upgrade the firmware. 

And on the management side, there are the health modules. They added a "metric ton" of them to the FMC [Firepower Management Center]. In version 6.7 they released this new health monitor which makes it a lot easier to see data and get to information faster. It's quite nice looking, as opposed to CLI. The new health modules really do stand out as a great way to get to some of that health data quickly—things like interface information, statistics, drops—that were harder to get to before. I can now see them over time, as opposed to at just a point in time. I've used that a lot and it has been very helpful.

In addition, there is the global search for policy and objects. I use that quite a bit in the search bar. It's a great way to get some information faster. Even if I have to pivot away from the screen I'm on, it's still great to be able to get to it very quickly there. 

In a lot of ways, they've addressed some of the biggest complaints, like the "housekeeping" stuff where you have to move around your management system or when it comes to making configuration changes. That has improved from version to version and 7.0 is different. They've added more and have made it easier to get from point A to point B and to consume a lot of that data quickly. That allows me to hop in and do some data validation much faster, without having to search and wait and search and wait. I can get to some of that data quicker to make changes and to fix things. It adds to the overall administrator experience. When operating this technology I'm able to get places faster, rather than it being a type of bottleneck.

There is also the visibility the solution gives you when doing deep packet inspection. It blows up the packet, it matches application types, and it matches web apps. If you're doing SSL decryption it can pinpoint it even further than that. It's able to pull encrypted apps apart and tell me a lot about them. There's a lot of information that 7.0 is bringing to the forefront about flows of data, what it is, and what it's doing. The deep packet inspection and the application visibility portion and Snort are really essential to managing a modern firewall. Firepower does a bang-up job of it, by bringing that data to the forefront.

It's a good box for visibility at the Layer 7 level. If you need Layer 7 visibility, Firepower is going to be able to do that for you. Between VLANs, it does a good job. It's able to look at that Layer 7 data and do some good filtering based on those types of rules.

View full review »
AM
Network Engineer at LEPL Smart Logic

We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.

It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4. 

View full review »
AA
Deputy Manager at Star Tech Engineering Ltd

The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.

Cisco Talos is well known around the world and everyone trusts Talos for malware intelligence. It is number one. It is also the most secure for Snort rules. It is more secure than others because its real-time analysis is better.

In addition, Firepower Management Center is helpful. 

We also use Cisco ISE and the integration between it and Firepower is okay.

View full review »
VG
Co-Founder at Multitechservers

The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.

It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.

Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.

They are best-in-class.

The remote VPN feature is one of the best features we've found. 

We like that there is two-factor authentication on offer.  We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.

Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.

When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products. 

There are multiple features in a single appliance, which is quite beneficial to us.

Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.

We have not had any security breaches. 

They provide a helpful feature that allows us to configure email. 

We are getting a lot from the appliance in real-time.

View full review »
Heritier Daya - PeerSpot reviewer
Network Administrator at a financial services firm with 1,001-5,000 employees

The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.

The IPS is a must for a firewall.

View full review »
FL
Team leader at J.B. Hunt Transport Services, Inc.

The most valuable feature of this solution is its ability to integrate vertically.

View full review »
MD
Network & Security Administrator at Diamond Bank Plc

I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. 

Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience.

  • All my change requests are for Cisco ASA to work more on ease of management. 
  • All of the features of Cisco ASA are used by all of the other vendors on the market. 
  • The firewall solutions are all based on the same network equipment. 

The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features.

View full review »
Karthik Venkataraman - PeerSpot reviewer
Senior Consultant at Velocis Systems

Network segmentation is the most valuable feature.

View full review »
MF
Network Engineer at a financial services firm with 10,001+ employees

All the features except IPS are valuable. IPS is not a part of my job.

View full review »
Tushar Gaba - PeerSpot reviewer
Technical Solutions Architect at NIL Data Communications

The best features would obviously be the ones that are most used: the perimeter security, allowing/blocking of traffic, NAT-ing, and routing, or making it easy as compared to a router. If you were to do the similar features on a router, it would be way more extensive and difficult as compared to a firewall. These are the majority of the features that anyone would begin with.

But of course, they expanded to other features like IPS or cyber security or looking at vulnerabilities or scanning, port scans. Those are the advanced things.

[In terms of overall performance] in the last decade or so, especially in the last three or four years, the scale of where the architecture has been—all the numbers, the stats, everything—has gone up exponentially. It's all because of the innovations that are always happening, and not just at the hardware level, but particularly at the software level. Of course, we can always look at the data sheets and talk about the numbers, but all I can say, in my experience, is that the numbers have really gone up, and the speed at which the numbers have gone up in the last couple of years or so, is really progressive. That's really good to see.

View full review »
SG
Network Automation Engineer at a financial services firm with 1,001-5,000 employees

For our very specific use case, for remote access for VPN, ASAs are very good.

Cisco also introduces new features and new encryption techniques.

View full review »
BB
Network Engineer at a university with 1,001-5,000 employees

The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.

View full review »
AS
CSD Manager at BTC

The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.

The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products.

Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco. 

It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat.

One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic.

In addition, Talos is an enhancement to Cisco firewalls, and provides a better view.

The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes.

View full review »
JM
Head of Information Communication Technology at National Building Society

Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed.

View full review »
NJ
CTO at a tech vendor with 1-10 employees

Our clients have been able to consolidate infrastructure products such as Talus for hardware encryption and Dell EMC for D2D de-duplication and backup.

View full review »
AN
Network Engineer at LIAQUAT NATIONAL HOSPITAL & MEDIACAL COLLEGE

Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong. 

Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to.

It's great for securing the network. You learn a lot.

The initial setup is straightforward.

The solution is very stable.

The scalability of the solution is very good.

View full review »
DC
Network Engineer at CoVantage Credit Union

It's the brick wall that keeps us from the bad guys. It does a lot of things. In the beginning when you just have a firewall, of course, it's your NAT and it's your Access Control List. It's the thing that allows traffic in and out. There is some routing involved in that too. But once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.

We used to do some web filtering on the Firepower but we moved into Umbrella once we started. We do use Firepower for one piece of web filtering because Umbrella has yet to provide it: advertisement blocking. We don't allow our end-users to go into advertisements. If they're going to go to a site, they have to know what the site is, not just try to hit some kind of Google ad to get to it because those can be dangerous.

View full review »
AG
Consultant at HCL Technologies

One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies. 

The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.

View full review »
it_user212682 - PeerSpot reviewer
Network Consultant at a tech consulting company with 51-200 employees

The most valuable features are the IPS and Botnet software modules. These security features, working in tandem, truly provide a peace-of-mind against all levels of cyber-attacks.

View full review »
JC
Engineer at a tech services company with 501-1,000 employees

The security features are the most valuable. My customers find the security products very useful because nowadays there are many threats from the internet and other malicious users. The security products really help.

So far, Cisco Secure for securing infrastructure from end-to-end so that we can detect and remediate threats is good enough.

View full review »
ZM
Network Engineer at EURODESIGN

I work with Cisco and other partners, but the Cisco team is the best team in our country. When I call them, they always help us. 

View full review »
SV
Network Support Engineer at a manufacturing company with 51-200 employees

The most valuable feature is the threat defense. This product works well for threat defense but for everything else, we use Cisco ASA.

View full review »
GD
Cybersecurity Architect at a financial services firm with 5,001-10,000 employees

The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment.

Its resilience helps offer being able to react and self-heal.

View full review »
HR
Director of network ops at a non-profit with 51-200 employees

The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network.

View full review »
BL
Enterprise Architect at a tech services company with 51-200 employees

I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words.

View full review »
AliTadir - PeerSpot reviewer
Owner at Nexgen IT Solutions

The most valuable feature is the Intrusion Prevention System.

View full review »
Juan Carlos Saavedra - PeerSpot reviewer
Coordinador de Tecnología at a tech vendor with 1,001-5,000 employees
  • Anti-malware protection
  • Web Filtering
  • VPN Remote-Access

The most valuable feature is the anti-malware protection. It protects the endpoints on my network.

We use the application visibility and control feature of Cisco firewalls.

View full review »
WS
IT Consultant at Hostlink IT Solutions

The high-availability and remote VPN features are most valuable.

It is easy to configure. It has a GUI and a CLI.

View full review »
WM
Head of ICT Infrastructure and Security at City of Harare

The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping.

View full review »
CS
Sr Technical Consultant at a tech services company with 51-200 employees

The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.

Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.

View full review »
EL
Technical Specialist, consultant at a computer software company with 10,001+ employees

The configuration capabilities and the integration with other tools are the most valuable features. 

I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.

View full review »
MG
Senior Network Administrator at a construction company with 1,001-5,000 employees

The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well.  The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice.

View full review »
ME
Director of network engineering

Cisco ASA Firewall is a well-known product. They're always updating it, and you know what they're doing and that it works.

View full review »
DJ
Network Systems Manager at a computer software company with 5,001-10,000 employees

The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.

View full review »
MS
Senior Systems Engineer at a tech services company with 201-500 employees

The VPN and the login enhancements that were introduced in version 7.0 are invaluable to us. That was something that was missing before. 

Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.

It is good in terms of the overall ease to use in managing it. Some of the things need some tuning, but overall, it is good.

View full review »
JV
Project Engineer at Telindus B.V.

The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands. That is why, when people move from another brand to Cisco, they never leave Cisco. They see that advantage.

Something I like about Firepower, in general, is that it still relies on the old ASA code. That's something customers really like because when they go into the CLI, they remember, "Oh, that's the ASA, that I am familiar with," but it's enriched with all the next-gen features of Snort. When a customer has knowledge of the ASA codes, they can do intensive troubleshooting because they know the device.

Customers also like Talos, which is the intelligence behind all of Cisco's security products, including Firepower. Talos is very good and is actually the most important part of a security product. It's important that you have something in the background that is continuously enriching intelligence so that you get information about upcoming threats on time. That keeps you protected as soon as possible when a Zero-day happens. Something that customers like about Cisco Firepower, in combination with Talos intelligence, is that full-time people are working in the background to provide information to Cisco security products.

Customers really want visibility into their networks. For example, they want identity management and that is something you can use Firepower for. With it, in addition to an IP address going somewhere, you can also see the username. That's a big advantage of Firepower, and can be set up quite easily.

Also, in very large networks, our customers use Cisco DNA Center. They have automation orchestration for their access network and that works seamlessly with Cisco Firepower firewalls. Security Group Tags can be used from DNA to an edge Firepower firewall. That way, they have microsegmentation within their access network for DNA. And they can extend that to their firewall rules for Firepower. 

Our customers also use Cisco ISE to get user information. ISE is connected to DNA Center. That is something that Firepower works seamlessly with, and we do sell it a lot. We sell a lot of Cisco's other security equipment, and they all send their information to SecureX. Having more Cisco security products means your security information is becoming enriched within the SecureX platform. The integration among these Cisco products is more than easy. Cisco documents everything, in detail, when it comes to how to integrate the different parts. I've never had an issue with integrating Cisco security products with each other.

And for smaller networks, like those our government customers have, what they like about Cisco Firepower, and why they purchase it nine out of 10 times, is its ease of use and the reporting in Firepower Management Center. That is something they really like. They can look up things themselves and they like the SecureX integration.

View full review »
HP
Technical Consulting Manager at a consultancy with 10,001+ employees

The most valuable feature is the intelligence. It sends a warning for a potential attack, a zero-day attack. It sends us an advanced warning. We really like this feature. 

We use other Cisco tools for switches, routers, and AppDynamics. We also use their wireless tool. We are Cisco's biggest partner, so we use the majority of their solutions. This is one of the reasons people become a Cisco-shop, because of the integration. 

The integration between these products isn't perfect. 

Firepower provides us with application visibility and control. We have a standard evaluation procedure with around 136 criteria. We have a team that does the evaluation and there were viruses reported.

In terms of its ability to provide visibility into threats, we put a different application to be tested. We check how much we can see. What kind of network traffic goes through different devices. We know what's going on. If something went wrong, we see the attack, we know where and which attack. We put it into our testing center. You can never get 100% visibility. Sometimes we can't detect until the damage is done. That is the danger of being in the firewall business. You never know what kinds of tricks a hacker will use. It's endless work.

Talos is pretty decent. It offers smart intelligence. It helps my team detect what is going on. Without it, the ability of the power stations would be much less. Talos is one of the reasons that we go with Cisco. It is a big advantage.

We use automated policy application and enforcement. Any of the networks are very complex. It has freed up a lot of our time. Now, it's much better but it's still far from enough. We have saved 90% of our time due to the automation. 

Firepower has improved our enterprise defense ability by a lot. 

We use the whole suite of Cisco device management options. Compared to ten years ago, I have seen a lot of improvement, but it's still far from enough. I wish the intelligence will be improved. There is a big learning curve now. If a new gear comes into place, then the first three months aren't so accurate. With machine learning, it is getting better. The intelligence should be there from day one. But it will still need to learn the environment and which attack is the most common.

We are still trying to figure out the best practices for harmonizing policies and enforcement across heterogeneous networks. It's something new. More and more applications are going onto the cloud and we need the hybrid Firepower ability. 

View full review »
MH
Security architect at a computer software company with 51-200 employees

The CLI is the most valuable feature. We are moving towards FTD, which is more GUI based. The value of this solution lies in the fact that it is a standard platform that's been around for years and is always improving. This is important to us due to the necessity of ensuring cyber security. 

View full review »
PS
Network security engineer at a tech services company with 1,001-5,000 employees

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

View full review »
CB
Networking Specialist at a healthcare company with 1,001-5,000 employees

The solution provides us with good working application visibility and control.

I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.

View full review »
TG
Lead Network Administrator at a financial services firm with 201-500 employees

With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful. 

The administration is a little easier on the FirePOWER appliances because we're not using two separate products. For example, in the ASAs with FirePOWER Services, we were using the FMC to manage the FirePOWER Services, but we were still using ASDM for the traditional Layer 2 and Layer 3 rulesets. That is all combined in FMC for the FirePOWER devices.

Our particular version includes application visibility and control. Most next-gen firewalls do. The product is maturing with what they call FirePOWER Threat Defense, which is the code that runs on the firewalls themselves. The FirePOWER Threat Defense software has matured somewhat. There were some issues with some older versions where they didn't handle things in a predictable manner. Applications that we didn't have a specific rule for may have been allowed through until it could identify them as a threat. We reorganized our rules, because of that "feature," in a different way so that those extra packets weren't getting through and we weren't having to wait so long for the assessment of whether they should be allowed or not. We took a different approach for those unknowns and basically created a whitelist/blacklist model where applications on the list were allowed through.

Then, as you progressed into the ruleset, some of those features became more relevant and we stopped this. We looked at it as "leaky" because it was allowing some packets in that we didn't want in, while it made the determination of whether or not those applications were dangerous. Our mindset was to assume they're dangerous before letting them in so we had to adjust our ruleset for that. As the product matures, they've come out with better best practices related to it. Initially, there wasn't a lot of best-practice information for these. We may have been a little early in deploying the FirePOWER appliances versus continuing on with the adaptive security appliances, the old PIX/ASA model of firewalls. Cisco proposed this newer model and our VAR agreed it would be a benefit to us.

There was a bit of a transition. The way they handle the processing of applications is different between the ASAs and the FirePOWERs. There were growing pains for us with that. But ultimately, the ability to have this configured to the point where I could choose a specific user and create a rule which says this user can use this application, and they'll be able to do it from whatever system they want to, has been advantageous for our functionality and our ability to deliver services more quickly.

There haven't been a lot of specific use cases for that, other than troubleshooting things for myself. But having the knowledge that that functionality is there, is helpful. Certainly, we do have quite a few rules now which are based on "this application is allowed, this whole set of applications is blocked." It does make that easier because, in the past, you generally did that by saying, "This port is allowed, this port is blocked." Now we can say, not the ports; we're doing it by the services, or instead of by the services we're doing it by the applications. It makes it a little bit easier. And Cisco has taken the step of categorizing applications as well, so we can block an entire group of applications that fall under a particular category.

For the most part, it's very good for giving us visibility into the network, in conjunction with other products that give us visibility into users as well as remote items. It's really good at tracking internal things, really good at tracking people, and really good at giving us visibility as to what's hitting us, in most situations.

In general, Cisco is doing a pretty good job. Since we started the deploy process, they've increased the number of best-practice and configuration-guidance webinars they do. Once a month they'll have one where they show how we can fix certain things and a better way to run certain things. 

The product continues to improve as well. Some of the features that were missing from the product line when it was first deployed — I was using it when it was 6.2 — are in 6.4. We had some of them in ASDM and they were helpful for troubleshooting, but they did not exist on the FirePOWER side of things. They've slowly been adding some of those features. They have also been improving the integration with ISE and some of the other products that utilize those resources. It's getting better.

View full review »
NC
Technology Associate at a financial services firm with 1-10 employees

The IPsec VPN and web filtering.

View full review »
it_user221862 - PeerSpot reviewer
Cloud Engineer at a tech services company with 1,001-5,000 employees

The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.

View full review »
FV
Admin Network Engineer at Grupo xcaret

Its security is easy to use.

View full review »
BW
Network analysis at a government with 1,001-5,000 employees

The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.

View full review »
Javed Hashmi - PeerSpot reviewer
Chief Technology Officer at Future Point Technologies

In terms of features there hasn't been much improvement but it's a very stable solution and a very good firewall with almost all of the features required for next generation firewall purposes. Almost all the firewalls on the market have the same features available, but if you take into account the integrations and reporting of Cisco, it's a little better than the others. In particular, the briefing reporting is better. With Fortinet we would probably have to use FortiAnalyzer as a separate reporting module for Fortinet, but here the reporting is good.

View full review »
WM
Consulting Engineer at IV4

The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities. Because I primarily deal with the VPN functionality, I don't get very deep into the IPS or other capabilities.

View full review »
SA
Senior Network Engineer at a consultancy with 1,001-5,000 employees

We can easily track unauthorized users and see where traffic is going. It is very useful.

FTD is also fully integrated with Talos. We are in the process of acquiring it and we will integrate it. That way we will have everything from Talos to do correlations.

View full review »
MC
Senior System Engineer at a tech services company with 11-50 employees

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.

View full review »
Ahmed Nagm - PeerSpot reviewer
IT Solution Consultant at PCS

The feature that I found the most valuable is the overall stability of the product. 

View full review »
NH
Chief Information Officer at Finance Corporation Limited

Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.

View full review »
RM
Network Engineer at a tech services company with 51-200 employees

The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java. 

High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.

View full review »
PW
Senior Network And Security Engineer at a pharma/biotech company with 201-500 employees

The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.

View full review »
JW
Acting Director, Office of Talent Management at a government with 10,001+ employees

The feature set is fine and is rarely a problem.

View full review »
SZ
General Manager at MS Solutions Ltd.

The most valuable feature is that it's secure.

It is really stable and I've never had an occasion that due to this firewall, I have had issues with the network, a breakdown, or otherwise.

This is a user-friendly product. Once you have a specialist who can configure it properly, you'll be pretty protected everything you want is in it.

View full review »
HT
Presales Engineer at a comms service provider with 51-200 employees

The clusters in data centers are great.

We enjoy the use of the remote access VPN. We have a mechanical firewall with IPS and we have no more than these. In general, ASA is for remote access and the mechanical firewall right now is more used for data centers. 

We work to combine customers and we have a lot of customers that use networking from Cisco. They buy Cisco firewalls due to the fact that all of their networks are working with Cisco features.

View full review »
TH
President at a tech vendor with 11-50 employees

I like them mostly because they don't break and they have great diagnostics. If something is awry, you can generally figure it out. And of course, everybody has a VPN, but I like the security of their VPN.

View full review »
it_user861456 - PeerSpot reviewer
Senior Information Security Engineer at a financial services firm with 501-1,000 employees

The solution is part of a suite. If you pay for it, it has basically a view that's called Firepower, and it's really good at being able to analyze exact bits of a pack, at the packet level, and has the ability to allow you to examine that traffic. It is really good. That's probably my favorite part of the suite.

View full review »
WB
Network Engineer at a comms service provider with 1,001-5,000 employees

It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability.

It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device.

View full review »
MT
Information Security Administrator at Bank of Namibia

The most valuable features are the firewall capabilities, filtering, and intrusion prevention. 

I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features.

View full review »
NP
CEO at Synergy IT

I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward.

View full review »
it_user244500 - PeerSpot reviewer
Constructor of the computer systems at a security firm with 51-200 employees
  • Reliability
  • Security
  • Flexibility
  • Functionality
  • Availability - controllability anywhere and with different methods
View full review »
GS
Information Security and Compliance Manager at RSwitch

Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.

Another important feature for us is user access. Now, we can base access on rules and specify that this or that user has privilege on the NG firewall. That was not available before. 

The IDS also makes it easy to detect abnormal traffic. When it sees such traffic in the environment, it sends a notification.

View full review »
Johan Derycke - PeerSpot reviewer
Network Security Engineer at Smals vzw

The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices.

View full review »
VM
SOC & SECURITY SERVICES DIRECTOR at BESTEL

The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations. 

View full review »
FB
Sr Network Administrator at Orient Petroleum Inc

The security the solution offers is very good. Security-wise, it's the top in the world.

The product has excellent technical support.

The user interface is easy to navigate.

Everything is user friendly.

View full review »
JF
Cisco Security Specialist at a tech services company with 10,001+ employees

All the features are very valuable. 

Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users.

The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago. 

Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA.

Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center.

View full review »
DS
IT Specialist at a government with 1,001-5,000 employees

The most valuable features are the flexibility and level of security that this solution provides. 

View full review »
BS
IT Administrator at Vegol

The VPN and monitoring are the most valuable features.

View full review »
NA
IT Infrastructure Manager at Beltone Securities Brokerage S.A.E.

The features I found most valuable in this solution are the overall security features. 

View full review »
CR
Network Engineer at a media company with 51-200 employees

The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility.

View full review »
AA
Technical Manager at a comms service provider with 1,001-5,000 employees

They give me more visibility of what's going on when traffic comes in and goes out from the company or comes in from the outside. I can see what's going on with this traffic, which is a nice feature. I also like the malware inspection and management of the dashboard features. The management of the dashboard is different from the old Cisco Firewall. This management brings everything together into one management platform. 

View full review »
it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital

Top features:

  • Easy to deploy for staff to use VPNs
  • Ease of setup
  • Integrated threat defence
  • Great flow-based inspection device
  • Easy ACLs
  • Failover support
  • Each virtual appliance is separate so you get great granular control
  • Has own memory allocation
  • Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
  • License control
  • SSH or RESTful API
View full review »
MG
Partner - Consulting & Advisory at Wipro Technologies

The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.

View full review »
HC
Information Technologies Consultant at a tech services company
  • Reliability
  • Robustness
  • Security features
  • High encryption, hashing, and integrity support
  • Support
  • High performance
View full review »
JM
Network Consulting Engineer at a energy/utilities company with 10,001+ employees

Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

View full review »
FT
IT Adviser/Manager with 51-200 employees

The Cisco ASDM management tool was helpful.

View full review »
it_user398799 - PeerSpot reviewer
Sr. Security Analyst with 1,001-5,000 employees

Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.

View full review »
EL
Network Engineer at a government with 10,001+ employees

I like that it is easy to change the settings.

View full review »
LA
Lead Network Engineer

They are easy to maintain.

View full review »
JJ
Network Engineer at a computer software company with 51-200 employees

If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.

View full review »
JG
Gerente de Unidad at Redescomm, C.A.

The most valuable feature is the ability to block almost all of the ports.

All of the commands work the same way, whether in the graphical interface or when using the command line.

Cisco products have a lot of features.

View full review »
CM
Network Security Engineer at a financial services firm with 1,001-5,000 employees

The Adversity Malware Protection (AMP) feature is the most valuable. 

It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.

View full review »
SA
IT Infrastructure Engineer at Atlas Group

One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.

It also handles application vulnerabilities. I have blocked some applications in my Firepower. In addition, there are predefined policies that come with the Firepower and I have created my own policies as well.

We also use Cisco switches, the 2920 for Layer 2 and the 3560 for Layer 3. The Firepower is integrated with the 3560. I have configured a gateway on the 3560 and all our traffic goes through the switch and is then passed on to the Firepower. The integration between the two was very easy.

View full review »
ON
Managing Director at Fasp

The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly.

View full review »
DC
Senior Network Administrator at a financial services firm with 1,001-5,000 employees

The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage.

Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security.

View full review »
FF
Cloud Services Operation Engineer at Informatic Services Company (ISC)

We are using the Cisco AnyConnect for our end-user VPN with the ASA. 

If a user wants to connect to our network, they access it via the Cisco intranet and connect to the firewall at the edge.

View full review »
DF
LAN admin at Cluj County Council

The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure. 

View full review »
PR
Information Systems Manager at a non-profit with 1-10 employees

With this solution, you can have an inspection of each package and see what the threat level it's at. It has made the work more dynamic. We don't have to block as much like we had to in the old days.

View full review »
PD
IT Manager at a construction company with 11-50 employees

Pro user-based firewall rules.

View full review »
it_user560229 - PeerSpot reviewer
Security Engineer at a healthcare company with 1,001-5,000 employees

I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).

View full review »
PS
Network security engineer at a tech services company with 1,001-5,000 employees

The most valuable features of this solution are advanced malware protection, IPS, and IDS.

View full review »
SA
Senior Solution Architect at a tech services company with 51-200 employees

The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF.  This allows all devices on the network to communicate. I find it to be a more proactive approach as all devices collaborate with ISE in real time. I did a demo for a customer and there were no second thoughts in the usability of the solution. You should give it a try to find out more about how this works.

View full review »
RO
CEO at a security firm with 1-10 employees

The most valuable feature is that the encryption is solid. 

View full review »
GK
IT Manager

The feature I find most valuable is the Cisco VPN Interconnection.

The file features are useful as well. They're good at packet tracing. They are very straightforward. I would say that the Cisco ASA ASDM makes it very easy to manage the firewall.

View full review »
CS
Network Engineer at a financial services firm with 5,001-10,000 employees

We use ASA as a simple, scalable firewall. Its main advantages are the stability. We use it as an active standby and as a failover solution. We depend on this solution, we've used it for several years.

View full review »
RM
Technical Specialist with 5,001-10,000 employees

VPN (site to site VPN and remote access ), NAT policies, modular policy framework, detailed troubleshooting methods.

View full review »
it_user700158 - PeerSpot reviewer
Senior Network Security Engineer at a university

It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote access VPN are always useful.

View full review »
it_user391305 - PeerSpot reviewer
Member of the Board of Directors at a tech services company with 1,001-5,000 employees

Class-based policing is the most important part of the ASA, and was its differentiator.

View full review »
it_user579180 - PeerSpot reviewer
Networking Specialist at a insurance company with 1,001-5,000 employees

It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.

It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.

Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.

The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.

View full review »
KB
Senior Network Designer at ODI

The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in Cisco devices and services.

View full review »
it_user264462 - PeerSpot reviewer
Technolgy Analyst/Lead at a tech services company with 10,001+ employees
  • Site-to-site IPsec VPN
  • Remote IPsec VPN
  • Reverse route injection
View full review »
GF
Security Consultant at IKUSI

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

View full review »
SG
Senior IT Analyst at a insurance company with 51-200 employees

The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside. 

There are no issues that we are aware of. It does its job silently in the background.

View full review »
NS
IT manager at IRPC PCL

The solution is simple to deploy and stable. 

View full review »
MA
Network Security Engineer at qicard

The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.

View full review »
CS
Information Security Manager at a financial services firm with 501-1,000 employees

Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.

View full review »
IY
Assistant Manager (Infrastructure) at SISTIC
  • Snort IPS with recommendation template
  • Extendable hardware module
  • Straightforward licensing
  • Cisco product integration
View full review »
SC
ICT Manager at a aerospace/defense firm
  • VPN
  • ASDM configuration

For FirePOWER:

  • IPS
  • AMP
  • URL filtering
View full review »
ON
Network & Systems Administrator Individual Contributor at T-Systems

It's an almost perfect solution.

The configuration is very easy.

The management aspect of the product is very straightforward.

The solution offers very good protection. 

The user interface itself is very nice and quite intuitive.

View full review »
it_user1141920 - PeerSpot reviewer
Systems Engineer at a tech services company with 11-50 employees

For Firepower the most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.

For ASA, the most valuable feature is definitely the remote access VPN solution. The AnyConnect solution is very scalable and stable—there are no errors or flaws—which is necessary in today's world when we're all working remotely. The remote access VPN for ASA is very good.

When it comes to application visibility and control, both ASA and Firepower can provide them but the AVC feature is mostly used in Firepower. You can allow or disallow many applications through Firepower, through the access control policy.

If you configure Firepower correctly, it is good when it comes to threat visibility. It is proficient. It is the state of the art when it comes to blocking threats, network-wise. If you use it with an SSO encryption, and use your own features, blacklists, security intelligence, intrusion prevention, and access control points—if you are using it with every feature—Firepower can block most threats on your network. But it can't stand alone. It is necessary for the clients to have AMP for Endpoints, Cisco Umbrella, and Cisco ISE. If you're using Firepower as a standalone device, it can block, say, 20 or 30 percent more than the ASA can. But if you're using all of the security features from Cisco, you get much more security. It's like an onion's layers. The more layers you have, the more protection you have.

The ease of use with the new version of Firepower is more or less the same when compared to other versions of Firepower. But the dashboard has received a refresh and it's easier to use now than before. Overall, the ease of use has been increased.

View full review »
AA
Sr. Network Engineer at a construction company with 10,001+ employees

The best features are stability and scalability.

View full review »
IA
Group IT Manager at a manufacturing company with 1,001-5,000 employees

Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints.

View full review »
AA
IT Consultant at MOD

The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. 

View full review »
MA
Team Leader, Information Risk Engineer at National Bank of Egypt

Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.

View full review »
GZ
Data Center Architect at Fronius International

It has many features but not all of them work. The features aren't stable enough for us to use them. The most valuable features are the firewalling and the deep inspection. 

View full review »
EE
Senior Data Scientist & Analytics at a tech services company with 11-50 employees

The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.

View full review »
KS
Technical Services Manager at a comms service provider with 10,001+ employees

The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.

View full review »
JK
IT Manager at a manufacturing company with 51-200 employees

I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. 

View full review »
BY
IT System Administrator at PFW HAVACILIK

The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.

View full review »
SC
IT SecOps Manager at a computer software company with 1,001-5,000 employees

Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.

View full review »
AK
Senior IT Networking and Security Manager at a tech services company with 10,001+ employees

There are a lot of features which are good and can be implemented, especially in the latest IOS version of the product.

They saved me a lot of time thinking how to solve different scenarios with other solutions.

Cisco AnyConnect for remote access is one of them. It is supported on most of the platforms, which business users use. They can gain access to the network, via functions like PBR, Security groups, contexts, and DNS doctoring. This gives a lot of flexibility to the product.

View full review »
GS
Security Consultant at a tech services company with 501-1,000 employees

During the first phase of use, it was an extra module on standard Cisco ASA firewalls. It then became a standalone solution known as FTD, Firepower Threat Defense.

The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot.

I value the integration with other products (Cisco ISE, Cisco Endpoint AMP) which increases the protection intelligence within the enterprise by sharing security info between different products, which function on different layers. It furnishes fully connected security.

It also provides detection of the client operating system, which gives very good reporting and correlation with the signatures. It can relay the signature IP to the client operating system, to give a better correlation decision.

View full review »
it_user380502 - PeerSpot reviewer
Principal Network Engineer at a tech services company with 51-200 employees

I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

View full review »
it_user216468 - PeerSpot reviewer
Consulting Engineer at a tech services company with 5,001-10,000 employees

I'm most impressed with the visibility and control SourceFire solutions provide in to the types of traffic flowing in and out of an environment. It makes the discovery of applications and classification of user traffic simple, which in turn allows an organization to more effectively develop security policies and enforce acceptable use for its enterprise users.

View full review »
VM
Systems Administrator\Ag. IT Manager at a construction company with 201-500 employees

It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon.

View full review »
SD
Owner/CTO at FS NETWORKS

Firewalls are about blocking. ASA is for blocking, but it does not have the intelligence like Fortinet to detect attacks. If I could use ASA to detect attacks, maybe we could buy another service from Cisco although it's very expensive. I would choose Fortinet, but my clients like ASA support. I prefer Fortinet because Fortinet has a UTM and it's a good firewall.

View full review »
OB
Principal Network Engineer at a manufacturing company with 501-1,000 employees

The most valuable features for my client are the ASDM and monitoring.

They have familiarity with the Cisco CLI.

View full review »
TR
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees

The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.

It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.

View full review »
LX
Network Specialist at a financial services firm with 501-1,000 employees

On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed.

It's not so difficult to pull out reports for what we need.

It comes with IPS, the Intrusion Prevention System, and we're also using that.

View full review »
GV
Architect - Cloud Serviced at a comms service provider with 10,001+ employees

Firepower is an okay product. However, it is better as a firewall than the IPS or other services it provides.

View full review »
SO
Network Administrator at Modern Woodmen of America

Sourcefire has been a great addition. The visibility and control have been nice. 

I also like the active/standby HA. 

View full review »
it_user3483 - PeerSpot reviewer
Senior Consultant at Unify Square

ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web sites filtering and so on.The routing part is high level as usual with Cisco products.  

View full review »
AM
IT Operation Manager

NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.

View full review »
AL
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees

Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.

View full review »
SI
Network and System Administrator at a pharma/biotech company with 501-1,000 employees

The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.

View full review »
ST
System Engineer at asa

The most valuable feature is stability.

View full review »
NJ
Administrator at a university with 1,001-5,000 employees

It is a flexible solution and can be easily integrated with your network hardware. It is a very useful product. This product is very popular in the industry and the network security environment is good.

View full review »
NJ
Administrator at a university with 1,001-5,000 employees

Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.

View full review »
YT
Information Security Manager at a financial services firm with 501-1,000 employees

It's a flexible solution and is well-known in the community. Most professionals are familiar with Cisco products and we prefer to work with products that we know. That is why we chose to work with Cisco firewalls, and also for the quality.

View full review »
Othniel Atseh - PeerSpot reviewer
Network Security Consultant at a consultancy with 1-10 employees

If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.

Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.

When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected.

Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial.

When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good.

View full review »
YS
Senior Network Support & Presales Engineer at a computer software company with 51-200 employees

The Firepower Management Center is an easy way to manage the devices centrally. I guess this is something that all vendors provide so it's nothing special. I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.

Sometimes you might have a high priority event but it has nothing to do with your environment. You have a vulnerability. You don't have to treat a vulnerability as an attack. Since you're not vulnerable, it's not impactful to your environment so you don't have to focus on it. This is something that other products don't provide. 

It is very flexible. You can have the next generation firewall work as a physical connection or as a Layer 2 device. You can have a combination of Layer 2 and Layer 3, which is really good. 

View full review »
JL
Ingénieur technico-commercial at ICBM

We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.

View full review »
it_user1073460 - PeerSpot reviewer
Security Solution Architect at a financial services firm with 5,001-10,000 employees

The most important feature is its categorization because on the site and social media you are unified in the way they are there.

View full review »
DA
Computer Networking Consultant and Contractor with 51-200 employees

Stability, high availability of services, and very high MTBU were the most valuable features for me -- because in my work as network and security consultant, it is very important to guarantee to my customer the security of his business.

View full review »
SS
Network Engineer with 201-500 employees

IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.

The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.

Also, the IP access list counter is a good feature while troubleshooting.

View full review »
RS
Network Security Consultant at a tech services company with 51-200 employees

Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

View full review »
it_user246819 - PeerSpot reviewer
Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer with 1,001-5,000 employees
  • Firewall mode
  • AnyConnect gateway
  • Client-less SSL VPN
View full review »
JL
Network Administrator at a manufacturing company with 10,001+ employees

To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.

We frequently use the Bottleneck feature we purchased specialized from Cisco.

View full review »
RP
System Administrator at a non-profit with 1-10 employees

Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.

You do not have to do everything through a command line which makes it a lot easier to apply rules.

You are able to see the traffic of what sites users are visiting.

There are warnings if you are about to go to sites that could be malicious.

It also allows you to block within categories, such as, by URL.

The solution always had these capabilities, but it did not have a user interface that was user-friendly.

View full review »
PC
Network Security/Network Management at a educational organization with 201-500 employees

The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.

View full review »
VA
Cyber Security Software Engineer at FireEye

It is a comprehensive suite and complete package. We have the following with the product:

  • Interest point detection
  • Firewall stuff
  • VPN
  • It's configurable.
  • It guards with its own threat intelligence. 

We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.

View full review »
PP
Works at IDF technology
  • AnyConnect
  • Double translations
  • Independent IPS module
  • High performance
  • Various methods of organizing a VPN
View full review »
DH
‎Senior Vice President at a transportation company with 51-200 employees

DMZ segmentation, and IDS and IPS.

View full review »
it_user862920 - PeerSpot reviewer
‎Enterprise Manager at One Advanced
  • VPN
  • Firewall
  • IDS/IPS

These features allow us to deliver services to meet client needs across various industry verticals.

View full review »
DS
Owner at David Strom Inc.

The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.

View full review »
it_user627855 - PeerSpot reviewer
Manager Network Security at a financial services firm with 5,001-10,000 employees

I love its CLI mode of working, it gives plenty of information with a single line of command.

This feature allows its administrator to perform advanced level tasks with much ease.

View full review »
MS
Network Architect at a tech vendor with 10,001+ employees

The access list is the most valuable feature of this solution. 

View full review »
BD
Solutions Architect at a manufacturing company with 10,001+ employees

This solution is easy to use if you know how to set it up.

The most valuable features are on the routing side, with the control between the two networks and the rules that are in there.

View full review »
AA
Network Operations Center Team Leader at a financial services firm with 10,001+ employees

At this point, we find that this product has high productivity and high availability and there is no need for improvement. 

View full review »
JM
Manager at BSB Cadmin Ltd

The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.

View full review »
MK
Asst.Manager IT at a manufacturing company with 501-1,000 employees

All the features are good. The GUI is among the most valuable.

View full review »
it_user698424 - PeerSpot reviewer
Network Engineer at a tech vendor with 10,001+ employees

Some of the valuable features are detecting malware and blocking blacklisted URLs.

View full review »
it_user477366 - PeerSpot reviewer
Security Technical Architect at a tech services company with 10,001+ employees

The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

View full review »
MZ
Middle-Tier Admin Integrator at a tech services company with 51-200 employees
it_user243897 - PeerSpot reviewer
Cisco Systems Engineer at a tech services company with 1,001-5,000 employees
  • Network firewall
  • FirePOWER services (URL filtering, IPS)
View full review »
JR
Enterprise Integration Architect at a insurance company with 10,001+ employees

It's very stable and mature.

View full review »
PS
Executive Director at ict training and development center

The ability to block threats is its most valuable aspect.

Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.

It's pretty reliable and allows for isolation capabilities within the network.

The ADSM is very good.

I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.

View full review »
it_user875826 - PeerSpot reviewer
Sales Manager at Entiresoft Technologies Pvt Ltd

VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

View full review »
reviewer847167 - PeerSpot reviewer
Network and Securirty Engineer at a tech vendor with 501-1,000 employees

Filtering is the best feature, as I have gotten used to using it.                               .

View full review »
it_user208356 - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees

If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. 

The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the only feature, I feel, that is good. I have worked with other firewall products, so I know it very well. The logs are pretty good. Then it forwards. When it forwards the logs to a third-party syslog server, it then writes the Syslog very well. That is the only feature I like about it.

View full review »
RS
Network Security Consultant at a tech services company with 51-200 employees

It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest way.

View full review »
it_user242529 - PeerSpot reviewer
Network Consultant at a tech services company with 51-200 employees

With the ASA there are multiple products depending on your needs based on the two generations of the ASA. Roughly split-up there are 4 products.

  1. 5500 Series basic/standard firewall - This I would rate as 7/10 due to the fact that it's easy to use, manage and deploy. Its scalable SSL, and IPSec VPN options, and is lacking throughput
  2. 5500-X Series basic/standard firewall - This I would rate as 8/10 due to the fact that it's easy to use, manage and deploy. Its scalable SSL, and IPSec VPN options, and it has high throughput
  3. ASA5500 Series with firewall and CX - This I would rate as 5/10 due to fact that even though the firewall and VPN part is easy to manage and deploy, the CX is lacking in stability, and features. Also, it is rather complex to deploy. Add to this the CX lowers the throughput even further
  4. 5500-X Series with firewall and Sourcefire - This I would rate as 9/10 because it's easy to use, manage and deploy the firewall, VPN, and also the SourceFIRE. SourceFIRE works rather well and is by far the most advanced IPS system available. But it decreases the throughput more than you´d like

In general, I like both the SSL VPN and SourceFIRE. Firstly, for the VPN, both the client and client-less versions are very scalable, flexible, and dynamic in configuration and probably the best SSL VPN solution available in the marked. Secondly, SourceFIRE has improved the IPS functionality and stability of the ASA to a point where you can begin to enjoy the fruits of your solution and root out the bad seed in you network.

View full review »
it_user222999 - PeerSpot reviewer
Network Security Engineer at a tech services company with 51-200 employees
  • Scalability
  • Debugging messages
  • Context modes
View full review »
it_user234789 - PeerSpot reviewer
Chief Technical Officer at a comms service provider with 501-1,000 employees
  • Content filtering
  • VPN features
  • User interface is also very friendly
View full review »
SK
Senior MIS Manager at a tech company with 201-500 employees

The solution is stable. We haven't had any issues in that sense.

The security of the hardware is excellent. Cisco is very serious in its approach to security.

We have a high level of trust in Cisco and its products.

The solution is excellent for enterprise-level networks.

View full review »
PK
Jr. Engineer at a computer software company with 5,001-10,000 employees

It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.

All of the licensing features can be upgrades.

The interface is user-friendly.

View full review »
TM
Group Information Technology Manager at a mining and metals company with 201-500 employees

The best feature for me is the VPN and I also like the firewall. 

View full review »
TJ
Senior Network Engineer at Johnson & Wales University

The VDB updates run on schedule, so less hands-on configuration is needed.

View full review »
it_user637233 - PeerSpot reviewer
Presales Consultant at a tech services company with 51-200 employees

Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.

One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.

View full review »
AM
IT Operation Manager
  • Hardware reliability
  • Software stability
  • Quick software updates for known bugs/vulnerabilities

These are very important in an enterprise environment.

View full review »
it_user208434 - PeerSpot reviewer
Senior Network Engineer at a tech services company with 1,001-5,000 employees

The ASDM has significantly improved over the years. Real-time logging and filtering is useful. Firewall rules are easy to understand, and enable/disable.

View full review »
MR
Network Security Engineer at a tech services company with 201-500 employees

The user interface, the UI, is excellent on the solution. Let's say you want to check the real-time locker - you can create it by the UI using ADSM.

View full review »
it_user1307058 - PeerSpot reviewer
Network Consulting Engineer at a comms service provider with 201-500 employees

The most important feature is the VPN connection.

My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.

Cisco ASA is easy to configure.

The integration with the security features is something that I like.

View full review »
SS
C.T.O at Sastra Network Solution Inc. Pvt. Ltd.

It is very stable compared to other firewall products.

It has good security features.

The firewall features make it easy for the users to work on it.

View full review »
EM
Technical Manager at a comms service provider with 501-1,000 employees

One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination)

A security level will define how trusted is an interface in relation to another interface on the Cisco ASA.

The Higher is the security level, is the more trusted is the interface.

The highest security level is , “ Security Level 100” .

Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful:

- Firepower services

- Security context

- Firepower management



View full review »
it_user886188 - PeerSpot reviewer
Presales Engineer

Monitoring, of course - the dashboard. It enables you to see what is happening.

View full review »
it_user824748 - PeerSpot reviewer
Works at a comms service provider with 1,001-5,000 employees

Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.

View full review »
it_user654645 - PeerSpot reviewer
Senior Network Specialist

The security features are valuable because it is easy to use and it has an important role as a firewall.

View full review »
it_user341043 - PeerSpot reviewer
System and Network Administrator at a hospitality company with 501-1,000 employees

It gives us the ability to do lan-to-lan VPN.

View full review »
it_user243879 - PeerSpot reviewer
Network Security Engineer at a tech services company with 1,001-5,000 employees

VPN - Both site to site (IPsec) and remote access (IPsec and SSL).

View full review »
it_user6381 - PeerSpot reviewer
Manager of Infrastructure at a manufacturing company with 51-200 employees
We choose Cisco ASA 5500 Series for our branch office primarily because it is a stable firewall. Many home and even business grade firewalls will often start acting up and have to be rebooted, but the ASA is completely rock-solid. ASA Firewall Chains STP and RST Protocol allows us to build redundant uplinks to STP compatible switches. It has 256 MB RAM and 128 MB of flash which is plenty for future upgrades. I personally like to have the multitude of VPN options such as - IPsec VPN, DMVPN, L2TP, SSL, Any Connect, etc. The IPsec VPN is supported on the iPhone, so it is cool to be able to access my home network from my phone. View full review »
RM
Consultor at a government with 201-500 employees

I like the IPS feature, it is the most valuable.

View full review »
SH
Team Leader Network Egnieer at deam

There are two main ways that using Cisco ASA & Firepower has improved our organization:

  1. Technical features
  2. Our Sales team
View full review »
YA
Network Security Specialist at a financial services firm with 501-1,000 employees

It is easy to create interfaces and routing, which all can be done at the GUI level. For now, we are still going around the services and will add more in the future.

View full review »
it_user511224 - PeerSpot reviewer
IT Support Engineer

Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.

View full review »
ED
Founder, CEO, & President at Krystal Sekurity

Provides advanced malware capabilities.

View full review »
it_user298980 - PeerSpot reviewer
IT Security Engineer at a financial services firm with 501-1,000 employees

Cisco ASA's CLI is very effective and fast to configure the firewall and make changes, but monitoring logs and connections can be eye bothering by reading all the line outputs. ASDM, however, have improved the overall ASA configuration from an GUI standpoint. I really enjoy the log monitor where I can see live logs in a more user friendly interface. The down side of ASDM is that it is build with JAVA and that means a lot vulnerabilities and it does not always work with the latest JAVA version and/or patches.

View full review »
VG
Network Security Engineer at a tech services company with 51-200 employees

The Inline Mode configuration works really well, and ASA works very impressively.

View full review »
MM
Lead Network Engineer at a tech services company with 51-200 employees

We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution.

View full review »
TS
IT Administration at a healthcare company with 11-50 employees

The most valuable feature is the access control list (ACL). 

View full review »
MM
Coordinator Network Support at a manufacturing company with 501-1,000 employees

The most valuable feature is the security that it provides our company and users.

Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.

View full review »
PT
Support Engineer at a tech services company with 51-200 employees

We can shift traffic, block certain content, or redirect policies.

View full review »
TP
Business Development Executive at CBI
it_user850275 - PeerSpot reviewer
Pre-sales engineer with 51-200 employees

All the visibility the device gives us as well as management and administration facilities.

View full review »
it_user590484 - PeerSpot reviewer
Sr Network Engineer at a tech services company with 501-1,000 employees

VPNs, reliability.

View full review »
it_user293883 - PeerSpot reviewer
System/Network administrator at a computer software company with 501-1,000 employees

It's a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM.

View full review »
it_user254346 - PeerSpot reviewer
Business Development Director with 51-200 employees

The fact that it's a full inspection firewall.

View full review »
ME
Solution Architect at a tech services company with 11-50 employees

I like the firewall features, Snort, and the Intrusion Prevention System (IPS). 

View full review »
FK
Network Engineer at Banque des Mascareignes
  • Its VPN and ASN features are very stable. 
  • It is easy to configure. 
View full review »
it_user793611 - PeerSpot reviewer
Account Manager

Advanced malware protection, it blocks malicious attacks.

View full review »
it_user242523 - PeerSpot reviewer
Network Security Administrator at a tech company with 5,001-10,000 employees

The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

View full review »
it_user241755 - PeerSpot reviewer
Senior Network and Security Engineer at a tech services company with 51-200 employees

It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.

View full review »
MR
Programming Analyst at a tech services company with 201-500 employees

The feature I have found most valuable is the IPS advanced threat detection for removing ransomware and malware.

View full review »
KS
CEO & Co-Founder at a tech services company with 51-200 employees

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

View full review »
it_user1070472 - PeerSpot reviewer
Information Security Manager at Tactical Air Support

The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

View full review »
GS
Center for Creative Leadership at a training & coaching company with 501-1,000 employees

Its security is the most valuable feature. 

View full review »
it_user874149 - PeerSpot reviewer
Tehcnician at Belize Telemedia Limited

ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

View full review »
it_user413292 - PeerSpot reviewer
Regional Manager - Pre Sales at a tech services company with 51-200 employees

In-depth monitoring and analysis. It helps us to make better decisions and policies.

View full review »
it_user682167 - PeerSpot reviewer
Network and System Engineer at a non-tech company with 201-500 employees

I enjoy the interface of Cisco products, especially the CLI version. I think the IPS feature in the product is best compared to products of other vendors. All the IPS features can be accessed from a separate interface, e.g., Cisco IDM.

View full review »
it_user470943 - PeerSpot reviewer
ICT Manager - Network Operations at a healthcare company

Firewall, VPN and Single Sign On.

View full review »
it_user400626 - PeerSpot reviewer
Senior Network & Data Communication Engineer at a tech services company with 201-500 employees

Security, Routing and NAT.

View full review »
it_user349320 - PeerSpot reviewer
Corporate Information Security Officer

It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

View full review »
it_user237144 - PeerSpot reviewer
Senior Technical Consultant - Network and Security at a tech services company with 51-200 employees
  • It provides our company with security and protection on all our devices.
  • It's highly available.
View full review »
it_user275442 - PeerSpot reviewer
Senior Presales Engineer at a tech services company with 501-1,000 employees

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

NGIPS: Application visibility, file policies (store files), network discovery, correlation features

View full review »
it_user237354 - PeerSpot reviewer
Sr. Network Engineer at a tech services company with 10,001+ employees
  • Stateful inspection
  • CLI of the firewall
View full review »
it_user224271 - PeerSpot reviewer
Senior Network Architect/Owner with 51-200 employees

The features that we use are:

  • The stateful firewall
  • VPN with AnyConnect
  • Site-to-site IPSEC solutions
  • High availability
View full review »
it_user212700 - PeerSpot reviewer
Senior Network Engineer at a aerospace/defense firm with 51-200 employees

The multi-context mode.

View full review »
it_user150300 - PeerSpot reviewer
Senior Network Engineer at a tech services company with 501-1,000 employees
Anyconnect VPN View full review »
it_user5274 - PeerSpot reviewer
Network Manager at a insurance company with 1,001-5,000 employees
1. I have found tje Cisco ASA to be less expensive than Check Point firewalls. 2. It is smaller in size than Check Point firewall. 3. It is easy to operate and manage with both GUI and Command Line View full review »
it_user2871 - PeerSpot reviewer
Network Engineer at a university with 51-200 employees
-Powerful firewall provides multiple contexts. -Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login. -Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM View full review »
HD
Network Engineer at a tech services company with 201-500 employees

The software itself is very simple.

The solution is easy to operate. It's not overly complex.

The command line is the same as it is on the Cisco iOS router.

The technical support is very helpful and responsive.

View full review »
it_user346116 - PeerSpot reviewer
I.T Security Consultant

This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.

View full review »
it_user614874 - PeerSpot reviewer
Gerente de Telecomunicaciones at a financial services firm with 1,001-5,000 employees

The front page of device manager is the most valuable feature because it makes it easy to know the system status.

View full review »
it_user240063 - PeerSpot reviewer
Network Security Engineer at a manufacturing company with 10,001+ employees

It has very advanced security features including FirePOWER threat management, which is the most valuable, but also URL filtering, FireSIGHT, and advanced malware protection.

View full review »
MZ
Program director at a tech consulting company with 201-500 employees

I think Cisco ASA Firewall is the most stable firewall solution.

View full review »
MM
student at MC

ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

View full review »
it_user430797 - PeerSpot reviewer
Network Engineer at a mining and metals company with 1,001-5,000 employees

The simple access rule, Internet NAT and routing are valuable features. It is very simple and the most reliable perimeter firewall.

View full review »
it_user200313 - PeerSpot reviewer
Security Consultant at Accenture

Cisco doesn't have many features but only basic firewalls.

View full review »
it_user821520 - PeerSpot reviewer
Information Systems Manager at a manufacturing company with 201-500 employees

Its ability to work with the traffic.

View full review »
it_user698436 - PeerSpot reviewer
ESS Security with 201-500 employees

Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.

View full review »
it_user697185 - PeerSpot reviewer
Consultant

Management Console and user profiling to define activities.

View full review »
it_user789333 - PeerSpot reviewer
President and CTO with 51-200 employees
  • Strong in NAT and access-lists 
  • Very good as a stateful inspection firewall, but weak in all other areas. 
View full review »
it_user387540 - PeerSpot reviewer
I.T. Security/Projects Specialist at a tech services company with 501-1,000 employees

Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.

View full review »
it_user241749 - PeerSpot reviewer
Security Engineer at a tech services company with 501-1,000 employees
  • Firewall
  • VPN
  • FirePOWER mobile
View full review »
SF
System Engineer at a tech services company with 501-1,000 employees

It's a flexible solution.

View full review »
it_user916539 - PeerSpot reviewer
Solutions Architect at a tech services company with 10,001+ employees

It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.

View full review »
OC
Network Engineer at IT Security

I like the easy administration.

View full review »
it_user456837 - PeerSpot reviewer
Project Manager with 11-50 employees

It is very robust, trustworthy and highly customizable.

View full review »
it_user242523 - PeerSpot reviewer
Network Security Administrator at a tech company with 5,001-10,000 employees
  • Modular scalability
  • High availability
  • VPN services
View full review »
MS
Network Security Presales Engineer at a tech services company with 51-200 employees

The most valuable features of this solution are the integrations and IPS throughput.

View full review »
it_user857937 - PeerSpot reviewer
ICT Manager with 1-10 employees
  • IPS
  • Antivirus
  • IP filtering
View full review »
it_user814596 - PeerSpot reviewer
Senior Network Manager with 51-200 employees
  • Failover
  • Transparent firewall
  • Multi-context
  • Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.
View full review »
it_user674844 - PeerSpot reviewer
Executive Manager with 11-50 employees

The solution's reliability, performance, and security are most valuable.

View full review »
it_user240570 - PeerSpot reviewer
Network, Unix and Security Engineer at a tech services company with 501-1,000 employees
  • NAT
  • IPSec
  • ACL
View full review »
it_user1998 - PeerSpot reviewer
Infrastructure Expert at a tech company with 51-200 employees
There are a lot of companies who create firewalls but there is not a single one which can compete with ASA. It can have access control from layer 3 to layer 7. The ASA 5510 is more than enough for small to medium business. It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA. You can use ASA to route traffic. AAA service supports plenty of Authentication server types. You can configure advanced NAT in this device. It uses Modular Policy Framework (MPF) to inspect traffic. You can inspect traffic at different layers separately. You can use this as a transparent firewall & fail over is instant. The virtualization works beautifully for this device. VPN is another added advantage.All the types of VPNs are managed through ASA. View full review »
it_user764139 - PeerSpot reviewer
Solutions Architect at a tech services company with 51-200 employees
  • Network attack detection
  • DoS and DDoS attack prevention
  • Signature-based detection
  • User-defined signatures with regular expressions
  • Integrated URL and content filtering
  • Custom URL categories filtering
  • Integarted antrivirus
  • Protocols scanning
View full review »
BB
Security Consultant at a tech services company with 51-200 employees

The most valuable feature is the access control list (ACL).

View full review »
it_user747591 - PeerSpot reviewer
Technical Administrator at a tech services company

Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security.

View full review »
it_user570603 - PeerSpot reviewer
IT Manager at a manufacturing company
  • Cisco IPSec VPn
  • VPN Client
  • Port Restrictions
View full review »
it_user241743 - PeerSpot reviewer
Network System Engineer with 51-200 employees

The filter with NAT mode is valuable.

View full review »
Buyer's Guide
Cisco Secure Firewall
March 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.