Cisco Secure Firewall Valuable Features
JT
JoshuaThums
Network Administration Lead at Forest County Potawatomi Community
The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through the IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network. Those items are capable being exploited although they were not actually being exploited. Being able to see what those exploits are, the potential for vulnerabilities and exploits, is critical for us.
RV
Rob Vreede
Principal Network Engineer at a retailer with 10,001+ employees
I like the basic firewall features. We use Cisco Firepower to separate PCI from corporate, so we're not using it at the edge. If we were to use Firepower at the edge, then we would enable other features like IDS and SSL inspection. However, since we only use it as an internal firewall, plain level-four firewalling is enough for us.
Cisco Firepower is useful for securing our infrastructure from end to end so that we can detect and remediate any threats. I like the Cisco products because they are very stable and what you see is what you get. There are no vague or gray areas. We log all of our logs to Splunk, for example, and everything we see in Splunk is very useful. Finding errors or finding reasons why something is or is not working is very easy.
This solution helped to free up our IT staff's time so that they can focus on other projects. The management platform makes deployment and management, that is, day-to-day changes, very easy.
Cisco Firepower saved our organization's time because it has role-based access. We can give some engineers the ability to do day-to-day tasks and give more experienced engineers more in-depth tasks.
We have been able to consolidate our tools and applications. The FTD tool also manages our Firepower IDS nodes. As a result, we have a consolidated single pane of glass for all of our Cisco Firepower security tools.
View full review »The most valuable MX features are the ease of deployment and a great dashboard. The most valuable Cisco Secure Firewall features are options, features, and ease of deployment because it's an appliance.
View full review »Buyer's Guide
Cisco Secure Firewall
April 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port.
View full review »FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent.
View full review »SB
Shashidhara B N
Director & CIO of IT services at Connectivity IT Services Private Limited
ASA integrates with Firepower, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall.
Deep Packet Inspection looks at the header information and inspects the contents of a particular packet. We can also look at traffic management. It can control end-user applications, and we can check device performance when we do this type of regression on our resources. This is what we look at with a DPI. It can help us reduce the overall OpEx and CapEx.
Traditionally, we needed multiple software and hardware tools. With these features, we can snoop into our network and understand each packet at a header level. That's called the service control engine.
Within Cisco's Service Control Engine Architecture, there's something called the Preferred Architecture, which has a supervisor engine. It's more of a network management tool. Cisco makes it more convenient to manage our resources. It has a nice UI, or we can go into the command-line level.
Cisco's micro-segmentation features are helpful for access control layers and virtual LAN policy enforcement. That's how we segregate it. Micro-segmentation is focused on the application layer. When we design a policy that is more automated or granular, and we have a specific business requirement, we get into micro-segmentation. Otherwise, the majority of the implementation will be generic network segmentation.
Dynamic classification is also essential given the current security risks and the attacks. We cannot wait for it to tell us if it's a false positive or a real threat. In those cases, dynamic classification is essential, especially at a MAC level.
When using WiFi, we may have a suspicious guest, and we cannot wait for someone to stop it manually. The firewall needs to at least block the traffic and send an alert.
In cases like these, integration with Cisco ISE is handy. If the firewall alone doesn't help, you must redesign your architecture to include various associated products as you increase your requirements. For example, you may have to get into multiple servers, so you'll need an ISE for identity management.
As you start scaling up your requirements, you go beyond a firewall. You start from an L1 layer and go to the L7 sitting at the organization's gateway. When you talk about dynamic policy implementation, that's where you start to get serious about your operations and can change things suddenly when an attack is happening.
With ISE integration, you get another dynamic classification if an endpoint connects immediately. ISE has a lot of authorization rules, so it applies a filter. The dynamic policy capabilities enable tighter integration at the application workload level. Snort 3 IPS enables you to run more rules without sacrificing performance, and IPS puts you one step ahead of any threats to the organization.
EV
Ed Vanderpool
IT Technical Manager at Adventist Health
The features that we find the biggest bang for the buck are for Firepower overall. We're looking at AnyConnect, which is one of the big features. The other valuable features are IPS along with the Geotagging and the Geosync features, and of course the firewall, the basic subset of firewall infrastructure and policy management.
We've looked at other vendors, but Cisco by far has taken the lead with a holistic approach where we don't have to manage multiple different edges at one time. We can actually push policy out from our core out to the edge. The policy can be as granular as we need it to be. So the administration, also the upgradability of the edge is for us because we need to have it 24/7. The upgradability is also another piece of management, logging, and all the other little aspects of the monitoring part.
Using deep packet inspection, especially with 7.0, since it's just come out in 7.0, we're able to see much more granularly into the packet where before we could actually give a general overview using NetFlow. This gives us much more granularity into what is exactly happening on our network and snapping in the Cisco StealthWatch piece gives us the end-to-end way of monitoring our network and making sure that it's secure.
The overall ease of use when it comes to managing Cisco Secure Firewall is one of the reasons that we ended up going with Cisco because the ease of use, basically having one UI to be able to control all of our end devices, policy, geolocation, AnyConnect, all the different pieces of that in one area has been phenomenal.
Cisco Secure Firewall helped to reduce our firewall operational costs because previously if we were not using Cisco's Firepower, we would have had either Cisco ASA or another manufacturer, and we would have had those everywhere. We would have had still two at every site, several within our infrastructure, and the management of those is much more difficult because it's done by one-off.
As far as saving Adventist Health money, I would have to say that it's not necessarily the actual physical product, but the time, labor that we would have had to have to be able to monitor and administer that, and also the time to find malicious issues and security areas that we were unable to see before. So, it's tough to put a cost on that, but it would probably be several hundred thousand dollars overall if you're looking at whether we got hit with malware or with some of the other issues that we're seeing, especially within healthcare. If we were hacked, that would cost us millions.
It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.
View full review »As far as securing our infrastructure from end to end, I'm a big fan of Cisco products. I haven't used other products in the past, but I love the Cisco products. It helps a lot in the end.
We have firewalls on the edge, internally, and then on the cloud now, so I feel we're pretty secure.
Firewall helps with cybersecurity resilience. I really like this Cisco product. It's user-friendly. I don't like some other vendors. I've tried those in the past. Cisco is pretty easy. A caveman could do it.
I've used Check Point and Palo Alto, and I like Cisco better. It's what I'm comfortable with. Hopefully, I'll use it until I retire.
View full review »I like the ease of administration and the overall speed of processing web traffic. The modules help protect and administer web traffic. ASA Firewall's deep packet inspection gives me visibility regardless of whether I have the agent installed on all the workstations. I can see incoming web traffic and control access to suspicious or dangerous sites. I can apply a filter or make rules to restrict categories of websites.
PS
Paul Stadlbauer
System Engineer at Telekom Deutschland GmbH
Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us. When COVID came, a lot of people had to stay at home, and that was the basic use case for having remote access.
JB
Jake Billingsley
Enterprise Architect at People Driven Technology Inc
I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool.
From the Firepower solution, all the features that you would think of when you're thinking about a Firewall [are valuable], including some that I stated: content filtering, the IPS, IDS, and malware prevention. All of those are big use cases and great features that work well.
View full review »RH
Rifat Hyseni
Director of Information Technology at a government with 501-1,000 employees
The solution provides us with application visibility and control and, at this stage, we are happy with it. Similarly, we are very happy with Cisco Firepower Management Center. We're still at an early stage, but we haven't seen any problems with the Cisco products. We are still switching on features and looking at how they are working.
When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.
We also believe that Cisco is updated about all security issues and threats and efficient enough to provide us with the features and protection we need.
View full review »JS
JoelStech
Senior Network Engineer at Orvis
The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment.
I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be.
We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols.
One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades.
View full review »The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.
View full review »The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall.
View full review »Its efficiency and security are the most important. We are more efficient and more secure.
We use Cisco switches and firewalls, Cisco DNA, and Cisco SecureX. The integration between various Cisco products is working very well. It's quite seamless for us.
View full review »I'm not a security person. I'm a planner, and we were interested in the advanced features of the firewall to allow us to manage the traffic. At the current stage of implementation, their help in implementing a policy has been valuable. It simplified the implementation. Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.
The most valuable feature is zone segmentation, which we utilize through the Firepower management console. This allows for centralized management, which proves highly useful. In the past, when using Cisco Firewalls, we had to manage them independently. However, now we have a single unified interface to manage all our Cisco Firewalls worldwide.
View full review »The technology is evolving, and it's no more a stateful firewall, which is only for blocking certain ports. A lot of features, such as anti-malware protection and URL filtering, have been integrated into the firewall and extended to the network.
MR
MohammadRauf
Security Officer at a government
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.
Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos.
We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point.
View full review »BB
Bryan Broadhurst
Cybersecurity Designer at a financial services firm with 1,001-5,000 employees
I would say the most valuable aspect of Cisco Secure Firewall is how scalable the solution is. If we need to spin up a new environment, we can very easily and quickly scale the number of firewall instances that are available for that environment. Using clustering, we just add a few nodes and away we go.
In terms of time-saving or cost of ownership, the types of information that we can get out of the Cisco Secure Firewall suite of products means that our security responders and our security operations center are able to detect threats much faster and are able to respond to them in a much more comprehensive and speedy manner.
In terms of application visibility, it's very good. There is still room for improvement, and we tend to complement the Cisco Secure Firewall with another tool link to help us do some application discovery. That said, with Firepower, we are able to do the introductory part of the discovery part natively.
In terms of detecting and remediating threats, I would say on the whole, it is excellent. When we made the decision to go with the Cisco Secure Firewall compared to some other vendors, the integration with other third-party tools, and vulnerability management, for example, was a real benefit. It meant that we could have a single view of where those three threats were coming from and what type of threats would be realized on our network.
In recent years through the integration of Firepower threat defense to manage some of the firewalls. We were able to do away with some of our existing firewall management suite. We do still need to use some third-party tools, but that list is decreasing over time.
The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.
View full review »FH
reviewer8276195
Product Owner at a manufacturing company with 10,001+ employees
Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging.
I love the ASDM (Adaptive Security Device Manager) which is the management suite. It's a GUI and you're able to see everything at a glance without using the command line. There are those who love the CLI, but with ASDM it is easier to see where everything is going and where the problems are.
The ASDM makes it very easy to navigate and manage the firewall. You can commit changes with it or apply them before you save them to be sure that you're doing the right thing. You can perform backups easily from it.
It also has a built-in Packet Tracer tool, ping, and traceroute, all in a graphical display. We are really able to troubleshoot very quickly when there are issues. With the Packet Tracer, you're able to define which packet you're tracing, from which interface to which other one, and you're able to see an animation that shows where the traffic is either blocked or allowed.
In addition, it has a monitoring module, which also is a very good tool for troubleshooting. When you fill in the fields, you can see all the related items that you're looking for. In that sense, it gives you deep packet inspection. I am happy with what it gives me.
It also has a dashboard when you log in, and that gives you a snapshot of all the interfaces, whether they're up or down, at a glance. You don't need to spend a lot of time trying to figure out issues.
View full review »- Speed
- Its capabilities
- Versatility
AK
reviewer1570647
Senior Information Security Analyst at a manufacturing company with 10,001+ employees
I have found the most valuable feature to be the access control and IPsec VPN. There are a lot of people moving towards the next-generation versions of firewalls which have some advanced features such as this one. You can define rules based on the application instead of how they are traditionally are done. There are more general and traffic controls, and additional features for intrusion prevention for malware analysis.
View full review »The ASA has seen significant improvement due to the IPS.
The ability to troubleshoot more easily through the gate is valuable.
View full review »NH
reviewer2212515
Network Engineer at a healthcare company with 10,001+ employees
Being able to use it as a policy-based VPN is valuable. It's very easy to understand.
It's very easy to troubleshoot. It may be because I'm comfortable with it or because I've used it for so long, but it's easy to use for me. I don't have any problems with how to set it up or use it.
View full review »The security features that protect our networks are the most valuable for me and my department, as we are responsible for the security of our network. We investigate cases and analyze traffic to see what's going on. These features are also very valuable when we are investigating communication between some services in the bank and what's happening in the network.
We are very satisfied with Cisco Secure Firewall for securing our infrastructure from end to end so we can detect and remediate threats. We have not seen a lot of false positives, and we haven't seen many situations when the traffic was interrupted without a proper cause. We are confident that the signatures that Cisco Secure Firewall uses are very good and reliable. For us, this is very important because we are a relatively small security team, and we don't have much manpower to be able to analyze every signature or event. By default, Cisco Secure Firewall is reliable, and that is the most important factor for us. Cisco is a large company that invests in security, and if it has reliable signatures and processes in intrusion detection, then that is very good for us.
Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network.
The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.
View full review »Without a doubt, the best features are the reporting and analytics. Some vendors provide the same feature set, but their product won't give you the power to figure out what's going on in your network. Whereas with Cisco Secure Firewall, especially with the management platform on top, you can have all of the analytics and see exactly what is going on. You can see not only the source and destination but also the application, the URL, the type of policy it's hitting, the specific rule it's hitting, and the amount of data transferred from it. Apart from that, you get all of the risk reports. You can see how much bad stuff is coming into the network at present and whether there's anything you need to act on immediately. That data is at your fingertips, and it's by far the best feature and the best selling point of Cisco Secure Firewall.
Cisco Secure Firewall has reduced our clients' mean time to repair because they are able to find possible issues quickly. The power of the reporting, the dashboards, and all of the analytics in the background also helps to alert and quickly act on the threat.
My impression of Cisco Talos is that it's well-regarded in the industry. Cisco is so well regarded that we know their security intelligence is up-to-date. Our clients have peace of mind because they have Cisco Talos in the background and know that Cisco Secure Firewall is up-to-date with the latest threats. They can be sure that they're acting on the best available data.
FC
reviewer1667103
Global Network Architect at a agriculture with 10,001+ employees
It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing.
View full review »CN
Christian Boe Nielsen
Infrastructure Architect - Network at a manufacturing company with 1,001-5,000 employees
I like the central management and IPS features. Having everything in one place is very valuable.
Cisco Secure Firewall is very good at detecting threats. We see a lot getting blocked by the IPS in our DMZ, that is, our internet-facing web service.
It helped free up IT staff time. Before, we would have to manually configure every single firewall. Every time we configure something on a firewall, it takes five to ten minutes, and we have more than 50 firewalls around the globe. We do changes every week, and the automated policy and upgrades saved us a lot of time.
In terms of the organization, we have been able to save time by getting things out faster. However, the only downside is that the policy push takes quite a while. Thus, a quick fix still takes at least 15 minutes, and troubleshooting can take time as well.
View full review »Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often. Sometimes, when users complain that they are not able to see a particular thing, we log in to check the scan and see what it has scanned and filtered. It is usually something it has filtered out. It works perfectly.
FM
Francesco-Molino
Practice Lead at IPConsul
The IPS is one of the top features that I love.
The dashboard of the Firepower Management Center (FMC) has improved. The UI has been updated to look like a 2021 UI, instead of what it was before. It is easy to use and navigate. In the beginning, the push of the config was very slow. Now, we are able to push away some conflicts very quickly. We are also getting new features with each release. For example, when you are applying something and have a bad configuration, then you can quickly roll back to when it was not there. So, there have been a lot of improvements in terms of UI and configuration.
Overall, the solution works very well.
The solution is quite fast. We found that the speed was good and the throughput was good.
The stability has been very good.
The solution can scale as necessary.
The product is quite robust and durable.
BW
reviewer2211648
Network Security Team Lead at a government with 10,001+ employees
The VPN is our most widely used feature for Cisco Secure Firewall. Since we were forced into a hybrid working situation by COVID a few years back, VPN is the widely used feature because everybody is working remotely for our agency. So it came in very handy.
View full review »WN
reviewer2211633
CTO at a government with 10,001+ employees
Cisco Secure Firewall is robust and reliable.
View full review »ZK
Zhanerke Kozhabergenova
Sr. NetOps Engineer at Smart Cities
The primary benefits of using Cisco Secure solutions are time-saving, a robust API, and convenience for the security team.
View full review »SV
Shawn Vessels
Critical Infrastructure at Wintek Corporation
Our top three features are the high-availability features, the VPN and the IPSec.
It has fantastic visibility. It's a 10 out of 10.
Cisco Secure Firewall is fantastic at securing our infrastructure from end to end so we can detect and remediate threats. We have already caught things that have tried to get in.
Cisco Secure Firewall has improved resilience by a huge margin. It has been a great help.
Cisco Secure Firewall has freed staff because we don't have IT staff worrying about a lot of the threats. We trust the device that we are going to catch the threat. We are going to get a notification and be able to act upon that. Cisco Secure Firewall has saved at least 25 hours a week
The newer versions have made it so that we do not have to worry about other appliances with feature sets that are already built into the Cisco firewall.
The solution has had a huge effect, especially from physical density when it comes to securing our infrastructure. A lot of people don't think about power availability and cooling aspects. You have a limit to how much power you can push, and every little bit helps.
We chose Cisco because of its understanding, customer service, warranties, and the quality of the product
KB
Kamal Benmekki
CTO at Intelcom
The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks. We also have Umbrella with Secure DNS because all the threats nowadays are coming from email servers. We also have the DSA solution to limit the threats coming from ransomware. Combining all of these with Talos provides the best security solution.
The most valuable feature is the IPS. We also like the AnyConnect feature.
We monitor daily the final inspection activities and intelligence on Firepower. We also send logs from Firepower to our monitoring server, which is a nice feature.
View full review »DC
reviewer1657845
Senior Network Security Engineer at a tech services company with 11-50 employees
- Ease of operability
- Security protection
It is usually a central gateway into an organization. Trying to keep it as secure as possible and have easy to use operability is always good. That way, you can manage the device.
The solution has very good visibility when doing deep packet inspection. It's great because I can get packet captures out of the device. Because if an intrusion fires, I can see the packet that it fired in. So, I can dive into it and look at what is going on, what fired it, or what caused it.
Cisco Secure Firewall is fine and works when it comes to integration of network and workload micro-segmentation.
The integration of network and workload micro-segmentation is very good when it comes to visibility in our environment. It is about how you set it up and the options that you set it up for, e.g., you can be as detailed as you like or not at all, which is good.
Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity.
View full review »MB
Matt Back
Cyber Security Practice Lead at Eazi Security
The most valuable feature is the Next-Generation Intrusion Prevention System. For customers who don't have a SIEM platform, Firepower Management Center offers some SIEM-like functionality that clearly categorizes intrusion prevention alerts. So, they are rated with flags, from zero to four. If I see a level 1 flag, then this means that the attempted intrusion, not only relates to a real vulnerability, but we likely have a system in our environment somewhere that could be exploited by that vulnerability. In that sense, it helps us quickly target which intrusions should be investigated versus what is noise. A level 2 flag just identifies where an intrusion relates to a known vulnerability. It doesn't mean that you are vulnerable to it, because you may not have the particular hardware/software combination that the vulnerability relates to. Therefore, being able to quickly determine where to focus your investigation is important.
All Cisco security technologies have API integrations. We have all Cisco security products for all our customers integrated into SecureX for overall visibility of threat detections across all security appliances. Cisco Advanced Malware Protection is a good example. It is not just a product but a capability that has been integrated into multiple products or technologies. We see in Firepower that we can benefit from Advanced Malware Protection at a network level, but that same technology is also available on email security as well as endpoint security. So, if a threat is detected in one place that can be blocked everywhere, almost at the same time, then the integration is very good.
If we look at something like Cisco Umbrella, then we see Umbrella integrated with Cisco Meraki appliances, both on firewalls and access points. So, there does seem to be a good level of integration.
Integrations are primarily API-driven. You just generate an API. You have an identifier and generate an API key. It is normally five minutes or under to integrate something. Cisco has SecureX, which is their security management platform. They also have Cisco SecureX threat response, which is a threat hunting tool. With both of these tools, they can take the API keys from any Cisco products as well as some third-party products, then you can integrate them in just a couple of minutes. It is pretty easy.
MK
reviewer1512729
IT Administrator / Security Analyst at a healthcare company with 11-50 employees
We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government. My experience with Talos has been, they're pretty on top of things. Another driving factor towards Cisco: We get feeds every hour, automatically refreshed, and updated into the firewall.
If I had to rely on one security intelligence, which I wouldn't, but if I had to, I'm sure it would be Talos. The fact that it gets hourly updates from Talos gives me some peace of mind.
The real strength for the Cisco next-generation firewall is it'll do pretty much anything you want it to do, although it requires expertise and proper implementation. It's not an off-the-shelf product. For instance, there are some firewalls that may be easier to set up because they don't have the complexity, but at the same time, they don't have the feature set that the Cisco firewall has.
The firewall does DNS inspection, and you can create policies there.
The firewall integrates seamlessly and fully with our SIEM. We use a Rapid7 SIEM inside IDR and it now integrates seamlessly with that. Cisco's doing a lot more with APIs and automation, which we've been leveraging.
In terms of application visibility and control, I used the firewall and I also use Umbrella, but it depends on what it is that I'm seeing. One component that I use is network discovery. When you configure the policy properly, it'll go out and do network discovery so you're not loading up a bunch of rules you don't necessarily need. Instead, you're targeting rules that Cisco will say, "Hey, because of network discovery, we found that with this bind to whichever version server, we recommend you apply this ruleset." This is something that's been very helpful. You don't necessarily have to download every rule set, depending on your environment.
I have used it for application control. Right now, we're in the midst of doing tighter integration with ISE and the integration is very good. This is something that we would expect, given that it's a Cisco product.
I use the automated policy application and enforcement every chance I get. Using an automation approach, I would rather have a machine isolated even if it's a false positive because that can happen much faster than I can get an alert and react to it. On my end, I'm trying to automate everything that I can, and I haven't experienced a false positive yet.
Anything that's machine learning-based with automation, that's where I'm focusing a fair amount of attention. Another advantage to having Cisco is that their installed base is so huge. With machine learning, you're benefiting from that large base because the bigger their reach is, the bigger and better the dataset is for machine learning.
At some point, you have to trust that the data set is good. What's impressed me about Cisco is with all of our Cisco products, whether it's AMP or whatever, they're really putting an emphasis on automation, including workflows. For someone like me, if I get an alert in the middle of the night and I see it at 6:00 AM, it is going to be a case of valuable time lost, so anything that I can do to make my life easier, I'll definitely do it.
View full review »AI
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching.
I would say the Cisco Firepower NGFW actually gives superior intelligent behavior to transfer its active/passive infrastructure. Overall, Cisco Firepower NGFW has been a good power element in our systems due to its central location.
View full review »I like that you can get really granular, as far as your access lists and access control go.
You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI-based.
View full review »It is very good at what it does. It is a very dependable, long-standing product that you can trust. You know exactly how it works. It has been in the market for a lot longer than I have. So, it is great at its core functionality.
View full review »The content filtering is good.
View full review »Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good. With Cisco Secure Firewall, the security is very much manageable because it protects all the incoming and outgoing traffic of our several telecom IT rooms.
View full review »I won't be able to speak about the strong points of the product. I will need the input from my team to be able to speak about the advantages of the product. The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market.
CW
reviewer2212707
Security Engineer at a government with 501-1,000 employees
The product is easy to manage and simple. It works with the rest of our Cisco products. You can drop in new ones if you need more performance. The training and documentation provided are good.
View full review »I like its integration with the AnyConnect client. I also like how modular it is. For example, I can easily integrate the Umbrella add-on into it. We are planning on adding Umbrella. We haven't added it yet, but we have researched it.
View full review »The network products help save time if they are well configured at the beginning. They help increase security and protect the company's data.
View full review »JP
JayPatel1
Network Engineer at Ulta Beauty
Their CLI is pretty good.
View full review »HP
reviewer1318416
Senior Solutions Consultant at a comms service provider with 10,001+ employees
All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features.
The implementation is pretty straightforward.
View full review »PC
PaulChauchis
Security Architect
The IPS, as well as the malware features, are the two things that we use the most and they're very valuable.
Cisco Talos is also very good. I had the chance to meet them at Cisco Live and during the Talos Threat Research Summit. I don't know if they are the leader in the threat intelligence field but they are very competent. They are also very good at explaining complicated things easily. We use all of their blacklist, threat intelligence, and malware stuff on our FTDs. We also use the website from Talos where you can get web reputation and IP reputation.
View full review »For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with.
View full review »
FS
reviewer1895589
Security engineer at a energy/utilities company with 10,001+ employees
The IPS solution helps us to not only navigate north-south traffic, but also east-west traffic.
View full review »PR
reviewer1895532
Senior Network Engineer at a manufacturing company with 1,001-5,000 employees
So far, the remote VPN access has been a perfect solution for our company.
View full review »The next-generation features, like IPS, among others, are the most valuable. IPS is mandatory in modern networks for protection against malicious attacks and network anomalies.
Also, it gives you great visibility when doing deep packet inspection, but you have to do HTTP inspection. If you don't do HTTP inspection, the visibility is not complete. That is the case for every firewall vendor.
SM
Syed Mohsin Ali
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
- The normal firewalling features are very good. You can easily create objects and work with them.
- The AnyConnect software for remote VPN is an added feature on the firewall that works very well in our environment.
- The IPS is another important feature that I use. It doesn't impact the overall performance of the ASAs.
All of these features work fine.
Cisco ASA works very nicely from an administration perspective. The management of the device is very nice. The ASDM (Adaptive Security Device Manager) is the software that we use and it is very easy to configure using the GUI. If you are familiar with the ASDM software, it's very easy for anyone to handle. The CLI isn't different from other Cisco CLIs, so that makes it easy as well.
Also, the visibility when doing packet inspection on the ASA, using the ASDM GUI, works well. You can go to the monitoring part and see the live logs, the syslogs. All the traffic events are displayed in the syslog. You can filter on whatever event you are interested in and it is visible to you in no time. It provides a real-time display of the traffic. Troubleshooting issues is very easy using ASDM.
In addition, if you want to do some captures at the interface level, there's a packet tracer, a tool within the ASDM and the ASA, which is available on both the GUI and the CLI. That is on the newer firewalls as well and it's very nice. It shows you the life cycle of a packet within the firewall, from entry to the exit, and how many steps it goes through. It really helps while troubleshooting. I'm very satisfied with that.
Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a breeze. Failovers between units are flawless. FirePower add-ons deepen security with intrusion prevention (IPS), anti-malware protection (AMP), and URL filtering. These particular services can run as a hardware or software module within the ASA. Unlike ASA with CSM, these modules are managed by FireSight, a single pane for all of your FirePower nodes. It’s intuitive and easy to use, but still lacks some automation capabilities (e.g., bulk edits, etc.).
View full review »TO
TomOneill
Solutions Architect at Acacia Group Company
The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs.
View full review »KH
reviewer2212530
Systems Engineer at a engineering company with 5,001-10,000 employees
The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.
View full review »FS
Faheem Shahzad
Networking Project Management Specialist at Bran for Programming and Information Technology
Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial.
View full review »MW
reviewer2146893
Executive Vice President, Head of Global Internet Network (GIN) at a tech services company with 10,001+ employees
Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers. I'm from Germany, and in Germany, people are very concerned about privacy. We have a bunch of public customers, and they have an issue with decrypting traffic, even if it's only for security analysis. They have some fears. So, they are quite interested in the capability to detect threats without decrypting traffic.
MK
reviewer1288518
Security admin at a wholesaler/distributor with 10,001+ employees
This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.
Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.
View full review »GU
Gyaneshwar Upadhyay
Senior Network Engineer at BCD Travel
If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.
View full review »MB
reviewer1376670
Director IT Security at a wellness & fitness company with 5,001-10,000 employees
Intrusion prevention is its most valuable feature because of its effectiveness. Cisco is the largest security company and one of the largest threat intelligence services with Talos. Cisco can identify and immediately apply any new threat information into signature sets for their Intrusion Prevention tools, including endpoint. In our case, we are talking about Firepower. That scope is what results in is an almost immediate application of application prevention signatures against any upcoming network attacks. So, if there is a new vulnerability, some sort of high critical value globally, the Cisco team is typically able to identify and write corresponding detection or prevention signatures, then apply them across their toolset.
It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.
We are using Cisco Cloud Email Security and DNS security from Cisco as well as endpoint protection. The integration between these products is pretty good. The benefit is the ability of all these disparate tools to talk to each other and be able to take action, sort of feeding each other with newly intelligent detection mechanisms and passing that information on to the next tool, then taking action on that next tool based on information identified on the first tool. That is really the biggest benefit of using the ecosystem. So, we've optimized it. We leveraged Cisco's tech response, which connects with each of these tools. We definitely find value every day.
It was very easy to integrate with the SIEM, which is really our primary use case. Besides the Cisco ecosystem, it is integrating with a standalone separate SIEM solution, which is Splunk in our case. This was an easy, simple approach to accomplish. We had no issues or problems with that.
View full review »MS
Maharajan S
VSO at Navitas Life Sciences
The advance malware protection (AMP) is valuable because we didn't previously have this when we had an enterprise gateway. Depending on the end user, they could have EDR or antivirus. Now, we have enabled Cisco AMP, which give us more protection at the gateway level.
The application visibility is also valuable. Previously, with each application, we would prepare and develop a report based on our knowledge. E.g., there are a couple business units using the SAS application, but we lacked visibility into the application layer and usage. We use to have to configure the IP or URL to give us information about usage. Now, we have visibility into concurrent SAS/Oracle sessions. This solution gives us more visibility into the inbound/outbound traffic being managed. This application visibility is something new for us and very effective because we are using Office 365 predominantly as our productivity tool. Therefore, when users are accessing any of the Office 365 apps, this is directly identified and we can see the usage pattern. It gives us more visibility into our operations, as I can see information in real-time on the dashboards.
View full review »KB
reviewer1884756
Data center design at a comms service provider with 10,001+ employees
One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI. When I first started learning firewalls, Cisco was the first one that was taught to me and it was pretty easy to grasp. When I'm teaching other engineers to use Cisco ASAs, the results of their learning are immediate.
View full review »URL filtering is valuable.
View full review »The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs.
View full review »CT
reviewer1885305
Analytical Engineer at a pharma/biotech company with 10,001+ employees
The most valuable features are the remote VPN and site-to-site VPN tunnels.
I use the solution to write policies and analyze the data coming in via the firewalls.
View full review »One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important.
LS
Lucas Sousa
Network Administrator at Bodiva
The most valuable feature we have found to be the VPN because we use it often. Additionally, overall the solution is user-friendly and especially the ASDM GUI.
View full review »SN
SherifNour
IT Manager, Infrastructure, Solution Architecture at ADCI Group
The Cisco security rules are very strict and very strong.
I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.
View full review »BG
Beka Gurushidze
System Administrator at ISET
For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections.
View full review »TI
reviewer2109165
Senior Network Consultant at a healthcare company with 1,001-5,000 employees
When I was managing these firewalls, I found them easy to understand, easy to deploy, and easy to maintain as compared to some of the other firewalls I have been involved with earlier. The opinion of my coworkers is that it's easy and quick to establish new zones, expand, and maintain.
RW
Roger Waelen
System Administrator at a healthcare company with 501-1,000 employees
Collaboration with other Cisco products such as ISE and others is the most valuable feature.
View full review »PC
Paul Crist
Senior Engineer at Teracai Corporation
The GUI makes configuring it much simpler than the command line.
View full review »AE
Ahmed El-Ghawabi
Technical Consultant at Zak Solutions for Computer Systems
Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.
Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There is one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.
The stability is very good.
Technical support services are excellent.
View full review »Network segmentation is the most valuable feature.
View full review »IK
reviewer2212692
Network Engineer at a tech services company with 5,001-10,000 employees
The monitoring dashboard is valuable to us for troubleshooting. It lets us see if the packets get from the source to the destination correctly.
View full review »MZ
reviewer2107434
Senior Network Administrator at a comms service provider with 201-500 employees
Their performance is most valuable.
View full review »The IP filter configuration for specific political and Static NAT has been most valuable.
View full review »The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot. As a troubleshooting tool, Packet Tracer is one of the things that I like. It comes up in all my interviews. When I want to figure out if someone knows how to use the ASA, I ask them about use cases when they use the Packet Tracer.
View full review »Most firewalls do the same things, more or less. Because we have to compete with other vendors, it's the things that are different that are important. With Cisco, it's the security intelligence part. It's quite simple to configure and it's very effective. It cuts down on a lot of trouble in the early phases.
IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors.
I also like that, in recent years, they have been developing the solution very quickly and adding a lot of new, cool features. I really love the new web interface of Cisco Secure Firewall Management Center. It looks like a modern web-user interface compared to the previous one. And the recent release, 7.2, provided even more improvements. I like that you have the option to switch between a simplified view and the classic view of firewall policies. That was a good decision.
View full review »RG
Raufuddin Gauri
Network & Security Engineer at Oman LNG L.L.C.
It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS. To make out network fully secure, we have zone-based security and subnets.
It is user-friendly with a lot of features. It has a CLI, which is helpful for troubleshooting. It also has a GUI. It is easy to work with this firewall if you have worked with any Cisco firewall.
With Cisco FMC, we can see the network's health and status. We can create a dashboard to view the network configuration, security policies, and network interfaces that are running or are up or down. We can also see network utilization and bandwidth utilization. We can see if there are any attacks from the outside network to the inside network. We can arrange the icons in the dashboard. For troubleshooting, we can also log in to the FMC CLI, and based on the source and destination, we can ping the firewall and the source.
MB
Manuel Briones
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.
View full review »MB
Mitku Bitew
Head of Network Administration Section at Zemen Bank S.C.
The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals.
IPS is also valuable for intrusion detection and prevention. It is a paid module that can be added. I'm using it for security, VLAN management, segregation management, and so on.
It is easy to use. In our region and our country, Cisco is well known, and most of the companies are using Cisco products. We have been using Cisco devices for a while, and our company primarily has Cisco devices. So, we are familiar with it, which makes it very easy to use for us. Even when we compare it with other products, it is easier to use.
It is easy for us to manage it because it is a familiar product, and it has been a part of our environment. Now, other products are providing free training, free access, and free license, because of which things are changing. So, you can easily become familiar with other products.
View full review »RF
reviewer1263240
Data Analyst at a hospitality company with 201-500 employees
In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be.
The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.
From what I've already done with ASA, I've noted that it's a very simple solution.
It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn.
View full review »I like all of the features.
View full review »CM
In432TchMn89
IT Manager at Citizens Bank
I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that.
View full review »MH
Manuel Hiedl
IT Service Technician at Scaltel AG
The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic.
It also secures the internal network to allow specific client traffic or machine traffic.
Cisco Secure Firewall helped reduce our clients' meantime to repair by 40%. This is because they can easily segment the network. It's easy to troubleshoot because of micro-segmentation.
View full review »DJ
Dejan Jovanovic
IT Consultant at ACP IT Solutions AG
The most valuable features are remote access, site-to-site VPN, and next-generation features.
View full review »MC
reviewer1895580
System programmer 2 at a government with 10,001+ employees
The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on.
The security correlation events and the network map help me to drill down on a host at will.
I really like the flexibility of the policies such as those you can use and the layer three policies with which you can block applications. It's really versatile. I like the security zones.
Cybersecurity resilience is our main focus right now. Because we're a government organization, everybody's really nervous about security and what the ramifications are. My device generates all the logs that our security team goes through and correlates all the events, so it's really important right now.
RS
reviewer1895514
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees
AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.
View full review »AS
reviewer1895487
Senior Network Architect at a tech services company with 10,001+ employees
Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.
CE
reviewer1885329
Network engineer at a government with 10,001+ employees
The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.
View full review »AR
reviewer1309845
Lead Network Engineer at a government with 1,001-5,000 employees
The 2100 models are extremely useful for us.
It's got the capabilities of amassing a lot of throughput with remote access and VPNs.
View full review »ZK
Zhulien Keremedchiev
Lead Network Security Engineer at TechnoCore LTD
The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.
Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more.
All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update.
View full review »Cisco provides the most solutions.
We use some of our Cisco firewalls offsite. They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy.
View full review »NM
Neil McFadyen
Supervisor of Computer Operations at Neil McFadyen
- Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings.
- I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
- Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
- I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
- I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
- I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
- It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
- The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
- While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.
CD
ChrisDaly
Senior Solution Architect at Teras Solutions Limited
We use the solution for deep packet inspection, Internet Edge functionality, IDS, and IDP.
View full review »BL
reviewer2212524
Network Engineer at a construction company with 1,001-5,000 employees
Cisco Secure Firewall is reliable, which is why we opted for it during the pandemic for our remote users.
HG
reviewer2109006
Daglig leder at a tech services company with 1-10 employees
We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works.
HN
Hoang Hanh Nguyen
Network Lead at a tech company with 10,001+ employees
What I like about Cisco Secure Firewall is that you get to integrate it into one box. For example, you can have one big switch with a model inside of it. This makes it easy to manage.
View full review »TM
reviewer1639311
Solutions Consultant at a comms service provider with 10,001+ employees
We like the standard firewall features. It's quite a capable box for UTM.
JK
Jamil Ahmad Khan
Specialist WINTEL Services at Descon Engineering Limited
The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly.
View full review »I like that Cisco Firepower NGFW Firewall is reliable. Support is also good.
View full review »AM
Alexander Mumladze
Network Engineer at LEPL Smart Logic
I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.
Its IPS engine also works very fine. I don't have much experience with it because I am an IT integrator, and we only configured it, but the company for which we configured these firewalls used this feature, and they say that IPS works very fine. They were also very pleased with its reporting. They said that its reporting is better than other firewalls they have had.
View full review »EH
EricHart
CEO at NPI Technology Management
Cisco's support is great.
For experienced users, they are pretty much able do anything they want in the interface with few restrictions.
The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made."
We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.
Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.
View full review »EV
EduardoViero
IT Infrastructure Specialist at RANDON S.A
For us, the main feature is due to the fact that we have internet connections for all these sites, and we use the internet to communicate with our data center using VPN. So the VPN support in these boxes is one of the most valuable features.
Also, with the firewall itself, the protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites, to support the business and give us peace of mind. If we do have an incident, since we don't have any IT personnel there for support, we need to do everything remotely.
It provides us with application visibility and control. We can see, on the dashboard, all the applications that are most used and which are under some sort of risk or vulnerability. From my perspective, which is more related to the network itself and the infrastructure, not the security aspect, it helps a lot when we need to check some situation or issue that could be related to any attack or any violation. We can see that there are one or two or three applications that are the top-consuming applications. We can use this information to analyze if there is a deviation or if it's something that we need to consider as normal behavior and increase the bandwidth on the site. It's very important to have this analytic view of what's happening. That's especially true for us, since we have information on all these remote sites but we don't have IT resources on-premises. Having this view of all the sites in the same pane of glass is very important.
It's not just the visibility of things, but the management of application behavior is very important. If I see that, for example, Facebook is consuming too much bandwidth, I can make a policy on the console here and deploy it to our remote offices. So the application visibility feature is one of the key parts of the solution.
NGFW's ability to provide visibility into threats is also one of the important features. Although we have several applications that are based on-premises — we have databases and file servers that only exist inside the company or inside those remote sites — we see more traffic going to and coming from the internet every day. It's not optional anymore to have visibility into all this traffic. More and more, we are moving things to Office 365 or other SaaS platforms which are hosted on the internet. We need to see this traffic crossing our network. It's a top priority for us.
When it comes to Talos, I recognized the importance of it before they were even calling it Cisco Talos. As a user of the URL filtering product, the IronPort appliances, for six or seven years, perhaps or more, I was introduced, at that time, to a community that was called SenderBase.org, which was like the father of the Cisco Talos. Knowing them from that time, and now, the work they do is very important. It provides knowledge of what is happening in the security space. The information they can collect from all the hardware and software they have deployed with their customers is great. But the intelligence they also have to analyze and provide fixes for things like Zero-day attacks, for example, is crucial. They are able to map and categorize risks. They're unbeatable, currently. Although we know that other vendors have tried to replicate this service or feature, the history they have and the way they do their work, make it unbeatable currently.
View full review »LF
ipmplspr538920
Security Governance at a comms service provider with 1,001-5,000 employees
All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers
View full review »PK
reviewer2102925
System Engineer
I think that the firewall feature is the most valuable to me as it is one of the oldest features for this solution. We also appreciate how stable the VPN is.
View full review »MS
Maharajan S
VSO at Navitas Life Sciences
The ability to encrypt and decrypt is great.
The dashboards are excellent.
We really like the reporting aspect of the product.
It is stable.
We found the initial setup to be easy.
View full review »It is pretty user-friendly and straightforward to use.
It is secure and very reliable.
I like the heartbeat between the two devices that we have. Because if something fails, it immediately fails over.
View full review »MC
Reviewer43898
Engineering Services Manager at a tech services company with 201-500 employees
It may sound a bit strange, but one of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.
Also, the new UI is always getting better from version to version. In the beginning, when it came to managing Cisco Secure Firewall, it wasn't always the easiest, but with 6.7 and 7.0, it's gotten easier and easier. It's a pretty easy system to manage. It's especially beneficial for people who are familiar with ASA logic because a lot of the Firepower logic is the same. For those people, they're just relearning where the buttons are, as opposed to having to figure out how to configure things.
I've used the backup VTI tunnel and that's a feature that lets me create some redundancy for my route-based stuff and it works pretty well. I haven't had any issues with it
Firepower 7.0 also has fantastic Dynamic Access Policies that allow me to replicate a lot of the configurations that were missing and that made it difficult to move off the old ASA platform for some customers. The addition of that capability has removed that limitation and has allowed me to move forward with implementing 7.0.
Snort 3 is one of the biggest points on Firepower 7.0. I've been using Snort 3 for quite a while and, while I don't have a ton of customers on it, I do have some who are running on it and it's worked out pretty well. In their use cases, there wasn't a lot of risk, so that's why we started with it. Snort 3 has some huge advantages when it comes to performance and policy and how it's applying things and processing the flows.
Dynamic Objects have also been really critical. They're very valuable. Version to version, they're adding a lot more features onto Dynamic Objects, and I'm a big fan.
I've also used the Upgrade Wizard quite a bit to upgrade the firmware.
And on the management side, there are the health modules. They added a "metric ton" of them to the FMC [Firepower Management Center]. In version 6.7 they released this new health monitor which makes it a lot easier to see data and get to information faster. It's quite nice looking, as opposed to CLI. The new health modules really do stand out as a great way to get to some of that health data quickly—things like interface information, statistics, drops—that were harder to get to before. I can now see them over time, as opposed to at just a point in time. I've used that a lot and it has been very helpful.
In addition, there is the global search for policy and objects. I use that quite a bit in the search bar. It's a great way to get some information faster. Even if I have to pivot away from the screen I'm on, it's still great to be able to get to it very quickly there.
In a lot of ways, they've addressed some of the biggest complaints, like the "housekeeping" stuff where you have to move around your management system or when it comes to making configuration changes. That has improved from version to version and 7.0 is different. They've added more and have made it easier to get from point A to point B and to consume a lot of that data quickly. That allows me to hop in and do some data validation much faster, without having to search and wait and search and wait. I can get to some of that data quicker to make changes and to fix things. It adds to the overall administrator experience. When operating this technology I'm able to get places faster, rather than it being a type of bottleneck.
There is also the visibility the solution gives you when doing deep packet inspection. It blows up the packet, it matches application types, and it matches web apps. If you're doing SSL decryption it can pinpoint it even further than that. It's able to pull encrypted apps apart and tell me a lot about them. There's a lot of information that 7.0 is bringing to the forefront about flows of data, what it is, and what it's doing. The deep packet inspection and the application visibility portion and Snort are really essential to managing a modern firewall. Firepower does a bang-up job of it, by bringing that data to the forefront.
It's a good box for visibility at the Layer 7 level. If you need Layer 7 visibility, Firepower is going to be able to do that for you. Between VLANs, it does a good job. It's able to look at that Layer 7 data and do some good filtering based on those types of rules.
View full review »AM
Alexander Mumladze
Network Engineer at LEPL Smart Logic
We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.
It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4.
View full review »AA
Ahasan Ahmed
Deputy Manager at Star Tech Engineering Ltd
The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.
Cisco Talos is well known around the world and everyone trusts Talos for malware intelligence. It is number one. It is also the most secure for Snort rules. It is more secure than others because its real-time analysis is better.
In addition, Firepower Management Center is helpful.
We also use Cisco ISE and the integration between it and Firepower is okay.
View full review »VG
Vipin Garg
Co-Founder at Multitechservers
The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.
It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.
Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.
They are best-in-class.
The remote VPN feature is one of the best features we've found.
We like that there is two-factor authentication on offer. We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.
Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.
When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products.
There are multiple features in a single appliance, which is quite beneficial to us.
Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.
We have not had any security breaches.
They provide a helpful feature that allows us to configure email.
We are getting a lot from the appliance in real-time.
View full review »The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.
The IPS is a must for a firewall.
View full review »FL
FranciscoLopez
Team leader at J.B. Hunt Transport Services, Inc.
The most valuable feature of this solution is its ability to integrate vertically.
View full review »MD
NSA0898776
Network & Security Administrator at Diamond Bank Plc
I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference.
Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience.
- All my change requests are for Cisco ASA to work more on ease of management.
- All of the features of Cisco ASA are used by all of the other vendors on the market.
- The firewall solutions are all based on the same network equipment.
The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features.
View full review »MF
reviewer2109264
Network Engineer at a financial services firm with 10,001+ employees
All the features except IPS are valuable. IPS is not a part of my job.
The best features would obviously be the ones that are most used: the perimeter security, allowing/blocking of traffic, NAT-ing, and routing, or making it easy as compared to a router. If you were to do the similar features on a router, it would be way more extensive and difficult as compared to a firewall. These are the majority of the features that anyone would begin with.
But of course, they expanded to other features like IPS or cyber security or looking at vulnerabilities or scanning, port scans. Those are the advanced things.
[In terms of overall performance] in the last decade or so, especially in the last three or four years, the scale of where the architecture has been—all the numbers, the stats, everything—has gone up exponentially. It's all because of the innovations that are always happening, and not just at the hardware level, but particularly at the software level. Of course, we can always look at the data sheets and talk about the numbers, but all I can say, in my experience, is that the numbers have really gone up, and the speed at which the numbers have gone up in the last couple of years or so, is really progressive. That's really good to see.
View full review »SG
reviewer1900203
Network Automation Engineer at a financial services firm with 1,001-5,000 employees
For our very specific use case, for remote access for VPN, ASAs are very good.
Cisco also introduces new features and new encryption techniques.
View full review »BB
reviewer1895535
Network Engineer at a university with 1,001-5,000 employees
The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.
View full review »AS
Ashraf-Sadek
CSD Manager at BTC
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.
The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products.
Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco.
It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat.
One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic.
In addition, Talos is an enhancement to Cisco firewalls, and provides a better view.
The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes.
View full review »JM
Jonathan Muwanga
Head of Information Communication Technology at National Building Society
Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed.
AN
Asif Najmi
Network Engineer at LIAQUAT NATIONAL HOSPITAL & MEDIACAL COLLEGE
Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong.
Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to.
It's great for securing the network. You learn a lot.
The initial setup is straightforward.
The solution is very stable.
The scalability of the solution is very good.
View full review »DC
Dave Cooper
Network Engineer at CoVantage Credit Union
It's the brick wall that keeps us from the bad guys. It does a lot of things. In the beginning when you just have a firewall, of course, it's your NAT and it's your Access Control List. It's the thing that allows traffic in and out. There is some routing involved in that too. But once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.
We used to do some web filtering on the Firepower but we moved into Umbrella once we started. We do use Firepower for one piece of web filtering because Umbrella has yet to provide it: advertisement blocking. We don't allow our end-users to go into advertisements. If they're going to go to a site, they have to know what the site is, not just try to hit some kind of Google ad to get to it because those can be dangerous.
View full review »AG
Amit Gumber
Consultant at HCL Technologies
One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies.
The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.
View full review »The most valuable features are the IPS and Botnet software modules. These security features, working in tandem, truly provide a peace-of-mind against all levels of cyber-attacks.
View full review »JC
reviewer2146902
Engineer at a tech services company with 501-1,000 employees
The security features are the most valuable. My customers find the security products very useful because nowadays there are many threats from the internet and other malicious users. The security products really help.
So far, Cisco Secure for securing infrastructure from end-to-end so that we can detect and remediate threats is good enough.
SV
Sivakumar Vamadeva
Network Support Engineer at a manufacturing company with 51-200 employees
The most valuable feature is the threat defense. This product works well for threat defense but for everything else, we use Cisco ASA.
View full review »GD
reviewer1884966
Cybersecurity Architect at a financial services firm with 5,001-10,000 employees
The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment.
Its resilience helps offer being able to react and self-heal.
View full review »HR
reviewer1885551
Director of network ops at a non-profit with 51-200 employees
The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network.
View full review »BL
Bryan Litaker
Enterprise Architect at a tech services company with 51-200 employees
I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words.
View full review »The most valuable feature is the Intrusion Prevention System.
View full review »- Anti-malware protection
- Web Filtering
- VPN Remote-Access
The most valuable feature is the anti-malware protection. It protects the endpoints on my network.
We use the application visibility and control feature of Cisco firewalls.
View full review »WS
Win Sein
IT Consultant at Hostlink IT Solutions
The high-availability and remote VPN features are most valuable.
It is easy to configure. It has a GUI and a CLI.
View full review »WM
WilliamMugobogobo
Head of ICT Infrastructure and Security at City of Harare
The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping.
View full review »CS
Chandan-Singh
Sr Technical Consultant at a tech services company with 51-200 employees
The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.
Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.
View full review »EL
ERIK LABRA
Technical Specialist, consultant at a computer software company with 10,001+ employees
The configuration capabilities and the integration with other tools are the most valuable features.
I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.
View full review »The Adversity Malware Protection (AMP) feature is the most valuable.
It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.
View full review »MG
Seniorntwrk56
Senior Network Administrator at a construction company with 1,001-5,000 employees
The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well. The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice.
View full review »ME
reviewer1895547
Director of network engineering
Cisco ASA Firewall is a well-known product. They're always updating it, and you know what they're doing and that it works.
View full review »DJ
reviewer1895523
Network Systems Manager at a computer software company with 5,001-10,000 employees
The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.
MS
reviewer1627155
Senior Systems Engineer at a tech services company with 201-500 employees
The VPN and the login enhancements that were introduced in version 7.0 are invaluable to us. That was something that was missing before.
Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.
It is good in terms of the overall ease to use in managing it. Some of the things need some tuning, but overall, it is good.
View full review »JV
Joland Van Londen
Project Engineer at Telindus B.V.
The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands. That is why, when people move from another brand to Cisco, they never leave Cisco. They see that advantage.
Something I like about Firepower, in general, is that it still relies on the old ASA code. That's something customers really like because when they go into the CLI, they remember, "Oh, that's the ASA, that I am familiar with," but it's enriched with all the next-gen features of Snort. When a customer has knowledge of the ASA codes, they can do intensive troubleshooting because they know the device.
Customers also like Talos, which is the intelligence behind all of Cisco's security products, including Firepower. Talos is very good and is actually the most important part of a security product. It's important that you have something in the background that is continuously enriching intelligence so that you get information about upcoming threats on time. That keeps you protected as soon as possible when a Zero-day happens. Something that customers like about Cisco Firepower, in combination with Talos intelligence, is that full-time people are working in the background to provide information to Cisco security products.
Customers really want visibility into their networks. For example, they want identity management and that is something you can use Firepower for. With it, in addition to an IP address going somewhere, you can also see the username. That's a big advantage of Firepower, and can be set up quite easily.
Also, in very large networks, our customers use Cisco DNA Center. They have automation orchestration for their access network and that works seamlessly with Cisco Firepower firewalls. Security Group Tags can be used from DNA to an edge Firepower firewall. That way, they have microsegmentation within their access network for DNA. And they can extend that to their firewall rules for Firepower.
Our customers also use Cisco ISE to get user information. ISE is connected to DNA Center. That is something that Firepower works seamlessly with, and we do sell it a lot. We sell a lot of Cisco's other security equipment, and they all send their information to SecureX. Having more Cisco security products means your security information is becoming enriched within the SecureX platform. The integration among these Cisco products is more than easy. Cisco documents everything, in detail, when it comes to how to integrate the different parts. I've never had an issue with integrating Cisco security products with each other.
And for smaller networks, like those our government customers have, what they like about Cisco Firepower, and why they purchase it nine out of 10 times, is its ease of use and the reporting in Firepower Management Center. That is something they really like. They can look up things themselves and they like the SecureX integration.
View full review »HP
Henry Pan
Technical Consulting Manager at a consultancy with 10,001+ employees
The most valuable feature is the intelligence. It sends a warning for a potential attack, a zero-day attack. It sends us an advanced warning. We really like this feature.
We use other Cisco tools for switches, routers, and AppDynamics. We also use their wireless tool. We are Cisco's biggest partner, so we use the majority of their solutions. This is one of the reasons people become a Cisco-shop, because of the integration.
The integration between these products isn't perfect.
Firepower provides us with application visibility and control. We have a standard evaluation procedure with around 136 criteria. We have a team that does the evaluation and there were viruses reported.
In terms of its ability to provide visibility into threats, we put a different application to be tested. We check how much we can see. What kind of network traffic goes through different devices. We know what's going on. If something went wrong, we see the attack, we know where and which attack. We put it into our testing center. You can never get 100% visibility. Sometimes we can't detect until the damage is done. That is the danger of being in the firewall business. You never know what kinds of tricks a hacker will use. It's endless work.
Talos is pretty decent. It offers smart intelligence. It helps my team detect what is going on. Without it, the ability of the power stations would be much less. Talos is one of the reasons that we go with Cisco. It is a big advantage.
We use automated policy application and enforcement. Any of the networks are very complex. It has freed up a lot of our time. Now, it's much better but it's still far from enough. We have saved 90% of our time due to the automation.
Firepower has improved our enterprise defense ability by a lot.
We use the whole suite of Cisco device management options. Compared to ten years ago, I have seen a lot of improvement, but it's still far from enough. I wish the intelligence will be improved. There is a big learning curve now. If a new gear comes into place, then the first three months aren't so accurate. With machine learning, it is getting better. The intelligence should be there from day one. But it will still need to learn the environment and which attack is the most common.
We are still trying to figure out the best practices for harmonizing policies and enforcement across heterogeneous networks. It's something new. More and more applications are going onto the cloud and we need the hybrid Firepower ability.
View full review »MM
reviewer2099559
Founder CCIE
What I found the most valuable about Cisco Secure Firewall is that if a client is educated about the solution, it can help him or her avoid many problems and mistakes.
View full review »MH
reviewer1895598
Security architect at a computer software company with 51-200 employees
The CLI is the most valuable feature. We are moving towards FTD, which is more GUI based. The value of this solution lies in the fact that it is a standard platform that's been around for years and is always improving. This is important to us due to the necessity of ensuring cyber security.
View full review »PS
Pardeep Sharma
Network security engineer at a tech services company with 1,001-5,000 employees
Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.
The biggest advantage of Cisco products is technical support. They provide the best technical support.
TG
reviewer1217634
Lead Network Administrator at a financial services firm with 201-500 employees
With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful.
The administration is a little easier on the FirePOWER appliances because we're not using two separate products. For example, in the ASAs with FirePOWER Services, we were using the FMC to manage the FirePOWER Services, but we were still using ASDM for the traditional Layer 2 and Layer 3 rulesets. That is all combined in FMC for the FirePOWER devices.
Our particular version includes application visibility and control. Most next-gen firewalls do. The product is maturing with what they call FirePOWER Threat Defense, which is the code that runs on the firewalls themselves. The FirePOWER Threat Defense software has matured somewhat. There were some issues with some older versions where they didn't handle things in a predictable manner. Applications that we didn't have a specific rule for may have been allowed through until it could identify them as a threat. We reorganized our rules, because of that "feature," in a different way so that those extra packets weren't getting through and we weren't having to wait so long for the assessment of whether they should be allowed or not. We took a different approach for those unknowns and basically created a whitelist/blacklist model where applications on the list were allowed through.
Then, as you progressed into the ruleset, some of those features became more relevant and we stopped this. We looked at it as "leaky" because it was allowing some packets in that we didn't want in, while it made the determination of whether or not those applications were dangerous. Our mindset was to assume they're dangerous before letting them in so we had to adjust our ruleset for that. As the product matures, they've come out with better best practices related to it. Initially, there wasn't a lot of best-practice information for these. We may have been a little early in deploying the FirePOWER appliances versus continuing on with the adaptive security appliances, the old PIX/ASA model of firewalls. Cisco proposed this newer model and our VAR agreed it would be a benefit to us.
There was a bit of a transition. The way they handle the processing of applications is different between the ASAs and the FirePOWERs. There were growing pains for us with that. But ultimately, the ability to have this configured to the point where I could choose a specific user and create a rule which says this user can use this application, and they'll be able to do it from whatever system they want to, has been advantageous for our functionality and our ability to deliver services more quickly.
There haven't been a lot of specific use cases for that, other than troubleshooting things for myself. But having the knowledge that that functionality is there, is helpful. Certainly, we do have quite a few rules now which are based on "this application is allowed, this whole set of applications is blocked." It does make that easier because, in the past, you generally did that by saying, "This port is allowed, this port is blocked." Now we can say, not the ports; we're doing it by the services, or instead of by the services we're doing it by the applications. It makes it a little bit easier. And Cisco has taken the step of categorizing applications as well, so we can block an entire group of applications that fall under a particular category.
For the most part, it's very good for giving us visibility into the network, in conjunction with other products that give us visibility into users as well as remote items. It's really good at tracking internal things, really good at tracking people, and really good at giving us visibility as to what's hitting us, in most situations.
In general, Cisco is doing a pretty good job. Since we started the deploy process, they've increased the number of best-practice and configuration-guidance webinars they do. Once a month they'll have one where they show how we can fix certain things and a better way to run certain things.
The product continues to improve as well. Some of the features that were missing from the product line when it was first deployed — I was using it when it was 6.2 — are in 6.4. We had some of them in ASDM and they were helpful for troubleshooting, but they did not exist on the FirePOWER side of things. They've slowly been adding some of those features. They have also been improving the integration with ISE and some of the other products that utilize those resources. It's getting better.
View full review »NC
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
The IPsec VPN and web filtering.
View full review »The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.
View full review »FV
Fredy Velazquez
Admin Network Engineer at Grupo xcaret
Its security is easy to use.
View full review »BW
reviewer1882773
Network analysis at a government with 1,001-5,000 employees
The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.
View full review »In terms of features there hasn't been much improvement but it's a very stable solution and a very good firewall with almost all of the features required for next generation firewall purposes. Almost all the firewalls on the market have the same features available, but if you take into account the integrations and reporting of Cisco, it's a little better than the others. In particular, the briefing reporting is better. With Fortinet we would probably have to use FortiAnalyzer as a separate reporting module for Fortinet, but here the reporting is good.
View full review »WM
William Murray
Consulting Engineer at IV4
The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities. Because I primarily deal with the VPN functionality, I don't get very deep into the IPS or other capabilities.
View full review »SA
reviewer1208142
Senior Network Engineer at a consultancy with 1,001-5,000 employees
We can easily track unauthorized users and see where traffic is going. It is very useful.
FTD is also fully integrated with Talos. We are in the process of acquiring it and we will integrate it. That way we will have everything from Talos to do correlations.
View full review »MC
Michael Collin
Senior System Engineer at a tech services company with 11-50 employees
The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.
View full review »The feature that I found the most valuable is the overall stability of the product.
View full review »NH
Nelda Hojas
Chief Information Officer at Finance Corporation Limited
Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.
View full review »NJ
reviewer2109192
CTO at a tech vendor with 1-10 employees
Our clients have been able to consolidate infrastructure products such as Talus for hardware encryption and Dell EMC for D2D de-duplication and backup.
View full review »RM
Rauf Mahmudlu
Network Engineer at a tech services company with 51-200 employees
The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java.
High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.
PW
reviewer1500255
Senior Network And Security Engineer at a pharma/biotech company with 201-500 employees
The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.
View full review »JW
reviewer1446408
Acting Director, Office of Talent Management at a government with 10,001+ employees
The feature set is fine and is rarely a problem.
View full review »SZ
Stoyan Zhekov
General Manager at MS Solutions Ltd.
The most valuable feature is that it's secure.
It is really stable and I've never had an occasion that due to this firewall, I have had issues with the network, a breakdown, or otherwise.
This is a user-friendly product. Once you have a specialist who can configure it properly, you'll be pretty protected everything you want is in it.
View full review »HT
Hernan Trinco
Presales Engineer at a comms service provider with 51-200 employees
The clusters in data centers are great.
We enjoy the use of the remote access VPN. We have a mechanical firewall with IPS and we have no more than these. In general, ASA is for remote access and the mechanical firewall right now is more used for data centers.
We work to combine customers and we have a lot of customers that use networking from Cisco. They buy Cisco firewalls due to the fact that all of their networks are working with Cisco features.
View full review »TH
reviewer1395819
President at a tech vendor with 11-50 employees
I like them mostly because they don't break and they have great diagnostics. If something is awry, you can generally figure it out. And of course, everybody has a VPN, but I like the security of their VPN.
View full review »The solution is part of a suite. If you pay for it, it has basically a view that's called Firepower, and it's really good at being able to analyze exact bits of a pack, at the packet level, and has the ability to allow you to examine that traffic. It is really good. That's probably my favorite part of the suite.
View full review »WB
reviewer1084986
Network Engineer at a comms service provider with 1,001-5,000 employees
It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability.
It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device.
MT
Mbaunguraije Tjikuzu
Information Security Administrator at Bank of Namibia
The most valuable features are the firewall capabilities, filtering, and intrusion prevention.
I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features.
View full review »NP
Nadika Perera
CEO at Synergy IT
I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward.
View full review »- Reliability
- Security
- Flexibility
- Functionality
- Availability - controllability anywhere and with different methods
ZM
Zaur Mirzayev
Network Engineer at EURODESIGN
I work with Cisco and other partners, but the Cisco team is the best team in our country. When I call them, they always help us.
GS
Germain Safari
Information Security and Compliance Manager at RSwitch
Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.
Another important feature for us is user access. Now, we can base access on rules and specify that this or that user has privilege on the NG firewall. That was not available before.
The IDS also makes it easy to detect abnormal traffic. When it sees such traffic in the environment, it sends a notification.
View full review »The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices.
View full review »VM
Victor Mejia
SOC & SECURITY SERVICES DIRECTOR at BESTEL
The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations.
FB
Farooq Bashir
Sr Network Administrator at Orient Petroleum Inc
The security the solution offers is very good. Security-wise, it's the top in the world.
The product has excellent technical support.
The user interface is easy to navigate.
Everything is user friendly.
View full review »JF
reviewer1357989
Cisco Security Specialist at a tech services company with 10,001+ employees
All the features are very valuable.
Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users.
The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago.
Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA.
Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center.
View full review »DS
NGFW677
IT Specialist at a government with 1,001-5,000 employees
The most valuable features are the flexibility and level of security that this solution provides.
View full review »BS
Bashir Bashir
IT Administrator at Vegol
The VPN and monitoring are the most valuable features.
View full review »NA
Nasser Abd EL Rahman
IT Infrastructure Manager at Beltone Securities Brokerage S.A.E.
The features I found most valuable in this solution are the overall security features.
View full review »CR
Net823Eng2
Network Engineer at a media company with 51-200 employees
The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility.
View full review »AA
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
They give me more visibility of what's going on when traffic comes in and goes out from the company or comes in from the outside. I can see what's going on with this traffic, which is a nice feature. I also like the malware inspection and management of the dashboard features. The management of the dashboard is different from the old Cisco Firewall. This management brings everything together into one management platform.
Top features:
- Easy to deploy for staff to use VPNs
- Ease of setup
- Integrated threat defence
- Great flow-based inspection device
- Easy ACLs
- Failover support
- Each virtual appliance is separate so you get great granular control
- Has own memory allocation
- Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
- License control
- SSH or RESTful API
MG
Munish Gupta
Partner - Consulting & Advisory at Wipro Technologies
The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.
View full review »HC
Hector Carmenates
Information Technologies Consultant at a tech services company
- Reliability
- Robustness
- Security features
- High encryption, hashing, and integrity support
- Support
- High performance
JM
JuanMartinez1
Network Consulting Engineer at a energy/utilities company with 10,001+ employees
Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.
FT
Frank Theilen
IT Adviser/Manager with 51-200 employees
The Cisco ASDM management tool was helpful.
View full review »Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.
View full review »EL
reviewer2108076
Network Engineer at a government with 10,001+ employees
I like that it is easy to change the settings.
View full review »LA
reviewer1895511
Lead Network Engineer
They are easy to maintain.
View full review »JJ
reviewer1662657
Network Engineer at a computer software company with 51-200 employees
If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.
CB
Cesar Beut
Networking Specialist at a healthcare company with 1,001-5,000 employees
The solution provides us with good working application visibility and control.
I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.
View full review »JG
Jua GARCIA
Gerente de Unidad at Redescomm, C.A.
The most valuable feature is the ability to block almost all of the ports.
All of the commands work the same way, whether in the graphical interface or when using the command line.
Cisco products have a lot of features.
View full review »SA
Sikander Ali
IT Infrastructure Engineer at Atlas Group
One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.
It also handles application vulnerabilities. I have blocked some applications in my Firepower. In addition, there are predefined policies that come with the Firepower and I have created my own policies as well.
We also use Cisco switches, the 2920 for Layer 2 and the 3560 for Layer 3. The Firepower is integrated with the 3560. I have configured a gateway on the 3560 and all our traffic goes through the switch and is then passed on to the Firepower. The integration between the two was very easy.
ON
Omid Najafi
Managing Director at Fasp
The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly.
View full review »DC
reviewer1135638
Senior Network Administrator at a financial services firm with 1,001-5,000 employees
The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage.
Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security.
FF
Farhad Foladi
Cloud Services Operation Engineer at Informatic Services Company (ISC)
We are using the Cisco AnyConnect for our end-user VPN with the ASA.
If a user wants to connect to our network, they access it via the Cisco intranet and connect to the firewall at the edge.
View full review »DF
Donald Fitzai
LAN admin at Cluj County Council
The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure.
PR
PATRIK ROSENDAHL
Information Systems Manager at a non-profit with 1-10 employees
With this solution, you can have an inspection of each package and see what the threat level it's at. It has made the work more dynamic. We don't have to block as much like we had to in the old days.
View full review »PD
ITmgr302604
IT Manager at a construction company with 11-50 employees
Pro user-based firewall rules.
View full review »I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).
View full review »PS
Pardeep Sharma
Network security engineer at a tech services company with 1,001-5,000 employees
The most valuable features of this solution are advanced malware protection, IPS, and IDS.
View full review »SA
Syed Khalid Ali
Senior Solution Architect at a tech services company with 51-200 employees
The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate. I find it to be a more proactive approach as all devices collaborate with ISE in real time. I did a demo for a customer and there were no second thoughts in the usability of the solution. You should give it a try to find out more about how this works.
RO
reviewer1007166
CEO at a security firm with 1-10 employees
The most valuable feature is that the encryption is solid.
View full review »GK
George Karani
IT Manager
The feature I find most valuable is the Cisco VPN Interconnection.
The file features are useful as well. They're good at packet tracing. They are very straightforward. I would say that the Cisco ASA ASDM makes it very easy to manage the firewall.
View full review »CS
Cristian Serban
Network Engineer at a financial services firm with 5,001-10,000 employees
We use ASA as a simple, scalable firewall. Its main advantages are the stability. We use it as an active standby and as a failover solution. We depend on this solution, we've used it for several years.
View full review »RM
ramesh1923
Technical Specialist with 5,001-10,000 employees
VPN (site to site VPN and remote access ), NAT policies, modular policy framework, detailed troubleshooting methods.
View full review »It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote access VPN are always useful.
View full review »Class-based policing is the most important part of the ASA, and was its differentiator.
View full review »It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.
It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.
Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.
The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.
View full review »KB
Kiarash Barzoodeh
Senior Network Designer at ODI
The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in Cisco devices and services.
View full review »- Site-to-site IPsec VPN
- Remote IPsec VPN
- Reverse route injection
GF
Guillermo Fernandez
Security Consultant at IKUSI
The solution offers very easy configurations.
The administration of the solution is very good.
The product integrates well with other products.
SG
reviewer1480314
Senior IT Analyst at a insurance company with 51-200 employees
The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside.
There are no issues that we are aware of. It does its job silently in the background.
View full review »NS
Navee Srichaiyanont
IT manager at IRPC PCL
The solution is simple to deploy and stable.
View full review »MA
Mustafa Ahmed
Network Security Engineer at qicard
The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.
View full review »CS
reviewer818484
Information Security Manager at a financial services firm with 501-1,000 employees
Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.
View full review »IY
Iz
Assistant Manager (Infrastructure) at SISTIC
- Snort IPS with recommendation template
- Extendable hardware module
- Straightforward licensing
- Cisco product integration
SC
Simon Chaba
ICT Manager at a aerospace/defense firm
ON
Olivier Ntumba
Network & Systems Administrator Individual Contributor at T-Systems
It's an almost perfect solution.
The configuration is very easy.
The management aspect of the product is very straightforward.
The solution offers very good protection.
The user interface itself is very nice and quite intuitive.
View full review »For Firepower the most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.
For ASA, the most valuable feature is definitely the remote access VPN solution. The AnyConnect solution is very scalable and stable—there are no errors or flaws—which is necessary in today's world when we're all working remotely. The remote access VPN for ASA is very good.
When it comes to application visibility and control, both ASA and Firepower can provide them but the AVC feature is mostly used in Firepower. You can allow or disallow many applications through Firepower, through the access control policy.
If you configure Firepower correctly, it is good when it comes to threat visibility. It is proficient. It is the state of the art when it comes to blocking threats, network-wise. If you use it with an SSO encryption, and use your own features, blacklists, security intelligence, intrusion prevention, and access control points—if you are using it with every feature—Firepower can block most threats on your network. But it can't stand alone. It is necessary for the clients to have AMP for Endpoints, Cisco Umbrella, and Cisco ISE. If you're using Firepower as a standalone device, it can block, say, 20 or 30 percent more than the ASA can. But if you're using all of the security features from Cisco, you get much more security. It's like an onion's layers. The more layers you have, the more protection you have.
The ease of use with the new version of Firepower is more or less the same when compared to other versions of Firepower. But the dashboard has received a refresh and it's easier to use now than before. Overall, the ease of use has been increased.
View full review »AA
reviewer1416024
Sr. Network Engineer at a construction company with 10,001+ employees
The best features are stability and scalability.
View full review »IA
Imad Awwad
Group IT Manager at a manufacturing company with 1,001-5,000 employees
Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints.
View full review »AA
Ahmad Alkoragaty
IT Consultant at MOD
The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ.
View full review »MA
Mahmoud Ashoub
Team Leader, Information Risk Engineer at National Bank of Egypt
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.
View full review »GZ
Gerald Zauner
Data Center Architect at Fronius International
It has many features but not all of them work. The features aren't stable enough for us to use them. The most valuable features are the firewalling and the deep inspection.
View full review »EE
Seniodascie9887
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.
View full review »KS
Tech432SrvcMn
Technical Services Manager at a comms service provider with 10,001+ employees
The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.
View full review »JK
Johnsey Kivoto
IT Manager at a manufacturing company with 51-200 employees
I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution.
View full review »BY
BURAK YESILDERYA
IT System Administrator at PFW HAVACILIK
The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.
View full review »SC
Sergei Chernooki
IT SecOps Manager at a computer software company with 1,001-5,000 employees
Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.
View full review »AK
Alexander Kostov
Senior IT Networking and Security Manager at a tech services company with 10,001+ employees
There are a lot of features which are good and can be implemented, especially in the latest IOS version of the product.
They saved me a lot of time thinking how to solve different scenarios with other solutions.
Cisco AnyConnect for remote access is one of them. It is supported on most of the platforms, which business users use. They can gain access to the network, via functions like PBR, Security groups, contexts, and DNS doctoring. This gives a lot of flexibility to the product.
View full review »GS
Georges Samaha
Security Consultant at a tech services company with 501-1,000 employees
During the first phase of use, it was an extra module on standard Cisco ASA firewalls. It then became a standalone solution known as FTD, Firepower Threat Defense.
The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot.
I value the integration with other products (Cisco ISE, Cisco Endpoint AMP) which increases the protection intelligence within the enterprise by sharing security info between different products, which function on different layers. It furnishes fully connected security.
It also provides detection of the client operating system, which gives very good reporting and correlation with the signatures. It can relay the signature IP to the client operating system, to give a better correlation decision.
View full review »I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.
I'm most impressed with the visibility and control SourceFire solutions provide in to the types of traffic flowing in and out of an environment. It makes the discovery of applications and classification of user traffic simple, which in turn allows an organization to more effectively develop security policies and enforce acceptable use for its enterprise users.
View full review »VM
Vincent Mulama
Systems Administrator\Ag. IT Manager at a construction company with 201-500 employees
It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon.
View full review »SD
Sergio Díaz
Owner/CTO at FS NETWORKS
Firewalls are about blocking. ASA is for blocking, but it does not have the intelligence like Fortinet to detect attacks. If I could use ASA to detect attacks, maybe we could buy another service from Cisco although it's very expensive. I would choose Fortinet, but my clients like ASA support. I prefer Fortinet because Fortinet has a UTM and it's a good firewall.
View full review »OB
reviewer1323300
Principal Network Engineer at a manufacturing company with 501-1,000 employees
The most valuable features for my client are the ASDM and monitoring.
They have familiarity with the Cisco CLI.
View full review »TR
reviewer1010625
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.
It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.
View full review »LX
reviewer1348176
Network Specialist at a financial services firm with 501-1,000 employees
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed.
It's not so difficult to pull out reports for what we need.
It comes with IPS, the Intrusion Prevention System, and we're also using that.
View full review »GV
Girish Vyas
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
Firepower is an okay product. However, it is better as a firewall than the IPS or other services it provides.
View full review »SO
Reviewer83902
Network Administrator at Modern Woodmen of America
Sourcefire has been a great addition. The visibility and control have been nice.
I also like the active/standby HA.
View full review »ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web sites filtering and so on.The routing part is high level as usual with Cisco products.
View full review »AM
Azar Mammadli
IT Operation Manager
NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.
View full review »AL
Alberto E. Luna Rodriguez
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.
View full review »SI
NwkSysAdmin564
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.
View full review »ST
MD.SIHAB TALUKDAR
System Engineer at asa
The most valuable feature is stability.
View full review »NJ
reviewer1471347
Administrator at a university with 1,001-5,000 employees
It is a flexible solution and can be easily integrated with your network hardware. It is a very useful product. This product is very popular in the industry and the network security environment is good.
NJ
reviewer1471347
Administrator at a university with 1,001-5,000 employees
Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.
View full review »YT
reviewer1478394
Information Security Manager at a financial services firm with 501-1,000 employees
It's a flexible solution and is well-known in the community. Most professionals are familiar with Cisco products and we prefer to work with products that we know. That is why we chose to work with Cisco firewalls, and also for the quality.
View full review »If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.
Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.
When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected.
Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial.
When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good.
View full review »YS
sentwrkpres56
Senior Network Support & Presales Engineer at a computer software company with 51-200 employees
The Firepower Management Center is an easy way to manage the devices centrally. I guess this is something that all vendors provide so it's nothing special. I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.
Sometimes you might have a high priority event but it has nothing to do with your environment. You have a vulnerability. You don't have to treat a vulnerability as an attack. Since you're not vulnerable, it's not impactful to your environment so you don't have to focus on it. This is something that other products don't provide.
It is very flexible. You can have the next generation firewall work as a physical connection or as a Layer 2 device. You can have a combination of Layer 2 and Layer 3, which is really good.
View full review »JL
Jonathan LELOU
Ingénieur technico-commercial at ICBM
We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.
View full review »The most important feature is its categorization because on the site and social media you are unified in the way they are there.
View full review »DA
Danut Agache
Computer Networking Consultant and Contractor with 51-200 employees
Stability, high availability of services, and very high MTBU were the most valuable features for me -- because in my work as network and security consultant, it is very important to guarantee to my customer the security of his business.
View full review »SS
NetworkE721d
Network Engineer with 201-500 employees
IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.
The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.
Also, the IP access list counter is a good feature while troubleshooting.
View full review »RS
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.
- Firewall mode
- AnyConnect gateway
- Client-less SSL VPN
JL
reviewer1229682
Network Administrator at a manufacturing company with 10,001+ employees
To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.
We frequently use the Bottleneck feature we purchased specialized from Cisco.
View full review »RP
reviewer1293345
System Administrator at a non-profit with 1-10 employees
Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.
You do not have to do everything through a command line which makes it a lot easier to apply rules.
You are able to see the traffic of what sites users are visiting.
There are warnings if you are about to go to sites that could be malicious.
It also allows you to block within categories, such as, by URL.
The solution always had these capabilities, but it did not have a user interface that was user-friendly.
View full review »PC
Ntwrksec457
Network Security/Network Management at a educational organization with 201-500 employees
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.
View full review »VA
Vikram Arsid
Cyber Security Software Engineer at FireEye
It is a comprehensive suite and complete package. We have the following with the product:
- Interest point detection
- Firewall stuff
- VPN
- It's configurable.
- It guards with its own threat intelligence.
We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.
PP
PetrPetrov
Works at IDF technology
- AnyConnect
- Double translations
- Independent IPS module
- High performance
- Various methods of organizing a VPN
DH
David Hartt
Senior Vice President at a transportation company with 51-200 employees
DMZ segmentation, and IDS and IPS.
View full review »- VPN
- Firewall
- IDS/IPS
These features allow us to deliver services to meet client needs across various industry verticals.
View full review »DS
davidstrom
Owner at David Strom Inc.
The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.
View full review »I love its CLI mode of working, it gives plenty of information with a single line of command.
This feature allows its administrator to perform advanced level tasks with much ease.
View full review »MS
reviewer1905519
Network Architect at a tech vendor with 10,001+ employees
The access list is the most valuable feature of this solution.
View full review »BD
Solution7499
Solutions Architect at a manufacturing company with 10,001+ employees
This solution is easy to use if you know how to set it up.
The most valuable features are on the routing side, with the control between the two networks and the rules that are in there.
View full review »AA
NetworkO9ae4
Network Operations Center Team Leader at a financial services firm with 10,001+ employees
At this point, we find that this product has high productivity and high availability and there is no need for improvement.
View full review »JM
JohnMorris
Manager at BSB Cadmin Ltd
The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.
View full review »MK
asstmana149958
Asst.Manager IT at a manufacturing company with 501-1,000 employees
All the features are good. The GUI is among the most valuable.
View full review »Some of the valuable features are detecting malware and blocking blacklisted URLs.
View full review »The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.
View full review »MZ
Marcelo Zamorano
Middle-Tier Admin Integrator at a tech services company with 51-200 employees
Robustness
View full review »- Network firewall
- FirePOWER services (URL filtering, IPS)
JR
reviewer1473525
Enterprise Integration Architect at a insurance company with 10,001+ employees
It's very stable and mature.
View full review »PS
Phosika Sithisane
Executive Director at ict training and development center
The ability to block threats is its most valuable aspect.
Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.
It's pretty reliable and allows for isolation capabilities within the network.
The ADSM is very good.
I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.
View full review »VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.
View full review »Filtering is the best feature, as I have gotten used to using it. .
View full review »If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact.
The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the only feature, I feel, that is good. I have worked with other firewall products, so I know it very well. The logs are pretty good. Then it forwards. When it forwards the logs to a third-party syslog server, it then writes the Syslog very well. That is the only feature I like about it.
View full review »RS
Rizwan Siddiqi
Network Security Consultant at a tech services company with 51-200 employees
It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest way.
View full review »With the ASA there are multiple products depending on your needs based on the two generations of the ASA. Roughly split-up there are 4 products.
- 5500 Series basic/standard firewall - This I would rate as 7/10 due to the fact that it's easy to use, manage and deploy. Its scalable SSL, and IPSec VPN options, and is lacking throughput
- 5500-X Series basic/standard firewall - This I would rate as 8/10 due to the fact that it's easy to use, manage and deploy. Its scalable SSL, and IPSec VPN options, and it has high throughput
- ASA5500 Series with firewall and CX - This I would rate as 5/10 due to fact that even though the firewall and VPN part is easy to manage and deploy, the CX is lacking in stability, and features. Also, it is rather complex to deploy. Add to this the CX lowers the throughput even further
- 5500-X Series with firewall and Sourcefire - This I would rate as 9/10 because it's easy to use, manage and deploy the firewall, VPN, and also the SourceFIRE. SourceFIRE works rather well and is by far the most advanced IPS system available. But it decreases the throughput more than you´d like
In general, I like both the SSL VPN and SourceFIRE. Firstly, for the VPN, both the client and client-less versions are very scalable, flexible, and dynamic in configuration and probably the best SSL VPN solution available in the marked. Secondly, SourceFIRE has improved the IPS functionality and stability of the ASA to a point where you can begin to enjoy the fruits of your solution and root out the bad seed in you network.
View full review »- Scalability
- Debugging messages
- Context modes
- Content filtering
- VPN features
- User interface is also very friendly
SK
Suebsak Komjezsda
Senior MIS Manager at a tech company with 201-500 employees
The solution is stable. We haven't had any issues in that sense.
The security of the hardware is excellent. Cisco is very serious in its approach to security.
We have a high level of trust in Cisco and its products.
The solution is excellent for enterprise-level networks.
View full review »PK
reviewer1406484
Jr. Engineer at a computer software company with 5,001-10,000 employees
It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.
All of the licensing features can be upgrades.
The interface is user-friendly.
View full review »TM
reviewer1461084
Group Information Technology Manager at a mining and metals company with 201-500 employees
The best feature for me is the VPN and I also like the firewall.
View full review »TJ
Tracey Jackson
Senior Network Engineer at Johnson & Wales University
The VDB updates run on schedule, so less hands-on configuration is needed.
View full review »Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.
One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.
View full review »AM
Azar Mammadli
IT Operation Manager
- Hardware reliability
- Software stability
- Quick software updates for known bugs/vulnerabilities
These are very important in an enterprise environment.
View full review »The ASDM has significantly improved over the years. Real-time logging and filtering is useful. Firewall rules are easy to understand, and enable/disable.
View full review »MR
reviewer991773
Network Security Engineer at a tech services company with 201-500 employees
The user interface, the UI, is excellent on the solution. Let's say you want to check the real-time locker - you can create it by the UI using ADSM.
View full review »The most important feature is the VPN connection.
My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.
Cisco ASA is easy to configure.
The integration with the security features is something that I like.
View full review »SS
Shrijendra Shakya
C.T.O at Sastra Network Solution Inc. Pvt. Ltd.
It is very stable compared to other firewall products.
It has good security features.
The firewall features make it easy for the users to work on it.
View full review »EM
Mantechni677
Technical Manager at a comms service provider with 501-1,000 employees
One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination)
A security level will define how trusted is an interface in relation to another interface on the Cisco ASA.
The Higher is the security level, is the more trusted is the interface.
The highest security level is , “ Security Level 100” .
Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful:
- Firepower services
- Security context
- Firepower management
Monitoring, of course - the dashboard. It enables you to see what is happening.
View full review »Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.
View full review »The security features are valuable because it is easy to use and it has an important role as a firewall.
View full review »It gives us the ability to do lan-to-lan VPN.
View full review »VPN - Both site to site (IPsec) and remote access (IPsec and SSL).
View full review »
We choose Cisco ASA 5500 Series for our branch office primarily because it is a stable firewall. Many home and even business grade firewalls will often start acting up and have to be rebooted, but the ASA is completely rock-solid. ASA Firewall Chains STP and RST Protocol allows us to build redundant uplinks to STP compatible switches. It has 256 MB RAM and 128 MB of flash which is plenty for future upgrades. I personally like to have the multitude of VPN options such as - IPsec VPN, DMVPN, L2TP, SSL, Any Connect, etc. The IPsec VPN is supported on the iPhone, so it is cool to be able to access my home network from my phone.
View full review »
RM
reviewer1474608
Consultor at a government with 201-500 employees
I like the IPS feature, it is the most valuable.
View full review »SH
Seang Haing
Team Leader Network Egnieer at deam
There are two main ways that using Cisco ASA & Firepower has improved our organization:
- Technical features
- Our Sales team
YA
Yasir Al-Musawi
Network Security Specialist at a financial services firm with 501-1,000 employees
It is easy to create interfaces and routing, which all can be done at the GUI level. For now, we are still going around the services and will add more in the future.
View full review »Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.
View full review »ED
Ed Dallal
Founder, CEO, & President at Krystal Sekurity
Provides advanced malware capabilities.
View full review »Cisco ASA's CLI is very effective and fast to configure the firewall and make changes, but monitoring logs and connections can be eye bothering by reading all the line outputs. ASDM, however, have improved the overall ASA configuration from an GUI standpoint. I really enjoy the log monitor where I can see live logs in a more user friendly interface. The down side of ASDM is that it is build with JAVA and that means a lot vulnerabilities and it does not always work with the latest JAVA version and/or patches.
View full review »VG
reviewer1395702
Network Security Engineer at a tech services company with 51-200 employees
The Inline Mode configuration works really well, and ASA works very impressively.
View full review »MM
reviewer1472883
Lead Network Engineer at a tech services company with 51-200 employees
We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution.
View full review »TS
reviewer1067388
IT Administration at a healthcare company with 11-50 employees
The most valuable feature is the access control list (ACL).
View full review »MM
Moraima Matilda
Coordinator Network Support at a manufacturing company with 501-1,000 employees
The most valuable feature is the security that it provides our company and users.
Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.
View full review »PT
Pablo Torrejon
Support Engineer at a tech services company with 51-200 employees
We can shift traffic, block certain content, or redirect policies.
View full review »TP
Tony Petcou
Business Development Executive at CBI
IDS.
View full review »All the visibility the device gives us as well as management and administration facilities.
View full review »VPNs, reliability.
View full review »It's a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM.
View full review »The fact that it's a full inspection firewall.
View full review »ME
Muhammed Eslami
Solution Architect at a tech services company with 11-50 employees
I like the firewall features, Snort, and the Intrusion Prevention System (IPS).
View full review »FK
Fadil Kadrat
Network Engineer at Banque des Mascareignes
- Its VPN and ASN features are very stable.
- It is easy to configure.
Advanced malware protection, it blocks malicious attacks.
View full review »The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.
View full review »It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.
View full review »MR
reviewer1126164
Programming Analyst at a tech services company with 201-500 employees
The feature I have found most valuable is the IPS advanced threat detection for removing ransomware and malware.
View full review »KS
reviewer1441503
CEO & Co-Founder at a tech services company with 51-200 employees
The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.
View full review »The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.
View full review »GS
reviewer994896
Center for Creative Leadership at a training & coaching company with 501-1,000 employees
Its security is the most valuable feature.
View full review »ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.
View full review »In-depth monitoring and analysis. It helps us to make better decisions and policies.
View full review »I enjoy the interface of Cisco products, especially the CLI version. I think the IPS feature in the product is best compared to products of other vendors. All the IPS features can be accessed from a separate interface, e.g., Cisco IDM.
View full review »Firewall, VPN and Single Sign On.
View full review »Security, Routing and NAT.
It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.
View full review »- It provides our company with security and protection on all our devices.
- It's highly available.
NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)
NGIPS: Application visibility, file policies (store files), network discovery, correlation features
View full review »- Stateful inspection
- CLI of the firewall
The features that we use are:
- The stateful firewall
- VPN with AnyConnect
- Site-to-site IPSEC solutions
- High availability
The multi-context mode.
View full review »
Anyconnect VPN
View full review »
1. I have found tje Cisco ASA to be less expensive than Check Point firewalls.
2. It is smaller in size than Check Point firewall.
3. It is easy to operate and manage with both GUI and Command Line
View full review »
-Powerful firewall provides multiple contexts.
-Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login.
-Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM
View full review »
HD
Hari Pandu Dairi
Network Engineer at a tech services company with 201-500 employees
The software itself is very simple.
The solution is easy to operate. It's not overly complex.
The command line is the same as it is on the Cisco iOS router.
The technical support is very helpful and responsive.
This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.
View full review »The front page of device manager is the most valuable feature because it makes it easy to know the system status.
View full review »It has very advanced security features including FirePOWER threat management, which is the most valuable, but also URL filtering, FireSIGHT, and advanced malware protection.
MZ
Matteo ZAMOLO
Program director at a tech consulting company with 201-500 employees
I think Cisco ASA Firewall is the most stable firewall solution.
View full review »MM
MohamedMostafa2
student at MC
ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.
View full review »The simple access rule, Internet NAT and routing are valuable features. It is very simple and the most reliable perimeter firewall.
View full review »Cisco doesn't have many features but only basic firewalls.
Its ability to work with the traffic.
View full review »Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.
View full review »Management Console and user profiling to define activities.
- Strong in NAT and access-lists
- Very good as a stateful inspection firewall, but weak in all other areas.
Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.
View full review »- Firewall
- VPN
- FirePOWER mobile
SF
Shamal Fernando
System Engineer at a tech services company with 501-1,000 employees
It's a flexible solution.
View full review »It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.
View full review »OC
OscarCastillo
Network Engineer at IT Security
I like the easy administration.
View full review »It is very robust, trustworthy and highly customizable.
View full review »- Modular scalability
- High availability
- VPN services
MS
Mufeed Siaj
Network Security Presales Engineer at a tech services company with 51-200 employees
The most valuable features of this solution are the integrations and IPS throughput.
View full review »- IPS
- Antivirus
- IP filtering
- Failover
- Transparent firewall
- Multi-context
- Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.
The solution's reliability, performance, and security are most valuable.
View full review »- NAT
- IPSec
- ACL
There are a lot of companies who create firewalls but there is not a single one which can compete with ASA.
It can have access control from layer 3 to layer 7.
The ASA 5510 is more than enough for small to medium business.
It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA.
You can use ASA to route traffic.
AAA service supports plenty of Authentication server types.
You can configure advanced NAT in this device.
It uses Modular Policy Framework (MPF) to inspect traffic.
You can inspect traffic at different layers separately.
You can use this as a transparent firewall & fail over is instant.
The virtualization works beautifully for this device.
VPN is another added advantage.All the types of VPNs are managed through ASA.
View full review »
- Network attack detection
- DoS and DDoS attack prevention
- Signature-based detection
- User-defined signatures with regular expressions
- Integrated URL and content filtering
- Custom URL categories filtering
- Integarted antrivirus
- Protocols scanning
BB
reviewer1445520
Security Consultant at a tech services company with 51-200 employees
The most valuable feature is the access control list (ACL).
View full review »Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security.
View full review »- Cisco IPSec VPn
- VPN Client
- Port Restrictions
The filter with NAT mode is valuable.
View full review »Buyer's Guide
Cisco Secure Firewall
April 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.