Cisco IOS Security Reviews

Cisco IOS Security has many good features, but compared to other solutions, it has a more user-friendly interface with steps to apply and manage rules. Another good part of the solution is that it's more straightforward.

An area for improvement in Cisco IOS Security is the performance because it's not as stable sometimes. There's also some latency in the solution, which could be improved. Cisco IOS Security integrates with other solutions, but you'll encounter many errors after integration, so this is another area for improvement.

I'd like to see enhanced performance and a simplified setup in the next version of Cisco IOS Security.

I've been working with Cisco IOS Security for more than five years.

Cisco IOS Security isn't as stable.

Cisco IOS Security isn't as scalable, but it's okay. It's suitable for enterprise companies.

The technical support for Cisco IOS Security is very good. The support team responds every time.

Setting up Cisco IOS Security wasn't very easy because it's not a standalone solution. The setup requires merging rules and integration with other solutions, which could take some time.

The pricing for Cisco IOS Security is reasonable compared to other Cisco products.

I'm working with Cisco products such as firewalls, ISE, routers, data centers, FTD, and most of the Cisco technologies. I have experience with Cisco IOS Security as well.

My company is a partner and reseller of Cisco products.

My customers, particularly enterprise customers, use Cisco IOS Security.

My advice to others looking into implementing Cisco IOS Security is to do a POC first. It would help to be careful about performance, latency, and management issues with Cisco IOS Security.

I'd rate Cisco IOS Security as seven out of ten.

We use Cisco IOS Security for integration purposes. We have Cisco features and Cisco devices in our organization. We use it as an integration system for Cisco devices.

Cisco products are very secure and integrate easily with other devices.

The graphical user interface or the GUI could be better. Beginners can use some devices with the GUI, but some security devices are configured using CLI. It would also be better if it had its own Intrusion Protection Service and Intrusion Detection Service on the server.

I have been using Cisco IOS Security for more than three years.

Cisco IOS Security has been stable so far.

The device is not scalable because the device was manufactured with a specific product specification. To scale, you have to plan and add more devices. We have about 12,000 users.

They are supportive and have the technical skills to support us. If I have challenges with a Cisco product, they help me based on their subscription fee.

On a scale from one to five, I would give Cisco technical support a five.

Positive

The initial setup is straightforward for IT users. It takes about one hour to implement this solution because we have to upgrade the framework on some of the devices. 

On a scale from one to five, I would give the initial setup a five. 

Cisco IOS Security is not very expensive, and pricing depends on where you live. It's affordable for both individuals and institutions.

On a scale from one to five, I would give Cisco's pricing a four.

We chose Cisco because the company has an excellent market rating, users are familiar with Cisco, and they can deploy Cisco products. Using Cisco also improves the security mechanism of all devices from end to end.

On a scale from one to ten, I would give Cisco IOS Security an eight.

This has improved the way our organization operates very well.

The most valuable feature is the support that we get.

In the next release of this solution, we would like to see support for the 100BT and 7000 models.

We have experienced bugs in the solution.

This solution is stable.

I would rate the scalability of this solution at about eighty percent.

Technical support for this solution is very good.

The initial setup of this solution is straightforward.

We deployed this solution ourselves.

There is a return on investment with this solution. 

The licenses for this solution are expensive.

This is a good solution, and one that I recommend, but sometimes we have bugs.

I would rate this solution a nine out of ten.

We use it for routing and switching, VPNs, connectivity to some degree, and firewalls.

In certain spots it has improved our security program's maturity, for example around virtualization and network segmentation.

The most valuable feature is the scalability. The nice thing with the bigger vendors is that they're very good at scale.

I would like to see much more embedded security that works and that isn't a bolt-on.

It's pretty stable. The stability has been good.

I would rate the technical support at eight out of ten. We've had a lot of good feedback. 

Different products come and go but we've been using Cisco for 20 years. 

We use every consulting firm and probably most integrators, depending on the project. On any day it could be Deloitte, Accenture, etc.

I'm sure we've seen ROI. Routing is better than picking up a file, carrying it to you and handing it to you. But it's been in place for quite a long time.

Look at this solution and figure out what you're trying to accomplish. You should probably augment it with some other vendors as well. I'm not a big single-vendor type of person. I don't think anyone does it perfectly well. With Cisco, you bring them in for their core competencies which are routing, switching, and virtual networking. Then you augment it with some security vendors that have been doing security the entire time.

I would rate it at eight out of ten. It's not a ten because of the criticisms around security.

We use this solution to connect branch offices and keep the security on each one.

Cisco IOS allows us to keep the same security features as our principal offices.

We can access control lists and VPN tunneling.

It gives us better efficiency.

I think setup could be one area for improvement.

I would also like to see them add integration with cloud solutions like Umbrella, as well as some monitoring improvements. This would let us connect a new platform and cloud solution for a site.

Cisco's high stability is a well known feature.

It is scalable. We can go to another platform and keep the same functionality.

I think we have great support from Cisco for this. I haven't used it personally, but I have heard good things.

I think we used Firepower. We work specifically with Cisco.

I think the initial setup was simple. We have a lot of documentation and a guide that we can follow.

Thinking about the ease of managing these platforms and the technical support that we have, we can avoid extra costs and investments. We've saved time allowing our staff to work on other things that have saved money overall.

My advice is that this is a very secure option for platforms and gateways using the Cisco IOS security feature.

I would rate Cisco IOS as ten out of ten.

EEM (Embedded Event Manager) is a software component of Cisco IOS.

I found that EEM is a handy feature [but it is an underdog for the end user] if fine tuning of monitoring is required or if you would like to turn a Cisco device (switch or router) into a programmable device (without fancy words like ACI or Python, etc.). It is low level but efficient and money saving. It is available by default (but check the IOS feature support first). For curious minds, it could be used in combination with IP SLA and tracking features, a network engineer Swiss army knife.

• Increased monitoring level for KPIs normally not tracked by network management systems.
• Ability to correlate events and report back in a predefined format/customized message on the switch.
• Making a Cisco switch act as a network event sensor is enhancing visibility on the network.

• Tailored monitoring/notifications and some sort of added intelligence moved now to the edge of the network. (Actually, it could be done at any point of network: core, distribution, or access.)

As it is a tailored solution, it is not very scalable, but this is a trade off; you need a hammer or a scalpel. And EEM is a scalpel.

No licenses but what comes with the features of IOS.

Before choosing this product, we evaluated other options. I looked for a tailored solution.

The competition (like Juniper) do offer similar approaches (scripting capabilities, but I did not look into the details). The question is that in many cases, users are not extending their expertise to adopt these money/time-saving features that vendors provide with their OSs.

We basically use it for security. It can be used as the internet as well as the data center security firewall.

The hardware is pretty stable. It's also a very good product performance-wise. 

Initially, it wasn't mature like a firewall and there were other leaders, but now they have included almost all the features of next-generation security. Basically, it's a good product to work with. 

I would love it if it has a link-by-link feature, integration with Unified Threat Management (UTM), and load balancers.

They haven't got any link-by-link feature right now, which can be a very attractive option. This link-by-link feature can also be made available for Cisco's UTM firewalls. The link-by-link feature is available in some of the other firewalls. 

Currently, integration with UTM is missing. Cisco IOS Security also doesn't have the load balancers and a few things that need to be done to get a good UTM firewall. Normally, other firewalls have UTM. As a next-generation firewall, it's good, but as a UTM, it has to do some work.

We have been working with this solution for around 15 years now.

Cisco IOS Security is very stable.

It's pretty scalable. The hardware is good, and it's scalable.

The main reason for going with Cisco is their support. They have very skilled people and a very good support structure as compared to many other companies. They invest heavily in support maintenance. 

We are pretty comfortable with Cisco technical support, but with the new acquisitions, they also need to ramp up their support. For the older Cisco IOS and other stuff, they have very mature teams, but with the new acquisitions, sometimes it takes time to do the transition up to that level. For example, when Cisco acquired Sourcefire for the firewall, it took some time for Sourcefire to act like Cisco's other products. So, support is good, but still, there is a learning curve involved with new acquisitions and their support.

The initial setup was complex when we compare it with some other vendors.

The setup is easy if you have good knowledge. As compared to the earlier types, it is very easy now, and the major stuff is graphical. It's pretty easy, and we don't need a lot of people, at least one to two people for backup are good enough to manage the firewalls.

Cisco IOS Security is for medium and large enterprises. When we talk about the price as well, it's more suitable for medium and large enterprises, but recently they included a few good SMB options. They have introduced a cheaper version of it in the last year with SMB option, which can be looked into for small enterprises, but it's more suited towards the large enterprises and medium enterprises.

We prefer selling Cisco firewalls. We also sell Fortinet. Because Cisco's presence in our country is very good as compared to Fortinet and Palo Alto, the local customers seem comfortable with Cisco.

When we talk about Cisco, definitely the hardware is more reliable and scalable as compared to others. The support is also pretty good. These are the two good things. Definitely, Cisco Firewall is all around pretty good as compared to Fortinet.

We work with Cisco, and we top-rate Cisco firewalls to be sold and deployed. This is because they have good trading and expertise available. Cisco IOS Security is pretty reliable, and it also has really good documentation.

It sometimes requires a slightly higher technical expertise to implement all the features as compared to other firewalls. Therefore, users definitely have to be trained first to get proper knowledge. Definitely, IOS security is well-documented, and it's pretty reliable. I'd advise just to make sure that they have adequate knowledge. 

The learning curve is slightly longer because it's a slightly complex product as compared to Fortinet, but feature-wise, it's very good.

I would rate Cisco IOS Security a seven out of ten. It is a good product with scope for features such as link-by-link, integration with UTM, and load balancers.

We are a reseller and Cisco IOS Security is one of the network security products that we offer to our clients. The primary use case is securing connectivity between sites. Examples of this are between a site and a data center, or a site and a cloud provider.

DMVPN as a technology, not necessarily for security, has allowed my customers to be more agile in their connectivity, without having to rely on a hub-and-spoke topology. Rather, they can leverage a full mesh topology, which is essentially SD-WAN.

IPsec allows us to overlay that, which means we can obfuscate the underlying infrastructure, whatever the transports are. Whether it is a secure private transport like MPLS or just public internet, we can commoditize the underlying transports and trust that everything is secured from prying eyes. 

What I have used the most and received the most benefit from is the IPsec technology. It overlays on DMVPN tunnels and being able to secure these object-based tunnels is good because they perform significantly better than traditional IPsec tunnels.

With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle. My expectation is that it will remain a primarily command-line-based technology.

The biggest annoyance is probably the quality control of the code. They have to make sure that they are better at vetting bugs and software issues before they release code to the general public.

I have been working with this product for the past ten years.

It is not the most stable system that I have worked with.

I don't think that scalability is much of an issue.

Our clients are small enterprise-level organizations, typically between 1,000 and 5,000 knowledge workers.

The technical support is pretty good and I would rate them an eight out of ten. If anything, they should work on their response times for critical cases.

I would say that 80% of my experience is with Cisco products.

The initial setup is fairly complex, although it depends on the feature sets that you're looking for. Cisco IOM is probably the most complex part of it because it involves setting up all of the QoS policies, performance-routing policies, and performance-routing domains.

From a DMVPN over IPsec perspective, it is pretty straightforward.

Price is certainly something that the IOS technology has fallen behind the competition on.

My advice for anybody who is implementing this product is to ensure that they don't overlook the technical overhead that is required to get it set up and keep it running. From an SD-WAN perspective, there are more user-friendly options out there, so they are going to have their own shortcomings. However, if you're going down the route of a Cisco command-line-based solution then make sure that you're prepared to have the staff on hand to manage it or instead, have a trusted partner that you work with and has the expertise to manage it.

From a feature-set perspective, as long as Cisco continues down the path of combining features from its products onto the unified platform, it will have all the features you need.

It's a good product and it does exactly what it's intended to do, but there and stability issues and the price is expensive.

I would rate this solution a seven out of ten.