Cisco Secure Firewall delivers comprehensive threat protection for modern, distributed networks. Built to support hybrid workforces and multicloud environments, it enables Zero Trust access, application visibility, and secure remote connectivity. With integration across the Cisco Secure portfolio, including SecureX and Talos threat intelligence, the firewall powers organizations to detect and stop more sophisticated threats. Centralized management simplifies policy enforcement, orchestration,…
N/A
Stonesoft Firewall (Discontinued)
Score 7.8 out of 10
N/A
Stonesoft firewalls were acquired and rebranded as McAfee Firewall Enterprise (MFE), then divested by McAfee and acquired by Forcepoint in 2016, and have reached end of life (EOL).
We can create personalised policies for our environments. Support every type of old and new environments for deployments and integration. It is necessary for managing hybrid networks where network security is mandatory. Ensure better control of our networks to handle all the issues. I would rate it 9/10. So, my team always suggested it.
Any scenario where a dedicated firewall administrator is on staff and a secure firewall solution that requires high availability is needed will be a good solution for the McAfee Firewall Enterprise product. The McAfee Firewall Enterprise however comes with some of its own parlance that is different from other vendors and does require some comfort on the administrators side when it comes to working in the command line. Added knowledge of protocols and how they interact is a must for any firewall admin but particularly for the McAfee Firewall Enterprise product due to its flexible nature. If the environment is to be mostly hands off where a very limited rule set is to be configured and not likely to change often, I would defer to a different product
Cisco's firewall actually does its job of blocking what it is supposed to block. We had an old Firewall that led to slippages. Cisco catches 97% of malware and vulnerabilities during testing. For Coitiar, that means an engineer who clicks a link with malware is handled quickly.
We actually tested if failovers would affect running sessions. We pulled our primary unit during a certification submission period. The firewall just switched, and the connection kept running.
The AI assistant in policy management is excellent, and for our lean team, it makes the whole process easy and efficient. I don't have to audit 200 policies manually; the AI steps in and does its thing.
Based on the SecureComputing Sidewinder firewalls, the McAfee Firewall Enterprise does similar backend containerization of each service which provides for added security in the unlikely event of failures or breeches.
Tie in reporting services (if used by the admin) provide very granular details on rules accessed and the firewalls response to the requests.
Configurable options are plentiful. Unbound DNS can be configured on each "burb" (SecureComputing/McAfee parlance for interface), similar options for sendmail while rulesets can be configured at the application level down to simple IP-filter making options for enhancing security as well as troubleshooting equally as useful.
Full control over shell for scripting and/or scheduling (cron) purposes.
Solid HA and patching architecture.
Support was always helpful, knowledgeable and insightful (especially the staff that migrated from SecureComputing).
I mean I think a lot of the technology with managing them is getting better. There's a few cons to the new firewall management console. You can't sort through routes or I think you can with interfaces now, but there's a few caveats that they haven't really worked out yet, but they're implementing AI into it, so it's getting to be a lot easier to use.
For an application-layer firewall the applications supported (at the time I managed them) were too few and would need to be expanded and the application ruleset needed to be expanded as well.
The remote access VPN client configuration was overly complex for the average user and would need to be supplemented with a configuration file that had already been generated. Other solutions from CheckPoint or Cisco ASA are not as complex for end user remote access.
Enhancing the GUI with a builtin "packet capture" feature would be useful for administrators not familiar with tcpdump.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
i think overall after ALOT of tac cases it works allright now. But still have alot of issues if you use cloud based mangement. fx, if you open 2 windows of access policys, both of the pages, rules starte to jump form side to side. if you then open one more list, its start to jump even faster. if you close the 2 of them, its back to normal. ALSO the extended access lists for VPN, SUCKS. Its the tiniest window when opening the editor, and you are not able to give the rules names, Which means finding and editing rules SUCKS, its a horrible experience, and eveytime we have to we want to yell :P
We have not had any performance issues with Cisco Secure Firewall, even with DPI and IPS enabled, we have not seen a performance hit. Emoployes have not complained about any slow network speeds that could have been attributed to the secure firewall it has always been something else within the office network.
Firewall support is professional just like any other technology Cisco sells. From answering simple questions to bringing out outages affecting a large population of our workforce, Cisco support is always courteous, professional, and communicates with our team to keep our request on their radar. Some of the brightest people I've met are from Cisco support both in IQ and EQ which shows the talent Cisco is able to onboard to their team.
was a good training but questions was answered not so good. Training was "Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention (SFWIPF)".
Our initial implementation was aided by Cisco's professional services and was excellent. The engineer was very knowledgeable and helped us work through issues while building out our new internet security edge Part of this involved tools to migrate the firewall configuration from old to new.
Cisco Secure Firewall works better with the Cisco ecosystem when we can utilize it and feels beefy enough when we utilize it in the data center. The Fortinet we have found are great, small cost boxes for remote offices with a better UI then Cisco Secure Firewalls. The feature set included with the firewalls feels similar from a security point of view.
Compared to other firewalls I've managed (Palo Alto, Cisco ASA & CheckPoint) I would say that McAfee Firewall Enterprise was probably at the time not the leader in its field however it is a product that proved its reliability and flexibility over the other vendors. The addition of many new features usually comes as a detriment to some other area (restricted CLI, decreased logging etc.). In my experience this product gave the flexibility and options that the organization needed.
A solid, realistic rating most people give for Cisco Secure Firewall pricing is 7 or 8 out of 10 (because the product is strong but licensing can be a bit complex)
Cisco Secure Firewall has never given us any trouble, it has stayed up at all times, upgrading the appliance has also become much simpler. We operate the appliance in a HA pair, so 0% downtime within our organisation. During switchover while upgrading, not a single packet seems to get lost, so this has been a very valuable asset to our company.
Cisco Secure Firewall gives details on the possible intrusions attempts that are occurring on the network, which gives stakeholders confidence that the network is being protected.
Cisco's reputation as a longstanding network leader provides the trust that is needed in keeping networks secure.
The wide variety of tools and features that Cisco Secure Firewall provides allows business owners to plan for changes that can occur in the network as Cisco is able to adapt to the different needs.
In its highly available configuration the impact on any business objective has been positive given the fact that any downtime of the firewall would negatively impact all business objectives.
