Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
District Markets Director at Johns, Bruen and Haag
Skilled at Rustic Granite Tuna
Nash Pfannerstill• 2nd
Regional Implementation Planner at Langosh Inc
Skilled at Refined Metal Tuna
See helpful people who have experience with this product
Considered Both Products
Cisco Secure Firewall
Verified User
Consultant
Chose Cisco Secure Firewall
Just the ASAs before this. That's the only other. Select functionality wise. It's comparable, obviously because it's a replacement for it, but again, it's just getting used to the new user interface and the new way of doing things.
I think the Cisco product is probably pretty much equal now. I would love to say that Cisco is way more advanced or whatever, but Palo Alto, they just focus solely really on firewalls. And before Cisco came out with the FTD, the ASAs would only do layer four. So that's one of …
We use both vendors in our environment, I believe it's positive to go with multi vendor approach. As previously mentioned, the PA has the global find option, which is a big asset when troubleshooting. On the other hand, I feel the FTD's CLI is more intuitive and can help you …
I really like Cisco FTD with FMC. It is one of the best products out there. Nevertheless, when compared to PaloAlot it has some room for improvements. The PaloAlto firewalls in general are faster easier to use and have better features. Easier to TS and faster to operate. I …
We are using both Panorama and FMC as well. Different firewalls for different networks but we managing both in the same time. Both working well, can manage the firewalls from it, Logging working great in both.
We use the FMC as a virtual machine, it combines administration, monitoring and can be used perfectly for error analysis. There are restrictions due to administration without the FMC, so we decided on the FMC as the central administration.
The single pane of glass and straightforward interface make[s] Cisco Secure Firewall an upgrade in regards to usability over the ASA in my book. Configuring, auditing and upgrading are all easily doable and learnable, and the systems seem are very reliable. The inspection …
Manager Enterprise Systems & Networks Infrastructure
Chose Cisco Secure Firewall
I believe Cisco firewalls are definitely on par with Palo Alto but the latest AI feature releasing in 2024 will certainly surpass all expectations. Fortinet is going to struggle after this and I can say that with certainty given we have removed all our FortiGate firewalls.
Well, I mean it is really meant for the edge. I think maybe some of the smaller models you could maybe use at your, if you have remote workers where you wanted to protect their environment more than in their home network or whatever, but for us, we've always use the enterprise versions.
It's been a big change for us because like I said, we've been using it about a year, I think. And we went from ASAs to this, so it was a big changeover from being able to do everything in CLI honestly, it's a bit clunky and more time consuming to have to configure things through the Gooey, which has been a pain point for us. But we've tried to automate as much as we can. What it does well is the analysis. The event, not event viewer, but unified event, that's what it is. Handy tool. Also the tunnel troubleshooting the site to site tunnel monitoring or troubleshooting, I can't remember what it's called. It's pretty good too. It's nice how it has some predefined commands in there. I'd say those are probably the things we like about it the most.
Sometimes it's the limitation of the throughput or limitation of the firewall. One DDoS attack they have the bandwidth capacity is very little. And then once there is DDoS attack. Many not only the firewall can protect that they need to take action further at the Upstreaming Provider, that side with the bigger pipe bandwidth for protecting the attack. Not only the firewall can prevent,. Yes. So sometimes firewalls still have the limitation and then need to do any additional monitoring or something. But we can do that with the ideas and IPS, but required to have the bigger pipe to protect DDos Attack, for example the bandwidth from the upstream network as well. I mean when many DDos Attack comes with big bandwidth, not only firewall can protect, but also the blackholing the traffic from upstream providers who has bigger bandwidth DDos mitigation services.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
Cisco support is not at all suitable for this product, at least. It takes a long for them to help us with our server issues. A lot of the time, the customer support person keeps on redirecting calls to another person. They need to be well versed with the terminologies of the product they are supporting us with. Support needs a lot of improvement. Cisco Fire Linux OS, the operating system behind Cisco Firepower NGFW (formerly Sourcefire), also doesn't receive regular patches. In short, average customer service.
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
We use the FMC as a virtual machine, it combines administration, monitoring and can be used perfectly for error analysis. There are restrictions due to administration without the FMC, so we decided on the FMC as the central administration.
I hope this answers the question, but we have the conversation about costs on equipment and lead times have been getting better with firewalls, but those two were the main things that have affected ROI, I think for us. That makes them go to other distributors or even other vendors because they need the products quickly. If it's too costly or the lead times too high, then they'll just go elsewhere.