Cisco Secure Firewalls, next up from the ASA
June 19, 2022

Cisco Secure Firewalls, next up from the ASA

John Buis | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Software Version

Firepower 1010

Overall Satisfaction with Cisco Secure Firewall

We use the FTD 1010 model at smaller sites. The largest office supports 20 users. We have licensing to support AMP and IPS. At these sites, we terminate the provider's equipment to the FTD. They are used for routing also. The configurations are not complex. Basic S2S tunnel to our HQ and an ACL with basic inspection enabled. They are all managed by Cisco Secure Firepower Management Center (FMC). All configuration is done from Cisco Secure Firepower Management Center. For a small office, they cannot do DHCP options well. We route our DHCP over the tunnel to HQ or started to deploy onsite servers dedicated to DHCP. Other than that, for anything else, a firewall is needed; they are useful.
  • IPS
  • S2S tunnel building with Cisco Secure Firepower Management Center
  • AMP
  • Creating policies in Cisco Secure Firepower Management Center
  • I believe it has no SD-WAN availability at this time.
  • Features useful in a small office like more complex DHCP options.
  • Incorporate DDNS features perhaps built in like Cisco Meraki has.
  • Cisco Secure Firewall has provided a single management interface for all of our devices.
  • We have had issues implementing 1010 in HA where a site was using a dynamic IP previously.
  • Lack of DHCP options has slowed deployment to our smaller sites.
Cisco Firepower firewalls have all the features expected of an NGFW. Managed with a Cisco Secure Firewall Management Center, most of the learning curve is just knowing where in the menus to go to do what you want. All brands of firewalls work as expected, and learning each GUI is the trick. The GUI for Cisco Secure Firewall Management Center is simple. Though when devices are registered to Cisco Secure Firewall Management Center, there are no options to make changes locally and sync them back to the management center. That does limit accessing a remote site that might go down.

Do you think Cisco Secure Firewall delivers good value for the price?

Yes

Are you happy with Cisco Secure Firewall's feature set?

Yes

Did Cisco Secure Firewall live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Cisco Secure Firewall go as expected?

No

Would you buy Cisco Secure Firewall again?

Yes

Cisco Secure Firewalls have routing capabilities with OSPF that we use. They have a full suite of features expected of an NGFW. Though for the smaller models like 1010, they lack some things that would be useful in a small office. Lacking DHCP flexibility has slowed the deployment of these devices in our organization.

Cisco Secure Firewall Feature Ratings

Content Inspection
9
Policy-based Controls
10
Active Directory and LDAP
10
Firewall Management Console
8
Reporting and Logging
10
VPN
10
High Availability
7
Stateful Inspection
10