1. Home
  2. Firewall Software
  3. Cisco Secure Firewall Reviews
  4. User Review of Cisco Secure Firewall
Stay secure - go with Cisco!
Updated March 29, 2023

Stay secure - go with Cisco!

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

Firepower 1120

Overall Satisfaction with Cisco Secure Firewall

Cisco firewall is being used as an edge security device in our branch and datacenter locations. Security related policies such as access control or traffic inspection using IPS are currently applied to filter traffic based on the security best practices protecting internal hosts and publicly available services from outside world.
  • Traffic inspection
  • Remote access
  • Access Control
  • Management of firewalls via Firepower Management Center should be improved. Devices work well but management platform should be improved further in a manner of simplification, more user friendliness and overall stability.
  • It offers good price for the money by supporting so many different features

Do you think Cisco Secure Firewall delivers good value for the price?

Yes

Are you happy with Cisco Secure Firewall's feature set?

Yes

Did Cisco Secure Firewall live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Cisco Secure Firewall go as expected?

Yes

Would you buy Cisco Secure Firewall again?

Yes

Cisco Identity Services Engine (ISE), Cisco DNA Center, Cisco Umbrella
Having remote access configured on these firewalls with many acls using firepower management center can be extremely time consuming.Comparing that with former ASA firewalls and CLI configuration which could be applied in matter of minutes - there's a room for improvement on FTD platform. As an edge device it works like a charm!

Cisco Secure Firewall Feature Ratings

Firewall
9.0
Identification Technologies
10
Visualization Tools
Not Rated
Content Inspection
10
Policy-based Controls
10
Active Directory and LDAP
9
Firewall Management Console
5
Reporting and Logging
9
VPN
8
High Availability
10
Stateful Inspection
10
Proxy Server
Not Rated

Resilience and Reliability

Resilience in cyber security is about more than just implementing the latest security technologies, it also involves training employees on security best practices and cultivating a culture of security awareness and a willingness to adapt to changing threats. By building resilience, organisations can reduce their risk of damage from cyber attacks and ensure the continuity of their operations.
To be resilient, organizations must take a holistic approach to cyber security, including having incident response plans, training employees on security best practices, regularly testing and assessing their security posture, and continuously updating their security technologies and policies to stay ahead of emerging threats. Organizations that prioritize security can reduce their risk of cyber attacks and ensure business continuity in the event of a breach.
There are other vendors on the market with highly complimented solutions and based on the feedback received by fellow engineers using them in production in their organizations it sounds like something worth paying attention to. Proof of concept and feature comparison with Cisco Secure Firewall will would be the next potential step. Overall, the user experience with ease of management of solutions might be the key here.
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
As for the availability, in general we did not experience any issues with it, neither in situations where there's only one physical device implemented nor when there's and High Availability pair. Failover works like a charm, no complaints here, it works as it should and so far it has been highly reliable.
  • Maybe not something usually being used - we are using inline pair options for the interfaces where firewall acts as a l2 device but still inspects it via IPS and is able to block anything malicious

Using Cisco Secure Firewall

15 - Main users of Cisco Secure Firewall in the organisation are network transition and operations teams. Alongside with them, security teams are also using the firewalls to enforce security policies and receive security related reports.
10 - To be able to support Cisco Security Firewalls you need specific security skills to be present in your network engineers skillset. CCNA or CCNP security certification offers the type of competency and knowledge required to configure and maintain security firewalls.
  • DMZ termination point
  • Edge security
  • Remote access termination point
  • Traffic inspection point for internet facing traffic
  • Cisco AMP for networks on firewall
  • Umbrella on firewall

Evaluating Cisco Secure Firewall and Competitors

  • Integration with Other Systems
Cisco as a vendor is largely used in the organisation. Bringing in one more Cisco platform was a logical step especially when already having operation teams cisco certified with skillset needed to manage it.
Additional proof of concepts would need to be done. Firewalls would need to have less complex and more user friendly management platform with most of the non-standard features hidden in the background.

Cisco Secure Firewall Support

TAC is doing a great job in solving the issues which come up from time to time. Overall satisfaction with support is good, teams are skilled and professional and are managing to solve the issues in relatively short time.
ProsCons
Quick Resolution
Good followup
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Quick Initial Response
None
n/a
We consider exceptional support the case when remote access solution and MFA were implemented in our environment. Due to various issues affecting large number of users and postponing the solution implementation, cisco support which included multiple teams for different security solutions did an excellent job in helping us sorting out the unexpected behaviour and ultimately solving the issue.

Using Cisco Secure Firewall

Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use.
ProsCons
Like to use
Technical support not required
Well integrated
Consistent
Feel confident using
Unnecessarily complex
Lots to learn
  • High Availability configuration
  • Interfaces and Zones configuration
  • Platform settings
  • Routing / route-maps using flex config
  • Configuration of Split ACLs with a lot of lines