Cisco Secure Firewall
Updated July 16, 2025

Cisco Secure Firewall

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

Firepower 1140

Overall Satisfaction with Cisco Secure Firewall

Our Cisco firewalls are deployed to provide border security firewall, a bounary between our production network and DMZ application/proxy servers, and provide Inline IPS inspection of north-south and east-west traffic. We also have them working as our remote access VPN gateway and IPSEC S2S routed and policy based tunnels to remote partners and cloud infrastructure.

Pros

  • Configuration management and deployment
  • Ability to configure multiple policing types in one place.
  • Unified searching of events (threat, connection, intel, etc.)

Cons

  • Cost for HA active -standby model requires two full licenses, even though only gets used at a time.
  • Speed of change deployment
  • Exporting of logs in CEF format direct to a dialog server over TCP/TLS with needing a third party external pull client or code
  • Old storage on virtual appliance should not be limited by anything but the disk attached.
  • Inability to perform “to the box” filtering using standard policies, and things like stateful inspection and GeoIP filtering.
  • ROI is very low. Licensing is more that the hardware cost and seems excessive, especially given having to pay for two full sets of licenses in an Active-Standby pair. Cost has driven CIO to consider replacing Cisco with a competitor.
We are able to use single pair of Cisco Secure Firewall Threat Defend (FTD) 4145 firewalls to perform all of our required border firewalling, VPN gateway endpoint, S2S IPSEC tunnel endpoint, and provide IPS inline traffic inspection without impacting any of the throughput of the connected networks, most of which are 10Gbps links.
Support is typically great, but have had a few sessions where the technician did not seem to understand the issue or how to go about troubleshooting and had to escalate to different technician. Overall though the TAC technicians have been very knowledgeable in how to troubleshoot our issues, from unknown packet drops, routing issues through zones, upgrade failures and performance issues.
Log management is lacking in that in order to float logs with all the enrichment you have to use a third party tool (estreamer) instead of natively pushing logs out dialog, especially given that Cisco ended support for the tool that they were supporting. Leaving customers with the option to build their own tool or pay significant amounts of money to use their Splunk solution.. The ability to configure route base IPSEC now is great, as well as AnyConnect support for remote access.
They are peer competitors, with Palo Alto offering some advantages over the Cisco products in the way of licensing simplicity and costs. The Palo Alto also supports the abilty to do "to the box" filtering and policy enforcement where Cisco requires special rules that are applied at low level that only do stateless control based on three tupile (IP, port, protocol).

Do you think Cisco Secure Firewall delivers good value for the price?

Yes

Are you happy with Cisco Secure Firewall's feature set?

Yes

Did Cisco Secure Firewall live up to sales and marketing promises?

Yes

Did implementation of Cisco Secure Firewall go as expected?

Yes

Would you buy Cisco Secure Firewall again?

Yes

Secure, easy to manage, continuous improvements to management UI.

Cisco Secure Firewall Feature Ratings

Firewall
7.7
Identification Technologies
9
Visualization Tools
7
Content Inspection
9
Policy-based Controls
9
Active Directory and LDAP
8
Firewall Management Console
9
Reporting and Logging
2
VPN
8
High Availability
7
Stateful Inspection
9

Comments

More Reviews of Cisco Secure Firewall

  1. Home
  2. Firewall Software
  3. Cisco Secure Firewall Reviews
  4. User Review of Cisco Secure Firewall