Cisco's modernization of one of their staples is as good as ever
Updated January 31, 2024

Cisco's modernization of one of their staples is as good as ever

Tom Erdman | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version


Overall Satisfaction with Cisco Secure Firewall

Our organization uses Cisco Secure Firewall to protect our enterprise network. It has a ton of features that are very straightforward to use. It allows us to easily setup Access Lists determining what few services we let in. We also use Malware filtering, file inspection, and URL filtering to protect our public. Cisco Secure Firewall allows us to NAT our devices and servers that need an external connection, and even allows for different virtual interfaces to be setup as gateways for internal subnets.
  • Easy to update configurations
  • Automated backup and failover
  • Intuitive Access Control
  • Interface can be slow.
  • Current version is buggy in regards to tracking connection events.
  • File inspection isn't always intuitive to set up.
  • An external logging system is required for true insight into activity.
  • This product is great for inspection and normal firewall controls.
  • If there's a bug in it, it can take a lot of resource time to chase it and work around it.
  • Deciphering which data is useful has taken a bit of time and trimming.
  • Updates are regular and easy to perform.
We have had great results with our Cisco Secure Firewall. Like all businesses, we are constantly having to ask it to do more, and it always seems up to the task. We have inspection turned on, and it doesn’t seem to bog anything down. Basically, the only bottlenecks created by our Cisco Secure Firewall come from physical throughput capacity as opposed to performance issues.
Cisco support is timely and talented. Many issues can be found in a kb or community forum, but for the ones that are a little more one off, support is responsive and helpful, and the techs are good at knowing when they need to ask others for help when it is a bigger issue.
We try to use some of the analytics, but I would say analytics and logs are probably the Cisco Secure Firewall’s greatest weakness. We had to stand up an Elastic stack primarily to get us insight into firewall activity because the built-in tools are too unreliable. We don’t use the VPN feature.
The single pane of glass and straightforward interface make[s] Cisco Secure Firewall an upgrade in regards to usability over the ASA in my book. Configuring, auditing and upgrading are all easily doable and learnable, and the systems seem are very reliable. The inspection features and policy GUIs alone make it worth the switch in my opinion.

Do you think Cisco Secure Firewall delivers good value for the price?


Are you happy with Cisco Secure Firewall's feature set?


Did Cisco Secure Firewall live up to sales and marketing promises?


Did implementation of Cisco Secure Firewall go as expected?


Would you buy Cisco Secure Firewall again?


Cisco Secure Firewall is well suited for an SMB and up that can afford the licensing and can use an enterprise firewall. I'm a Systems guy by trade, but I can handle the day to day work on this powerful appliance without too much headache. That being said, it could be too much for a small shop that doesn't have a Cisco resource, especially if just buying the device puts you in the hole. A poorly configured expensive firewall is much worse than a properly configured simple one.

Cisco Secure Firewall Feature Ratings

Identification Technologies
Visualization Tools
Content Inspection
Policy-based Controls
Active Directory and LDAP
Firewall Management Console
Reporting and Logging
Not Rated
High Availability
Stateful Inspection
Proxy Server
Not Rated

Cisco Security

Security is part of all of our processes, not an add on. We make it part of our daily work to improve our posture whenever possible. Cybersecurity goes hand and hand with availability and providing services to our customers, so cybersecurity is intertwined with and a part of any investment we make, and quality, manageable firewalls are part of that.
Cisco is a proven name in the IT industry, particularly when it comes to switching and firewalls. We had successfully used Cisco’s ASA Firewall for years, so they had a definite lead when it came time to upgrade. Cisco’s NGFW offering in Firepower, with it’s ease of management and versatility made it a fairly easy decision.
Cisco’s proven track record in our organization and the ease of management were huge factors, but the versatility really won us over. The options for licensing inspection, security intelligence feeds, content filtering and possible VPN made it a pretty easy decision at the time. I’m sure other vendors have caught up, but it’s hard to beat what you know, especially when it works so well.
It will definitely be the proverbial two edged sword. AI should drastically assist and improve automation and defenses, helping the defenders…but threat agents also have AI to assist with end arounds and attempts to breach. Basically I think the game just got faster, and it’s up to the good guys to focus on tuning and turning out quality software to help with the defense.
We are not using this as of yet.

Resilience and Reliability

I believe resilience is one of the key factors in cyber security. It’s not about ‘whether’ you’ll have an incident, it’s about how you recover and how bad you let it be when it happens. Resilience is going to determine whether you have to shut your doors after an event or not.
Leaders can build more cyber resilience by utilizing multiple and multi-faceted layers. Following the standard cyber model and utilizing layers such as edge, end point protection, physical layers, etc are all definitely part of it. But layers of firewalls, network detection and inspection are also huge pieces, with training your people being the biggest investment you should make.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top.
  • We use it to filter adult content for our public networks.
  • We are able to block some applications and use exceptions for certain users.