We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable feature is stability."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The feature set is fine and is rarely a problem."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"Unfortunately in Cisco, only the hardware was good."
"I have found the most valuable feature to be the access control and IPsec VPN."
"I like them mostly because they don't break and they have great diagnostics."
"It's a flexible solution and is well-known in the community."
"The clusters in data centers are great."
"Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
"Cisco ASA provides us with very good application visibility and control."
"The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals."
"Both the scalability and the scalability are great with Meraki MX."
"Meraki MX offers advanced filtration options, plus it behaves like a router and a firewall at the same time."
"It has the most advanced security features, for example, layer 3 and layer 7 firewall capabilities and the end team and IPS protection. It also has IPS, and it has very good functioning of cloning services. You don't actually have to touch the device. If you have multiple companies in different countries, you don't really require this device to be touched. You can get it delivered directly to any office of a country, and then you can simply put your configuration over the cloud. It's very simplified and easy to manage. It gives a very good granular visibility about your network. Earlier, a lot of things were lacking in the network. We were unable to identify where the problem was, but after implementing Meraki MX, we are able to dig down and identify where is the problem. We can easily and quickly identify the sources and the root causes of the issues."
"Meraki makes it easy to be secure and know where the holes are to fix them. We have been fixing anything that we have ever found for 20 years. We keep up-to-date with firmware upgrades. We just try to stay on top of everything for security, like maintaining updates and getting rid of old systems. I feel like we're on top of it."
"In general, Meraki MX is easy to work with."
"The most valuable feature is that we didn't have any problems with Meraki MX."
"We've had no issues with the scalability or the stability of this solution"
"It has very good features; it's easy to use, configure, set up, and deploy."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"An area of improvement for this solution is the console visualization."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"Deploying configurations takes longer than it should."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"Cisco Firepower NGFW Firewall can be more secure."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"It can probably provide a holistic view of different appliances because many customers do not have only one brand, besides the traditional SNMP protocols, to cover all their devices. There are some specific requirements in terms of configurations or actions that sometimes have to be done in a very manual way because of the different versions or brands in a customer's infrastructure. It could also have some additional analytics capabilities. It has some very interesting ways to monitor the traffic and identify false positives from the architecture and the environment. It would be good if there is a way to patch with some other industry-specific solutions and synchronize some of the information, such as what other customers experience in their operations and probably share some additional information that could be leveraged or shared among the industry. Such information would be something interesting to see. It could have AI capabilities related to how the appliances could benefit from learning the current environment and different exposures."
"I would like to see the inclusion of a protocol that can be used to protect databases."
"When comparing the graphical interface of this solution to other vendors it is more difficult to configure. There is a higher learning curve for administrators in this solution."
"I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."
"In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline."
"It doesn't have Layer 7 security."
"The content filtering on an application level is not as good as other solutions such as Palo Alto."
"There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues."
"You cannot use switching behaviors as you see on the Meraki switch."
"From the improvement perspective, we need more monitoring capabilities. We want to have full-based access visibility, such as, what is happening when something is trying to reach and it is denying. We cannot see some parts of it. The integration of active directory with this product is not very fruitful. It has some bugs or lacks in the functionality of active directory integration. We are unable to identify where exactly and whether it has really applied our policy."
"When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more."
"We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem."
"As far as what needs to be improved — nothing really comes to mind. It does what we need it to do."
"It would be nice if the different services, including the SIEM SOC and endpoint detection and response (EDR) were integrated into one, so that I don't have to go to different vendors for different services."
"They need to improve the link between Meraki and Active Directory."
"In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past."
"The solution was chosen because of its price compared to other similar solutions."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"The price of Firepower is not bad compared to other products."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"If we compare it with FortiGate and the co-existing ASA, FortiGate is better in price."
"We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier."
"It's very competitive with other products."
"When we bought it, it was really expensive. I'm not aware of the current pricing. We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license."
"Cisco ASA Firewall should be cheaper."
"We pay about €2,000 ($2,400 USD) per year for licensing."
"Cisco is considered to be an expensive solution."
"Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis."
"Its licensing cost could be better."
"The license cost depends on the box. We acquired a different product line. We are dealing with MX appliance now, that is, MX6, MX54, MX100, MX250, MX450. Every box has got an identity, and it has got its own specification. Every box has got a different license fee. We deployed Meraki MX in UAE when it was not a mature product. We took a risk, but we were successful. We saved a huge amount of money after implementing and removing all the MPLS and leased lines. We got a broadband connection because Meraki MX could work on a broadband connection. We have drastically saved a very good amount of money, which was one of the successful things apart from the successful solution."
"Like any Cisco product, the license is really expensive for small business clients. It needs to be cheaper. If you look it up, you might go, "That doesn't make any sense.""
"Other content filtering solutions that I have used had more bells and whistles, but given the cost, complexity, and management overhead, I am very pleased with Meraki’s solution."
"It is a good global solution in terms of the price and features, but because we sell this solution in dollars, sometimes we don't get to sell this solution in Brazil because the dollar is very expensive. The price of every project is different. It varies depending upon the project, scenario, and client."
"The price could be lower, but compared to the TCO of other products, it's not really that expensive."
"The price varies depending on the hardware platform as well as the type of license and whether you're adding security or not."
"Meraki is the best option — based on the price and the features available."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.
Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.
Cisco ASA Firewall is ranked 5th in Firewalls with 62 reviews while Meraki MX is ranked 1st in Unified Threat Management (UTM) with 17 reviews. Cisco ASA Firewall is rated 8.0, while Meraki MX is rated 8.4. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Meraki MX writes "Makes it easy to stay on top of everything for security". Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Juniper SRX, SonicWall TZ and pfSense, whereas Meraki MX is most compared with Fortinet FortiGate, Sophos XG, Palo Alto Networks NG Firewalls, SonicWall NSa and SonicWall TZ. See our Cisco ASA Firewall vs. Meraki MX report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.