Cisco Secure Firewall At-a-Glance

At a Glance

Download Options

  • PDF
    (318.5 KB)
    View with Adobe Reader on a variety of devices
Updated:01 February 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Download Options

  • PDF
    (318.5 KB)
    View with Adobe Reader on a variety of devices
Updated:01 February 2023

Related image, diagram or screenshot

Turn your entire network into an extension of your security architecture

As our business-critical applications are a blend of cloud and on-premise based and users need secure access to resources from everywhere, the traditional firewall approach no longer works. Our single network perimeter has evolved to multiple micro-perimeters. For many organisations the application is the new perimeter, and traditional firewall deployments have evolved to a mixture of physical, virtual and cloud-native appliances. As a result, organisations are struggling to operationalise support for modern application environments. The challenges of how to maintain consistent visibility, policy enforcement and uniform threat visibility without opening vulnerabilities that expose the organisation to risk.

At Cisco, we’re building a network security vision, NetWORK, that enables a more agile, automated and integrated approach for harmonising policies and enforcement across modern dynamic applications and increasingly heterogenous networks. Secure Firewall gives you the deepest set of integrations between core networking functions and network security, delivering the most secure architecture ever. The result is a complete security portfolio that protects your applications and users everywhere.


      Real-time, unified, workload and network security for integrated control across dynamic application environments

      Platform approach to network security, leveraging and sharing intelligence from key sources for faster detection, response and remediation Safeguard remote workers with highly secure enterprise access anytime, anywhere, from any device, with powerful threat prevention capabilities that protect the organisation, users and critical applications

      SecureX entitlement included with every Cisco® Secure Firewall, for a tightly integrated approach to security that enables threat correlation across the Cisco Secure portfolio and accelerates incident response

Why Cisco?

The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated, leading to the strongest security posture available today and tomorrow.

From your data centre, branch offices, cloud environments and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world-class security controls everywhere you need them.

Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise and stop threats faster.

Superior visibility and control

Threats have become more sophisticated, and networks have become more complex. Very few, if any, organisations have the resources to dedicate to staying up to date and successfully fend off all these constantly emerging and evolving threats.

As threats and networks become more complex, it is imperative to have the right tools to protect your data, applications and networks. Cisco Secure Firewalls have the power and flexibility that you need to stay one step ahead of threats. They offer a dramatic 3x performance boost over the previous generation of appliances, in addition to unique hardware-based capabilities for inspecting encrypted traffic at scale. In addition, the human-readable rules of Snort 3 IPS help simplify security. eDynamic application visibility and control is available through the Cisco Secure Workload integration, for consistent protection for today’s modern applications across the network and workload.

Find the ideal firewall for your business

Simplified and consistent policy management

With the Secure Firewall portfolio, you gain a stronger security posture, equipped with future-ready, flexible management. Cisco offers a variety of management options tailored to meet your business needs:

      Cisco Secure Firewall Device Manager: Manages a single firewall locally; on-device management solution to the Firewall Threat Defense

      Cisco Secure Firewall Management Center: Manages a large-scale firewall deployment; available in all form factors, such as on-premises, private cloud, public cloud and Software as a Service (SaaS)

      Cisco Defense Orchestrator: A cloud-based manager that streamlines security policies and device management across multiple Cisco products, such as Cisco Secure Firewall, Meraki MX and Cisco IOS® devices

Cisco also offers Cisco Security Analytics and Logging for scalable log management. It enhances threat detection and meets compliance mandates across the organisation with longer retention and behavioural analysis capabilities.

Customer story

Cisco Secure Firewall advanced capabilities

Advanced Capability


Cisco Secure Workload integration

  Cisco Secure Workload (Tetration) integration enables comprehensive visibility and policy enforcement for modern distributed and dynamic applications across the network and workload for consistent enforcement in a scalable manner

Cisco Secure Firewall Cloud Native

  Built with Kubernetes and first available in AWS, Secure Firewall Native Cloud is a developer-friendly application access solution for building highly elastic, cloud-native infrastructure

Dynamic policies support

  Dynamic attributes support VMware, AWS, Azure tags for situations where static IP addresses are not available
  Cisco has been a pioneer in tag-based policies with Security Group Tags (SGTs) and Cisco Identity Services Engine (ISE) attribute support

Snort 3 Intrusion Prevention System

  The next step in threat protection with industry leading open-source Snort 3 helps improve detection, simplify customisation and enhance performance

Transport Layer Security (TLS) Server Identity and Discovery

  Enables you to maintain Layer 7 policies on encrypted TLS 1.3 traffic. Maintain visibility and control in an encrypted world where it’s not realistic to decrypt and inspect every single traffic flow. Competing firewalls break your Layer 7 policies with encrypted TLS 1.3 traffic

Cisco Secure Firewall Management Center

  Provides unified management of firewalls, application control, intrusion prevention, URL filtering and malware defence policies
  Integration with Cisco Secure Workload (formerly Tetration) enables consistent visibility and policy enforcement for dynamic applications across the network and workload

Cisco Defense Orchestrator

  Cloud-based firewall management that helps you consistently and easily manage policies across your Cisco Secure firewalls

Cisco Security Analytics and Logging

  Highly scalable on-premise and cloud based firewall log management with behavioural analysis for real-time threat detection, for faster response times. Plus continuous analysis to further refine your security posture to better defend against future attempts
  Meet your compliance needs with log aggregation across all Cisco Secure Firewalls
  Tight integration with firewall managers for extended logging and analysis, as well as aggregating firewall log data in a single intuitive view

Cisco SecureX

  Leverage the SecureX platform to accelerate threat detection and remediation. Every Secure Firewall includes entitlement for Cisco SecureX. The new SecureX ribbon in Firewall Management Center enables SecOps to instantly pivot to SecureX’s open platform, speeding incident response

Cisco Talos® threat intelligence

  Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. They create accurate, rapid and actionable threat intelligence for Cisco customers, products and services. Talos maintains the official rulesets of, ClamAV and SpamCop

Next steps

To learn more about Cisco Secure Firewall, visit

To view buying options and speak with a Cisco sales representative, visit




Learn more