IT Central Station is now PeerSpot: Here's why

Cisco ASA Firewall OverviewUNIXBusinessApplication

Cisco ASA Firewall is #6 ranked solution in best firewalls. PeerSpot users give Cisco ASA Firewall an average rating of 8 out of 10. Cisco ASA Firewall is most commonly compared to Fortinet FortiGate: Cisco ASA Firewall vs Fortinet FortiGate. Cisco ASA Firewall is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 35% of all views.
Cisco ASA Firewall Buyer's Guide

Download the Cisco ASA Firewall Buyer's Guide including reviews and more. Updated: June 2022

What is Cisco ASA Firewall?

Cisco ASA Firewall is a security device that combines firewall, intrusion prevention, virtual private network (VPN), and antivirus capabilities. Its main purpose is to provide proactive threat defense to stop attacks before they spread through the network.

Cisco ASA Firewall Features

Cisco ASA Firewall has many valuable key features, including:

  • Intrusion prevention system (IPS): Cisco ASA Firewall’s IPS provides contextual awareness.
  • Advanced threat protection: Gain protection against zero day threats (based on using global threat intelligence) .
  • Rapid threat containment: With Cisco ASA Firewall, you can proactively mitigate risks. If a threat is detected, additional security policies are applied to other network devices for increased protection.
  • High availability: Cisco ASA Firewall offers high availability for high resiliency applications
  • Integrated IPS, VPN, and unified communications capabilities
  • Multi-node clustering
  • Multi-site
  • High performance

Cisco ASA Firewall Benefits

Some of the benefits of using Cisco ASA Firewall include:

  • Superior protection from threats through CSC, IPS, and the like.
  • Better pricing means that TCO is reduced. 
  • High performance levels that can be scaled to achieve 10+ Gbps.
  • You can deploy new applications easily over secured layers.
  • Identity-based access helps you access business resources.
  • Identity-based access can be integrated with other services, such as LDAP and Microsoft Active Directory.
  • By implementing Cisco ASA Firewall, IT resources are freed up.
  • Because Cisco ASA Firewall offers effective prevention, your spyware cleanup costs decrease.

Reviews from Real Users

Below are some reviews and helpful feedback written by Cisco ASA Firewall users.

A Cisco Security Specialist at a tech services company says, “All the features are very valuable. Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution.” He goes on to add, “The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content.”

Jonathan M., Head of Information Communication Technology at National Building Society, comments, "The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks. The standard reports allow us to constantly monitor our environment and take corrective steps.

Eric H., CEO at NPI Technology Management, explains, “The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made."

Cisco ASA Firewall was previously known as Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv.

Cisco ASA Firewall Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.

Cisco ASA Firewall Pricing Advice

What users are saying about Cisco ASA Firewall pricing:
  • "Once you know what the product is, it is not that bad. Yes, it is expensive. When you try to get a license, it is like, "Well, I don't know which one of these I need. And, if I don't buy it now, then I will probably be back later. Now, I have to justify the money." Typically, you end up just buying everything that you don't use most of the time. It is one of those solutions where you get what you pay for. If you don't know what you need, just buy everything. We have additional licenses that we don't use."
  • "When we bought it, it was really expensive. I'm not aware of the current pricing. We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license."
  • "It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco."
  • "The pricing was pretty comparable to other solutions when we purchased it."
  • Cisco ASA Firewall Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
    Real User
    Top 10
    Packet inspection with ASDM works well, but upgrading requires notable planning and effort
    Pros and Cons
    • "Cisco ASA works very nicely from an administration perspective. The management of the device is very nice. The ASDM (Adaptive Security Device Manager) is the software that we use and it is very easy to configure using the GUI."
    • "The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics."

    How has it helped my organization?

    Remote access through the VPN wasn't available in the old firewall that we used, so that was a value-add. That's one way Cisco ASA has impacted our company. Also, from an administrator's perspective, newcomers have a shorter learning curve working with the ASA firewalls. Also, when we deployed it on the data center firewalls, we did some microsegmentation using different subnets for the whole environment, including UAT and production. We didn't have segmentation before, but with the growing security needs, we segmented the servers. For each of the subnets we made different gateways on the firewall. That helped us achieve the requirements of the latest standards. Thanks to the IPS, the malicious traffic has dropped. Initially, when we deployed the IPS, it gave us some problems. But after a week or two, it worked very well. I used a balanced security policy when I integrated it with the FMC server. On the FMC, the GUI gives me a very good, extensive view of what traffic is getting dropped and at what time. It gives me all the visibility that I need.

    What is most valuable?

    The normal firewalling features are very good. You can easily create objects and work with them.  The AnyConnect software for remote VPN is an added feature on the firewall that works very well in our environment. The IPS is another important feature that I use. It doesn't impact the overall performance of the ASAs. All of these features work fine. Cisco ASA works very nicely from an administration perspective. The management of the device is very nice. The ASDM (Adaptive Security Device Manager) is the software that we use and it is very easy to configure using the GUI. If you are familiar with the ASDM software, it's very easy for anyone to handle. The CLI isn't different from other Cisco CLIs, so that makes it easy as well. Also, the visibility when doing packet inspection on the ASA, using the ASDM GUI, works well. You can go to the monitoring part and see the live logs, the syslogs. All the traffic events are displayed in the syslog. You can filter on whatever event you are interested in and it is visible to you in no time. It provides a real-time display of the traffic. Troubleshooting issues is very easy using ASDM.  In addition, if you want to do some captures at the interface level, there's a packet tracer, a tool within the ASDM and the ASA, which is available on both the GUI and the CLI. That is on the newer firewalls as well and it's very nice. It shows you the life cycle of a packet within the firewall, from entry to the exit, and how many steps it goes through. It really helps while troubleshooting. I'm very satisfied with that.

    What needs improvement?

    The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics. For example, if the ASA Firewall's software has to be upgraded, it has to be compatible with the IPS software—the FireSIGHT software. So that has to be upgraded as well, in addition to the ASDM software that you use to manage the firewall using the GUI. Besides that, if you are using the remote VPN part of the firewall, there is the AnyConnect hidden software that also requires an update. So upgrading is a very extensive exercise, both when you're planning it and when you are doing it. The upgrades are very lengthy. Then Cisco introduced FTD as a unified approach, and that was a leap forward, but it has its own issues.

    For how long have I used the solution?

    I've been working as a Cisco partner for about four years. Before that, I was using Cisco firewalls as a network admin. I've been engaged with Cisco firewalls since 2015. On the FTD (Firepower Threat Defense) model, I've been working with version 6.7. I haven't tried the latest 7.0 version.
    Buyer's Guide
    Cisco ASA Firewall
    June 2022
    Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    607,127 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The robustness of the ASA is very good. Whenever you upgrade it, it does very well. There are no hiccups or hitches, post-upgrade.

    How are customer service and support?

    Cisco's TAC provides very good support. If you have any issues, you can contact them and they provide assistance. You need a subscription for that. The subscription comes with a notable cost but you get great value from it. I'm very satisfied with it.  The tech support of Cisco is unparalleled if I compare it to any other product that I have used. I've been using Citrix, Juniper, and even Palo Alto, but the support that I get from Cisco is very good. It's easy to get support and the engineers get engaged. Sometimes they provide more than you need. For example, if there are design-level issues, they will tell you that it isn't implemented well and that there are things that need to be corrected. That's not their responsibility but they'll provide that feedback. I consider Cisco support to be the industry standard.

    How would you rate customer service and support?

    Positive

    What was our ROI?

    I've seen Cisco deployed for five to seven years. The product life cycle is good and they're continuing to support things. If you add more features and utilize it to the maximum, using the remote VPN and the like, it becomes more cost-effective.  Having the IPS part within one box also saves you on costs. Back in 2015, the IPS was a different box that had to be deployed separately. At that time, it cost more if I had to buy another IPS and a box.

    Which other solutions did I evaluate?

    Before ASA, we were using Juniper. It had a GUI, but the CLI part of Juniper was difficult. The network administrators required a little bit of a different type of expertise. Juniper was very good, but its CLI wasn't as simple as Cisco's. When somebody new comes into the company to work on the firewall, the Cisco learning curve is relatively short and easy. Nowadays, everybody is working with Cisco. Juniper has almost been phased out. Some people use Juniper for certain reasons, but there's a very specific clientele for it. We went with Cisco because it is very easy to operate. It provided next-generation firewalling when it came out with ASA plus Sourcefire IPS. That was very effective at that time, compared to the others. These days, Palo Alto is matching Cisco and, in some ways, Palo Alto is better. From 2015 to 2018/19, Cisco was considered to be the best. The security leaders are always preferred and Cisco was a leader. That's why we preferred it. We were also always happy with Cisco support. It was very convenient to get to Cisco support, and it was very prompt and effective. They really solved our problems.

    What other advice do I have?

    The Nextgen firewalls have a good IPS, but that IPS part wasn't very configurable using the ASDM. Later, they introduced the FMC (Firewall Management Center) and we could integrate the ASA with the FMC and get the IPS configured from the FMC GUI. That was good, but you needed two things to monitor one box. For the IPS you needed an FMC server, and for the firewalls, you needed the ASDM or the CLI. In terms of integration with other solutions, it is a simple firewall that is integrated with the syslog servers and the SNMP monitoring from the NMS. Those types of simple things work very well. I haven't worked with much integration beyond that. You can't attach that many feeds to it. That's more a function of the Next-Generation Firewall with the IPS and FMC. SecureX is a relatively new cloud-based solution. It's been around for one or two years. It's offered for free if you have any Cisco security solution. It encompasses ADR and NDR. The clients I work with in Pakistan are mostly financial institutions. Because it's a cloud-based security solution, they are not interested. They want on-prem solutions.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Enterprise Architect at a tech services company with 51-200 employees
    MSP
    We don't have to worry when something goes down because of its automatic failovers and built-in redundancy
    Pros and Cons
    • "I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words."
    • "Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it."

    What is our primary use case?

    We mainly use it for site-to-site VPNs, connecting to other businesses. I work in manufacturing and hospitals.

    We connect to remote networks: manufacturing-to-businesses and hospital-to-hospital.

    It was deployed in our data center across multiple sites. At the hospital where I last worked, it was deployed at 18 sites, then we did VPNs between our hospital and clinics.

    How has it helped my organization?

    We don't have to worry about when something goes down. Instead of saying, "Oh my gosh, this went down and now we have a gap here," it has automatic failovers and built-in redundancy. So, it says, "I don't have a gap anymore." This is one less thing to worry about, which was a big benefit for me. If our security group comes back, and says, "Hey, this is down." Then, it is like, "Yeah, we got it covered."

    Our security groups are always very adamant that things stay up. If something went down, they say, "Why did it go down? How do we prevent it?" Since resiliency is already built-in on its initial design, we don't have to go back in every time, and say, "Here, this is what we did. This is why it was done like this." Instead, it is just, "Yes, they blessed it, and it's approved," and we don't have to go back and keep reinventing the wheel every time.

    What is most valuable?

    I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words.

    What needs improvement?

    Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it.

    For how long have I used the solution?

    I have been using this solution for more than 20 years.

    What do I think about the stability of the solution?

    I have never had any problems with stability. In the 20-plus years that I have used them, I don't think I have ever had a failure on them. They have always been rock-solid.

    What do I think about the scalability of the solution?

    We haven't done much with scalability. We have always just done active standby. However, it scales once you figure out how to do it. If there are site-to-site VPNs within your own location, it is easier because there is a template, where it is, "Here, change this IP address. Change this IP address. There, it's done." 

    Third-parties weren't bad. Once my side was done, then we could easily cut and paste it, and say, "Okay, here's what my side's configured for. If you have something that is not working, then you can tell me what it is and I will help you." However, we never really had anything that we couldn't fix. It was also possible to scale on the other side.

    How are customer service and support?

    I haven't called tech support very often. When I did call them, they could tell me what the problem was. That is where I started learning, "Here are the commands that you should be using to debug this." They have been very helpful. I would rate them as nine out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have used Palo Alto and Fortinet. We switched mainly because we were trying to unify all our products. Instead of using multiple systems, everything with the Cisco solution is end-to-end with different views of security. Some of them wanted to be diverse, keeping things separate. For others, it was easier if everything was just with one vendor. Also, if you are Cisco-centric, it is also easier.

    Since I have been using this solution, I have seen it grow. When they first started doing it, it was more like, "Here's the command line. Here's what you got to do." Now, it's easier for a new engineer to come on, and say, "Okay. Here, you are going to start supporting this, and here is how you do it," which has made life easier. Since it is a repeatable thing, no matter which company you go to, it is the same. If you get somebody who is doing it on the other side of the VPN, it is a lot easier. So, I like the Cisco product. I have used several different ones, and it's like, "Well, this is the easiest one." It might be just the easiest one because I have used it long enough, but it is also a good product. It just helps us be consistent.

    How was the initial setup?

    We did a lot of site-to-site VPNs. We also did a third-party, which is Palo Alto or something. Though, some of them were SonicWall. It is like, "Okay, I don't know how the site is configured, then I spend hours trying to troubleshoot a VPN." The more you use it, the easier it gets. It used to take days to do it. Whereas, the last one that I built took about 30 minutes. The more we use it, the better the outcome is and the faster we can do it. Now, I am not spending days building a VPN, which should only take 10 to 15 minutes.

    What was our ROI?

    There is ROI when you use it more.

    What's my experience with pricing, setup cost, and licensing?

    Once you know what the product is, it is not that bad. Yes, it is expensive. When you try to get a license, it is like, "Well, I don't know which one of these I need. And, if I don't buy it now, then I will probably be back later. Now, I have to justify the money." Typically, you end up just buying everything that you don't use most of the time. It is one of those solutions where you get what you pay for. If you don't know what you need, just buy everything. We have additional licenses that we don't use.

    What other advice do I have?

    Take your time with it. Actually, read the documentation. Don't just assume you know what stuff means since that will sometimes come back and bite you. I have done that too many times. If you go from version to version, it changes a little bit, and so it is like, "Well I don't know why it doesn't work." Then, you go read the notes, "Oh, yeah. This changed and it is done over here now."

    Building more resiliency should be a priority, and it's going to take money to do that. So, you need to actually believe and invest in it. Otherwise, it's an idea. It's great, because we all want redundancy, but nobody typically wants to spend the money to do it. Or, they want to do it as cheaply as possible. It's like, "Okay, I can do that," but you're going to have more gaps. Then, it is not really worth it. Therefore, invest the money the first time and do it right.

    I would rate it as nine out of 10.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Cisco ASA Firewall
    June 2022
    Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    607,127 professionals have used our research since 2012.
    EricHart - PeerSpot reviewer
    CEO at NPI Technology Management
    MSP
    Top 20
    Great support and extremely stable with an excellent command-line interface
    Pros and Cons
    • "Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
    • "I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. Too much, if you don't know what you are looking for or trying to do."

    What is our primary use case?

    We primarily use it for our clients. We have one or more at each client site - or multiple locations if they have multiple locations.

    Typically our clients are up to about 500 users. Most of them are smaller than that, but they go as large as 500. They're using the solution for the full next-gen firewall stacks - intrusion protection, URL filtering, advanced malware protection, or so-called AMP. Those are the three subscription services that Cisco sells. All of our clients have those subscription services enabled at their main location. Typically, they're just protecting users that are behind the firewall. We also use it for site-to-site VPN, and we use it for client-to-site VPN.

    How has it helped my organization?

    In terms of our clients, security is one of those things that, ideally, nobody notices. It improves the functioning in the sense that you don't get hacked. However, from a noticeable, management point of view, the URL filtering is a pretty significant enhancement. People are able to block access to various websites by category. It isn't revolutionary. Lots of products do this. However, it's a nice sort of add-on to a firewall product.

    At the end of the day, the solution offers good productivity enhancement to a company.

    What is most valuable?

    Cisco's support is great. 

    For experienced users, they are pretty much able do anything they want in the interface with few restrictions.

    The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made." 

    We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.

    Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.

    What needs improvement?

    I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. It's too much if you don't know what you are looking for or trying to do.  

    The GUI still uses Java, which feels out of date today. That said, it's an excellent GUI.

    The biggest downside is that Cisco has multiple firewall lines. The ASA line which is what we sell, and we sell most of the latest versions of it, are kind of two families. One is a little older, one's a little newer. We mostly sell the newer family. Cisco is kind of de-emphasizing this particular line of products in their firewall stable. That's unfortunate. 

    They have the ASA line, Meraki, which is a company they bought some years ago where all the management is sort of cloud interface that they provide rather than a kind of interface that you manage right on the box. They also bought Snort and they integrated the Snort intrusion detection into the ASA boxes. In the last couple of years, they've come out with a sort-of replacement to Snort, a line of firewalls that don't use IOS.

    It's always been that the intrusion prevention and the based firewalling features had separate interfaces within IOS. They've eliminated IOS in this new product line and built it from the ground up. We haven't started using that product yet. They have higher performance numbers on that line, and that's clearly the future for them, but it hasn't reached feature parity yet with the ASA. 

    The main downside is that it feels a little bit like a dead end at this point. One needs to decide to move to one of these other Cisco lines or a non-Cisco line, at some point. We haven't done the research or made the plunge yet.

    What I would like to see is a more inexpensive logging solution. They should offer either the ability to maintain longer-term logs right on the firewall or an inexpensive server-based logging solution. Cisco has logging solutions, however, they're very high end.

    For how long have I used the solution?

    We've been using the solution for 20 or more years. It's been well over two decades at this point.

    What do I think about the stability of the solution?

    The solution is solid. It's a big advantage of choosing Cisco. There are no worries about stability at all.

    What do I think about the scalability of the solution?

    The scalability of the solution is good. Within our customer base, it is absolutely scalable. You can go very large with it. However, if you really want the highest speeds, you have to move off of the IOS ASA line and onto the newer stuff.

    Typically our clients cap out at 500 employees.

    How are customer service and technical support?

    Technical support is excellent. They are extremely knowledgeable and responsive. It'd rate the ten out of ten. We're quite satisfied with the level of support Cisco provides.

    Which solution did I use previously and why did I switch?

    We did use Juniper's NetScreen product on and off for a while. We stopped using it about ten years ago now.

    We had previous experience with the Cisco gear, so we were comfortable with it, and Juniper bought the NetScreen product and sunsetted it. You had to move into a different firewall product that was based on their equivalent of IOS, something called Juno OS, and we didn't like those products. Therefore, when they sunsetted the Juniper products, we looked around and settled on Cisco.

    How was the initial setup?

    Due to the fact that we're experienced with it and we've scripted the command line, it's extremely simple for us. That said, I think it's complex for somebody that doesn't know the IOS platform.

    What other advice do I have?

    We're Cisco resellers.

    We're always on the latest version. I don't actually keep track of the version numbers myself, however, part of what the service that we provide for our clients is updating their firewalls to the latest version.

    We use multiple deployment models. We use both on-premises and cloud versions. They are also all different sizes, according to the requirements of the company.

    I'd advise other companies considering Cisco to be sure to factor in the cost of the ongoing security subscriptions and the ongoing SmartNet into the purchase price. Those things, over the years, represent more than the cost of the firewall itself - significantly more. However, I'd advise others to get the security subscriptions due to the fact that it really dramatically increases the security of the solution overall.

    On a scale from one to ten, I'd rate them at an eight. We love the product, however, we feel like it's not Cisco's future direction, which is the only reason I would downgrade its score. To bring it up to a 10, they'd have to make it their main product line again, which they aren't going to do.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Vipin Garg - PeerSpot reviewer
    Co-Founder at Multitechservers
    Real User
    Top 5Leaderboard
    Great remote VPN features, easy to set up, and offers 24/7 access to support
    Pros and Cons
    • "Cisco ASA provides us with very good application visibility and control."
    • "If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."

    What is our primary use case?

    We are primarily using the solution for VLAN implementations and also for remote VPN capability - basically it's used for connecting to remote offices securely.

    How has it helped my organization?

    After implementing tools, including Cisco ASA, unauthorized access comes down a lot. We are not facing asset issues as of now. We are not facing an issue related to malicious traffic or any bad activity in our network.

    What is most valuable?

    The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.

    It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.

    Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.

    They are best-in-class.

    The remote VPN feature is one of the best features we've found. 

    We like that there is two-factor authentication on offer.  We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.

    Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.

    When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products. 

    There are multiple features in a single appliance, which is quite beneficial to us.

    Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.

    We have not had any security breaches. 

    They provide a helpful feature that allows us to configure email. 

    We are getting a lot from the appliance in real-time.

    What needs improvement?

    There's an upgraded version of the 5500 that has come to the market. It offers the latest encryption that they have. If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve. The rest is good.

    For how long have I used the solution?

    We've been using the solution for about five or more years at this point. It's been a while. 

    What do I think about the stability of the solution?

    The stability and availability are very good. there are no bugs or glitches. It doesn't crash or freeze. it's a reliable solution. 

    What do I think about the scalability of the solution?

    We have it in our infrastructure for around 15 plus users, including Fortinet sites.

    We have found that whenever the traffic spikes at peak times, the product automatically scales up to the requirement. We have also implemented the single sign-on it, and therefore, it automatically scales up. We haven't felt any limitations. Currently, we are using it for 1500 plus users. At any given time, there are around 700 plus users available in the office. It's a 24/7 infrastructure. We have tested it for up to 750 plus users, and it's perfectly fine.

    How are customer service and technical support?

    Technical support is excellent. they are always available, no matter the time of day, or day of the week. We are quite satisfied with their level of support. They are quite helpful and very responsive. I'd rate them at a ten out of ten. They deserve perfect marks.

    Which solution did I use previously and why did I switch?

    We did not previously use a different solution. When the office was launched we implemented Cisco as a fresh product.

    We are using a Cisco ASA Firewall, as well as Sophos at the remote sites. We are using another product is for log collecting. There are three solutions that basically cover us for security purposes. Those, at least, are the physical devices we are using as of now. The rest are cloud solutions such as Nexus. 

    That said, I personally, have used Sophos XG as a firewall in the past. Sophos is good in terms of traffic blocking and identifying interruptions to the traffic. The features are better on Cisco's side. For example, there is two-factor authentication and a remote VPN. The only benefit I found in Sophos was the way it dealt with the traffic. 

    How was the initial setup?

    The initial setup was not overly complex or difficult. It was quite straightforward and very easy to implement. 

    Deployment takes about 20 to 25 minutes. 

    In terms of the implementation strategy, at first, we put up the appliances in the data center. After that, we connected it with the console. After connecting the console, we had an in-house engineer that assisted. Cisco provided us onboarding help and they configured our device for us. We have just provided them the IP address and which port we wanted up. Our initial configuration has been done by them.

    What about the implementation team?

    While most of the setup was handled in-house, we did have Cisco help us with the initial configurations.

    What was our ROI?

    The ROI we are getting from Cisco ASA is higher availability, which we are getting all the time. On top of that, it's good at blocking traffic and protecting us from cyber-crime issues.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty reasonable. it's standard and comparable to other solutions. The maximum difference between products might be $20 to $40. It's not much of a difference. 

    Which other solutions did I evaluate?

    We did not evaluate other solutions. We trust Cisco. It's a very good product and well known in the market.

    What other advice do I have?

    We are a customer and an end-user.

    We are using physical Cisco appliances.

    We use a lot of Cisco products, Cisco router (the 3900-series routers), and Cisco switches.

    In the next quarter, we will implement SD-WAN. Once the SD-WAN is implemented, then we will go with an automated policy and DNS kinds of tools. We are in the process of upgrading to Cisco ASA Firepower in the next quarter. We have not integrated Cisco ASA with Cisco's SecureX solution.

    I'd recommend the solution, especially for medium-sized or larger companies and those who are looking for long-term solutions (for example those with a user base of around 2,000 plus users in and around 20 plus applications). It's reliable and offers users a lot of features. This helps companies avoid having to rely on other third-party solutions.

    If you are new to Cisco, you should take advantage of the education they have on offer. Cisco provides access to training and it's worth taking advantage of this.

    Overall, I'd are the solution at a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Simon Watkins - PeerSpot reviewer
    Senior Network Architect at a consultancy with 11-50 employees
    Real User
    Usability of the GUI front end helps admins get to a diagnosis quickly
    Pros and Cons
    • "One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important."
    • "One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes."

    What is our primary use case?

    Typically, we use them on the internet edge for protecting customer networks from the internet. It's a delimiter between the local area network and the wider internet. Other use cases include securing data centers or protecting certain areas within a network. It's not particularly internet-based, but it gives you that added layer of security between networks or between VLANs and your network, rather than using a Layer 3 switch.

    Ultimately, it's about securing data. Data is like your crown jewels and you need to be able to secure it from different user groups. Obviously, you need to protect your data from the internet and that's why we generally deploy Cisco ASAs.

    How has it helped my organization?

    The usability, with the GUI front end, certainly helps and it means you don't have to be a command-line person. We have to get away from that now because if you put the typical IT admin in front of a CLI they might struggle. Having something graphical, where they can click in logs to see what's going through the firewall— what's been denied, what's being allowed—very quickly, helps to get to a diagnosis or know something has been blocked. And when it comes to making changes within the environment, that can be done very quickly as well. I've seen something be blocked within a couple of minutes, and any IT admin can make a change through the GUI.

    What is most valuable?

    One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important.

    What needs improvement?

    One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes. 

    To have that kind of feature, it's more than likely there would need to be some kind of storage on the device, but those boxes were designed a number of years ago now. They weren't really designed to have that built-in. Having said that, if you do reflash into the FTD image, and you've got the Firepower Management Center to control those devices, then all that logging is kept within the Firepower Management Center.

    For how long have I used the solution?

    I've been using Cisco ASA Firewalls since they came out. Before ASA, I used Cisco PIX Firewalls. I've been using them since about 1999 or 2000.

    I'm involved in the presale events as well as the implementation and post-sale support. We do everything. That is probably different from a lot of organizations. We are quite a small company, so we have to be involved at all levels. I see it from all angles.

    How are customer service and support?

    One of the reasons I've stuck with Cisco all these years is that you always get excellent support. If a network goes down due to major issues, I know I can raise a case with TAC and get through to subject matter experts very quickly.

    Obviously, you need a SMARTnet contract. That means if a device has completely failed, you can get a box replaced according to the SLAs of that contract. That's very important for customers because if you have an internet edge failure and you just have a single device, you want to know that the replacement box is going to be onsite within four hours.

    When a network goes down, you're going to know about it. You want to be safe in the knowledge that someone is going to be there for you and have your back. Cisco do have your back on those kinds of things.

    Cisco support is a major selling point.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    In terms of deployment, a lot of organizations are moving to the cloud. People are looking at the ASAv image for deploying into the public cloud on Azure or AWS. But there are still a lot of organizations that use ASAs as their internet edge.

    The on-prem and the cloud-based deployments are very similar. When you're designing a solution, you need to look at the customer's business requirements and what business outcomes they actually want from a solution. From there, you develop architecture. Then it's a matter of selecting the right kinds of kits to go into the architecture to deliver those business outcomes. We talk to customers to understand what they want and what they're trying to achieve, and we'll then develop a solution to hopefully exceed their requirements. 

    Once we've gotten that far, we're down to creating a low-level design and fitting the components that we're going to deploy into that design, including the ASA firewalls and the switches, et cetera. We then deploy it for the customer.

    What was our ROI?

    Your investments are protected because of the innovations over time and the fact that you're able to migrate to the latest and greatest technology, through Cisco. 

    There are also a lot of Cisco ASA skills out there in the marketplace, so if you have ASAs deployed and you get a new employee, it's more than likely they have had experience with ASAs and that means you're not having to retrain people.

    Which other solutions did I evaluate?

    We do deploy other manufacturers' equipment as well, but if I were to deploy a solution with firewalling, my number-one choice would probably be Cisco ASA or the FTD image or Cisco Meraki MX.

    The flexibility you have in a Cisco ASA solution is generally much greater than that of others in the marketplace. 

    For any Cisco environment, we choose Cisco because it comes down to support. If the network is Cisco, then you have one throat to choke. If there is a network issue, there's no way that Cisco can say, "It's the HP switch you've got down in the access layer."

    What other advice do I have?

    ASA morphed from being just a traditional firewall, when they introduced the Firepower Next-Generation Firewall side. There has also been progress because you can reflash your old ASAs and turn them into an FTD (Firepower Threat Defense) solution. So you've got everything from your traditional ASA to an ASA with Firepower.

    Cisco ASA has been improved over time, from what it was originally to what it is now. Your investments are being protected by Cisco because it has moved from a traditional firewall through to being a next-gen firewall. I'm a fan of ASA.

    I think ASAs are coming towards the end of their lifespan and will be replaced by the FTDs. It's only a matter of time. But there are still a lot of Cisco customers who use ASAs, so migrating that same level of knowledge those customers have of the ASA platform across to the FPR/FTD image, will be a challenge and will require investment.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner/reseller
    Flag as inappropriate
    Rauf Mahmudlu - PeerSpot reviewer
    Network Engineer at a energy/utilities company with 10,001+ employees
    Real User
    Top 20
    Capable of handling a lot of traffic, never had any downtime, and very easy to configure
    Pros and Cons
    • "The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java."
    • "One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."

    What is our primary use case?

    We were using ASA 5585 without firepower. We were using it just as a stateful firewall. We also had an IPS module on it. So, we were also using it for network segmentation and network address translations for hosting some of the services or giving access to the internet for our end users.

    How has it helped my organization?

    Initially, it was good. At the time we bought it, usually, IPS was in a different solution, and the firewall was in a different solution. You had to kind of correlate between the events to find the attacks or unwanted behavior in the network, but it had everything in a kind of single platform. So, the integration was great.

    Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. Cisco ASA was able to handle a lot of traffic or concurrent connections at that time. We had almost 5 million per week. We didn't have to worry about it not having enough memory and stuff like that. It was a powerful machine.

    What is most valuable?

    The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java. 

    High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.

    What needs improvement?

    When we bought it, it was really powerful, but with the emerging next-generation firewalls, it started to lack in capabilities. We couldn't put application filtering, and the IPS model was kind of outdated and wasn't as useful as the new one. For the current state of the network security, it was not enough.

    One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering.

    For how long have I used the solution?

    We have been using it for around eight years.

    What do I think about the stability of the solution?

    Its stability is really great. It is very stable. We didn't have to worry about it. In the IT world, every time you go on holiday, you think that something might break down, but that was not the case with Cisco ASA.

    Initially, we had just a single firewall, and then we moved to high availability. Even when it was just one hardware without high availability, we didn't have any problems. Apart from the planned maintenance, we never had any downtime.

    What do I think about the scalability of the solution?

    We feel we didn't even try to make it scalable. We had 30,000 end users.

    How are customer service and support?

    We haven't interacted a lot with them because we have our own network department. We were just handling all the problem-solving. So, there were only a couple of cases. Initially, when one of the first devices came, we had some problems with RAM. So, we opened the ticket. It took a bit of time, and then they changed it. I would rate them an eight out of 10.

    Which solution did I use previously and why did I switch?

    Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. We had some really old D-link firewalls. They were not enterprise-level firewalls.

    After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. They didn't provide us with the new license. Therefore, we decided to move to Palo Alto. The procurement process is taking time, and we are waiting for them to arrive.

    How was the initial setup?

    It was straightforward. Cisco is still leading in the network area. So, there are lots of resources where you can find information. There are community forums and Cisco forums, where you can find answers to any questions. You don't even have to ask. You can just Google, and you will find the solution. Apart from that, Cisco provides a lot of certification that helps our main engineers in learning how to use it. So, the availability of their resources was great, and we just followed their best-case scenarios. We could easily configure it.

    The deployment took around two or three weeks because we had different firewalls. We had a couple of them, and we migrated all to Cisco. We also had around 30,000 rules. So, the data input part took a lot of time, but the initial installation and the initial configuration were done in a matter of days.

    It took us one week to set up the management plane. It had different ports for management and for the data. After finishing with the management part, we slowly moved segments to Cisco. We consolidated the rules from other firewalls for one zone. After Cisco verified that it was okay, we then moved on to the next segment.

    What about the implementation team?

    We did it ourselves. We had about five network admins for deployment and maintenance.

    What was our ROI?

    We definitely got a return on investment with Cisco ASA. We have been using it for eight years, which is a long time for IT. We only had one capital expenditure. Apart from that, there were no other costs or unexpected failures. It supported us for a long time.

    What's my experience with pricing, setup cost, and licensing?

    When we bought it, it was really expensive. I'm not aware of the current pricing.

    We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license.

    Which other solutions did I evaluate?

    I am not sure about it because back then, I was just an engineer. I didn't have decision-making authority, so I wasn't involved with it.

    We recently have done pilots with Check Point and FortiGate for a couple of months. They were next-generation firewalls. So, they had much more capability than ASA, but because of being a pilot, we didn't get full-scale throughput like big enterprise-level firewalls. The throughput was not enough, and their memory cache was always filling up. They were smaller models, but both of them had the features that ASA was lacking. Traffic shaping in ASA is not as good, but these two had good traffic shaping.

    What other advice do I have?

    I wouldn't recommend this solution because it is already considered to be a legacy firewall.

    I would rate Cisco ASA Firewall a strong eight out of 10. It is powerful, but it lacks some of the capabilities.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Mitku Bitew - PeerSpot reviewer
    Head of Network Administration Section at Zemen Bank S.C.
    Real User
    Top 10
    Provides role-based access, helps in securing our environment, and is easy to use
    Pros and Cons
    • "The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals."
    • "Other products are becoming easier to access and configure. They are providing UI interfaces to configure, take backup, synchronize redundant machines, and so on. It is very easy to take backup and upgrade the images in those products. Cisco ASA should have such features. If one redundant machine is getting upgraded, the technology and support should be there to upgrade other redundant machines. In a single window, we should be able to do more in terms of backups, restores, and upgrades."

    What is our primary use case?

    We are using it as a firewall for our data center and headquarter. We are also using it for DR. We are using Cisco ASA 5500 Series.

    How has it helped my organization?

    It is a security device, and it is useful for securing our environment. It provides role-based access and other features and helps us in easily securing our environment.

    It provides visibility. It has been helpful for packet inspection and logging activities for all kinds of packets, such as routing packets, denied packets, and permitted packets. All these activities are visible on Cisco ASA. There are different commands for logging and visibility.

    We use Cisco ASA for the integration of the network. Our company is a financial company, and we are integrating different organizations and banks by using Cisco ASA. We are using role-based access. Any integration, any access, or any configuration is role-based. 

    What is most valuable?

    The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals.

    IPS is also valuable for intrusion detection and prevention. It is a paid module that can be added. I'm using it for security, VLAN management, segregation management, and so on.

    It is easy to use. In our region and our country, Cisco is well known, and most of the companies are using Cisco products. We have been using Cisco devices for a while, and our company primarily has Cisco devices. So, we are familiar with it, which makes it very easy to use for us. Even when we compare it with other products, it is easier to use.

    It is easy for us to manage it because it is a familiar product, and it has been a part of our environment. Now, other products are providing free training, free access, and free license, because of which things are changing. So, you can easily become familiar with other products.

    What needs improvement?

    Its licensing cost and payment model can be improved. Cisco doesn't provide training and certification for engineers without payments. Other companies, such as Huawei, provide the training for free. Their subscription and licenses are also free and flexible. Other products are breaking the market by providing such features. 

    It doesn't support all standard interfaces. It is also not suitable for big companies with high bandwidth traffic. Its capacity should be improved.

    Other products are becoming easier to access and configure. They are providing UI interfaces to configure, take backup, synchronize redundant machines, and so on. It is very easy to take backup and upgrade the images in those products. Cisco ASA should have such features. If one redundant machine is getting upgraded, the technology and support should be there to upgrade other redundant machines. In a single window, we should be able to do more in terms of backups, restores, and upgrades.

    For how long have I used the solution?

    We have been using this solution for almost eight years.

    What do I think about the stability of the solution?

    It is stable. It needs to be configured based on the standards and functionality. We have one device that has been working for more than 10 years, which indicates it is stable, but it requires licenses to upgrade features.

    What do I think about the scalability of the solution?

    It doesn't have an expansion card. So, it may not scalable for huge buildings. It also lacks a lot of standard interfaces. Other products are providing capacity for a data center. Other technologies are expanding their interface bandwidth from 10 gigs. In my opinion, Cisco ASA doesn't have this capability.

    How are customer service and support?

    Their support is very good. We have a support license, so their support is very good. They are tracing us and following up with us to solve the problem on time.

    How was the initial setup?

    Its setup is easy. We are familiar with Cisco ASA and other Cisco products, and they are easy to configure. A lot of resources are available on the internet, so it is easy to set up for anyone with basic training. It is easy in different types of environments, such as universities and colleges.

    It generally doesn't take more than a day, but it also depends on the size of the organization. If an organization is very big and if you need a line-by-line configuration for access role and VPN, it can take a bit more time.

    Cisco is constantly upgrading and providing features based on current requests. We usually plan deployments at the end of the year and at the beginning of the year. Everyone plans for new products, new configurations, and new expansions based on that.

    What was our ROI?

    Any security product provides a return on investment. Any gap in security may cost an organization more.

    What's my experience with pricing, setup cost, and licensing?

    It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco.

    Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco.

    What other advice do I have?

    I would advise understanding its features, advantages, and disadvantages as compared to other solutions. It is simple, but its cost is a negative point. 

    I would rate Cisco ASA Firewall an eight out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Joseph Lofaso - PeerSpot reviewer
    Senior Network Engineer at Pinellas County Government
    Real User
    Platform provides solid stability as well as easy logging and management
    Pros and Cons
    • "The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall."
    • "The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them."

    What is our primary use case?

    A lot of them are used for campuses. Basically, it is HA pairs so it is just used to firewall off different networks from the internal network, i.e., security. 

    We also use them for DMZs, where there are untrusted networks coming into trusted networks, managing traffic between the two zones.

    Currently, we have almost 100 firewalls spread out all across our county. Our ASAs could be anywhere in any building, wherever there is a purpose. So, if we need to firewall off a network that we don't want touching our internal network, where we want it controlled, then it would be there. All our campuses have some form of that.

    How has it helped my organization?

    It is easier to protect our internal network and identify unknown networks. We can put descriptions on what they are, thus we are able to see different traffic coming from different networks. So, there is better visibility.

    What is most valuable?

    The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall.

    What needs improvement?

    The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them. 

    I would like ASAs to be easier to centrally manage. Currently, in our central management, we have almost 100 firewalls in our environment, and it is almost impossible to manage them all. ASAs are now about 20% of them. We have been slowly migrating them out, but we still have some. Normally, what we would do with ASAs is physically go into those devices and do what we need from there, whether it is find rules, troubleshoot, or upgrade.

    For how long have I used the solution?

    We have had ASAs in our environment for 10 years.

    What do I think about the stability of the solution?

    The ASAs are solid. They have been around a long time, so there is a lot of documentation out there. They are easy to manage and make it easy to look at logs.

    They have been in the environment for 10 years. They are still running and doing their job. 

    The only time that we really touch them is if we need to do a rule or code upgrade. We check vulnerabilities a lot to make sure that nothing major has come out. If something has, then we go ahead and patch the firewalls. This is done by network groups, e.g., network engineers or analysts. We usually look at security. We are alerted to any new security advisories that come out from Cisco. For anything that is critical or high, we definitely will address it if we need to. Sometimes, we go three months or months without an upgrade. Other times, we could upgrade in a month. It just depends on what comes out.

    What do I think about the scalability of the solution?

    We use them for smaller campuses. Though, if we need to upgrade a model, then we go ahead and do that. For example, with our bigger campuses, we need to have a bigger model. They have specs out there that you can kind of line up with what you need.

    How are customer service and support?

    Cisco tech support is spotty. Sometimes, we get good support. Other times, it is not so good. It is very up and down.

    It seems like they have been short staffed recently. We have been waiting a long time for some of our tickets now, though they aren't critical tickets. However, that is one of the big issues which Cisco has going on right now - their staff shortage. We can open a ticket and keep following up, following up, and following up, but it might take weeks to resolve an issue. These aren't critical issues. For critical issues, we escalate and they are able to help us right away.

    They handle it appropriately. Though, it depends on the time and on what they need. Sometimes, in one session, issues are resolved. Other times, you need to do multiple sessions for them to resolve it. However, for anything critical, those are resolved pretty fast.

    I would rate the technical support as seven out of 10.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Before I started, they also had Juniper SRXs. The big issue with them was the logging. It wasn't as good. We switched to ASAs for better stability, better management, and easier logging.

    How was the initial setup?

    The initial setup was pretty straightforward. It was very simple to deploy and replace. We did a lot of replacing, which was just copying the rules over from the old one, then deploying it in kind of the same manner.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was pretty comparable to other solutions when we purchased it.

    Which other solutions did I evaluate?

    We looked at what we had and saw that Cisco was much better.

    What other advice do I have?

    I would rate them as nine out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2022
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.