IT Central Station is now PeerSpot: Here's why
Asif Najmi - PeerSpot reviewer
Network Engineer at LIAQUAT NATIONAL HOSPITAL & MEDIACAL COLLEGE
Real User
Top 20
Very reliable, with good security and a straightforward setup
Pros and Cons
  • "Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform."
  • "We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."

What is our primary use case?

We primarily use the solution to operate that LAN environment over the internet and use the public and private networks separately. It's a very good firewall in terms of security, in terms of certain scenarios, and also from an ethical hacking point of view. Both are available in our environment. Both are doing great.

What is most valuable?

Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong.  Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to. It's great for securing the network. You learn a lot. The initial setup is straightforward. The solution is very stable. The scalability of the solution is very good.

What needs improvement?

Most of the firewalls almost 90%, 95% of the firewalls will move to GUI. This is the area which needs to be improved. The graphical interface and the monitoring level of the firewall need to be worked on.  Most of us are using the monitoring software where we get the alarm, then details of the servers, et cetera. This aspect needs to be much updated.  From just the security point of view, in the security, it needs to be updated every day and every week. It is getting better day by day, however, from a monitoring point of view is not the same view as we have on the different monitoring servers or monitoring software, such as PRTG and Solarwinds. It needs to be changed and improved. Cisco has launched its multiple products separately. Where there's a new version of the hardware, there is Firepower in it. However, there must be a solution for an integrated version that includes everything in your network and your firewall as well so that you can manage and integrate from the same web portal without going to every device and just configuring it and just doing everything separately.  It would be ideal if a solution can be configured separately and then managed centrally on one end. We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI. If I have three firewalls and one is a normal firewall, I need to configure everything separately. I can't have it on the same port or integrated on the same single IP or bind it something like it.

For how long have I used the solution?

We've mostly used Cisco solutions for two or three years at this point. Our old Cisco devices were due to be changed, and we moved over to ASA.
Buyer's Guide
Cisco ASA Firewall
July 2022
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,518 professionals have used our research since 2012.

What do I think about the stability of the solution?

The firewall is stable, however, every two, three, or four years, you have to change the hardware and therefore get an updated version of the firewall. This is something which companies have been doing for the sake of a new product and launching a new device. Yet, the stability needs to be considered where you have to upgrade for every two, three, four years and change the product and go for the new updated version. What I mean is that there is stability, however, obviously, it's not long-term.

What do I think about the scalability of the solution?

The firewall is very scalable. Most contact versions are available depending upon the organization you have. It works for very large organizations. They are scalable for many scenarios. The scalability obviously is there for sure.

How are customer service and support?

Cisco technical support is one of the best around. They have the most advanced and most experienced level of tech support I've been in contact with. Whether it is a hardware or software issue, the tech team can support you and help. They are very helpful and knowledgeable. We are quite satisfied with the level of support on offer. 

Which solution did I use previously and why did I switch?

We also have experience using FortiGate.

How was the initial setup?

The Cisco firewall is straightforward. It isn't a complex implementation. Obviously, you have to bind your IP on the port and then you must go on to configure for security and something like that. It's easy for me to configure a firewall at such a level.

What's my experience with pricing, setup cost, and licensing?

If you pay for the hardware, you get the Firepower and if you don't, then you get the Cisco Firewall. 

What other advice do I have?

We are just a customer and an end-user. I'd rate the solution at an eight out of ten. Obviously, you need to have one tech person on your online when you are configuring it, or just implementing when you are integrating with your live environment and organization. My advice is that the configuration is easy when a network engineer like myself handles it. A trained person is more than capable of the task. Other than configuring, a less technical person can manage the solution.  
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Tim Maina - PeerSpot reviewer
Network Engineer at a tech vendor with 5,001-10,000 employees
Real User
Provides us with a critical piece of our in-depth security stack
Pros and Cons
  • "The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
  • "One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."

What is our primary use case?

We have the Cisco 5585-X in our data center for perimeter security, internet protection, and for applications behind Cisco ASA DMZs. The challenges we wanted to address were security and segregating the internal networks and the DMZs.

How has it helped my organization?

Security-wise, it's given us the protection that we were looking for. Obviously, we're using an in-depth type of design, but the Cisco ASA has been critical in that stack for security.

What is most valuable?

The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot. As a troubleshooting tool, Packet Tracer is one of the things that I like. It comes up in all my interviews. When I want to figure out if someone knows how to use the ASA, I ask them about use cases when they use the Packet Tracer.

What needs improvement?

One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time. There was a time I was using what I think was called CMC, a Cisco product that was supposed to manage other Cisco products, although not the ASA. It wasn't very stable.

The controller is probably the biggest differentiator and why people are choosing other products. I don't see any other reason.

For how long have I used the solution?

I've used the Cisco ASA going back to the 2014 or 2015 timeframe.

What do I think about the stability of the solution?

The ASA has been very stable for us. Since I deployed the ASA 5585 in our data center, we've not had to resolve anything and I don't even recall ever calling TAC for an issue. I can't complain about its stability as a product.

Our Cisco ASA deployment is an Active-Standby setup. That offers us resilience. We've never had a case where both of them have gone down. In fact, we have never even had the primary go down. We've mainly used that configuration when we're doing code upgrades or maintenance on the network so that we have full network connectivity. When we're working on the primary, we can switch over to the standby unit. That type of resiliency works well for our architecture.

How are customer service and support?

TAC is good, although we've had junior engineers who were not able to figure things out or fix things but, with escalations, we have eventually gotten to the right person. We also have the option to call our sales rep, but we have never used that option. It seems like things are working.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

In the old days, we used Check Point. We did an evaluation of the Cisco ASA and we liked it and we brought it on board.

At that time, it was easy for our junior operations engineers to learn about it because they were already familiar with Cisco's other products. It was easier to bring it in and fit it in without a lot of training. Also, the security features that we got were very good.

How was the initial setup?

The one we deployed in the data center was pretty straightforward. I also deployed the Cisco ASA for AnyConnect purposes and VPN. I didn't have to call TAC or any professional services. I did it myself.

What about the implementation team?

We used a Cisco reseller called LookingPoint. I would recommend them. We've done a lot of other projects with them as well.

What was our ROI?

It's a great investment and there's a lot of value for your money if you're a CSO or a C-leader. As an engineer, personally, I have seen it work great wonders for us. When we're doing code upgrades or other maintenance we are able to keep the business going 100 percent of the time. We have definitely seen return on our investment.

What's my experience with pricing, setup cost, and licensing?

I don't look at the pricing side of things, but from what I hear from people, it's a little pricey.

Which other solutions did I evaluate?

At the time, we looked at Juniper and at Palo Alto. We didn't get a feeling of confidence with Palo Alto. We didn't feel that it offered the visibility into traffic that we were looking for.

What other advice do I have?

We use Cisco AnyConnect and we've not had any issues with it. During COVID we had to scale up and buy licenses that supported the number of users we had, and we didn't have any problems with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Cisco ASA Firewall
July 2022
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,518 professionals have used our research since 2012.
Cyber Security Consultant at a tech services company with 51-200 employees
Reseller
Top 20
A reliable but outdated firewall
Pros and Cons
  • "It is extremely stable I would say — at least after you deploy it."
  • "They need to do an overhaul of the management console."

What is our primary use case?

Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.

Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.

What needs improvement?

They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.

For how long have I used the solution?

I have been using Cisco ASA Firewall for roughly four years.

What do I think about the stability of the solution?

It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.

What do I think about the scalability of the solution?

I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.

How are customer service and technical support?

Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.

If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.

How was the initial setup?

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

What about the implementation team?

We handle the implementation for our customers. 

I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.

What's my experience with pricing, setup cost, and licensing?

We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.

What other advice do I have?

My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. 

Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Data Analyst at a hospitality company with 201-500 employees
Real User
Top 20
User-friendly, provides good access, and is fairly easy to implement
Pros and Cons
  • "It is a very user-friendly product."
  • "I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."

What is our primary use case?

We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

What is most valuable?

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

What needs improvement?

We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

For how long have I used the solution?

I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

What do I think about the stability of the solution?

The solution has been quite stable.

Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

What do I think about the scalability of the solution?

I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

How are customer service and technical support?

I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

Which solution did I use previously and why did I switch?

In the past, I've worked with Check Point and Fortinet as well.

How was the initial setup?

I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

What about the implementation team?

We're handing the implementation via our own in-house team.

What's my experience with pricing, setup cost, and licensing?

I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

What other advice do I have?

Our company has a partnership with Cisco.

We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

Overall, I would rate the solution at a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Network Automation Engineer at a financial services firm with 1,001-5,000 employees
Real User
Remote access VPN enables our employees to work from home
Pros and Cons
  • "For our very specific use case, for remote access for VPN, ASAs are very good."
  • "Cisco wasn't first-to-market with NGFWs... they should look at what other vendors are doing and try not only to be on the same wavelength but a little bit better."

What is our primary use case?

We use it for remote access VPN. That means the folks at home can work from home using AnyConnect.

What is most valuable?

For our very specific use case, for remote access for VPN, ASAs are very good.

Cisco also introduces new features and new encryption techniques.

What needs improvement?

Cisco wasn't first-to-market with NGFWs. That is one of the options now. They did make an acquisition, but other vendors got into that space first. I would tell Cisco to move faster, but everything moves at the speed of light and it's hard to move faster than that. But they should look at what other vendors are doing and try not only to be on the same wavelength but a little bit better. It's hard to be critical of Cisco given that they pave the way a lot, but they should see what their peers are doing and try to emulate that.

In terms of additional features, perhaps there could be some form of integration with the cloud. I don't know how much appetite we would have for that given the principle of keeping a lot of the sensitive data on-prem. But some integration with the cloud might be useful, given that the cloud is everything you see these days. We have our on-premises devices, but maybe they could provide an option where it fails over to a cloud in a worst-case scenario.

For how long have I used the solution?

I've been using Cisco ASA Firewalls from the time I was in school. I learned it when I was in the academic setting. I joined Cisco and worked there for six years there as a sales engineer before joining my current company.

What do I think about the stability of the solution?

The stability of the solution is a 10 out of 10.

What do I think about the scalability of the solution?

Scalability is probably a 10 out of 10 for what we're looking at.

How are customer service and support?

Their technical support is very good. Maybe I view them with rose-colored glasses since I was there for six years, but they really do try hard. Cisco cracks the whip on them. They do a lot of work. There's no downtime.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The challenge we wanted to address was scale. We're growing and we needed something a little more robust, something that could hold a big boy. We've got a lot more employees and we were using an older version of the hardware, so we upgraded to the newest version of the hardware, given that we're familiar with it. It solves our use case of allowing employees to work from home.

How was the initial setup?

I was involved in the design, deployment, and operations. Our team is very special in the fact that we don't delegate to other folks. We're responsible for what we eat and what we design. We actually do the hands-on work and then we maintain it. We tend not to hire out because they come, they wash their hands clean of it, leave, and then there's all this stuff that needs fixing. If we get paged at 3:00 AM it might be our fault, and the lessons are learned.

Our network engineering team consists of about 12 people.

What's my experience with pricing, setup cost, and licensing?

The pricing is fair.

What other advice do I have?

My advice to others would be to design it well and get it validated by the Cisco team or by a consulting company. Don't be afraid of the solution because they have skin in the game. It's been in the market for so long, it's like buying a Corolla, as odd as that sounds. If you have a use case for your car where you're just driving from A to B, then get that Corolla and it will suit you well. It will last you 100 million miles.

Cyber security resilience is super important. We have super important data and we need to secure it. We're regulated and audited by the government and we're audited all the time. I get audited when I breathe. We have to make sure everything is super transparent and make sure that we have all of the fail-safes in place and done well. We have to be very accountable so that there are no "gotchas."

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Augustus Herriot - PeerSpot reviewer
Senior Infrastructure Engineer at a insurance company with 10,001+ employees
Real User
You can consolidate technology and equipment with this product
Pros and Cons
  • "The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them."
  • "When we first got it, we were doing individual configuring. Now, there is a way to manage from one location."

What is our primary use case?

We were looking to consolidate some of our equipment and technology. When we switched over, ASA was a little bit more versatile as firewalls or VPN concentrators. So, we were able to use the same technology to solve multiple use cases.

We have data centers across the United States as well as AWS and Azure. 

We use it at multiple locations. We have sites in Dallas and Nashville. So, we have them at all our locations as either a VPN concentrator or an actual firewall.

How has it helped my organization?

Cybersecurity resilience is very much important for our organization. We are in the healthcare insurance industry, so we have a lot of customer data that goes through our data center for multiple government contracts. Making sure that data is secure is good for the company and beneficial to the customer.

It provides the overall management of my entire enterprise with an ease of transitioning. We have always been a Cisco environment. So, it was easy to transition from what we had to the latest version without a lot of new training.

What is most valuable?

  • Speed
  • Its capabilities
  • Versatility

What needs improvement?

When we first got it, we were doing individual configuring. Now, there is a way to manage from one location. We can control all our policies and upgrades with a push instead of having to touch every single piece.

For how long have I used the solution?

We have been using ASAs for quite a number of years now. 

What do I think about the stability of the solution?

We have other things around it going down, but we really don't have an issue with our ASAs going down. They are excellent for what we have.

There is rarely maintenance. We have our pushes for updates and vulnerabilities, but we have never really had an issue. 

What do I think about the scalability of the solution?

It is very scalable with the ability to virtualize, which is really easy. We do it during our maintenance window. Now, if we plan it, we know what we are doing. We can spin up another virtual machine and keep moving. 

How are customer service and support?

The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were previously using a Cisco product. We replaced them awhile back when I first started, and we have been working with ASAs ever since.

We did have Junipers in our environment, then we transitioned. We still have a mix because some of our contracts have to be split between vendors and different tiers. Now, we mostly have Apollos and ASAs in our environment.

How was the initial setup?

I was involved with the upgrades. Our main firewall was a Cisco module, so we integrated from that because of ASA limitations. This gave us a better benefit.

The deployment was a little complex at first because we were so used to the one-to-one. Being able to consolidate into a single piece of hardware was a little difficult at first, but once we got past the first part, we were good.

What was our ROI?

We have seen ROI. When I first started, everything was physical and one-to-one. Now, with virtualization, we are able to leverage a piece of hardware and use it in multiple environments. That was definitely a return on investment right out of the gate.

What's my experience with pricing, setup cost, and licensing?

The licensing has definitely improved and got a lot easier. It is customizable depending on what the customer needs, which is a good benefit, instead of just a broad license that everybody has to pay.

What other advice do I have?

It is a good product. I would rate it as 10 out of 10.

Resilience is a definite must. You need to have it because, as we say, "The bad guys are getting worse every day. They are attacking, and they don't care." Therefore, we need to make sure that our customers' data and our data is secure.

It depends on what you need. If there is not a need for multiple vendors or pieces of equipment per contract, you should definitely look at what ASAs could be used for. If you are splitting, you can consolidate using this product.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Alexander Mumladze - PeerSpot reviewer
Network Engineer at LEPL Smart Logic
Real User
Top 5
One-time licensing, very stable, and very good for small companies that don't want to do deep packet inspection at higher layers
Pros and Cons
  • "We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
  • "The virtual firewalls don't work very well with Cisco AnyConnect."

What is our primary use case?

I have used the Cisco ASA 5585-X Series hardware. The software was probably version 9. We implemented a cluster of two firewalls. In these firewalls, we had four virtual firewalls. One firewall was dedicated for Edge, near ISP, and one firewall was for the data center. One firewall was for the application dedicated to that company, and one firewall was dedicated only to that application.

How has it helped my organization?

Dynamic policies were useful in the data centers for our clients. They were making some changes to the networks and moving virtual machines from one site to another. With dynamic policies, we could do that easily.

What is most valuable?

We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.

It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4. 

What needs improvement?

The virtual firewalls don't work very well with Cisco AnyConnect. 

There are two ways of managing it. You can manage it through the GUI-based software or command-line interface. I tried to use its GUI, but I couldn't understand it. It was hard for me. I know how to use the command line, so it was good for me. You should know how to use the command-line interface very well to make some changes to it. Its management through GUI is not easy.

What do I think about the stability of the solution?

It is very stable. It has been five years since I have configured them, and they have been up and running.

What do I think about the scalability of the solution?

It is not much scalable. It is only a Layer 4 firewall. It doesn't provide deep packet inspection, and it can see packets only up to TCP Layer 4. It can't see the upper layer packets. So, it is not very scalable, but in its range, it is a very good one. What it does, it does very well.

How are customer service and support?

I have not worked with Cisco support for this firewall.

How was the initial setup?

It is not straightforward. You should know what to do, and it needs to be done from the command line. So, you should know what to do and how to do it.

From what I remember, its deployment took a week or 10 days. When I was doing the deployment, that company was migrating from an old data center to a new one. We were doing configurations for the new data center. The main goal was that users shouldn't know, and they shouldn't lose connectivity to their old data center and the new one. So, it was a very complex case. That's why it took more time.

What was our ROI?

Our clients have seen an ROI because they paid only once, and they have been using their firewalls for five years. They didn't have to pay much for anything else.

What's my experience with pricing, setup cost, and licensing?

I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA Firewall. Our clients are also very satisfied with its licensing model.

Which other solutions did I evaluate?

You cannot compare Cisco ASA Firewall with any of the new-generation firewalls because they are at a higher level than Cisco ASA Firewall. They are at a different level.

What other advice do I have?

It is a very good firewall for small companies that don't want to do deep packet inspection at Layer 7. It is not easy, but you can manage it. You should know how to use the command-line interface. Otherwise, it would be difficult to work with it.

For Cisco ASA Firewall, there will be no improvements because they will not make these firewalls anymore. They want to make changes to the next-generation firewalls, and they are killing the old ones.

I would rate Cisco ASA Firewall a 10 out of 10. I like it very much.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Ahmed El-Ghawabi - PeerSpot reviewer
Technical Consultant at Zak Solutions for Computer Systems
Real User
Top 10
Good stability, excellent technical support, and powerful intrusion detection
Pros and Cons
  • "Technical support services are excellent."
  • "On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering."

What is our primary use case?

We primarily use the solution for the various firewalls.

What is most valuable?

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There are one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

What needs improvement?

Before an ASA, it was a live log. It was easy and comfortable to work with. After the next-generation firewall, Firepower, the live log became really slow. I cannot reach the information easily or quickly. This has only been the case since we migrated to next-generation firewalls.

There is some delay between the log itself. It's not really real-time. Let's say there's a delay of more than 20 seconds. If they had a monitoring system, something to minimize this delay, it would be good.

It would be ideal if I could give more bandwidth to certain sites, such as Youtube.

I work with Fortinet also, and I find that Fortinet is easier now. Before it was Cisco that was easier. Now Fortinet is simpler to work with.

On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.

For how long have I used the solution?

I've been using the solution since about 2003, when I originally implemented it.

What do I think about the stability of the solution?

The solution is extremely stable. We don't have any issues whatsoever. It doesn't have bugs or glitches. It works well. Occasionally, it may need patches, however, there's very little downtime.

What do I think about the scalability of the solution?

The scalability of the solution is very good. We have no trouble expanding the solution.

They have multiple products that fit in multiple areas. They also have virtual firewalls, which are working well in virtualization systems. They have the data center firewalls feature for data centers. It's scalable enough to cover most of the use cases that might arise.

How are customer service and technical support?

Cisco offers excellent technical support.  They're useful and very responsive - depending on the situation itself. Sometimes we require the support of agents and we've found Cisco to have one of the best support systems in the market.

Which solution did I use previously and why did I switch?

I also work with Fortinet, and it's my sense that, while Fortinet is getting easier to use, Cisco is getting harder to deal with.

How was the initial setup?

The initial setup is not complex at all. It's pretty straightforward.

A full deployment takes between two and three days. It's pretty quick to set up.

What's my experience with pricing, setup cost, and licensing?

The pricing is neither cheap nor expensive. It's somewhere in the middle. If you compare it to Fortinet or Palo Alto, Fortinet is low and Palo Alto is very high. Cisco falls in the middle between the two.

As far as deployment options go, they often have more wiggle-room with discounts, especially for larger deployments. Therefore, in general, it ranges closer to Fortinet's pricing.

What other advice do I have?

We're partners with Cisco, Fortinet, and Palo Alto.

I work with on-premises deployments and virtual firewalls, however, I don't use the cloud.

The solution works well for medium-sized enterprises.

Overall, I would rate the solution nine out of ten.

I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.