IT Central Station is now PeerSpot: Here's why
Network Engineer at a computer software company with 201-500 employees
Real User
Gives us remote connectivity and helps workers connect remotely
Pros and Cons
  • "It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches."
  • "I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down."

What is our primary use case?

We use it for basic firewalling, building VPN tunnels, and for some remote VPN connections.

We have two ASAs servicing external remote connectivity sessions for about 300 users.

How has it helped my organization?

It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches.

What needs improvement?

It would be nice if it had the client to actually access the firewall. Though, web-based access over HTTPS is actually a lot nicer than having to put on a client just to access the device.

For Firepower Threat Defense and ASAs, I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down.

For how long have I used the solution?

I have been using ASA for about three years.

Buyer's Guide
Cisco ASA Firewall
August 2022
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
620,600 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is stable.

We just run updates on them. I don't know if we have had to do any hardware maintenance, which is good.

What do I think about the scalability of the solution?

We have been just using ASAs for a smaller environment.

I don't know if I have ever worked with ASA in a highly scalable environment.

How are customer service and support?

I haven't really gotten involved with the technical support for ASAs.

Which solution did I use previously and why did I switch?

I work with a lot of different companies and a number of different firewalls. A lot of times it is really about the price point and their specific needs. 

This solution was present when I showed up.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty standard. 

I wish there was an easier way to license the product in closed environments. I have worked in a number of closed environments, then it is a lot of head scratching. I know that we could put servers in these networks and that would help with the licensing. I have never been in a situation where we connected multiple networks, i.e., having an external network as well as an internal network, as those kinds of solutions are not always the best. I think licensing is always a headache for everyone, and I don't know if there is a simple solution.

Which other solutions did I evaluate?

We can build GRE tunnels. Whereas, Firepower can't route traffic nor do a bit more traffic engineering within the VPN tunnels. This is what I like about using ASAs over Firepower.

Firepower Threat Defense has a mode where you can manage multiple firewalls through a single device. 

I really like how Palo Alto does a much better job separating the network functions from the firewalling functions.

I would consider if there is a need to centralize all the configurations. If you have many locations and want to centrally manage it, I would use the ASA to connect to a small number of occasions. As that grew, I would look for a solution where I could centrally manage the policies, then have a little more autonomous control over the networking piece of it.

What other advice do I have?

Know specifically what you want out of the firewall. If you are looking for something that will build the GRE tunnel so you can route between different sites, I would go with ASA over Firepower Threat Defense.

I like the ASA. I would probably rate it as eight or nine out of 10, as far as the firewalls that I have worked with.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Engineer at Teracai Corporation
MSP
One box gives us inbound/outbound access, as well as site-to-site and incoming client VPN
Pros and Cons
  • "It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go."
  • "They should work on making it a little more intuitive for users and not quite as complex. Still, it's a good product."

What is our primary use case?

Our use cases include inbound access, outbound access, as well as VPN solutions, both site-to-site and for an incoming client. We wanted something that would do all those things at one time, as opposed to having separate boxes.

Our deployment is on-premises. We're looking at going into cloud-based with some of it. Meraki is the cloud-based version of the ASAs.

How has it helped my organization?

If we have a power failure at one building, traffic can be routed to our other building. We also have backup data stores. I live in the Northeast, so in the event of ice storms that cause power outages, it really enables us to keep functioning as a company rather than going dark for the amount of time it takes to get the power back.

What is most valuable?

The GUI makes configuring it much simpler than the command line.

What needs improvement?

They should work on making it a little more intuitive for users and not quite as complex. Still, it's a good product.

For how long have I used the solution?

I've been using Cisco ASA Firewalls for 15 years.

What do I think about the stability of the solution?

It's very stable. We've had no hardware issues at all and only very infrequent software configuration issues.

What do I think about the scalability of the solution?

It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go.

How are customer service and support?

The technical support is very good. Whenever we call up Cisco, we get a rapid response. They help us in troubleshooting issues we have and we implement the solutions and go on.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

For me, there wasn't a previous solution here. I inherited the solution when I came in.

What was our ROI?

From a security standpoint, the return on investment is hard to quantify. You've stopped something that was going to cost you money, but how do you quantify that? How many times did it stop something from coming in that would have cost you a bunch of money? You don't know.

What's my experience with pricing, setup cost, and licensing?

We've compared it to other solutions, like WatchGuard and other types of firewalls in that same realm. Cisco ASAs are fairly priced and very competitive with them.

Some of the solutions we looked at had different GUI interfaces that might be a little bit easier to get around in, but they might not have had as many features. Cisco had the feature edge.

What other advice do I have?

Look at the features and consider what your migration path may be. Some other vendors offer firewalls with great bells and whistles, but when you look beneath the surface, they don't do exactly what they say. Do your due diligence and make sure you see everything.

In terms of resilience, in general, if we have any box failure, being able to fail over to another box or to fail over to another site helps measurably. Cyber security resilience is important for all organizations. The number of attacks going on just increases every day. There's a cost-benefit to building cyber security resilience. You have to get past that and build as much resiliency as you can. If you worry more about cost than you do about your product or your productivity, something else is going to fail.

Maintenance of the ASA is just the security updates that we watch for and updating the client software.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Cisco ASA Firewall
August 2022
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
620,600 professionals have used our research since 2012.
Ramish Ali - PeerSpot reviewer
Assistant Director IT at Punjab Education Foundation
Real User
Top 20
Scalable and fast but the initial setup could be easier
Pros and Cons
  • "The product is quite robust and durable."
  • "The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."

What is our primary use case?

We primarily use the solution as a firewall for our data centers. We have a medium-sized data center right now. It's about six or seven servers. We actually store the data for students and schools and need to protect it.

What is most valuable?

Overall, the solution works very well.

The solution is quite fast. We found that the speed was good and the throughput was good.

The stability has been very good.

The solution can scale as necessary.

The product is quite robust and durable. 

What needs improvement?

The solution lacks the abilities of an FTD type which are the abilities we need, and they are not in the firewall. We're looking for a next-generation firewall instead.

The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI.

The solution needs to be easier to use. Right now, it's overly complicated. 

The initial setup is a bit complex. 

The cost of the solution is very high.

The product should add free URL filtering. It's another product, or part of another product, however, it should be available as part of this offering as well.

For how long have I used the solution?

I've been using this solution for about seven or eight years at this point. It's been a while. 

What do I think about the stability of the solution?

The stability is excellent and the performance is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

The product can scale nicely. If a company would like to expand it, it can do so. 

We have about 10,000 schools use the solution in general, and 1,000 to 2,000 that use it simultaneously daily. 

How are customer service and technical support?

I don't directly deal with technical support. Typically, that's something that others on the team deal with. We have our own team within the company that, if I run into issues, I would reach out to first. I can't speak to how helpful or responsive they are. I've never had a chance to contact them. 

Which solution did I use previously and why did I switch?

I have not used other firewalls.

How was the initial setup?

The initial setup is not easy or straightforward. It's a bit complex and a little difficult.

We have three engineers on staff. They are capable of handling any maintenance.  

What's my experience with pricing, setup cost, and licensing?

The solution is quite expensive. Fortinet and other competitors are about half the price. Cisco is very expensive in comparison. They need to work to be more competitive.

Which other solutions did I evaluate?

We're currently looking into a new firewall - something that is Next Generation. We don't know what it will be yet, however, we are considering Cisco, Fortinet, or Palo Alto.

It's my understanding that Fortinet is better in graphics and has a better user experience than Cisco, however, I haven't had a chance to test anything out.

What other advice do I have?

We're just a customer and an end-user. 

We no longer have an SLA for this solution. We're potentially looking for something new.

I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey.

In general, I would rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manuel Briones - PeerSpot reviewer
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
Top 5Leaderboard
Stable with great management of dynamic routing and good technical support
Pros and Cons
  • "The initial setup was not complex."
  • "Cisco is not cheap, however, it is worth investing in these technologies."

What is our primary use case?

One of the things that we have solved the most with this solution is the P2P connection that we have with different clients. It gives us greater connection security with good management of the configured rules. 

Likewise, it has made it easier for us to have this type of equipment under monitoring, and, since we have implemented them, we have not been presented with any performance problems in the equipment as they have not presented CPU or RAM saturation or that for some reason it fails without any cause. We all have them managed and monitored. We always receive an email notifying us if there's something that the equipment has detected as well.

How has it helped my organization?

The ASA firewalls have undoubtedly helped us to improve our infrastructure throughout the corporation and currently we have just over 50 firewalls - all of them in different parts of Mexico. 

This infrastructure has been improved since, in our corporation, we handle the dynamic EIGRP protocol, which Cisco owns, and this solution has given us a geo-redundancy in our company. In case of presenting a problem with a firewall or a link, it performs an immediate convergence where end-users do not detect a failure, helping us to maintain a 99.99% operational level at all times.

What is most valuable?

I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.

What needs improvement?

Today, ASA firewalls are leaving the market and are being replaced by firepower equipment - a technology with which I am not very familiar. However, in the training or research, I have done on this new product, I see that it has many additional tools such as centralization of the administration through a single team (in the case the firepower management). It is something that we do not have, yet we are already considering it since this type of technology will help us to have better management and better administration of the equipment through a single platform. The management of additional services with this new module will certainly help us to have the internet network much more secure with connections to the outside.

For how long have I used the solution?

I've used the solution for more than seven years.

What do I think about the stability of the solution?

The solution is great in terms of stability.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and support?

Technical support is great.

Which solution did I use previously and why did I switch?

We previously used Fortigate.

How was the initial setup?

The initial setup was not complex.

What about the implementation team?

We handled the implementation in-house. 

What was our ROI?

We've seen an 80% ROI.

What's my experience with pricing, setup cost, and licensing?

Cisco is not cheap, however, it is worth investing in these technologies.

Which other solutions did I evaluate?

We always evaluate various other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at a university with 1,001-5,000 employees
Real User
Its cybersecurity resilience has been top-notch and paramount for our organization
Pros and Cons
  • "Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch."
  • "I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do."

What is our primary use case?

We pretty much use it as our edge firewall and data center firewall.

We have a colocation that is the center for all our campuses. That is where our edge firewall is. We use that for VPN as well, and it was a great thing during the pandemic because we were already ready to go with VPN. We didn't have to do anything extra on that part.

How has it helped my organization?

The solution has really enabled us to ensure our university is secure.

Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch.

What is most valuable?

The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.

What needs improvement?

I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

I would rate the stability as 10 out of 10.

We do maintenance for software updates, etc. I don't think we have had any major hardware failures.

What do I think about the scalability of the solution?

We haven't had to really scale up too much.

How are customer service and support?

The technical support is excellent. Every time that we have ever had an issue, we got a result very quickly. I would rate them as nine out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have always had ASA since I have been at the company. The ASAs were in place and we have upgraded to newer ASA Next-Generation Firewalls.

What's my experience with pricing, setup cost, and licensing?

I am not a huge fan of Cisco licensing in general. However, I wasn't really involved with the pricing. That decision was made a little higher than me.

Which other solutions did I evaluate?

We are in the middle of an upgrade to the newer Firepowers.

We have used Palo Alto for another solution and they have a better firewall. It is a whole new GUI to learn. With Palo Alto, you simply get one code, then that is your firewall. With the newer Firepowers, there are two or three different ways that you can run it. So, we currently have our data center running in ASA code, then we are doing it a different way with our edge ASA. My supervisor has complained about all the different ways that the new hardware can be configured and installed.

What other advice do I have?

Stay more up-to-date with equipment. The old equipment is what will get you, e.g., leaving Windows 7 machines on your network or 15-year-old switches.

Heavily research what can do cluster mode, HA pairs, etc. That is where we ran into the "gotchas". You have to run it in certain ways to have it clustered and run it another way to have it as an HA pair.

I would rate ASA Firewall as nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
CEO & Co-Founder at a tech services company with 51-200 employees
Real User
Good configuration support but needs a few features and better pricing
Pros and Cons
  • "The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good."
  • "You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."

What is most valuable?

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

What needs improvement?

You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch.

In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future.

For how long have I used the solution?

I have been using this solution for the last one and a half years.

What do I think about the stability of the solution?

Stability-wise, it is pretty stable. It is probably not very feature-rich, but whatever features we are using, they are pretty stable.

What do I think about the scalability of the solution?

Scalability-wise, we did not have much problem because we have a single site. If we have two or more sites, and if we want to have a site-to-site VPN and more number of users, we are not sure about the scalability. We will have to go for an updated version of the new product line. 

We have close to 80 plus users. We anticipate a huge increase in the number of users and plan to increase the usage of Cisco ASA Firewall. We may have to open a new center in a different city, which will lead to more sites, users, and usage.

How are customer service and technical support?

Their support is good, but the cost of support is very high. Next year onwards, we may not go for technical support because most of the time, they only do the configuration, and the configuration-related information is pretty much available on the internet.

Which solution did I use previously and why did I switch?

Initially, we started with some open-source alternatives, like Opium, but eventually, we thought of moving towards a proven solution. We just did a study. We didn't put the open-source solution into production. One of our customers was basically suggesting us to go with this one, and we went for it. We did not get time to go through, study, and explore different options because we didn't have the bandwidth for testing the complete features of the open-source alternatives. Therefore, we thought of going for a commercial solution. A lot of alternatives are available right now for this solution.

How was the initial setup?

The initial setup was not too complicated. It was good. 

What about the implementation team?

We took the help of a reseller for the initial configuration. 

What's my experience with pricing, setup cost, and licensing?

The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.

What other advice do I have?

I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Architect at a tech services company with 10,001+ employees
MSP
A stable and secure solution that works well
Pros and Cons
  • "Cisco tech is always good and helpful. I would rate them as 10 out of 10."
  • "Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower."

What is our primary use case?

We are using it for security on everything from small customers to big data centers.

How has it helped my organization?

It is stable. We saw benefit from this in just a few days.

What is most valuable?

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

What needs improvement?

Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower. Everything that I could wish for is in Firepower. We will probably not be doing too many new installations of ASAs since Firepower is mostly taking over.

For how long have I used the solution?

I have been using it for 15 to 20 years.

What do I think about the stability of the solution?

It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.

There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.

What do I think about the scalability of the solution?

The solution's scalability is very good.

We use it on customers who have two employees up to customers with 5,000 employees. It is also used for customers who have one site or several sites. It is all over the place

How are customer service and support?

Cisco tech is always good and helpful. I would rate them as 10 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I didn't use another solution previously.

How was the initial setup?

All our deployments have been different. Some have been really easy and others have been really complex. It could go either way: some are complex and some are easy. The complex solutions could take days or a couple of weeks to deploy. Easy solutions take a day.

If it was a big project, there would be a pre-project identifying what we were going to do and making a plan for it, then we would realize that plan. If it was a smaller thing, we would just jump into it.

What about the implementation team?

It was deployed in-house. Depending on the solution and its complexity, it could take a single person to a team of 20 people to deploy it.

What was our ROI?

Our return on investment is having a network that we don't need to think too much about. It works, and that is it.

What's my experience with pricing, setup cost, and licensing?

Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money.

AnyConnect is an extra license. If you want the IDS/IPS things, those are usually extra too.

Which other solutions did I evaluate?

I evaluated Check Point, Palo Alto, and Fortinet, but Cisco won the race. Since we were already running most of our other networking with Cisco, it felt natural to land on Cisco.

What other advice do I have?

I would rate the solution as 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Network Consulting Engineer at a comms service provider with 201-500 employees
Real User
Top 20
Easy to configure, good VPN capabilities, and the antimalware features provide extra security
Pros and Cons
  • "The most important feature is the VPN connection."
  • "I would like to see the inclusion of a protocol that can be used to protect databases."

What is our primary use case?

We are a solution provider and the Cisco ASA Firewall is one of the security products that we implement for our customers. My clients use it for security, and also to establish VPN connections.

How has it helped my organization?

My client is in the financial sector and all of the connections are doing using the VPN. This type of access makes the connections more secure.

What is most valuable?

The most important feature is the VPN connection.

My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.

Cisco ASA is easy to configure.

The integration with the security features is something that I like.

What needs improvement?

The SecureX ASA administration platform should be improved.

The orchestration of modules should be improved.

I would like to see the inclusion of a protocol that can be used to protect databases. This would be a good feature to have added.

For how long have I used the solution?

We have been working with the Cisco ASA Firewall for approximately three years.

What do I think about the stability of the solution?

I have not had problems with stability, although I have had some small issues with bugs. In general, I can operate without a problem. 

What do I think about the scalability of the solution?

It is very easy to scale this product. With SMC, you can control all levels of ASA in a central console. You can simply add a new ASA firewall to protect your network, and you will be able to control it.

We have approximately 300 users.

My clients for this solution are medium-sized organizations.

How are customer service and technical support?

I have not been in contact with technical support but I use the implementation guide. I have also used the community support and I think that it's okay. The information that I received about the configuration was good.

Which solution did I use previously and why did I switch?

Prior to Cisco ASA, my client was using Fortinet FortiGate. They switched because there were complaints about the connection being slow.

How was the initial setup?

The complexity of the setup depends on the needs and requirements of the client.

When a client does not know exactly what is needed, the complexity increases because the configuration is not clear. You really have to have a good understanding of what the client needs before configuring it.

If the model does not have SMC then it is complex to configure.

The length of time for deployment also depends on the requirements, but it will usually take between three days and one week.

What's my experience with pricing, setup cost, and licensing?

This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment.

Which other solutions did I evaluate?

My clients did evaluate other options but ultimately chose this product. Other than the VPN connection, I don't know the reasons for this decision.

What other advice do I have?

I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.