We use it for basic firewalling, building VPN tunnels, and for some remote VPN connections.
We have two ASAs servicing external remote connectivity sessions for about 300 users.
We use it for basic firewalling, building VPN tunnels, and for some remote VPN connections.
We have two ASAs servicing external remote connectivity sessions for about 300 users.
It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches.
It would be nice if it had the client to actually access the firewall. Though, web-based access over HTTPS is actually a lot nicer than having to put on a client just to access the device.
For Firepower Threat Defense and ASAs, I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down.
I have been using ASA for about three years.
It is stable.
We just run updates on them. I don't know if we have had to do any hardware maintenance, which is good.
We have been just using ASAs for a smaller environment.
I don't know if I have ever worked with ASA in a highly scalable environment.
I haven't really gotten involved with the technical support for ASAs.
I work with a lot of different companies and a number of different firewalls. A lot of times it is really about the price point and their specific needs.
This solution was present when I showed up.
The pricing is pretty standard.
I wish there was an easier way to license the product in closed environments. I have worked in a number of closed environments, then it is a lot of head scratching. I know that we could put servers in these networks and that would help with the licensing. I have never been in a situation where we connected multiple networks, i.e., having an external network as well as an internal network, as those kinds of solutions are not always the best. I think licensing is always a headache for everyone, and I don't know if there is a simple solution.
We can build GRE tunnels. Whereas, Firepower can't route traffic nor do a bit more traffic engineering within the VPN tunnels. This is what I like about using ASAs over Firepower.
Firepower Threat Defense has a mode where you can manage multiple firewalls through a single device.
I really like how Palo Alto does a much better job separating the network functions from the firewalling functions.
I would consider if there is a need to centralize all the configurations. If you have many locations and want to centrally manage it, I would use the ASA to connect to a small number of occasions. As that grew, I would look for a solution where I could centrally manage the policies, then have a little more autonomous control over the networking piece of it.
Know specifically what you want out of the firewall. If you are looking for something that will build the GRE tunnel so you can route between different sites, I would go with ASA over Firepower Threat Defense.
I like the ASA. I would probably rate it as eight or nine out of 10, as far as the firewalls that I have worked with.
Our use cases include inbound access, outbound access, as well as VPN solutions, both site-to-site and for an incoming client. We wanted something that would do all those things at one time, as opposed to having separate boxes.
Our deployment is on-premises. We're looking at going into cloud-based with some of it. Meraki is the cloud-based version of the ASAs.
If we have a power failure at one building, traffic can be routed to our other building. We also have backup data stores. I live in the Northeast, so in the event of ice storms that cause power outages, it really enables us to keep functioning as a company rather than going dark for the amount of time it takes to get the power back.
The GUI makes configuring it much simpler than the command line.
They should work on making it a little more intuitive for users and not quite as complex. Still, it's a good product.
It's very stable. We've had no hardware issues at all and only very infrequent software configuration issues.
It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go.
The technical support is very good. Whenever we call up Cisco, we get a rapid response. They help us in troubleshooting issues we have and we implement the solutions and go on.
Positive
For me, there wasn't a previous solution here. I inherited the solution when I came in.
From a security standpoint, the return on investment is hard to quantify. You've stopped something that was going to cost you money, but how do you quantify that? How many times did it stop something from coming in that would have cost you a bunch of money? You don't know.
We've compared it to other solutions, like WatchGuard and other types of firewalls in that same realm. Cisco ASAs are fairly priced and very competitive with them.
Some of the solutions we looked at had different GUI interfaces that might be a little bit easier to get around in, but they might not have had as many features. Cisco had the feature edge.
Look at the features and consider what your migration path may be. Some other vendors offer firewalls with great bells and whistles, but when you look beneath the surface, they don't do exactly what they say. Do your due diligence and make sure you see everything.
In terms of resilience, in general, if we have any box failure, being able to fail over to another box or to fail over to another site helps measurably. Cyber security resilience is important for all organizations. The number of attacks going on just increases every day. There's a cost-benefit to building cyber security resilience. You have to get past that and build as much resiliency as you can. If you worry more about cost than you do about your product or your productivity, something else is going to fail.
Maintenance of the ASA is just the security updates that we watch for and updating the client software.
We primarily use the solution as a firewall for our data centers. We have a medium-sized data center right now. It's about six or seven servers. We actually store the data for students and schools and need to protect it.
Overall, the solution works very well.
The solution is quite fast. We found that the speed was good and the throughput was good.
The stability has been very good.
The solution can scale as necessary.
The product is quite robust and durable.
The solution lacks the abilities of an FTD type which are the abilities we need, and they are not in the firewall. We're looking for a next-generation firewall instead.
The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI.
The solution needs to be easier to use. Right now, it's overly complicated.
The initial setup is a bit complex.
The cost of the solution is very high.
The product should add free URL filtering. It's another product, or part of another product, however, it should be available as part of this offering as well.
I've been using this solution for about seven or eight years at this point. It's been a while.
The stability is excellent and the performance is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
The product can scale nicely. If a company would like to expand it, it can do so.
We have about 10,000 schools use the solution in general, and 1,000 to 2,000 that use it simultaneously daily.
I don't directly deal with technical support. Typically, that's something that others on the team deal with. We have our own team within the company that, if I run into issues, I would reach out to first. I can't speak to how helpful or responsive they are. I've never had a chance to contact them.
I have not used other firewalls.
The initial setup is not easy or straightforward. It's a bit complex and a little difficult.
We have three engineers on staff. They are capable of handling any maintenance.
The solution is quite expensive. Fortinet and other competitors are about half the price. Cisco is very expensive in comparison. They need to work to be more competitive.
We're currently looking into a new firewall - something that is Next Generation. We don't know what it will be yet, however, we are considering Cisco, Fortinet, or Palo Alto.
It's my understanding that Fortinet is better in graphics and has a better user experience than Cisco, however, I haven't had a chance to test anything out.
We're just a customer and an end-user.
We no longer have an SLA for this solution. We're potentially looking for something new.
I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey.
In general, I would rate the solution at a seven out of ten.
One of the things that we have solved the most with this solution is the P2P connection that we have with different clients. It gives us greater connection security with good management of the configured rules.
Likewise, it has made it easier for us to have this type of equipment under monitoring, and, since we have implemented them, we have not been presented with any performance problems in the equipment as they have not presented CPU or RAM saturation or that for some reason it fails without any cause. We all have them managed and monitored. We always receive an email notifying us if there's something that the equipment has detected as well.
The ASA firewalls have undoubtedly helped us to improve our infrastructure throughout the corporation and currently we have just over 50 firewalls - all of them in different parts of Mexico.
This infrastructure has been improved since, in our corporation, we handle the dynamic EIGRP protocol, which Cisco owns, and this solution has given us a geo-redundancy in our company. In case of presenting a problem with a firewall or a link, it performs an immediate convergence where end-users do not detect a failure, helping us to maintain a 99.99% operational level at all times.
I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.
Today, ASA firewalls are leaving the market and are being replaced by firepower equipment - a technology with which I am not very familiar. However, in the training or research, I have done on this new product, I see that it has many additional tools such as centralization of the administration through a single team (in the case the firepower management). It is something that we do not have, yet we are already considering it since this type of technology will help us to have better management and better administration of the equipment through a single platform. The management of additional services with this new module will certainly help us to have the internet network much more secure with connections to the outside.
I've used the solution for more than seven years.
The solution is great in terms of stability.
The scalability is great.
Technical support is great.
We previously used Fortigate.
The initial setup was not complex.
We handled the implementation in-house.
We've seen an 80% ROI.
Cisco is not cheap, however, it is worth investing in these technologies.
We always evaluate various other options.
We pretty much use it as our edge firewall and data center firewall.
We have a colocation that is the center for all our campuses. That is where our edge firewall is. We use that for VPN as well, and it was a great thing during the pandemic because we were already ready to go with VPN. We didn't have to do anything extra on that part.
The solution has really enabled us to ensure our university is secure.
Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch.
The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.
I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do.
I have been using this solution for five years.
I would rate the stability as 10 out of 10.
We do maintenance for software updates, etc. I don't think we have had any major hardware failures.
We haven't had to really scale up too much.
The technical support is excellent. Every time that we have ever had an issue, we got a result very quickly. I would rate them as nine out of 10.
Positive
We have always had ASA since I have been at the company. The ASAs were in place and we have upgraded to newer ASA Next-Generation Firewalls.
I am not a huge fan of Cisco licensing in general. However, I wasn't really involved with the pricing. That decision was made a little higher than me.
We are in the middle of an upgrade to the newer Firepowers.
We have used Palo Alto for another solution and they have a better firewall. It is a whole new GUI to learn. With Palo Alto, you simply get one code, then that is your firewall. With the newer Firepowers, there are two or three different ways that you can run it. So, we currently have our data center running in ASA code, then we are doing it a different way with our edge ASA. My supervisor has complained about all the different ways that the new hardware can be configured and installed.
Stay more up-to-date with equipment. The old equipment is what will get you, e.g., leaving Windows 7 machines on your network or 15-year-old switches.
Heavily research what can do cluster mode, HA pairs, etc. That is where we ran into the "gotchas". You have to run it in certain ways to have it clustered and run it another way to have it as an HA pair.
I would rate ASA Firewall as nine out of 10.
The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.
You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch.
In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future.
I have been using this solution for the last one and a half years.
Stability-wise, it is pretty stable. It is probably not very feature-rich, but whatever features we are using, they are pretty stable.
Scalability-wise, we did not have much problem because we have a single site. If we have two or more sites, and if we want to have a site-to-site VPN and more number of users, we are not sure about the scalability. We will have to go for an updated version of the new product line.
We have close to 80 plus users. We anticipate a huge increase in the number of users and plan to increase the usage of Cisco ASA Firewall. We may have to open a new center in a different city, which will lead to more sites, users, and usage.
Their support is good, but the cost of support is very high. Next year onwards, we may not go for technical support because most of the time, they only do the configuration, and the configuration-related information is pretty much available on the internet.
Initially, we started with some open-source alternatives, like Opium, but eventually, we thought of moving towards a proven solution. We just did a study. We didn't put the open-source solution into production. One of our customers was basically suggesting us to go with this one, and we went for it. We did not get time to go through, study, and explore different options because we didn't have the bandwidth for testing the complete features of the open-source alternatives. Therefore, we thought of going for a commercial solution. A lot of alternatives are available right now for this solution.
The initial setup was not too complicated. It was good.
We took the help of a reseller for the initial configuration.
The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.
I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness.
We are using it for security on everything from small customers to big data centers.
It is stable. We saw benefit from this in just a few days.
Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.
Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower. Everything that I could wish for is in Firepower. We will probably not be doing too many new installations of ASAs since Firepower is mostly taking over.
I have been using it for 15 to 20 years.
It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.
There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.
The solution's scalability is very good.
We use it on customers who have two employees up to customers with 5,000 employees. It is also used for customers who have one site or several sites. It is all over the place
Cisco tech is always good and helpful. I would rate them as 10 out of 10.
Positive
I didn't use another solution previously.
All our deployments have been different. Some have been really easy and others have been really complex. It could go either way: some are complex and some are easy. The complex solutions could take days or a couple of weeks to deploy. Easy solutions take a day.
If it was a big project, there would be a pre-project identifying what we were going to do and making a plan for it, then we would realize that plan. If it was a smaller thing, we would just jump into it.
It was deployed in-house. Depending on the solution and its complexity, it could take a single person to a team of 20 people to deploy it.
Our return on investment is having a network that we don't need to think too much about. It works, and that is it.
Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money.
AnyConnect is an extra license. If you want the IDS/IPS things, those are usually extra too.
I evaluated Check Point, Palo Alto, and Fortinet, but Cisco won the race. Since we were already running most of our other networking with Cisco, it felt natural to land on Cisco.
I would rate the solution as 10 out of 10.
We are a solution provider and the Cisco ASA Firewall is one of the security products that we implement for our customers. My clients use it for security, and also to establish VPN connections.
My client is in the financial sector and all of the connections are doing using the VPN. This type of access makes the connections more secure.
The most important feature is the VPN connection.
My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.
Cisco ASA is easy to configure.
The integration with the security features is something that I like.
The SecureX ASA administration platform should be improved.
The orchestration of modules should be improved.
I would like to see the inclusion of a protocol that can be used to protect databases. This would be a good feature to have added.
We have been working with the Cisco ASA Firewall for approximately three years.
I have not had problems with stability, although I have had some small issues with bugs. In general, I can operate without a problem.
It is very easy to scale this product. With SMC, you can control all levels of ASA in a central console. You can simply add a new ASA firewall to protect your network, and you will be able to control it.
We have approximately 300 users.
My clients for this solution are medium-sized organizations.
I have not been in contact with technical support but I use the implementation guide. I have also used the community support and I think that it's okay. The information that I received about the configuration was good.
Prior to Cisco ASA, my client was using Fortinet FortiGate. They switched because there were complaints about the connection being slow.
The complexity of the setup depends on the needs and requirements of the client.
When a client does not know exactly what is needed, the complexity increases because the configuration is not clear. You really have to have a good understanding of what the client needs before configuring it.
If the model does not have SMC then it is complex to configure.
The length of time for deployment also depends on the requirements, but it will usually take between three days and one week.
This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment.
My clients did evaluate other options but ultimately chose this product. Other than the VPN connection, I don't know the reasons for this decision.
I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed.
I would rate this solution an eight out of ten.