IT Central Station is now PeerSpot: Here's why

Cisco ASA Firewall OverviewUNIXBusinessApplication

Cisco ASA Firewall is #6 ranked solution in best firewalls. PeerSpot users give Cisco ASA Firewall an average rating of 8 out of 10. Cisco ASA Firewall is most commonly compared to Fortinet FortiGate: Cisco ASA Firewall vs Fortinet FortiGate. Cisco ASA Firewall is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 35% of all views.
Cisco ASA Firewall Buyer's Guide

Download the Cisco ASA Firewall Buyer's Guide including reviews and more. Updated: July 2022

What is Cisco ASA Firewall?

Cisco ASA Firewall is a security device that combines firewall, intrusion prevention, virtual private network (VPN), and antivirus capabilities. Its main purpose is to provide proactive threat defense to stop attacks before they spread through the network.

Cisco ASA Firewall Features

Cisco ASA Firewall has many valuable key features, including:

  • Intrusion prevention system (IPS): Cisco ASA Firewall’s IPS provides contextual awareness.
  • Advanced threat protection: Gain protection against zero day threats (based on using global threat intelligence) .
  • Rapid threat containment: With Cisco ASA Firewall, you can proactively mitigate risks. If a threat is detected, additional security policies are applied to other network devices for increased protection.
  • High availability: Cisco ASA Firewall offers high availability for high resiliency applications
  • Integrated IPS, VPN, and unified communications capabilities
  • Multi-node clustering
  • Multi-site
  • High performance

Cisco ASA Firewall Benefits

Some of the benefits of using Cisco ASA Firewall include:

  • Superior protection from threats through CSC, IPS, and the like.
  • Better pricing means that TCO is reduced. 
  • High performance levels that can be scaled to achieve 10+ Gbps.
  • You can deploy new applications easily over secured layers.
  • Identity-based access helps you access business resources.
  • Identity-based access can be integrated with other services, such as LDAP and Microsoft Active Directory.
  • By implementing Cisco ASA Firewall, IT resources are freed up.
  • Because Cisco ASA Firewall offers effective prevention, your spyware cleanup costs decrease.

Reviews from Real Users

Below are some reviews and helpful feedback written by Cisco ASA Firewall users.

A Cisco Security Specialist at a tech services company says, “All the features are very valuable. Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution.” He goes on to add, “The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content.”

Jonathan M., Head of Information Communication Technology at National Building Society, comments, "The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks. The standard reports allow us to constantly monitor our environment and take corrective steps.

Eric H., CEO at NPI Technology Management, explains, “The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made."

Cisco ASA Firewall was previously known as Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv.

Cisco ASA Firewall Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.

Archived Cisco ASA Firewall Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
A stable firewall that our customers use as their AnyConnect VPN solution
Pros and Cons
  • "The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one."
  • "One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes."

What is our primary use case?

We are an ISP, so it's primarily for customer firewalls that we help customers setup and maintain. While we do use Cisco ASA in our company, we mostly configure it for customers. Our customers use it as a company firewall and AnyConnect VPN solution.

How has it helped my organization?

A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.

What is most valuable?

The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one. It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.

What needs improvement?

One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes. If you use Cisco ASDM with the command line configuration, it can look a bit messy. We have some people who use them both. If you use one, it's not a problem. If you use both, it can be an issue.
Buyer's Guide
Cisco ASA Firewall
July 2022
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,812 professionals have used our research since 2012.

For how long have I used the solution?

For five or six years.

What do I think about the stability of the solution?

We haven't had any issues with the firewalls. The maturity of our company's security implementation is good. We are very satisfied as long as we maintain the software. It has needed to be updated quite a few times.

What do I think about the scalability of the solution?

We don't have any firewalls that can handle more than a couple of gigabits, which is pretty small. I think the largest one we have is the 5525-X, though we haven't checked it for scalability. In my company, there are probably 16 people (mostly network engineers) working with the solution: seven or eight from my group and the others from our IT department.

How are customer service and support?

I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.

Which solution did I use previously and why did I switch?

This was the first firewall solution that I worked with.

How was the initial setup?

The initial setup has been pretty straightforward. We have set up a lot of them. The solution works. The deployment takes about half an hour. It takes a little longer than if we were using their virtual firewalls, which we could implement in a minute.

What about the implementation team?

We have a uniform implementation strategy for this solution. We made some basic configurations with a template which we just edited to fit a customer's needs. 

What was our ROI?

We haven't notice any threats. The firewalls is doing its job because we haven't noticed any security issues.

What's my experience with pricing, setup cost, and licensing?

The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference.

Which other solutions did I evaluate?

Our company has five or six tools that it uses for security. For firewalls, we have Check Point, Palo Alto, Juniper SRX, and CIsco ASA. Those are the primary ones. I think it's good there is some diversity.  The GUI for Cisco ASA is the easiest one to use, if you get it to work. Also, Cisco ASA is stable and easy to use, which are the most important things.

What other advice do I have?

We use this solution with Cisco CPEs and background routers. These work well together.  We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now. We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD. I would rate the product as an eight (out of 10).
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CSD Manager at BTC
Reseller
Automated policy application and enforcement saves significant time when adding devices, users, or new locations
Pros and Cons
  • "The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."
  • "Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is."

What is our primary use case?

We are a Cisco partner and we implement solutions for our customers who are generally in the banking sector and other private sectors.

They are using it as a data center firewall and to secure their internet connections. Our customers usually integrate the firewall with ISE, with a Firepower module for IPS, and there are some NAC solutions.

How has it helped my organization?

The solution enhances the performance of the network. It blocks most of the threats and it updates attack signatures so it protects customer data better. The loss of data would be a crisis for any customer. With the deep inspection and analysis and the threat updates, it gives you more protection and safety.

Our clients use automated policy application and enforcement. For example, when you have a very big deployment or a bank needs to deploy more branches, this saves a lot of time when doing the implementation. Similarly, when you add more users or you add more devices, when you create a profile of the policies, they will be available in a matter of minutes, regardless of the number of branches or users or applications. It reduces the time involved in that by 75 percent.

What is most valuable?

The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.

The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products.

Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco. 

It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat.

One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic.

In addition, Talos is an enhancement to Cisco firewalls, and provides a better view.

The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes.

What needs improvement?

When I deal with other firewalls like Palo Alto or Fortinet, I think there is some room for performance tuning and enhancement of the ASA. I'm not saying there is a performance issue with the product, but when compared to others, it seems the others perform a little bit better.

There could be enhancements to the cloud part of the solution. It's good now, but more enhancements would be helpful.

Finally, security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.

For how long have I used the solution?

I have been using Cisco ASA NGFW for more than 10 years.

What do I think about the stability of the solution?

The ASA is stable. There may be some small stability issues, when compared to others, but it is a stable product. There could be enhancements to the ASA in this area when compared to other vendors, but it is not a problem with the product.

What do I think about the scalability of the solution?

It is scalable, with virtualization and other features.

In terms of future-proofing our customers' security, we recommend the ASA. We have tested it in large environments and it's working well. The lesson I have learned from using Cisco ASA is that Cisco's research is continuous. They provide enhancements every day. It's a product for the future.

How are customer service and technical support?

Technical support is a very strong point in Cisco's favor. I would rate it very highly. The support is excellent.

How was the initial setup?

The setup is of medium difficulty. It is not very complex. Generally, when working in the security field, things are a little bit complex because you are integrating with many vendors and you are defending against a lot of different kinds of attacks.

The amount of time it takes to deploy the ASA depends on the complexity of the site where it is being set up. On average, it can take about a week. It could be that there are many policies that need to be migrated, and it depends on the integration. For the initial setup, it takes one day but the amount of time it takes beyond that depends on the security environment.

What was our ROI?

Our customers definitely see return on investment with Cisco ASA because when you protect your network there is ROI. If you lose your data you have a big loss. The ROI is in the security level and the protection of data.

What's my experience with pricing, setup cost, and licensing?

The value of the pricing needs to be enhanced from Cisco because there are a lot of competitors in the market. There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.

What other advice do I have?

My advice is to take care of and monitor your policies and be aware of the threats. You also have to be careful when changing policies. When you do, don't leave unused policies around, because that will affect performance. You should have audits of your firewall and its policies and follow the recommendations from Cisco support.

Among the things I have learned from using Cisco ASA is that integration is easy, especially with Cisco products. And the support helps you to integrate with anything, so you can integrate with products outside of the Cisco family as well.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Cisco ASA Firewall
July 2022
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,812 professionals have used our research since 2012.
Othniel Atseh - PeerSpot reviewer
Network Security Consultant at a consultancy with 1-10 employees
Consultant
URL filtering and easy integration with other Cisco products are key features for us
Pros and Cons
  • "If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering."
  • "It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple."
  • "One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."

What is our primary use case?

The first time I deployed Cisco ASA was for one of our clients. This client had a Palo Alto firewall and he wanted to migrate. He bought an ASA 2505, and he wanted us to come in and deploy it and, after that, to put in high-availability. We deployed it and the high-availability means that in case one fails, there is a second one to take over.

I have deployed Cisco ISE and, in the same environment, we had a Cisco FTD. In that environment, we were using the ASA for VPN, and we were using the FTD like an edge device. The ASA was deployed as VPN facilitator and for the wireless part too, so that the wireless network was under the ASA firewall.

What is most valuable?

If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.

Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.

When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected.

Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial.

When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good.

What needs improvement?

One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection. Right now, threats and attacks are becoming more and more intense, and I don't think that the ASA is enough. I think this is why they created FTD.

Also, Cisco is not so easy to configure.

For how long have I used the solution?

I have been using and deploying Cisco ASA for two to three years. 

What do I think about the stability of the solution?

Cisco ASA is stable.

What do I think about the scalability of the solution?

It's scalable. You can integrate AD, you can integrate Cisco NAC. You can integrate quite a lot of things so that makes it scalable.

How was the initial setup?

When you configure the ASA, there is already a basic setup there. Based on your environment, you need to customize it. If you understand security and firewalls very well, you can create your own setup.

For me, the initial setup is easy, but is it good? Because from a security perspective, you always need to customize the initial setup and come up with the setup that fits with your environment. So it's always easy to do the initial setup, but the initial setup is for kids in IT.

The time it takes to set up the ASA depends on your environment. For a smaller deployment, you just have the one interface to configure and to put some policies in place and that's all. If you are deploying the ASA for something like a bank, there are a lot of policies and there is a lot of testing to do, so that can take you all night. So the setup time really depends on your environment and on the size of the company as well.

What's my experience with pricing, setup cost, and licensing?

When it comes to Cisco, the price of everything is higher.

Cisco firewalls are expensive, but we get support from Cisco, and that support is very active. When I hit an issue when I was configuring an FTD, as soon as I raised a ticket the guy called me and supported me. Cisco is very proactive.

I had the same kind of issue when I was configuring a FortiGate, but those guys took two or three days to call me. I fixed the issue before they even called me.

Which other solutions did I evaluate?

I have used firewalls from Fortinet, Palo Alto, and Check Point. To configure an ASA for VPN, there are a lot of steps. When it comes to the FortiGate, it's just a few clicks. FortiGate also has built-in templates for configuring VPN. When you want to create a VPN between FortiGate and FortiGate, the template is already there. All you need to do is enter an IP address. When you want to configure a VPN with a third-party using the FortiGate, and say the third-party is Cisco, there is a VPN template for Cisco built into the FortiGate. So FortiGate is very easy to configure, compared to Cisco. But the Cisco firewall is powerful.

Check Point is something like Cisco but if I have to choose between Cisco and Check Point firewalls, I will choose Cisco because of all the features that Cisco has. With Cisco you can do a lot of things, when it comes to advanced malware protection and IPS. Check Point is very complicated to manage. They have recently come out with Infinity where there is a central point of management.

Palo Alto has a lot of functionality but I haven't worked on the newer models.

What other advice do I have?

Cisco firewalls are not for kids. They are for people who understand security. Now I know why people with Cisco training are very good, because they train you to be competent. They train you to have ability. And when you have ability, their firewall becomes very easy to configure.

When Cisco is teaching you, Cisco teaches you the concept. Cisco gives you a concept. They don't focus on how to configure the device. With Fortinet, for instance, Fortinet teaches you how to configure their device, without giving you the concepts. Cisco gives you the concepts about how the technology is working. And then they tell you how you are going to configure things on their box. When you are an engineer and you understand the technology from Cisco, it means that you can drive everything, because if you understand Cisco very well, you can work with FortiGate. If you understand security from Cisco, it means that you can configure everything, you can configure every firewall. This is why I like Cisco.

When it comes to other vendors, it's easy to understand and it's easy to configure, but you can configure without understanding. And when you configure without understanding, you can't troubleshoot. To troubleshoot, you need understanding. 

I'm a security analyst, so I deal with everything about firewalls. I'm talking about ASA firewalls, and I'm talking about ASA with Firepower, FTD, and Cisco Meraki MX. When it comes to security tools I am comfortable with Cisco and everything Cisco.

One of our clients was using Cisco ASA. They got attacked, but I don't think that this attack came from outside their company. They were managing their firewall and configuring everything well, but they were still getting attacks. One of their employees had been compromised and his laptop was infected. This laptop infected everything in the organization. So the weakest link can be your employees.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jonathan Muwanga - PeerSpot reviewer
Head of Information Communication Technology at National Building Society
Real User
Standard reports allow us to constantly monitor our environment and take corrective steps
Pros and Cons
  • "The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks."
  • "If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges."

What is our primary use case?

We use the Cisco firewall for a number of things. We've got VPN tunnels, IPsec tunnels. We also use it for basic network layer filtering for our internal service, because we have a number of services that we offer out to clients, so that is the first device that they come across when they get into the network.

We have a network of six remote sites and we use proxy to go to the internet, and from the internet Cisco is the first line of defense. We have internet banking services that we offer to our clients, and that also makes use of the Cisco firewall as the first line of defense. And we've got a number of servers, a Hyper-V virtual environment, and we've got a disaster recovery site.

We had VAPT (vulnerability assessment and pen testing) done by external people to see our level of security from inside and outside and they managed to find some deficiencies inside. That's when they recommended that we should put in network access control. By integrating the ASA with Cisco ISE, that is what we are trying to achieve.

The whole idea is to make sure that any machines that are not on our domain should not be able to connect to the network. They should be blocked.

We also have Cisco switches deployed in our environment. All our active switches are Cisco. The ASA is integrated with them. This integration was done by a combination of our Cisco partner and in-house, because we did this at the time of setting up the infrastructure in 2016.

How has it helped my organization?

The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks. The VPN is also helpful.

What is most valuable?

Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed.

What needs improvement?

We have the ASA integrated with Cisco ISE for network access control. The integration was done by our local Cisco partner. It took them about a month to really get the solution up and running. I would like to believe that there was some level of complexity there in terms of the integration. It seems it was not very easy to integrate if the experts themselves took that long to really come up with a working solution. Sometimes we had to roll back during the process.

Initially, when we put it up, we were having issues where maybe it would be barring things from users completely, things that we wanted the users to access. So we went through fine tuning and now I think it's working as we expect.

For how long have I used the solution?

We have been using Cisco ASA NGFW since 2016, when we launched.

What do I think about the stability of the solution?

The ASA is utilized 100 percent of the time. It's up all the time as it's a perimeter firewall. It's always up. It's our first line of defense. It's quite robust, we've never had issues with it. It's very stable.

What do I think about the scalability of the solution?

We haven't maxed it out in terms of its capacity, and we've got up to about 200 users browsing the internet at any given time. In terms of throughput, we've got an ASA 5525 so it handles capacity pretty well. There aren't any issues there.

How are customer service and technical support?

We have a Cisco partner, so if ever we did have issues we'd go through them, but up until now — this bank has been open for four years — we've never had an issue with the Cisco firewall.

Which solution did I use previously and why did I switch?

We went with Cisco because it's a reputable brand and we also have CCNP engineers in our team as well. It's the brand of choice. We were also familiar with it from our past jobs.

What was our ROI?

The ROI is the fact that we haven't been attacked.

What's my experience with pricing, setup cost, and licensing?

It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on FortiGate. That's where we really give Cisco firewalls the thumbs up.

From the point of view of total cost of ownership, the perpetual licensing works well in countries like ours, where we are facing challenges with foreign exchange. Trying to set up foreign payments has been a challenge in Zimbabwe, so the fact that we don't have to be subscribed and pay licenses on an annual basis works well. If you look at FortiGate, it's a good product, but we are always under pressure when renewal time comes.

Where Cisco falls a bit short is because of the fact that, if I want IPS, I have to buy another license. That's why I have my reservations with it. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges. That's unlike our next-gen FortiGate where everything comes out-of-the-box.

What other advice do I have?

My advice is "go for it," 100 percent. If ever I was told to implement a network, ASA would definitely be part and parcel of the solution.

The biggest lesson we've learned from using the product is about the rapid growth of the product's offerings.

In terms of the maturity of our organization's security implementation, I would like to believe that we are about midway. We still need to harden our security. We need to conduct penetration testing every two years and, resources permitting, maybe yearly. The guys out there who do cyber security crimes are becoming more and more advanced, so there is a need for us to also upgrade our security.

We have a two-layer firewall setup, which is what is recommended as the standard for the payment card industry. We probably need solutions linked with cloud providers from the likes of Cisco, and to put in some bank-grade intrusion detection solutions. Because we have already adopted two technologies, Cisco and FortiGate, we might be looking at solutions from those two providers.

We're also looking at end-point security solutions. We've been using the one which comes with our Office 365 and Microsoft product, Windows Defender. We are going to be trialing their new end-point management solution. We are trying to balance things from a cost point of view and providing the right level of security.

In addition to Windows Defender and the firewalls — ASA and FortiGate — and the network access control, we also have SSL for the website.

As for application visibility and control, currently we're just using logging. We don't have the Firepower installed, so it's just general logging and scheduled checks here and there. As for threat visibility, for us the ASA is a perimeter firewall. Behind that firewall we have an IDS and an IPA. We actually have the license for Firepower but we haven't implemented it; it was just an issue of priorities at the time.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Specialist at a financial services firm with 501-1,000 employees
Real User
Top 20
Automated policies save us time
Pros and Cons
  • "On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you."

    What is our primary use case?

    Some are being used as edge firewalls and others are for our server-farm/data center. So some are being used as transparent firewalls and others are used as a break between the LAN and WAN.

    In addition to the firewalls, we have Mimecast for email security as we're using Office 365. We're also using IBM's QRadar for SIEM. For antivirus we're just using Microsoft Windows Defender. We also have an internet proxy for content and for that we're using NetScaler.

    How has it helped my organization?

    Automated policies definitely save us time. I would estimate on the order of two hours per day.

    What is most valuable?

    On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed.

    It's not so difficult to pull out reports for what we need.

    It comes with IPS, the Intrusion Prevention System, and we're also using that.

    For how long have I used the solution?

    I've been using Cisco ASA NGFW for five years.

    What do I think about the stability of the solution?

    The stability is quite good. We haven't had issues. I've used them for five years now and I haven't seen any hardware failures or software issues. They've been running well. I would recommend them for their reliability.

    What do I think about the scalability of the solution?

    You can extend your network. They are cool. They are good for scalability.

    How are customer service and technical support?

    We have a Cisco partner we're working with. But if they're struggling to assist us then they can log a ticket for us. Our partner is always a 10 out of 10.

    What was our ROI?

    Given that we have been upgrading with Cisco firewalls, I would say that our company has seen a return on investment with Cisco. We would have changed to a different product if we were not happy.

    The response time from the tech and the support we get from our partner is quite good. We have never struggled with anything along those lines, even hardware RMAs. Cisco is always there to support its customers.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is quite fair for what you get. If you're comparing with other products, Cisco is expensive, but you do get benefits for the price.

    Which other solutions did I evaluate?

    The firewall that I was exposed to before was Check Point.

    What other advice do I have?

    It's very good to get partner support if you're not very familiar with how Cisco works. Cisco Certified Partner support is a priority.

    For application visibility and control we're using a WAN optimizer called Silver Peak.

    To replace the firewalls within our data center we're planning to put in FMCs and FTDs. With the new FMCs what I like is that you don't need to log in to the firewalls directly. Whatever changes you do are done on your FMCs. That is a much needed improvement over the old ASAs. You can log in to the management center to make any configuration changes. 

    There are two of us managing the ASAs in our company, myself and a colleague, and we are both network specialists. We plan to increase usage. We're a company of 650 employees and we also have consultants who are coming from outside to gain access to certain services on our network. We need to make provisions on the firewall for them.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Cisco Security Specialist at a tech services company with 10,001+ employees
    Real User
    Robust solution that integrates well with both Cisco products and products from other vendors
    Pros and Cons
    • "If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning."
    • "Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough."

    What is our primary use case?

    The ASAs are a defense solution for companies. Many of them use the AnyConnect or the VPN licenses. They also use it to have a next-generation firewall and to be compliant with GDPR.

    The majority of our usage of the solution is on-prem or hybrid. The culture, here in Portugal — even knowing that the future is full cloud, in my opinion — is to only be on the way to full cloud.

    What is most valuable?

    All the features are very valuable. 

    Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users.

    The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago. 

    Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA.

    Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center.

    What needs improvement?

    My concern in the 21st century, with ASA, is the front-end. I think Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough. They probably still make a good profit even with the front-end being difficult, but it's not easy. It's not user-friendly. All the configuration procedures are not user-friendly.

    Also, they launched the 1000 series for SMBs. They have all the same features as the enterprise solutions, but the throughput is less and, obviously, the price is less as well. It's a very nice appliance. However, imagine you buy one, take it out of the box to connect it and the device needs one hour or two hours to start up. That is a pain and that is not appropriate for the 21st century. They should solve that issue.

    Another issue is that when you integrate different Cisco solutions with each other, there is an overlap of features and you need to turn some of them off, and that is not very good.  If you don't, and you have overlap, you will have problems. Disabling the overlap can be done manually or the solution can identify that there is already a process running, and will tell you to please disable that function.

    For today's threats, for today's reality, you need to add solutions to the ASA, either from Cisco or from other vendors, to have a full security solution in an enterprise company.

    For how long have I used the solution?

    I've been using Cisco ASA NGFW for almost two years.

    What do I think about the stability of the solution?

    The stability of the ASA is perfect. There is no downtime. And you can have redundancy as well. You can have two ASAs working in Active-Passive or load balancing. If the product needs a restart, you don't have downtime because you use the other one. From that point of view it's very robust.

    What do I think about the scalability of the solution?

    You can go for other models for scalability and sort it out that way.

    My suggestion is to think about scalability and about your tomorrow — whether you'll increase or not — and already think about the next step from the beginning.

    How are customer service and technical support?

    Cisco's technical support for ASA is very good. I have dealt with them many times. They are very well prepared. If you have a Smart Account, they will change your device by the next business day. That is a very good point about Cisco. You have to pay for a Smart Account, but it's very useful.

    How was the initial setup?

    The initial setup is very complex. You need to set a load of settings, whether from the CLI or the GUI. It's not an easy process and it should be. That is one of the reasons why many retailers don't go for Cisco. They know Cisco is very good. They know Cisco does ensure security, that it is one of the top-three security vendors, but because of the work involved in the implementation, they decide to go with other solutions.

    There are two possibilities in terms of deployment. If we go to a client who is the ASA purchaser and they give us all their policies, all their permissions, and everything is organized, we can deploy, with testing, in one full day. But many times they don't know the policies or what they would like to allow and block. In that scenario, it will take ages. That's not from the Cisco side but because of the customer.

    One person, who knows the solutions well, is enough for an ASA deployment. I have done it alone many times. After it's deployed, the number of people needed to maintain the solution depends on their expertise. One expert could do everything involved with the maintenance.

    What's my experience with pricing, setup cost, and licensing?

    When it comes to security, pricing should not be an issue, but we know, of course, that it is. Why is an Aston Martin or a Rolls Royce very expensive? It's expensive because the support is there at all times. Replacement parts are available at all times. They offer a lot of opportunities and customer services that others don't come close to offering. 

    Cisco is expensive but it's a highly rated company. It's one of the top-three security companies worldwide.

    Which other solutions did I evaluate?

    I can see the differences between Cisco and Check Point. 

    Cisco has a solution called Umbrella which was called OpenDNS before, and from my point of view, Umbrella can reduce 60 percent of the attack surface because it checks the validity of the DNS. It will check all the links you click on to see if they are real or fake, using the signature link. If any of them are unknown, they will go straight to the sandbox. Those features do not exist with Check Point.

    What other advice do I have?

    Cisco ASA is a very robust solution. It does its job and it has all the top features. If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning. It lacks when it comes to the configuration steps and the pain that that process is. You need to spend loads of time with it at setup. Overall, it does everything they say it does.

    It's a very good solution but don't only go with the ASA. Go for Cisco Umbrella and join them together. If you have remote employees, go for AnyConnect to be more than secure in your infrastructure.

    You cannot do everything with Cisco Defense Orchestrator. You have a few options with it but cannot do everything from the cloud if you are connected with the console of a device. You don't have all the same options, you only have some options with it. For example, you can manage the security policies, all of them, from the cloud. However, not all the settings and all the things you can do when in front of the device are available with CDO. What you see is what you get.

    Most companies using ASA are big companies. They are not SMB companies. There are very few SMB companies using it. There are the banks and consulting companies, the huge ones. Usually the ASAs are for massive companies.

    Our reality in Portugal is a little different. I was at a Cisco conference here in Lisbon and the guy said, "Oh, we have this solution," — it was for multi-factor authentication — "and we have different licenses. We have a license for 40,000 and for 20,000 users. And I was thinking, "This guy doesn't know Portuguese reality. There are no companies in Portugal with 40,000 employees."

    Large companies who do use ASA use various security tools like IPS and Layer 7 control. From my experience, and from common sense, it's best to have solutions from different vendors joining together. The majority have defense products for the deterrent capacities they need to achieve security. Our clients also often have Cisco ISE, Identity Service Engine. It's a NAC solution that integrates perfectly with ASA and with AnyConnect as well.

    As for future-proofing your security strategy, ASA is the perfect solution if you integrate other Cisco solutions. But the ASA alone will not do it because it does not handle some of the core issues, like full visibility of the network, the users, the machines, the procedures, and the applications, in my opinion.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    KUMAR SAIN - PeerSpot reviewer
    Network Security Administration at Rackspace Technology
    Real User
    Provides DDoS protection and multi-factor authentication
    Pros and Cons
    • "They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality."
    • "Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic."

    What is our primary use case?

    Our business requirements are URL filtering and threat protection. We're using the Cisco 5525 and 5510 series. We have eight to 10 firewalls.

    Our company is looking for vendors who can protect from the current, advanced technologies. We are looking for any technology that protects from the most threats, and that covers things like DDoS protection, spyware, and SSL.

    How has it helped my organization?

    We feel secure using Cisco firewalls. That's why we're using them. Cisco has never disappointed us, from a business point of view.

    What is most valuable?

    Cisco provides the most solutions.

    We use some of our Cisco firewalls offsite. They provide DDoS  protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy.

    What needs improvement?

    Cisco needs to work more on the security and tech parts. Palo Alto gives a complete solution. Customers are very happy to go with Cisco because they have been around a long time. But that's why we are expecting from Cisco to give us a solution like Palo Alto, a complete solution. 

    Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic. There is a focus on SSL traffic, encrypted traffic. Cisco firewalls are not powerful enough to check the behavior of SSL traffic. Encrypted traffic is a priority for our company.

    In addition, while Cisco Talos is good, compared to the market, they need to work on it. If there is an attack, Talos updates the IP address, which is good. But with Palo Alto, and possibly other vendors, if there is an attack or there is unknown traffic, they are dealing with the signature within five minutes. Talos is the worst around what an attacker is doing in terms of updating bad IPs. It is slower than other vendors.

    Also, Cisco's various offerings are separate. We want to see a one-product, one-box solution from Cisco.

    For how long have I used the solution?

    I have been working on the security side for the last one and a half years. The company has been using Cisco ASA NGFW for three to four years.

    What do I think about the stability of the solution?

    The stability is good. It's the best, around the world.

    What do I think about the scalability of the solution?

    The scalability is also good. But in terms of future-proofing our security strategy, it depends on the points I mentioned elsewhere that Cisco needs to work on.

    How are customer service and technical support?

    We are getting the best support from Cisco and we are not getting the best support from Palo Alto.

    What's my experience with pricing, setup cost, and licensing?

    In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.

    Which other solutions did I evaluate?

    Cisco is the most tested product and is more reliable than others. But Cisco needs to work on the security side, like website protection and application behavior. We have more than 40 locations around the world and all our customers are expecting Cisco. If Cisco provides the best solution, we can go with Cisco rather than with other vendors.

    Palo Alto gives the best solution these days, but the problem is that documentation of the complete solution is not available on their site. Also, Palo Alto's support is not as good as Cisco's. We don't have a strong bond with Palo Alto. The longer the relationship with any vendor, the more trust you have and the more it is stable. We are more comfortable with Cisco, compared to Palo Alto.

    What other advice do I have?

    If you're looking for a complete solution, such as URL filtering and threat protection, we recommend Palo Alto firewalls, but this Cisco product is also good.

    We are using three to four security tools: one for web security, and another tool for application security, and another for email security. For email we have an Office 365 email domain so we are using other tools for that. For firewall security we are using Cisco ASA, Palo Alto, and Fortinet for protecting our business.

    We have about 15 people on my team managing the solutions. They are network admins, and some are in security.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    CEO at a security firm with 1-10 employees
    Reseller
    Has solid encryption and the stability is good
    Pros and Cons
    • "The most valuable feature is that the encryption is solid."
    • "It is expensive."

    What is our primary use case?

    My primary use case is to have as VPN hardware. I have 2,000 providers. I am a reseller and as such, I am connected to telcos. I use ASA because our providers use Cisco in their core network as well. 

    How has it helped my organization?

    We had a situation where our network was down and the telecom providers at Cisco support helped us to resolve those issues. The downtime was brought down to a minimum.

    What is most valuable?

    The most valuable feature is that the encryption is solid. 

    For how long have I used the solution?

    I have been using Cisco ASA for thirteen years. 

    What do I think about the scalability of the solution?

    What I use now is sufficient based on the traffic that we are generating. We won't have to expand.  

    We have two providers for ASA. There is only one administrator. We have about 1.2 million connections going through one ASA per month.

    How are customer service and technical support?

    Their technical support is very good. 

    Which solution did I use previously and why did I switch?

    I didn't previously use a different solution. We used Cisco and then we upgraded to ASA. 

    How was the initial setup?

    The initial setup was straightforward. To set up the VPN we are able to set up the feature key networks that are going to talk to each other. We can set up what access is going to be used. The connection was set up in one or two days. 

    We set it up twice. The first time it took four hours and the second time took ten hours spread out over two days. 

    What was our ROI?

    I have seen ROI. We use ASA because our provider uses it and they have support. The provider initiates the support with Cisco. The support is good. The license for the support is expensive. 

    What's my experience with pricing, setup cost, and licensing?

    It is expensive. 

    What other advice do I have?

    I would recommend this solution. If you have the money, it's a very stable product. Make sure to keep critical spare parts. You might have for instance some modules that will need acceleration cards and those types of things.

    I would rate it a nine out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Security Officer at a government
    Real User
    Gives us visibility into potential outbreaks as well as malicious users trying to access the site
    Pros and Cons
    • "For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world."
    • "We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out."

    What is our primary use case?

    We use them for perimeter defense and for VPN, and we also do web filtering.

    We're using ASAs at the moment. Going forward, we'll probably look at the FirePOWERs. We currently have anywhere from low end to the mid-range, starting with 5506s all the way up to 5555s. Everything is on-prem.

    We have a total of five different security tools in our organization. A couple of them complement each other so that's one of the reasons that we have so many, instead of just having one. For an organization like ours, it works out pretty well.

    We are a utility owned by a municipality, with a little over 200 employees in multiple locations.

    How has it helped my organization?

    Our response time has improved considerably. Rather than getting an alert from an antivirus which could be instantaneous or missed, we can take a look at the console of the Sourcefire Defense Center and identify the device. We can peek into it and see the reason it was tagged, what kind of event it encountered. We can then determine if it was something legit — a false positive — or a positive.

    It has improved the time it takes to do mediation on end-user devices. Instead of it being anywhere from ten to 15 to 30 minutes, we can potentially do it within about five minutes or under, at this point. In some cases, it can even be under a minute from when the event happens. By the time end-user gets a message popping up on their screen, a warning about a virus or something similar from one of the anti-malware solutions that we have, within under a minute or so they are isolated from the network and no longer able to access any resources.

    What is most valuable?

    For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. 

    Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos.

    We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point.

    What needs improvement?

    We've seen, for a while, that the upcoming revisions are not supported on some of 5506 firewalls, which had some impact on our environment as some of our remote sites, with a handful of users, have them. 

    We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out. I would like to test it out and see what kind of improvements in performance it has, or at least what capabilities the Sourcefire FireSIGHT firmware is on the ASA and how well it works.

    For how long have I used the solution?

    We've been using next-gen firewalls for about four years.

    What do I think about the stability of the solution?

    With the main firewall we haven't had many issues. It's been pretty stable. I would rate it at 99.999 percent. Although I think it's very well known in the industry that there was a clock issue with the 5506 and the 5512 models. Their reliability has been far less. I wouldn't give those five-nine's. I would drop it down to 99 percent. Overall, we find the product quite stable.

    What do I think about the scalability of the solution?

    We are a very small environment. Based on our scale, it's been perfect for our environment.

    How are customer service and technical support?

    Their tech support has been pretty good. If the need arises, I contact them directly. Usually, our issues get resolved within 30 minutes to an hour. For us, that's pretty good.

    Which solution did I use previously and why did I switch?

    We were using multiple products in the past. Now, we have it all centralized on one product. We can do our content filtering and our firewall functions in the same place. The ASAs replaced two of the security tools we used to use. One was Barracuda and the other was the because of tools built into the ASAs, with IPX, etc.

    When we switched from the Barracuda, familiarity was one of the biggest reasons. The other organizations I've worked in were pretty much doing Cisco. I'm not going to deride the Barracuda. I found it to be pretty close, performance-wise. In some cases, it was pretty simple to use versus the Sourcefire management console. However, when you went into the nitty gritty of things, getting down to the micro level, Sourcefire was far ahead of Barracuda.

    How was the initial setup?

    We found the initial setup to be pretty straightforward the way we did it. We ended up doing one-on-one replacement. But as the environment grew and the needs grew, we ended up branching it off into different segmentations.

    Going from two devices to five devices took us a little over a year. That was all at one location though. We branched it off, each one handling a different environment. 

    For the first one, since it was new to us and there were some features we weren't familiar with, we had a partner help us out. Including configuring, install, bringing it into production, and going through a learning process — in monitoring mode — it took us about two to three days. Then, we went straight into protective mode. Within three years we had a Sourcefire ruleset on all that configured and deployed.

    It was done in parallel with our existing infrastructure and it was done in-line. That way, the existing one did all the work while this one just learned and we watched what kind of traffic was flowing through and what we needed to allow in to build a ruleset.

    It took three of us to do the implementation. And now, we normally have two people maintain the firewalls, a primary and a secondary.

    What about the implementation team?

    We use JKS Systems. We've been with them for 16-plus years, so our experience with them has been pretty good. They help with our networking needs.

    What was our ROI?

    On the engineering side we have definitely seen ROI. So far, we haven't had much downtime in our environment.

    What's my experience with pricing, setup cost, and licensing?

    Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.

    The only additional cost is Smart NET. That also depends on whether you're doing gold or silver, 24/7 or 8/5, etc.

    What other advice do I have?

    The biggest lesson I've learned so far from using the next-gen firewall is that it has visibility up to Layer 7. Traditionally, it was IP or port, TCP or any protocol we were looking for. But now we can go all the way up to Layer 7, and make sure STTP traffic is not a bit torn. That was something that we did not have before on the up-to-Layer-3 firewall.

    Do your research, do your homework, so you know what you're looking for, what you're trying to protect, and how much you can manage. Use that to narrow down the devices out there. So far, in our environment, we haven't had any issues with the ASA firewalls.

    From the first-gen, we have seen that they are pretty good. We are pretty content and happy with them.

    The solution can help with the application visibility and control but that is one portion we have really not dived into. That's one of the things we are looking forward to. As a small utility, a small organization, with our number of employees available, we can only stretch things so far. It has helped us to identify and highlight things to management. Hopefully, as our staff grows, we'll be able to devote more towards application visibility and all the stuff we really want to do with it.

    Similarly, when it comes to automated policy application and enforcement, we don't use it as much as we would like to. We're a small enough environment that we can do most of that manually. I'm still a little hesitant about it, because I've talked to people where an incident has happened and quite a bit of their devices were locked out. That is something we try to avoid. But as we grow, and there are more IoT things and more devices get on the network, that is something we'll definitely have to do. As DevNet gets going and we get more involved with it, I'm pretty sure more automation on the ASA, on the network side and security side, will take place on our end.

    We do find most of the features we are looking on the ASA. Between the ASA firewall and the Sourcefire management console, we have pretty much all the features that we need in this environment.

    In terms of how the solution future-proofs our organization, that depends. I'm waiting to find out from Cisco what their roadmap is. They're still saying they're going to stick with ASA 55 series. We're also looking at the Sourcefire FireSIGHT product that they have for the firewalls. It depends. Are they going to continue to stick with the 55s or are they going to migrate all that into one product? Based on that, we'll have to adjust our needs and strategize.

    If I include some of the hiccups we had with the 5506 models, which was a sad event, I would give the ASAs a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Senior Network Engineer at Orvis Company, Inc
    Real User
    Policy rulesets are key, and upgrades are relatively seamless in terms of packet loss
    Pros and Cons
    • "The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall."
    • "Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help."

    What is our primary use case?

    We use them to block or allow traffic out to the internet and to control a handful of DMZs. Overall, they're for access control. We do IPS and IDS as well.

    We have the FMC (FirePOWER Management Center) which manages the 4110s and we have 5516s and the ASA5545-Xs. It's an ASA running the Next Generation Firewall code. We're using all of the FMC with 6.4.04, so they're all running the Next Generation Firewall code. We deploy the software on-prem.

    How has it helped my organization?

    The information coming from Talos does a good job. It marks that information and bumps it up to us. We have rules where we are getting alerts and it does a good job as far as giving us alerts goes. Talos is pretty well-respected. I like the fact that Cisco is working with them and getting the information from them and updating the firewall. We get the vulnerability database stuff updated, and the location stuff gets sent out. I like all that.

    In terms of how the ASAs have affected our security posture as an organization, it's done well. We're growing with ASA, with the FirePOWER. When we first started there were a lot of bugs and a lot of issues. But now they're coming forward and acting on requests, things that we want.

    What is most valuable?

    The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment.

    I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be.

    We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols.

    One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades.

    What needs improvement?

    One of the things that we got out of the Check Point, which we're finally getting out of the ASA, is being able to analyze the hit count, to see whether a rule is actually used or not. That is going to be incredibly beneficial. That still has ways to go, as far as being able to look into things, security-wise, and see whether or not rules or objects are being hit. It could help in clean-up, and that, in itself, would help with security. The FTD or the FirePOWER has a little way to go on that, but they're doing well implementing things that not only we at Orvis, but other people, are requesting and saying should be done and are needed.

    In addition, if pushing policy could take a little less time — it takes about five minutes — that would be good. That's something they're working on. 

    Finally, our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.

    For how long have I used the solution?

    We've been using them for about two years. We used to have Check Point and we moved to the ASAs. We didn't really do a whole lot with them, just got them running in the first year. So in the last year-and-a-half to two years we've just been getting our feet wet with them.

    What do I think about the stability of the solution?

    The code has been reasonably good. It's getting better. The stability depends on the code and this last version of code we went through did give us a number of issues. It all depends on what the stability is in the code.

    What do I think about the scalability of the solution?

    The devices we have can scale pretty well. We have 600 to 700 people and we have an e-commerce site. It's deployed across the entire organization, although we have multiple firewalls.

    We have plans to increase usage. We're going to do more DMZ to protect ourselves. So we'll be having more interfaces off the firewalls and we'll be protecting more VLANs. That's probably as big as we are going to get. I don't see us doing too much more than that.

    How are customer service and technical support?

    Tech support is good. We have an exceptional sales rep or project manager. Jenny Phelps is the person we work with and if we have any questions or anything that needs to be escalated, we send it to her and it's usually done very quickly. That relationship is a huge value. Jenny is worth her weight in gold.

    How was the initial setup?

    I wasn't around for the initial setup, I was just starting. We were moving from Check Point to the ASA. It took about six months for them to engineer it and put it in place.

    The implementation strategy was to try to determine all the rules in the Check Point and duplicate all those rules in the FirePOWER. We had to roll back twice before it finally took. That wasn't anything to do with the FirePOWER or the ASA. It had more had to do with the person who had to put the rules in and understanding what was actually needed and how they should be put in.

    What about the implementation team?

    We did it through a consultant, Presidio. They had two people on it. Other than that, they were pretty good.

    What was our ROI?

    Just in terms of cost, the Check Point number was ten times as expensive as the Cisco number, so there was "instant" ROI in that sense. But we needed to replace our firewalls. Check Point had been in for five or six years. They did a bake-off to see which one was the best one to go to.

    What's my experience with pricing, setup cost, and licensing?

    We used Check Point and the two are comparable. Cost was really what put us onto the ASAs. They both do what it is we need them to do. At Orvis, what we need to do is very basic. But the price tag for Check Point was exorbitantly more than what it is for the ASA solution.

    We pay Cisco for maintenance on a yearly basis. There are no additional fees that I'm aware of.

    Which other solutions did I evaluate?

    My understanding is that Check Point and Fortinet that were evaluated, at the end.

    I wasn't around when we did the actual bake-off. I came in when a solution was picked. I was told why the solution was picked and I was there when they did the final install. It was managed for a little while by Presidio and then it was given to us.

    What other advice do I have?

    The biggest lesson I've learned from using the ASAs is the fact that they can do a lot. It's just figuring out how to do it. We don't do a lot, although once in a while we will do something a little interesting. These things can do more than what we're using them for. It's just a matter of our trying to figure it out or getting with our Cisco rep to figure it out.

    My advice would be to have a good handle on your rules and, if you can, take the upgrades easily.

    We have desktop security, application security, and then we have Umbrella. We use five or six different tools for security, at least. It would be nicer to have fewer but as far as I know there isn't one tool that does it all.

    We do application firewall rules where it does deep packet inspection and looks at certain things. We don't use it as much as we should, but we do application inspection and have rules that are based on just an application.

    We usually have two people on a call when we do maintenance, and we usually have Cisco involved. It's usually me and a colleague who is also a network/security engineer.

    I would rate the ASA overall at eight out of ten. The thing that comes to mind with that rating is the code. As I said, we just upgraded to 6.4.04 and we ran into a handful of bugs. We've done upgrades before and we've run into a bug as well. Just last week, we finished upgrading, and I still have one final service request, a TAC case, open. I had four open at one point. That's at the forefront of my thoughts right now.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Senior Network Engineer at Johnson & Wales University
    Real User
    Very buggy, and was released before it was ready for market

    What is our primary use case?

    We had legacy Sourcefire Sensors and ASA state full firewalls.

    Cisco offered the FTD NGFW solution, but the implementation of the two systems was not successful.

    How has it helped my organization?

    The firepower sensors have been great; they do a good job of dropping unwanted traffic.

    What is most valuable?

    The VDB updates run on schedule, so less hands-on configuration is needed.

    What needs improvement?

    The software was very buggy, to the point it had to be removed.

    We are moving completely away from Cisco NGFW.  The product was pushed out before it was ready.

    For how long have I used the solution?

    We have been using this solution for twelve years.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Amit Gumber - PeerSpot reviewer
    Consultant at HCL Technologies
    Real User
    Dashboard gives us a complete analytical view of traffic behavior and anomalies
    Pros and Cons
    • "The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos."
    • "Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products."

    What is our primary use case?

    The primary use case is to protect our departments. We have sub-departments or sites categorized by the number of users and types of applications. We categorize the latter in terms of small, medium, or large. Based on that, we select a firewall in terms of throughput and the number of concurrent sessions it can handle. We then deploy the firewall with a predefined set of rules which we require for inbound and outbound traffic.

    We are in operations delivery and we need to support multiple clients. We have different departments where our primary responsibility is to protect our organization's assets and data and to store them in a centralized data center. Apart from that, we have responsibility to support our clients in terms of infrastructure.

    All the devices are on-premise. Nothing is on the cloud or is virtualized.

    What is most valuable?

    One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies. 

    The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.

    What needs improvement?

    Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.

    For how long have I used the solution?

    We've been using ASAs for the last ten years in our organization.

    What do I think about the stability of the solution?

    The product's stability is perfect. From my observation, the mean time to failure is once in seven years or eight years. All the hardware in the device is quite stable. I haven't seen any crashing of the operating system.

    What do I think about the scalability of the solution?

    Scaling is quite easy. 

    How are customer service and technical support?

    On a scale of one to ten, I would evaluate Cisco support as a ten. I get support in a fraction of time. There is no problem in getting support.

    Which solution did I use previously and why did I switch?

    Since I have worked in this organization, Cisco has been the primary product that has been deployed.

    How was the initial setup?

    The initial setup is quite straightforward. It's quite simple, without any complexities. Whenever we find any issue during the primary phase, we reach out to the Cisco technical support team for assistance and within a short period of time we get support from them.

    The most recent deployment we did took about three weeks.

    In terms of deployment plan, we go with a pre-production consultation. We create a virtual model, taking into account all the rules, all the cabling, and how it should work in the environment. Once everything on the checklist and the prerequisites are in place, then we migrate the existing devices into production.

    What about the implementation team?

    As consultants, most of the time we deploy ASA by ourselves. If there is any complexity or issue, we get in touch with a system integrator or we open a ticket with the technical support team.

    What was our ROI?

    There would definitely be return on investment by going with Cisco products. They are stable.

    What other advice do I have?

    For any organization looking for a secure solution that can be deployed in their domain or infrastructure, my advice is to go with Cisco Next-Generation Firewalls because they have a complete bundle of security features. There is a single pane of glass with complete management capabilities and analytic features to understand and gather information about the traffic.

    The lessons that most of our clients have learned is that in deployment it is easy to configure and it is easy to manage. It's quite stable and they do not get into difficulties in terms of day-to-day operations. 

    We haven't faced any problems with this product.

    Compared to other OEMs, such as Juniper and Fortinet, Cisco's product is excellent. There are no bugs and I don't see any lack in terms of backend and technical support. In my opinion, at the moment, there is no room for product enhancement.

    Most of the users are system administrators working on their own domains. The minimum number of users among our clients is a team of 15 to 20 we have clients with up to 700 users at the largest site.

    The product is quite extensively used in each department, to protect assets and data centers. We are using the attack prevention engine and URL filtering is also used at most of our sites. We are also using it for data center connectivity and for offloading transactions.

    I would rate Cisco at ten out of ten for the functionality and the features they provide.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
    Network Administrator at a financial services firm with 1,001-5,000 employees
    Real User
    Advanced Malware Protection works well to protect against cyber threats
    Pros and Cons
    • "The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats."
    • "I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved."

    What is our primary use case?

    Our primary use case for this solution is to protect data from unauthorized access.

    What is most valuable?

    The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.

    The IPS is a must for a firewall.

    What needs improvement?

    The firewall throughput is limited to something like 1.2 Gbps, but sometimes we require more. Cisco makes another product, Firepower Threat Defence (FTD), which is a dedicated appliance that can achieve more than ten or twenty gigabits per second in terms of throughput.

    I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.

    For how long have I used the solution?

    We have been using this solution for three years.

    What do I think about the stability of the solution?

    This is a reliable solution.

    We started with version 5.4, but there were many releases available on the website and we were obliged to aggregate, step by step, to reach the current version.

    What do I think about the scalability of the solution?

    This solution is really scalable and reliable. In my opinion, Cisco products are always scalable.

    How are customer service and technical support?

    Cisco has a very good team for support. They are always available, and they give you a flexible solution. It is not just about getting a solution. We are learning, as well, when we request assistance. They also have a knowledge base that we can access in order to find resolutions for problems.

    Which solution did I use previously and why did I switch?

    We were using the SonicWall solution prior to this one, but it reached end-of-life because we had updated our architecture. This is why we migrated to a next-generation firewall. We had also been using Fortinet FortiGate.

    How was the initial setup?

    The initial setup of this solution was a bit complex because it was a new technology for us. We did find documentation on the vendor's website, and it also helped that we found some videos on how to do the configuration.

    Our initial deployment took approximately three months because we were learning from scratch. We still had some service requests open because we could not fine-tune the solution, and ultimately it took a full year to fully deploy.

    This solution is managed by the qualified people in our network engineering team. 

    What about the implementation team?

    We tried to deploy this solution by ourselves, but our team was not quite qualified to implement this solution. It was a good opportunity for us to learn about it. 

    What's my experience with pricing, setup cost, and licensing?

    We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months. In terms of licensing, this product costs a lot, but this cost can save my assets that could be millions for my company. There is no choice.

    Which other solutions did I evaluate?

    We did have knowledge of other products, but we chose this solution because it facilitates the sharing of information with their knowledge base. It helps you learn from scratch.

    What other advice do I have?

    My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets.

    This is a very good solution but it is not perfection.

    I would rate this solution a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    IT Manager, Infrastructure, Solution Architecture at ADCI Group
    Real User
    A trusted and reliable solution with a good interface and good technical support
    Pros and Cons
    • "I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall."
    • "The Sandbox and the Web Censoring in this solution need to be improved."

    What is our primary use case?

    This solution is running behind the infrastructure and behind the hypervisor itself. We have two firewalls and two nodes in the cluster environment.

    This solution is suitable for both cloud and hybrid-cloud deployments. I have implemented a cloud project, and one hybrid as well. The hybrid was between a public and a local cloud.

    What is most valuable?

    The Cisco security rules are very strict and very strong.

    I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.

    What needs improvement?

    When comparing this solution to other products, the Fortinet UTM bundle has some better features in their most receive product. For example, there are better configuration features, the Sandbox is better, and so is the web censoring. These are currently in the Cisco solution, but they are better in Fortinet. The Sandbox and the Web Censoring in this solution need to be improved.

    This solution has to be more secure from the cloud. The current trend is moving towards private cloud and hybrid cloud, so it is very important to consider the cloud security aspects when the solution is installed. This includes things such as IoT and the existence of user connectivity on the cloud.

    For how long have I used the solution?

    I have been using this solution for two years, but Cisco technology, generally, for more than eight years.

    What do I think about the stability of the solution?

    The stability of this solution is great. The Cisco name and hardware are enough. The product is used in tier four data centers, so it is very trusted and very dependable. If you compare Cisco to others, the high industry and high workload have gone to Cisco. Stability is very, very high.

    What do I think about the scalability of the solution?

    This is a scalable solution.

    In terms of the number of users, it depends on the customer. A small customer may have less than twenty users. A larger customer can be complicated by having different branches with different users and different security rules. This means that you can reach up to the hundreds. 

    How are customer service and technical support?

    Technical support for this solution is good. Most of the technicians are technical people that have certifications such as CCNA, CCNP, CCIE, and CCISP. I think that they are well knowledged and well educated about the Cisco culture, industry, and products.

    The Cisco distributors are everywhere, even if I'm speaking about the Middle East. I can find distributors everywhere in Dubai. Here in Dubai, the support is great, including for firmware updates, and even replacing the hardware when the firewalls crash.

    How was the initial setup?

    The initial setup of this solution is straightforward.

    The deployment does not take much time. It is just a matter of installing the firewall and configuring the basic system to get it up and running. That's it.

    There are, of course, different models of deployment, like deploying customers, that have to be considered. However, for the most part, deployment time is not an issue at all.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology. If we compare Huawei or FortiGate or others then the prices are lower, but the higher Cisco price is acceptable because of the stability, trust, and reliability.

    Which other solutions did I evaluate?

    This is my first recommendation for firewalls, and my second recommendation is Fortinet FortiGate.

    What other advice do I have?

    This is the number one firewall product that I recommend.

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Network Security/Network Management at a educational organization with 201-500 employees
    Real User
    Offers great technical support and good security from the firewalls
    Pros and Cons
    • "The technical team is always available when we have problems."

      What is our primary use case?

      Our primary use case of this program is network protection.

      How has it helped my organization?

      Up until now we haven't been down due to issues with the internet connection or denial of service, so the program does what it claims to do.

      What is most valuable?

      The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.

      What needs improvement?

      The program is very expensive.

      For how long have I used the solution?

      We've been using Cisco Sourcefile Firewalls for three years.

      What do I think about the stability of the solution?

      We haven't had any problems with the stability so far.

      What do I think about the scalability of the solution?

      We have 500 users working on the solution and I believe it may increase, so I believe the program is scalable.

      How are customer service and technical support?

      The technical support from the company is very good. They are always available when we have problems.

      Which solution did I use previously and why did I switch?

      We did use another UTM solution before for firewall, URL and band management. We didn't switch, we just have two layers now. If we want to use Cisco for band management or URL safety, we have to pay a license fee and it is very expensive.

      How was the initial setup?

      The initial setup was straightforward and it took the company about a day to deploy the firewalls.

      What's my experience with pricing, setup cost, and licensing?

      The licensing is very expensive.

      What other advice do I have?

      In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Senior Network Administrator at a construction company with 1,001-5,000 employees
      Real User
      Good signature detection, intrusion detection, IDS, and IPS
      Pros and Cons
      • "The stability of the solution is very good. We can see that it gets even better with every release."
      • "It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice."

      What is our primary use case?

      We primarily use the solution for internet access firewalls.

      How has it helped my organization?

      The solution allows you to be more agile and react faster.

      What is most valuable?

      The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well.  The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice.

      What needs improvement?

      The FMC could be a little bit faster.

      It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.

      For how long have I used the solution?

      I've been using the solution for 1.5 years.

      What do I think about the stability of the solution?

      The stability of the solution is very good. We can see that it gets even better with every release.

      What do I think about the scalability of the solution?

      For us, the scalability is good, because we sized everything right, right from the beginning. If you size it right, it's very good. We don't plan on adding more firewalls, unless we suddenly grow exponentially, which we're not expecting to do at this point.

      How are customer service and technical support?

      We only contacted technical support during initial implementation and that was all handled by the consultant. I have a lot of other Cisco related tickets open, so we're used to the process.

      I would say, however, that we're also using Meraki, and the Meraki support is way better, in my opinion. 

      Cisco support tends to take longer, and I mean really long given the fact that subject matter is sometimes also more complicated, so it really depends. When you compare that directly to Meraki, Meraki answers the same day, and I cannot say that about the legacy Cisco support items. I can understand that the market for the legacy service is so much bigger for Cisco, so I can see why it takes longer.

      How was the initial setup?

      The initial setup was complex because we had to migrate old ASA firewalls. The ACLs, or rather the policies, are very different now, and way more elaborate, so that that took some tweaking, and some consulting and some time. 

      Deployment took two months. We had to make sure that our old ACL base settings from the ASAs were correctly translated and implemented into the new FTD setups.

      What about the implementation team?

      We used a consultant to assist with implementation.

      Which other solutions did I evaluate?

      We've looked at a few options, but we have an internal policy that says, unless noted otherwise, network equipment has to be Cisco based. We had to go with a Cisco product.

      What other advice do I have?

      We are using the on-premises deployment model.

      My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product.

      I would rate the solution nine out of ten.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Ahmad Alkoragaty - PeerSpot reviewer
      IT Consultant at MOD
      Consultant
      Protects our network from external threats and has good stability
      Pros and Cons
      • "The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ."
      • "I would like for the user interface to be easier for the admin and network admin. I would also like to be able to access everything from the GUI interface. The way it is now, it needs somebody experience in iOS to be able to operate it. I would like to have a GUI interface."

      What is our primary use case?

      Our primary use case is to protect our network from external threats. We need to keep our portal safe. 

      We use the public cloud model of this solution. 

      What is most valuable?

      The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. 

      What needs improvement?

      I would like for the user interface to be easier for the admin and network admin. I would also like to be able to access everything from the GUI interface. The way it is now, it needs somebody experience in iOS to be able to operate it. I would like to have a GUI interface. 

      It should have integrated licenses with our other products. There should be a license bundle, like for firewalls and iOS. It would be better if it was a bundled license. 

      For how long have I used the solution?

      We have been using this solution for ten years.

      What do I think about the stability of the solution?

      It's very stable.

      What do I think about the scalability of the solution?

      The scalability is good. We have around 1,500 users. The users are regular end-users, network admins, technicians, etc. 

      We require three admins for this solution. We require five staff members for the deployment and maintenance. 

      It is used weekly. We do plan to increase the users.

      How are customer service and technical support?

      Their technical support is good. We have a maintenance contract with them for two years and we plan to renew the contract. 

      How was the initial setup?

      The initial setup was straightforward. It took around two to three days to implement. 

      What about the implementation team?

      We used a Cisco partner for the implementation. They were knowledgable and did a good job. 

      What's my experience with pricing, setup cost, and licensing?

      There are no additional costs to the standard licensing fees. 

      Which other solutions did I evaluate?

      We don't evaluate different solutions because our infrastructure is Cisco-based. We wanted it to be homogeneous with our infrastructure. 

      What other advice do I have?

      I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product.

      You should have a good technician and admin support for all this product in order to maximize the value and benefits. 

      I would rate it an eight out of ten. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Mustafa Ahmed - PeerSpot reviewer
      Network Security Engineer at qicard
      Real User
      Valuable firewall solution for enterprise organizations who need reliable flexible security
      Pros and Cons
      • "A powerful enterprise security solution that is dependible."
      • "The GUI interface could be improved when compared to other solutions."

      What is our primary use case?

      Our primary use for the solution is as a firewall. We implemented it as an IT tech solution for our accesses through Sourcefire. It provides security.

      How has it helped my organization?

      The main product in our company is dependent on Cisco as a security solution. Cisco has a great reputation in the market. We are using Cisco as our main firewall in the company because it provides the best security.

      What is most valuable?

      The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.

      What needs improvement?

      I'm not really sure that much has to be improved. Compared to other firewall solutions probably the thing that could be improved is the interface — the GUI. Other than that I don't think there is anything else that could be better. I think it is a great product.

      For how long have I used the solution?

      I have been using the product for two years.

      What do I think about the stability of the solution?

      I believe that Cisco is one of the most stable firewall solutions. Compared to other solutions, Cisco has a better stability record than others. That's why we like it a lot.

      What do I think about the scalability of the solution?

      I don't know that we have plans to scale the business on this site. But Cisco products are expandable. If we want to expand the functionality with new feature sets we can add modules. So in that way, it is a flexible and scalable solution. 

      We currently have 200 to 500 users who are using this solution at any time.

      How are customer service and technical support?

      We have used technical support quite a bit and always contact them if we have an issue. They will always respond as soon as possible. So I think the support is great. We don't have any issue with them being unresponsive or providing bad solutions. I like to check with them on solutions sometimes and they respond as soon as possible. It saves time and helps me to be sure I am doing the right thing before I go in the wrong direction.

      Which solution did I use previously and why did I switch?

      I don't know the exact product they were using before but I think it was just proxy. When I came to the company, the Cisco solution had already been installed, so I don't know the exact product from before.

      I think the main reason why they would have switched is the stability and possibilities are better than just proxy. Cisco is very different and more powerful than the other simple products. It's very stable.

      How was the initial setup?

      I wasn't part of the company at the time of the initial setup, and I am just performing additional tasks. We have a staff of a maximum of three or four persons so once the deployment is live it doesn't need much effort.

      I'm not sure if the company has plans to increase usage and grow our responsibilities. It's not not for me to decide. I think the company is growing and traffic is increasing. But my superior is the person responsible for determining when it is time to scale.

      What about the implementation team?

      We used a consultant for the implementation. They actually continue to help a lot when we need them for something.

      Which other solutions did I evaluate?

      I don't know if the company evaluated other solutions before choosing Cisco. When I came to the company, it was already there. Cisco is a very popular enterprise solution so they may have just chosen it without other evaluations.

      What other advice do I have?

      On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface.

      As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). 

      I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      IT Specialist at a government with 1,001-5,000 employees
      Real User
      A flexible and easy to manage solution for segregating our servers from the rest of the environment
      Pros and Cons
      • "The most valuable features are the flexibility and level of security that this solution provides."
      • "There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue."

      What is our primary use case?

      We use this solution as a firewall and for the segregation of our servers from the rest of the environment.

      How has it helped my organization?

      Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.

      What is most valuable?

      The most valuable features are the flexibility and level of security that this solution provides. 

      What needs improvement?

      There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.

      Some of the features should be baked-in by default.

      What do I think about the stability of the solution?

      Stability has been pretty good, so far.

      What do I think about the scalability of the solution?

      This solution is very scalable.

      How are customer service and technical support?

      We have contacted technical support about an issue that we were having, and it took a very long time for them to figure it out. We were on the phone for six or seven hours with them.

      Which solution did I use previously and why did I switch?

      We previously used an ASA 5500, and it was simply time to upgrade it. We used this solution as a direct replacement.

      How was the initial setup?

      The initial setup of this solution is pretty straightforward.

      Which other solutions did I evaluate?

      We are not restricted to any one vendor, but this solution worked well as a direct replacement for our previous one. We considered both Juniper and FortiGate.

      What other advice do I have?

      This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into.

      I would rate this solution a nine out of ten.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user861456 - PeerSpot reviewer
      Senior Information Security Engineer at a financial services firm with 501-1,000 employees
      Real User
      Enables admins to be able to troubleshoot easily and has good traffic analytics features
      Pros and Cons
      • "For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily."
      • "I'm working on a slightly older version, but what it needs is a better alert management. It's pretty standard, but there's no real advanced features involved around it."

      What is our primary use case?

      We use it as a network firewall.

      How has it helped my organization?

      For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily.

      What is most valuable?

      The solution is part of a suite. If you pay for it, it has basically a view that's called Firepower, and it's really good at being able to analyze exact bits of a pack, at the packet level, and has the ability to allow you to examine that traffic. It is really good. That's probably my favorite part of the suite.

      What needs improvement?

      I would definitely say the pricing could be improved. If you're going to get the latest and greatest of this solution, it's very expensive and it's actually the reason my organization is moving away from it.

      I'm working on a slightly older version, but what it needs is better alert management. It's pretty standard, but there are no real advanced features involved around it.

      For how long have I used the solution?

      I've been using the solution for around one year.

      What do I think about the stability of the solution?

      We haven't had any major issues in regards to stability. In general, there are best practices in the industry to use. It's never really mattered because generally, with firewalls, you have two in any given location or service. They seem to be redundant of each other. So there's never been a problem where we lost functionality because of the firewall.

      What do I think about the scalability of the solution?

      It's pretty scalable. Cisco is a large enterprise solution and it's designed to be able to serve large enterprise, so, it's fairly scalable. We're using the solution minimally at this point, and we're decreasing usage because it's too expensive to upgrade.

      How are customer service and technical support?

      They have pretty good customer support. The solution's technical support is great.

      Which solution did I use previously and why did I switch?

      I had not previously used another solution.

      How was the initial setup?

      I was not with the organization when they originally rolled it out, so I can't speak to how straightforward or complex the initial setup was. There are about six people who manage the solution. We have security engineers and network engineers. If someone is trying to get an idea of how many people are required, it varies because a lot of organizations will have multiple firewalls in different locations. Six for one organization may be way more than somebody needs or way fewer than somebody needs.

      What about the implementation team?

      We didn't use any other group for the deployment. We did all the work in-house.

      What's my experience with pricing, setup cost, and licensing?

      My company is moving away from the solution because it is quite expensive.

      Which other solutions did I evaluate?

      We've looked at the Fortinet solution. The Fortinet FortiGate.

      What other advice do I have?

      I would just say that it's expensive. The product is fine on its own, it's high end. It's got a high brand name attached to it. I would recommend the product, however. The product works great. It does everything it's supposed to do. There's no issues with it, no real concerns. It's just expensive.

      I would rate it an eight out of 10 because it does everything it's designed to do, but it is not any better than other industry-leading solution, and it's far more expensive.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Network Engineer at a comms service provider with 1,001-5,000 employees
      Real User
      Protects from external threats to our network as a firewall and VPN solution
      Pros and Cons
      • "A stable and solid solution for protection from external threats and for VPN connections."
      • "It is not the newest, cutting-edge technology"

      What is our primary use case?

      The primary use of Cisco ASA (Adaptive Security Appliances) for us it to protect from external threats to our network as a firewall and VPN solution.

      How has it helped my organization?

      Cisco ASA serves a purpose more than it improves us. It is good at what it does. We are using other vendors and splitting the traffic to different devices based on what they do best. Even though we use other products the trend at our company is that we will increase the traffic through Cisco ASA.

      What is most valuable?

      It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability.

      It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device.

      What needs improvement?

      My opinion is that the new direction Cisco is taking to improve its product is not correct. They want to make the old ASA firewall into a next-generation firewall. FirePower is a next-generation firewall and they want to combine the two solutions into one device. I think that this combination — and I know that even my colleagues who work with ASA and have more experience than me agree — everybody says that it's not a good combination. 

      They shouldn't try to upgrade the older ASA solution from the older type Layer 4 firewall. It was not designed to be a next-generation firewall. As it is, it is good for simple purposes and it has a place in the market. If Cisco wants to offer a more sophisticated Layer 7 next-generation firewall, they should build it from scratch and not try to extend the capabilities of ASA.

      Several versions ago they added support for BGP (Border Gateway Protocol). Many engineers' thought that their networks needed to have BGP on ASA. It was a very good move from Cisco to add support for that option because it was desired on the market. Right now, I don't think there are other features needed and desired for ASA.

      I would prefer that they do not add new features but just continue to make stable software for this equipment. For me, and for this solution, it's enough. 

      For how long have I used the solution?

      We have been using the solution for about five years.

      What do I think about the stability of the solution?

      It is a stable solution. It is predictable when using different protocol and mechanics.

      What do I think about the scalability of the solution?

      We've used several models of the product, from the smallest to the biggest. I think that this family of the ASAs is scalable enough for everything up to an enterprise environment. I think the family of products is able to handle small and large company needs.

      How are customer service and technical support?

      Cisco is a well-known vendor and its support is good. In my previous company, we sometimes used a vendor rather than direct Cisco support, but sometimes we used Cisco. For ASA in my current company, we have additional support from the local vendor. If we have a problem we can also initiate a ticket directly on the Cisco support site.

      Which solution did I use previously and why did I switch?

      About one-and-a-half years ago we implemented a different solution to handle certain situations like BGP. But when we upgraded our Cisco devices just few months ago, we could have BGP on ASA. Now our devices from Cisco have enhanced capability, not just something new and maybe less dependable. Implementing BGP on ASA was a late addition. It had been tested, the bugs were worked out and engineers wanted the solution. The stability of ASA as an older solution is what is important.

      How was the initial setup?

      I think it is not the simplest solution to set up because it is sophisticated equipment. For engineers to work with vendors and incorporate totally different solutions, it could be difficult. It is also different from the other Cisco devices like Cisco Router IOS. It differs in a strange way, I would say, because the syntax or CRI differs. If you are used to other OSs, it is not easy to switch to ASA because you have to learn the syntax differences. 

      It's common for there to be differences in syntax between vendors. But, I would say that this is more complex. The learning curve for start-up and configuration of ASA is at mid-level when it comes to the difficulty of implementation.

      What about the implementation team?

      I did the implementation myself. ASA is not the newest solution for Cisco or the newest equipment. You can use the vendor and ask for help if you need it during the installation and for support. Because it was an older solution, it was already somewhat familiar to me.

      Which other solutions did I evaluate?

      My current company has been using ASA for quite a long time, so I was not involved in the choices.

      I have been participating in choosing a new vendor and new equipment for some specific purposes as we go forward. For a next-generation firewall, Cisco's product — a combination of ASA and Firepower — is not the best solution. We are choosing a different vendor and going with Palo Alto for next-generation solutions because we feel it is better.

      What other advice do I have?

      I think I can rate this product as an eight out of ten. A strong eight. The newest version of software and solutions often have bugs and functional problems because they have not been rigorously tested in a production environment. It is not the modern, next-generation firewall, but it solidly serves simple purposes. For simple purposes, it's the best in my opinion. I am used to its CRI (Container Runtime Interface) and its environment, so for me, familiarity and stability are the most important advantages.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Jonathan LELOU - PeerSpot reviewer
      Ingénieur technico-commercial at Inter-Continental Business Machines (ICBM)
      Reseller
      Good for building a solid security solution for a company
      Pros and Cons
      • "The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is."
      • "The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."

      What is most valuable?

      We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.

      What needs improvement?

      I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.

      Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.

      To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.

      For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.

      For how long have I used the solution?

      I've been using the solution with my newest employer for over three years.

      What do I think about the stability of the solution?

      For me it is stable. It is amongst the best products in that way.

      What do I think about the scalability of the solution?

      It is a scalable solution. It may cost money and resources to scale.

      How are customer service and technical support?

      I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.

      Which solution did I use previously and why did I switch?

      Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.

      How was the initial setup?

      The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.

      Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.

      What about the implementation team?

      I did the implementation by myself.

      What other advice do I have?

      If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. 

      I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
      Integration / Wireless Engineer at J.B. Hunt Transport Services, Inc.
      Real User
      Provides security and visibility for our network, and it is easy to integrate
      Pros and Cons
      • "The most valuable feature of this solution is its ability to integrate vertically."
      • "There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there."

      What is our primary use case?

      We primarily use this solution for network security.

      How has it helped my organization?

      This product has increased the visibility in our network.

      What is most valuable?

      The most valuable feature of this solution is its ability to integrate vertically.

      What needs improvement?

      There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there. In order to accomplish the same thing you now have to wade through lots of information in the Syslogs.

      What do I think about the stability of the solution?

      This is a highly stable solution.

      What do I think about the scalability of the solution?

      This solution is very scalable.

      How are customer service and technical support?

      Technical support for this solution is good. The response times meet our expectations and we have not had any issues.

      Which solution did I use previously and why did I switch?

      We have always been using this same solution, but previous versions. We update them in trying to keep up with the amount of data coming through, such as more streaming.

      How was the initial setup?

      The initial setup of this solution was straightforward. We had the proper documentation to reference.

      What about the implementation team?

      We deployed this solution in-house.

      What was our ROI?

      I don't work with the numbers, but I can say that it's great for security and has improved our effectiveness at the office.

      What's my experience with pricing, setup cost, and licensing?

      The cost of this solution is high.

      Which other solutions did I evaluate?

      We did evaluate another option, but we stayed with the Cisco solution because it's trustworthy.

      What other advice do I have?

      This is a good product from a trustworthy vendor, but it is not perfect.

      I would rate this solution an eight out of ten.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Bashir Bashir - PeerSpot reviewer
      IT Administrator at Vodafone
      Real User
      A stable solution with good monitoring and VPN capabilities
      Pros and Cons
      • "The stability is good. Very simple. Upgrades are great."
      • "They really need support for deployment."

      What is most valuable?

      The VPN and monitoring are the most valuable features.

      What needs improvement?

      I tried to buy licenses, but I had trouble. Their licensing is too expensive.

      If they can get the reporting to go into deeper detail, it would really be helpful because in order to get the reports in Cisco you have to go to look at the information that you don't necessarily need. 

      Also, the pricing is quite high. 

      For how long have I used the solution?

      I've been using the solution for six years.

      What do I think about the stability of the solution?

      The stability is good. Very simple. Upgrades are great. But when we upgrade it, things break. You have to upgrade about three things before you get something stable.

      What do I think about the scalability of the solution?

      I haven't had to scale, so I can't speak to this aspect of the solution.

      How are customer service and technical support?

      I haven't had to deal with technical support, so I don't have much to say.

      Which solution did I use previously and why did I switch?

      We didn't previously use a different solution.

      How was the initial setup?

      The initial setup was straightforward.

      What about the implementation team?

      I did the setup myself. The budget I had didn't allow me to get support. I would use Google a lot. The first implementation took me about three weeks because I did not know what I was doing. So it took me a while. It took me about three weeks, but everything else took about two days, maybe three days and I was done. 

      Which other solutions did I evaluate?

      We did look at Barracuda.

      What other advice do I have?

      They really need support for deployment.

      I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Senior Network Administrator at a financial services firm with 1,001-5,000 employees
      Real User
      The granularity keeps users seeing what they are supposed to and enables the security not to become compromised
      Pros and Cons
      • "An efficient, easy to deploy and dependable firewall solution."
      • "The interface for monitoring could be improved to allow better views to make troubleshooting easier."

      What is our primary use case?

      Our primary use for the solution is for checking on and verifying the security of our customer data.

      How has it helped my organization?

      Our organization has been improved by the solution because we can be assured that the firewall is secure. It gives us more flexibility to monitor other things. Because we have safe firewalls, we don't have to worry about that and can direct resources elsewhere. If our internet goes down in one location we can bring it back up pretty easily.

      What is most valuable?

      The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage.

      Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security.

      What needs improvement?

      One way the product could be improved is if you could monitor more than one rule at a time. We only have the option to have one monitor window up at a time if you're trying to troubleshoot something you end up switching back-and-forth and don't get the bigger picture all at once.

      It's reliable and it does its job. It gives you the freedom to do other things while you get indications of any issues. The multi-monitor would be a huge improvement.

      I'd definitely recommend the product. Even when you set it up for the first night, it definitely will tell you the status of the network. The important part in the setup is following the instructions to get it going.

      What do I think about the stability of the solution?

      The solution itself is good as far as stability.

      How are customer service and technical support?

      The technical support is good and the response time quick. We had some firewalls down and gave them a call. They helped resolve the issue and it was all positive.

      Which solution did I use previously and why did I switch?

      Previous to this we had just a normal firewall that I didn't like. It didn't provide enough.

      How was the initial setup?

      The setup was straightforward, even without initially having all the information we needed. It was very intuitive. When I went in to get help, help was there.

      What about the implementation team?

      We got the product from a reseller and we did the installation ourselves.

      What was our ROI?

      We certainly have seen a return on investment at the very least from being able to reallocate human resources.

      Which other solutions did I evaluate?

      Before selecting this as a solution we really didn't evaluate other options at all.

      What other advice do I have?

      As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Solutions Architect at a manufacturing company with 10,001+ employees
      Real User
      Increases efficiency of servicing our customers by joining our networks
      Pros and Cons
      • "This solution is easy to use if you know how to set it up."
      • "The inclusion of an autofill feature would improve the ease of commands."

      What is our primary use case?

      We use this solution to join our private network to the customer's network.

      In our business, we don't have to be on the customer's network, so a lot of people will install cheap equipment. We're trying to push it to where we can standardize the equipment, although the cost of Cisco products would have to come down a little bit in order for us to be more competitive.

      How has it helped my organization?

      Firewalls are difficult, and this solution gives us outside access to connect with the customer's network and service them better. It makes us more efficient.

      What is most valuable?

      This solution is easy to use if you know how to set it up.

      The most valuable features are on the routing side, with the control between the two networks and the rules that are in there.

      What needs improvement?

      The inclusion of an autofill feature would improve the ease of commands.

      This solution would benefit from being more cost-effective.

      What do I think about the stability of the solution?

      This solution is very stable, and I haven't seen any issues with it.

      What do I think about the scalability of the solution?

      Scalability doesn't really apply to us, as it is just a firewall client.

      How are customer service and technical support?

      Technical support for this solution is really good. We had an issue with a firewall and it was a good turnaround that was quick.

      Which solution did I use previously and why did I switch?

      Our implementation of this solution was driven by the customer.

      How was the initial setup?

      The initial setup of this solution is pretty straightforward. We did have some rules that somebody had put on it that didn't match up, but we got it all worked out.

      What about the implementation team?

      We implemented this solution in-house.

      What's my experience with pricing, setup cost, and licensing?

      With respect to the routers and switches, or the core stacks that we get, they seem to be pretty comparable so I don't have any issues with the licensing.

      Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.

      Which other solutions did I evaluate?

      While we have a partnership with Cisco, there are other products that have been used within the company. After evaluating other products such as those by Barracuda, it just happened that this solution worked out better for us. I like the Cisco reputation.

      What other advice do I have?

      With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward.

      My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco.

      I don't have any issues with this solution, so I would rate it a ten out of ten.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
      George Karani - PeerSpot reviewer
      IT Manager
      Real User
      Simplified VPN Interconnection, easy to manage, and scales well for SMB
      Pros and Cons
      • "The feature I find most valuable is the Cisco VPN Interconnection."
      • "They should allow customers to talk to them directly instead of having to go through the reseller."

      What is most valuable?

      The feature I find most valuable is the Cisco VPN Interconnection.

      The file features are useful as well. They're good at packet tracing. They are very straightforward. I would say that the Cisco ASA ASDM makes it very easy to manage the firewall.

      What needs improvement?

      I would say the pricing could be improved. It's quite expensive, especially for the economy.

      I'd like to see them more integration so that I don't need other parties for protecting my network. If I could just have ASA firewalls for perimeter protection and LAN protection, then I'm good. I don't need so many devices.

      I would like to see improvements for client protection.

      For how long have I used the solution?

      I've been using the solution for four years.

      What do I think about the stability of the solution?

      My impression is it's a stable solution. I could sound biased, but if you have a device working for four years and it's still working and people are using it, then it's stable.

      What do I think about the scalability of the solution?

      Scalability depends on which device you have.

      It's quite scalable if you have either the ASA, even if you had the new ASA firewall services, even if you had the one with the capacity of about 500 MDP. It isn't scalable for three hundred people connecting to it. I would say it is good for medium branch offices.

      I'm not sure if we have plans to extend the service.

      How are customer service and technical support?

      Technical support is good. The only thing is that Cisco cannot support you unless you have a contract with them. You have to go through the reseller in Africa. I don't see why Cisco cannot communicate directly with the customer, especially when I can prove that I have the device. They should allow customers to talk to them directly instead of having to go through the reseller.

      Which solution did I use previously and why did I switch?

      I previously used SonicWall. I'm not the one who decided to switch, I just know that previously we used SonicWall.

      How was the initial setup?

      The initial setup was straightforward. Within in an hour you're done, including with your basic training. For implementation, you need one to two people. You should have one senior network administrator. Two people can maintain it if they have the skill.

      What about the implementation team?

      I did the implementation by myself. If you decide to do it by yourself, you need basic knowledge. If you don't have that you would need a contractor.

      What's my experience with pricing, setup cost, and licensing?

      This solution might be expensive, but it is economical in the long run.

      What other advice do I have?

      The functionality is fine.

      When they prove to me they cannot be hacked then I can give them a ten.

      I would rate this solution as eight out of ten. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Technical Manager at a comms service provider with 501-1,000 employees
      Vendor
      Offers good security and stability
      Pros and Cons
      • "What I like about Cisco is the security zone. By default when you configure it, it gives you a security zone, which other firewalls don't have."
      • "I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv."

      What is most valuable?

      One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination)

      A security level will define how trusted is an interface in relation to another interface on the Cisco ASA.

      The Higher is the security level, is the more trusted is the interface.

      The highest security level is , “ Security Level 100” .

      Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful:

      - Firepower services

      - Security context

      - Firepower management



      What needs improvement?

      Normally in terms of design, the user prefers to use Cisco ASAv as a border router or a border firewall, because you have two different kinds of firewalls. You have a firewall when the data communication enters the network, and then you have a firewall, for when you've been inside the network. So, for the inside network firewall, Check Point is better because it can make a better notation of your network infrastructure. But, for the incoming data, or border firewall, ASAv is better. In terms of improving the interface, if you compared to the Check Point file, then I think that ASAv should be better. They should improve the interface so that it's similar to the Check Point firewall.

      For how long have I used the solution?

      I've been using the solution for the past three years.

      What do I think about the stability of the solution?

      The Cisco ASAv is really stable, especially if you compare it to Check Point. Not long ago Check Point did release one virtual firewall, and the virtual firewall of Check Point is not stable.

      The hardware version of the firewall is more stable than the virtual one. In terms of the data center, many companies have a virtual data center in a group environment. Many companies want to have a virtual firewall, but the one from Check Point, in comparison to Cisco, is not stable at the moment. 

      What do I think about the scalability of the solution?

      The solution is really scalable.

      How are customer service and technical support?

      I haven't dealt with technical support. We just check online, and if we have to contact Cisco about major issues, it's an internal department dealing with that. I don't know how technical support is, because our technical support team is located in Sofia, and I am in the Netherlands, so I don't have any view on that.

      How was the initial setup?

      The setup is always different. If you have a small company, the setup is quite easy, but if you have a bigger company the setups are quite complex. Cisco is pretty good in routing. So in bigger situations, configuring the ASAv file is pretty straightforward.

      The deployment also depends on the customer's site. So, the time changes because most of the time we have to do a migration. For example, some customers have an old firewall, and you have to migrate things to a new one. And sometimes, it's just copy/paste, but in some situations, we cannot migrate all firewall configurations to a new one.

      In terms of how many people you need for deployment and maintenance, again, it's dependent on the company strategy around the help desk. You should have a maintenance engineer who should be part of a team. The deployment will be done in a team. You can have one person to do the deployment but usually, you always have a backup, so it would be two. And then, for the maintenance, it can be one person or two. The maintenance can be done on the site desk, operating after office hours, so it depends.

      What other advice do I have?

      It's difficult to give specific advice on the solution because it always depends on the design solution and the strategy. So what I would recommend is to use different firewalls and to use Cisco ASAv as a border firewall.

      I would rate this solution as 7.5 out of 10. I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than on ASAv, so that's why I say this. If you want to make things easier for an engineer, you always have to work on the interface. But the product, in and of itself, there's nothing wrong with it.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user1073460 - PeerSpot reviewer
      Security Solution Architect at a financial services firm with 5,001-10,000 employees
      Real User
      Good documentation for the configuration
      Pros and Cons
      • "The most important feature is its categorization because on the site and social media you are unified in the way they are there."
      • "I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it."

      What is our primary use case?

      I worked for a Telecom provider, and we gave this solution to our customers.

      What is most valuable?

      The most important feature is its categorization because on the site and social media you are unified in the way they are there.

      What needs improvement?

      I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it.

      Apart from the cost, I think Cisco is quite well-positioned in the market. Also, in terms of site capabilities, other companies are still in the lead. 

      The price, integration, and licensing models are quite odd.

      For how long have I used the solution?

      I have been using Sourcefire for two or three years.

      What do I think about the stability of the solution?

      We didn't have any problem with its stability.

      What do I think about the scalability of the solution?

      Scalability depends on the requirements of the license. The licensing scheme is complicated and not straightforward. I think there were around 200 users, sometimes more.

      Which solution did I use previously and why did I switch?

      We used to use Fortinet, but we switched because of the lack of integration.

      How was the initial setup?

      The initial setup was of a medium complexity. This was especially true when it came to integration of the data servers.

      What about the implementation team?

      We used a consultant. They were very helpful. The documentation was quite easy to find for configuring the devices. We thought the boxes would be more parceled or more completely behind, but it was not a problem. The data was there.

      What other advice do I have?

      I would recommend this solution. I would rate this solution as eight out of ten.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Farhad Foladi - PeerSpot reviewer
      Cloud Services Operation Engineer at Informatic Services Company (ISC)
      Real User
      The end-user VPN with ASA allows us to connect the firewall to edge servers for security
      Pros and Cons
      • "We are using the Cisco AnyConnect for our end-user VPN with the ASA."
      • "I would like to see them release a patch for ASAv with cross-platform FirePower integration."

      What is our primary use case?

      We are using both Cisco ASAv and FTD (Firepower Threat Defense). FTD has a better interface, but we have both of them running.

      We are using Cisco ASAv for the FirePower service. We use a custom interface for our firewall.

      How has it helped my organization?

      Cisco ASAv is part of our central solution. You can use the ASA family or go on the portal for normal ASAv. We use FirePower at the edge of the network. 

      If you are working with cloud services, it's better to use the ASAv family or other Cisco solutions.

      What is most valuable?

      We are using the Cisco AnyConnect for our end-user VPN with the ASA. 

      If a user wants to connect to our network, they access it via the Cisco intranet and connect to the firewall at the edge.

      What needs improvement?

      I don't have any experience with the price, but ASA is a comprehensive solution.

      In the next update of the Cisco ASAv, I would like to see them release a patch for ASAv, i.e. to put the FirePower solution into the cross-platform integration.

      For how long have I used the solution?

      We are using the Cisco ASAv security solution in our company for three or four years.

      What do I think about the stability of the solution?

      Normally, in ASA, we have good stability.

      What do I think about the scalability of the solution?

      The scalability of ASAv we can easily manage. We can have good scalability in different times but we don't have HA in ASAv. Some features are removed in ASAv. 

      If it's a normal ASA, i.e. a physical device, you have many more ways to scalability.

      How are customer service and technical support?

      For technical support, I have little experience with Cisco, unless they patch some issues. I raised a ticket and got the response immediately. They are very supportive.

      How was the initial setup?

      For me, ASA is easy. The deployment of ASAv is done in 20 minutes.

      What about the implementation team?

      We used both an integrator and reseller for the deployment. For the initialization, it was me for our company. If we have an issue, we can raise a ticket or call for a Cisco patch. 

      For the Cisco ASAv installation, I did it myself.

      What's my experience with pricing, setup cost, and licensing?

      The pricing for Cisco ASAv depends on your license. With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect.

      Our license is for one year only, renewable at variable pricing.

      What other advice do I have?

      On a scale from one to ten, I would rate this product at nine. Cisco ASAv is good in many advanced networking features.

      I'm working with Cisco. They have competition with many vendors.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Michael Collin - PeerSpot reviewer
      Senior System Engineer at a tech services company with 11-50 employees
      MSP
      Easy to use and easy to understand how to open a port, how to manage and how to route a device
      Pros and Cons
      • "The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor."
      • "The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco."

      What is our primary use case?

      I primarily use it for my small company to protect 5-10 users.

      What is most valuable?

      The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.

      What needs improvement?

      The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco. I think in Cisco it's more complicated to do that, in my opinion. 

      It could also use a better web interface because sometimes it's complicated. The interface sometimes is not easy to understand, so maybe a better interface and better documentation.

      For how long have I used the solution?

      I've been using this solution for 8 years.

      What do I think about the stability of the solution?

      My impression of the stability of the solution is that it's very good.

      What do I think about the scalability of the solution?

      I don't have a sense of the scalability. I never extend the processes or usage.

      How are customer service and technical support?

      My experience with customer service is very good in general. When I have a good person on the phone, or on the email, it's in general very fast and the reply is good. It's a good solution in general.

      Which solution did I use previously and why did I switch?

      I previously used Juniper before Cisco, but only for one year. I switched because my company only used Cisco.

      How was the initial setup?

      The initial setup was not complex, it's just difficult to find out how to do it. The FAQ is not clear. In terms of deployment, it depends on the client, but deployment takes about an average of six hours.

      What about the implementation team?

      In general, I implement the solution myself.

      What other advice do I have?

      I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. 

      I would rate the solution 8 out of 10.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
      IT Infrastructure Manager at Beltone financial
      Real User
      Secure, stable, and their technical support has excellent service
      Pros and Cons
      • "The features I found most valuable in this solution, are the overall security features."
      • "It could also use a reporting dashboard."

      What is our primary use case?

      We have around 250 users and security is extremely important for us. 

      What is most valuable?

      The features I found most valuable in this solution are the overall security features. 

      What needs improvement?

      The overall application security features can be improved. 
      It could also use a reporting dashboard. 

      For how long have I used the solution?

      Our company, Beltone Financial, has been using Cisco ASAv for about three years now.

      What do I think about the stability of the solution?

      I found that Cisco ASAv is a really stable solution. 

      What do I think about the scalability of the solution?

      I haven't tested scalability yet, but I believe it is a very scalable solution. We currently have 250 employees working on it without any issues.

      How are customer service and technical support?

      The few times I've had to call in technical support, the service was excellent. I've had no issues.

      Which solution did I use previously and why did I switch?

      Our company has used various other solutions in the past. We've decided to also install Cisco ASAv to add extra features to our system.

      How was the initial setup?

      The initial setup was straightforward and it took me about two days to do the installation. The fine tuning took about a week. I am the IT Infrastructure Manager of our company, but I don't believe that individuals without IT knowledge would struggle to do the installation themselves.

      What about the implementation team?

      We didn't use any consultant for the deployment - we installed and implemented Cisco ASAv ourselves and we didn't experience any problems.

      What's my experience with pricing, setup cost, and licensing?

      We pay an annual fee.

      Which other solutions did I evaluate?

      We have used many other solutions in the past and we constantly look out for other options. So we didn't switch to Cisco ASAv, we simply started using it together with another solution. We now use two products in the same time.

      What other advice do I have?

      I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Donald Fitzai - PeerSpot reviewer
      LAN admin at Cluj County Council
      Real User
      Powerful firewall that is easy to manage and easy to configure
      Pros and Cons
      • "The firewall power that comes with Cisco ASAv is the most valuable asset. They are are very easy to manage."
      • "We found it difficult to publish an antennae sidewalk with the ASDM. I think Cisco should improve this by creating a simpler interface for the firewall."

      What is our primary use case?

      We need a good and generic firewall which is why I bought Cisco ASAv. I also needed a secure VPN. The real reason I bought it though, was for the firewall. 

      What is most valuable?

      The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure. 

      What needs improvement?

      There definitely is room for improvement. We found it difficult to publish an antenna plug with the ASDM. Cisco should make the interface for the firewall more simple. 

      For how long have I used the solution?

      My company has been using Cisco ASAv for three years now.

      What do I think about the stability of the solution?

      This product is very stable. Before installing Cisco ASAv, I had two or three viruses in my network. Since installing ASA, I have not had any problems with viruses. There is a huge difference with and without ASA.

      How are customer service and technical support?

      I am satisfied with the customer service because the assistance I got from the Cisco engineer was very good.

      Which solution did I use previously and why did I switch?

      I used a different solution before. I used Meraki and it was a little simpler to use. However, currently, I only have Cisco routers.

      How was the initial setup?

      The initial setup for Cisco ASAv was fairly simple. It wasn't very complicated, it would be okay for an intermediate professional. It can be made easier. I believe almost anybody could set up an ASA in a few hours. It took about two to three weeks for the platform to work properly.

      What about the implementation team?

      The installation wasn't complicated at all and I got help from a Cisco engineer. 

      What's my experience with pricing, setup cost, and licensing?

      I bought a license for three years and it was really affordable. 

      Which other solutions did I evaluate?

      I did consider other options as I have experience with Meraki and other devices. Meraki is simpler to use, but I decided on Cisco ASAv. 

      What other advice do I have?

      I am really satisfied with the product and I rate this an 8.5 out of ten. The reason why I wouldn't rate it a ten, is because I find it a little more complicated to set up a firewall for publishing than when using Meraki. I therefore believe there is room for improvement.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Information Security Officer at a government with 501-1,000 employees
      Real User
      Lots of bug fixes are required and it did not pass our in-house evaluation
      Pros and Cons
      • "Integration with all the other Cisco tools is valuable."
      • "With regards to stability, we had a critical bug come out during our evaluation... not good."

      What is our primary use case?

      We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.

      How has it helped my organization?

      Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.

      What is most valuable?

      Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.

      What needs improvement?

      The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.

      For how long have I used the solution?

      Trial/evaluation only.

      What do I think about the stability of the solution?

      With regards to stability, we had a critical bug come out during our evaluation.

      What do I think about the scalability of the solution?

      It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.

      How are customer service and technical support?

      Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.

      Which solution did I use previously and why did I switch?

      We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.

      How was the initial setup?

      We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.

      What about the implementation team?

      Our in-house team tested and evaluated the solution.

      What's my experience with pricing, setup cost, and licensing?

      Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.

      Which other solutions did I evaluate?

      Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.

      What other advice do I have?

      Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?

      We chose a different solution after performing in-house testing.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user1070472 - PeerSpot reviewer
      Information Security Manager at Tactical Air Support
      Real User
      Easy to use and has helped to secure our Internet Edge

      What is our primary use case?

      Our primary use case for this solution is to protect the Internet Edge, and our VPN (Virtual Private Network).

      How has it helped my organization?

      We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.

      What is most valuable?

      The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

      What needs improvement?

      The product would be improved if the GUI could be brought into the 21st Century.

      For how long have I used the solution?

      One to three years.
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Mbaunguraije Tjikuzu - PeerSpot reviewer
      Information Security Administrator at Bank of Namibia
      Real User
      Valuable Firewall Capabilities Recommended for Filtering and Intrusion Prevention
      Pros and Cons
      • "Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside."
      • "Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer."

      What is our primary use case?

      We are using the Cisco ASA NGFW as a next-generation firewall. We are using the 5516-X version. Our primary use case of this is as an X firewall for external connections.

      How has it helped my organization?

      Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.

      What is most valuable?

      The most valuable features are the firewall capabilities, filtering, and intrusion prevention. 

      I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features.

      What needs improvement?

      Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      Stability is excellent.

      What do I think about the scalability of the solution?

      It can easily scale. If you want, you can scale it to a lot of traffic. It's an X file, so all of our users are going through it.

      We only require one administrator for the solution. For deployment and maintenance, it depends on how many developers you have. We require two dedicated staff at a minimum. 

      Naturally, we employ both security technicians and administrators. Cisco ASA NGFW is being used at all our branches, and we'll continue using it in the future.

      How are customer service and technical support?

      The technical support from Cisco is excellent.

      Which solution did I use previously and why did I switch?

      We have only been using Cisco solutions.

      How was the initial setup?

      The initial setup of the Cisco ASA NGFW is not easy, but at the same time also it is not complex. It's somewhere in the middle. It took about 4 weeks, then it was activated.

      What about the implementation team?

      We used a reseller consultant for the deployment.

      What's my experience with pricing, setup cost, and licensing?

      Our licensing costs for this solution is on a yearly basis. Just for the firewall, it's about $1.5 million USD.

      Which other solutions did I evaluate?

      We evaluated Palo Alto Networks, Fortinet FortiGate, and Checkpoint products.

      What other advice do I have?

      For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them.

      I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Beka  Gurushidze - PeerSpot reviewer
      System Administrator at ISET
      Real User
      Robust cyber-security features protects server infrastructure
      Pros and Cons
      • "Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization."
      • "There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products."

      What is our primary use case?

      I have been using the Cisco ASA NGFW for about four months. Everything works fine right now. We have only been using this device for a very short period of time. 

      • We have about 500 registered users and about 400-600 static users. 
      • For 400 to 600 users with wireless devices, we use Cisco ASA NGFW to control device traffic. We're using the new web filters. 
      • We use Cisco ASA NGFW as the bit application.

      Thus far, we are using it as a web filter to filter the data against incoming traffic. We are an educational organization, so there is no gambling allowed. We don't want to allow students access to gambling sites or adult sites, etc. We use lots of web filters. That's the primary reason I installed the Cisco firewall. 

      We are also happy with the Cisco ASA NGFW router firewall. It protects your small server infrastructure, but it's not complete. We purchased the Cisco ASA NGFW for the web filter. That's why we moved to the firewall.

      How has it helped my organization?

      Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization. 

      We have an opportunity to grow now. The Cisco ASA NGFW firewall can be upgraded to another version, so it's better for us long term. It is much better because we can control the traffic that students are accessing and downloading. There are still a lot of improvements that can be done. 

      What is most valuable?

      For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections.

      What needs improvement?

      We installed a Cisco path a month ago. There was a new update for the Cisco firewall and there were security issues.

      We like Cisco filtering as a firewall, but in the current market, Cisco's passive firewall is not unique. We don't have any warranty problems with Cisco. 

      I asked our carrier several times to provide the exact gap code for me, but there is no Cisco dealer in our region. There is also no software accessibility with Cisco ASA NGFW. You can't always access the product that way. I also tried pfSense.

      There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products. 

      Cisco products are more supported by lots of companies who are producing technical services for cloud platforms. The certification is very easy in Georgia now. There are lots of people using Cisco in Georgia because their accessibility is better than the other products on the market. I also talked to several guys about the Barracuda firewall.

      The Barracuda firewall is very expensive. You need to pay three or four thousand dollars every three months, so it's very expensive for us. We are not a big company.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      For our users, there are rules for the students and staff have another RF for authorization. There are small file servers also within the domain controller. 

      There is no special restriction for the students. They can print. They can visit outside websites online, but there is no gambling allowed at other sites.The students can access whatever they want over email or HTTP. Only the gambling and the betting sites, they cannot install the software. There are restrictions. 

      The students can use their own mobile phones or wireless devices, whatever they want. They are using the shared public key authorization. Our institution doesn't have any restrictions about accessing legal data. Except in Georgia, we have a very big problem with gambling websites. There are a lot of gambling websites, so we are trying to restrict all of the gambling sites at our company. We have a contract for the next year. 

      What do I think about the scalability of the solution?

      We are growing. In the next two years, we will have an additional 600 users, so we will double the capacity. We will see even more in the next three years. 

      It will be like very tough. In about five-year cycles, you need to update the firewall and add other new Cisco devices for the next generation of innovation.

      In five years, we will be ready for a complete upgrade cycle for everything. The stability and scalability of the Cisco ASA NGFW are good for when we need to grow. 

      For the next five years, everything is fine. After that, we will see because there will be a lot of changes.

      How are customer service and technical support?

      Technical support with Cisco is very good. We feel the company is very reliable and very competent. I have very good feelings about the future for project operations.

      Which solution did I use previously and why did I switch?

      We had the old version of the Kerio firewall, but because in our country, there is no official dealer for Kerio, we moved to the Cisco ASA NGFW. This is the main reason why we moved to the Cisco firewall.

      How was the initial setup?

      We announced the tender and bought this product with the installation plus setup included in the price. I was not involved in the installation or in the setup. 

      The company just asked a consultant to do it. The whole process, after we announced the tender, took about one to two weeks. The consultant company installed the software. They also helped us to optimize other parts of the network such as the routers and switches.

      The setup of the Cisco ASA NGFW was complex, not only for us as a firewall. We have now submitted another tender for a device router with two-node switchless support. We updated almost everything on the Cisco ASA NGFW with the core and distribution level software upgrades.

      What's my experience with pricing, setup cost, and licensing?

      We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.

      The Cisco license was not yearly. It was a yearly license for the firewall. For the router and switch, it was a lifetime license.

      Which other solutions did I evaluate?

      The other option we considered was Kerio. I tried to contact their office in Russia, but it is in the UK. I wanted to communicate with them because we cannot buy things without a warranty.

      We considered buying Kerio products with the warranty, but they said we needed to send the device to them to repair it. This meant it would take too much time to replace it. In Georgia, we need a local distributor, i.e. a local representative here who we can work with, so that's the problem.

      What other advice do I have?

      In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem.

      I would rate Cisco ASA NGFW an 8 out of 10.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Ahmed Nagm - PeerSpot reviewer
      IT Solution Consultant at PCS
      Reseller
      Offers Excellent Stability and Endpoint Protection
      Pros and Cons
      • "The feature that I found most valuable is the overall stability of the product."
      • "One of my main concerns, an area that could use improvement is in adjusting the need to buy a license to enable features."

      What is our primary use case?

      The primary use case for this solution is on the client side. PCS stands for
      Perfect Computer Systems. We are an integration company, we specialize in solution integration, bringing together component subsystems into a whole and ensuring that those subsystems function together.

      How has it helped my organization?

      Cisco ASA NGFW has improved our organization by providing more internet protection. Also, for the end user, it provides easy access from outside for users accessing the site.

      What is most valuable?

      The feature that I found the most valuable is the overall stability of the product. 

      What needs improvement?

      The two areas that need improvement are the URL filtering and content filtering features.

      These features are both very crucial to the end user environment. One of my main concerns and an area that could use some major improvement is the need to pay for licensing in order to enable necessary additional features. Included in the next release, I would like to see these features integrated into the products' functionality without having to pay for them on an individual basis.  

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      My impression of the stability of this solution is that it's great, excellent! 

      What do I think about the scalability of the solution?

      As far as scalability, I haven't had any performance issues so far. There really isn't high utilization coming from the operations environment, so I don't need to upgrade the tier at the moment.

      How are customer service and technical support?

      I don't have much experience with technical support since contacting tech support incurs additional costs. I have been relying on my technical knowledge and experience so far.

      How was the initial setup?

      The initial setup was straightforward, though I find as we proceed we need an extra feature or two to enable all the functionalities and protection of the tool. It's an ongoing process. We have to be quick and agile to provide client support.

      What about the implementation team?

      We implemented through an in-house team. 

      What was our ROI?

      The stability is the greatest ROI for this solution. 

      What's my experience with pricing, setup cost, and licensing?

      My advice, since I have to pay for licensing each feature that I need to enable, like URL filtering, is to look at a pfSense. That is what we are doing because you have to pay for greater protection, a total solution can be very costly. We are looking at a pfSense, to bring down the total cost. The correct price point, in comparison to other platforms, is the main factor here.

      Which other solutions did I evaluate?

      During our initial decision-making process, we evaluated other options but the distinctions between all the options were quite minimal.

      What other advice do I have?

      I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me.

      I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution.

      Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution.

      I would give this product a rating of 9 out of 10!

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Seang Haing - PeerSpot reviewer
      Team Leader Network Egnieer at deam
      Real User
      Efficient at improving client operations and has excellent stability
      Pros and Cons
      • "The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA."
      • "Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility."

      What is our primary use case?

      We use Cisco ASA with Firepower. Currently, we have been implementing the solution for around four years. Our company has been around for a long time, more than ten years. We cover the solutions for Network Direct Turbo ATM at the moment, it's a lot of the security work.

      How has it helped my organization?

      Cisco ASA is best at the technical part of the business, related to our selling and management services. We have to improve the technical functionality of the product as part of making an efficient service for the customer. We need to improve the customer's technical experience with Cisco ASA & Firepower.

      What is most valuable?

      There are two main ways that using Cisco ASA & Firepower has improved our organization:

      1. Technical features
      2. Our Sales team

      What needs improvement?

      With Cisco ASA, we used the SMB of the model. The customers are usually satisfied, but I am going to recommend that all clients upgrade to Firepower management.

      For Cisco ASA Firepower, I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      The stability of Cisco ASA is excellent compared to other products on the market. The performance is good. Compared to Fortinet on the watchband firewall, it is indispensable. Because of our customer experience as an integration company, our clients never report any performance problems. We have good performance from Cisco ASA.

      What do I think about the scalability of the solution?

      ASA is limited in terms of its scalability because of our customer environments. They are in the banking and microfinance sector. Our clients always want to move to the next generation firewall so they like FirePOWER. When we move clients to Firepower, they need to integrate with Sourcefire and move into more complicated management.

      We have the staff perform the migrations to Firepower. We redirected traffic with Sourcefire and also require the use of FMC by our management center with Firepower.

      How are customer service and technical support?

      I've been exploring the technical support for Cisco ASA. I haven't had any problems with it.

      How was the initial setup?

      The initial setup is straightforward. 

      What other advice do I have?

      I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300.

      I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Network & Security Administrator at Diamond Bank Plc
      Real User
      Enables us to to track traffic in inbound and outbound patterns so we can set expectations for network traffic
      Pros and Cons
      • "I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference."
      • "The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used."

      What is our primary use case?

      I am a banker. I'm working in the bank and our equipment is mostly based on Cisco for the moment. We have some incoming projects to deploy from Fortigate to firewalls.

      Cisco ASA is that something I used when I was preparing for my CCNP exams. I've been using it on the incoming project that we want to do right now. 

      It is easy to deploy Cisco ISP solution in the bank I'm working in, i.e. Cisco Identity Services Engine. We're already used Cisco ISSO. 

      I have three Cisco ASA modules:

      1. Security for perimeters
      2. Security for data centers
      3. Data center recovery

      I have been using Cisco ASA since I've been at the bank for more than two years now. The model is 5515X. I have two modules of 5515X and the third one is the old 55105. 

      My primary use of Cisco ASA is to take advantage of all the features. I use it to enforce security policy and also to take advantage of the Firepower module.

      I have a firewall module on my two instances of 5515X. On the Firepower side, I use all features on Firepower modules that are included in the AMP.

      How has it helped my organization?

      The biggest improvement has been in the internet features. We have been asked to prohibit internet access for all users except the bank services division and that is improved. 

      For AMP features, we use Cisco ASA to track traffic in inbound and outbound patterns, so we can set expectations for network traffic. I also used the exception for encrypted traffic. 

      One problem: Before installing encrypted traffic, I had to decrypt it first. Before setting it back, I encrypt it again. That's just the way Cisco ASA functions.

      What is most valuable?

      I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. 

      Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience.

      • All my change requests are for Cisco ASA to work more on ease of management. 
      • All of the features of Cisco ASA are used by all of the other vendors on the market. 
      • The firewall solutions are all based on the same network equipment. 

      The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features.

      What needs improvement?

      The installation and integration of Cisco ASA with Firepower can be improved. I used Fortigate as well and I can say that Fortigate's features are more usable. 

      The management with Fortigate is easier than Cisco ASA on Firepower. The management side of Cisco ASA can be improved so it can be more easily configured and used.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      The stability of the Cisco ASA platform is okay. I know that Palo Alto is the first rated one, followed by Fortinet.

      What do I think about the scalability of the solution?

      The scalability is based on module support. We have a stand-alone version. It is not 100% applicable to talk about scalability at this point. 

      There is another Cisco ASA module available that is more scalable than ours. For the module I have, the stand-alone, the scalability is not as good as on the higher model. 

      The 5585 model, allocated for data center security, can be facilitated into the switching spot or the working spot in our data center. We can recommend the scalability there. 

      For the module I have, I'm using it as a stand-alone. I don't think it is scalable too much at this point. 

      I'm using Cisco ASA in my organization to support about 150 staff. For maintenance, I do all of the work myself.

      How are customer service and technical support?

      I do everything if you need a Cisco ASA solution to be deployed for an infrastructure requirement. We are just a team of three. There is just me and my colleagues. 

      I'm in charge of all the infrastructure system, including the network and security infrastructure. On all tasks related to the system security and network infrastructure, I'm in charge of it.

      I had to work with Cisco customer support two or three times, a long time ago. I had to work with them based on a problem with my call manager. We had a good ability to work together with Cisco customer support. It was normal. 

      They asked about the information on the installation. I had to upload it to them. They took that and came back to my problem with the results. I had a good experience with them.

      Which solution did I use previously and why did I switch?

      I didn't use a different solution in my bank, but on some other enterprise jobs, I used some unique firewall solutions. 

      Since I have been at the bank, only Cisco ASA has been deployed. We just added two new modules. In the bank, we only use Cisco ASA solutions.

      How was the initial setup?

      I will say Cisco ASA has a complex setup just based on the security policy we have to enforce (asked by the chief, the CIO). For me, it's not complex. 

      Cisco ASA is not difficult because I am in it for a year so it's easy for me to understand. I have no problem on the technical side. I always manage to do what I'm asked to do on security-side enforcement. I have no problem with that. It's normal for me. 

      It was 2 years ago that we were trying to deploy our facility equipment. We took advantage to deploy the Cisco ASA firewall (model 5515X). 

      For now, it's the only one. Since then, we're using it in an upcoming project. I will have to deploy some Fortigate and Cisco ISL as well.

      What about the implementation team?

      I don't have a technical problem implementing Cisco ASA. I am a double CCNNP and I'm preparing for my CCIE. On the technical side, I don't need help.

      I had to work with external partners because they provide us with uptake equipment. They're available to follow up on the project with us. 

      We just had to make some tests to deploy some labs. However, when it comes to configuring Cisco ASA for production, I was alone. 

      On a security basis, we couldn't let the partner know the details of our address space. This is prohibited within our organization by security policies. 

      I had to re-do everything from scratch. For this implementation of Cisco ASA & Firepowe, I was alone.

      What's my experience with pricing, setup cost, and licensing?

      The licensing for Cisco ASA is on a yearly basis. We have to renew the Firepower module license. We are in the process of renewing this one. 

      I just made the demand. They have the management who is charge asking about the price and payment terms on different offers. 

      Which other solutions did I evaluate?

      We are just a branch bank. The decision is not made here and the branches just have to follow the central policy.

      What other advice do I have?

      Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency.

      I would rate Cisco ASA with an 8 out of 10 points.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Senior Executive Technical Support at AITSL
      Real User
      The product has saved us a lot of time, and once we deployed the solution, it worked
      Pros and Cons
      • "We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area."
      • "The initial setup was completely straightforward."
      • "Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems."
      • "We have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly."

      What is our primary use case?

      Primarily, we are just using it as a firewall, mostly to protect our internal SQL network (our primary network). At the moment, we are not using Cisco Firepower for our services. We just use it as a firewall.

      How has it helped my organization?

      We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area, where they cannot directly connect onto the Internet.

      What needs improvement?

      It does not have a web access interface. We have to use Cisco ASDM and dial up network for console access, mostly. This needs a bit of improvement.

      Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems.

      It should have multiple features available in single product, e.g., URL filtering and a replication firewall.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      It is very stable. We have routers entirely from Cisco, which are still working after ten years of deployment. I would rate the stability as a nine out of ten.

      We have two people maintaining it. It does not require intensive work. We have an expert in switching technology, and another person who is knowledgeable in routing and network security.

      What do I think about the scalability of the solution?

      The scalability is good.

      How are customer service and technical support?

      The technical support of Cisco is very good. Nowadays, you can get anything over the Internet. They provide help over the Internet. There is a very full forum, which is manually supported.

      How was the initial setup?

      The initial setup was completely straightforward. 

      However, we have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly.

      Deployment takes two or three days. We are continuously deploying the solution to our plants over time.

      What about the implementation team?

      We do the deployment in-house.

      What was our ROI?

      ROI is part of the infrastructure costs. The product has saved us a lot of time, and once we deployed the solution, it worked.

      What's my experience with pricing, setup cost, and licensing?

      The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.

      I would rate the cost as a six or seven out of ten.

      Which other solutions did I evaluate?

      Nine or ten years ago, there were few options at the time.

      Currently, we are using Barracuda for our more general Internet access. We use Cisco for our more protected environment.

      What other advice do I have?

      I would recommend the product, but cost is a big factor. Some companies cannot afford expensive products, like Cisco and Palo Alto.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      CEO at Synergy IT
      Real User
      We can create a profile and can give access depending on the access level they need to be on
      Pros and Cons
      • "I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward."
      • "If I need to download AnyConnect in a rush, it will prompt me for my Cisco login account. Nobody wants to download a client to a firewall that they don't own."

      What is our primary use case?

      We use remote desktop services from our data center. We can clean the client and the remote desktop server and from there we can establish a VPN channel. 

      How has it helped my organization?

      We can create a profile and we can give them access depending on the access level they need to be on. All the way from level one to level 16. I just create the user and from the dropdown, I select what access level they need to be on and that's it. I don't need to go individually to each and every account and do the configuration.

      What is most valuable?

      I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward.

      What needs improvement?

      If I need to download AnyConnect in a rush, it will prompt me for my Cisco login account. Nobody wants to download a client to a firewall that they don't own. 

      I would definitely love to have a much nicer web interface compared to the systems interface that it has now. I also would like to download utilities without having to login into the system. Nobody would want to download a client unless they're going to use it with a physical firewall. I don't understand the logic. If I was a hacker, I could get someone to download it for me and then I can use the client. There's no logic behind it.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      I would rate their stability a nine out of ten. It's pretty stable. I never come across a situation where the firewall hangs and then I need to reboot it.

      What do I think about the scalability of the solution?

      Cisco is expensive and when you want to grow, it means you're going to need to spend some money but you can justify it.

      We have closer to 50 users on the firewall at the moment and do have plans to increase usage.

      Which solution did I use previously and why did I switch?

      We were previously using Sophos firewall but it had a lot of issues. 

      How was the initial setup?

      The initial setup is a little difficult compared to other firewalls but once you get it right, especially the assistant control list, it's fine. It's a little difficult compared to other firewalls. 

      The deployment took us about three days because we did some testing and we also did certain attacks and checked some hackers which is why it took some time. We wanted to make sure that it was at least 99.99% protected.

      What about the implementation team?

      We implemented through a UK company called Rackspace. 

      What's my experience with pricing, setup cost, and licensing?

      Licensing is expensive compared to other solutions. Especially in other regions because people are very careful when it comes to spending on IT infrastructure. My suggestion is, first test it, once you see how good it is you will definitely want to renew it. 

      What other advice do I have?

      I would advise someone considering this solution to just go for it. It's expensive but it's a robust solution. The only thing is that you have to convince your finance guy to go for it.

      I would rate it a nine out of ten. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Network Engineer at a media company with 51-200 employees
      Real User
      It creates a secure tunnel for our network. It is very scalable.

      What is our primary use case?

      It helps the firewall in our network and the VPN (Virtual Private Network). It creates a secure tunnel for our network.

      What is most valuable?

      The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility.

      What needs improvement?

      At times the product is sluggish and slow.  Sometimes when deploying a new configuration or role, it is painstakingly slow. It should be a little faster than it is. 

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      It is a very stable solution. 

      What do I think about the scalability of the solution?

      It is a scalable product. We have a lot of demand.  But, it supports any additional network that we add. It expands easily. 

      How are customer service and technical support?

      Normally the Cisco tech support team are good. But, we have had some problems with tech support with this product. Some of the tech support team are really not familiar with how the IPS works. And, there is some disconnect between the tech support. Maybe they're not trained well. They're helpful, but not knowledgeable.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Cristian Serban - PeerSpot reviewer
      Network Engineer at a financial services firm with 5,001-10,000 employees
      Real User
      Helps us to manage the security policies in different areas of our network
      Pros and Cons
      • "I haven't had any major problems so I haven't had to open a ticket with technical support."
      • "In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down."

      What is our primary use case?

      We use it on several layers of our network like in the border, internet edge, DMZ, some extranet parts of our network, and in the data center.

      How has it helped my organization?

      It's a reliable solution and a stable firewall. It helps us to manage the security policies in different areas of our network. 

      What is most valuable?

      We use ASA as a simple, scalable firewall. Its main advantages are the stability. We use it as an active standby and as a failover solution. We depend on this solution, we've used it for several years.

      What needs improvement?

      • Interaction with the equipment
      • Different interface with the product 
      • A more simple procedure in delivering policies to the equipment  
      • Simplified upgrade procedure
      • Tracking flows
      • Monitoring and logs should be easier.

      What do I think about the stability of the solution?

      It's quite stable. In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down. 

      What do I think about the scalability of the solution?

      It's not so scalable.

      How are customer service and technical support?

      I haven't had any major problems so I haven't had to open a ticket with technical support. 

      How was the initial setup?

      The initial setup was not so complex. Most of it was straightforward. We just needed to discuss different scenarios that we had to consider regarding the deployment scenario, what could go wrong and what could happen in the future. 

      What about the implementation team?

      We used Telekom Romania for the deployment. We did most of the job internally but they helped us to clarify some aspects regarding the architecture design.

      Which other solutions did I evaluate?

      We also considered Check Point. We chose Cisco because of its capabilities. We didn't need something so complex for this solution, just a straightforward firewall. It met our requirements. 

      What other advice do I have?

      I would rate it a nine out of ten. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Mahmoud Ashoub - PeerSpot reviewer
      Team Leader, Information Risk Engineer at National Bank of Egypt
      Real User
      Data protection is a big benefit we see but some of their features need to be improved
      Pros and Cons
      • "Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good."
      • "Some of the features, like the stability, need to be improved."

      What is our primary use case?

      Our primary use case is for security. We are a bank in India and the data is very important for us. We use ASA for our security and protection.

      How has it helped my organization?

      Data protection is a big benefit we see from this solution. It protects our customers, our customer's accounts, and money, as we are one of the biggest banks in Egypt and the Middle East.

      What is most valuable?

      Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.

      What needs improvement?

      Some of the features, like the stability, need to be improved. 

      For how long have I used the solution?

      More than five years.

      What do I think about the scalability of the solution?

      The scalability is good. 

      How are customer service and technical support?

      Their support is good and helpful but sometimes it takes them a while to respond. We have been stuck in critical situations so we opened a critical ticket but it took them a while to respond. 

      How was the initial setup?

      The initial setup is easy. If we have an issue we contact their support. 

      What about the implementation team?

      We implemented ourselves. 

      What other advice do I have?

      I would rate it a seven out of ten. I would recommend this solution to a colleague. No product will give you 100% of what you're looking for but this solution is close. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Chief Information Officer at Finance Corporation Limited
      Real User
      We're assured that all updates, all patches, and all fixes are done instantaneously
      Pros and Cons
      • "The greatest benefit for the organization is the confidence that we are secured."
      • "There may have been one or two incidences of malicious threats."

      What is our primary use case?

      We mainly use this solution for our firewall and it's one layer of our security. From the time that we've used it, the organization as a whole got a sense of security because Cisco is a known product. When we do need support locally or online, we get it instantaneously. We use this solution for a couple of things: for security, for their technical support, and in terms of the knowledge and skills of the team here that gave us a good grip and confidence in the use of the product.

      How has it helped my organization?

      It gives the organization a higher vote of confidence. When I joined the organization more than six years ago, we were using the old Cisco, and some of the products already reached their end of life. Some of the products were not in its latest state, in terms of security or license. We've learned a very good lesson there. Since then, when we upgraded we made sure that all the licenses and all the security facets are in place. It gives the organization a higher vote of confidence. There may have been one or two incidences of malicious threats, but it did not really bring down the organization to a level that we would all be sorry for. The greatest benefit for the organization is the confidence that we are secured.

      What is most valuable?

      Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.

      What other advice do I have?

      I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Center for Creative Leadership at a training & coaching company with 501-1,000 employees
      Real User
      Good scalability and good security features

      What is most valuable?

      Its security is the most valuable feature. 

      What needs improvement?

      The phishing emails could be improved. 

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      It is stable. 

      What do I think about the scalability of the solution?

      The scalability is good. I'm happy with the service. We are around twenty users. Some are in finance, some are in a mid-user roles, and some are in other official roles.

      Which solution did I use previously and why did I switch?

      We did not previously use a different solution. 

      How was the initial setup?

      The initial setup was straightforward. Implementation took two days. We needed two people for the deployment. 

      What's my experience with pricing, setup cost, and licensing?

      Pricing is high, but it is corporate's decision.

      Which other solutions did I evaluate?

      We didn't look at any other solutions. All of our campuses use Cisco products. This is why we chose this solution. 

      What other advice do I have?

      This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good.

      I would rate this solution an eight out of ten. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Fadil Kadrat - PeerSpot reviewer
      Network Engineer at Banque des Mascareignes
      Real User
      Its VPN and ASN features are very stable. They are behind the market leaders for next-generation capabilities.

      What is our primary use case?

      I have deployed Cisco ASA as a terminator firewall. Normally, I would have preferred to have a sandwich configuration for firewalls: One possible firewall that would make an internal firewall and another for an external firewall. 

      How has it helped my organization?

      Cisco ASA is best suited for our external firewall protection.

      What is most valuable?

      • Its VPN and ASN features are very stable. 
      • It is easy to configure. 

      What needs improvement?

      In terms of next-generation capabilities, Cisco is a little behind. It is way behind leaders like Palo Alto, Check Point and Fortinet. While Cisco is headed in the right direction, it will take several years for it to get there.

      For how long have I used the solution?

      More than five years.

      How is customer service and technical support?

      When I need support, Cisco has provided quality support. I like working with them because of their support system.

      How was the initial setup?

      The setup was straightforward. I was happy with the configuration and deployment of the solution, as it was quick.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Info Sec Consultant at Size 41 Digital
      Real User
      Top 5
      Keeps costs low and provides granular control using appliances familiar to the team
      Pros and Cons
      • "Among the top features are integrated threat defence and the fact that each virtual appliance is separate so you get great granular control."
      • "There are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates."

      What is our primary use case?

      Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.

      How has it helped my organization?

      Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.

      It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.

      What is most valuable?

      Top features:

      • Easy to deploy for staff to use VPNs
      • Ease of setup
      • Integrated threat defence
      • Great flow-based inspection device
      • Easy ACLs
      • Failover support
      • Each virtual appliance is separate so you get great granular control
      • Has own memory allocation
      • Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
      • License control
      • SSH or RESTful API

      What needs improvement?

      We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.

      Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.

      How was the initial setup?

      We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.

      What other advice do I have?

      Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.

      This solution gets an eight out of ten because it is easy, has the features we need, keeps costs low, and provides granular control using appliances that are already familiar to the team.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Coordinator Network Support at a manufacturing company with 501-1,000 employees
      Real User
      It provides security for our company and users

      What is our primary use case?

      It is our firewall solution. We connect to other locations, as well as use programs in-house.

      What is most valuable?

      The most valuable feature is the security that it provides our company and users.

      Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.

      What needs improvement?

      It needs improvement as a "Next-Generation" firewall solution. In addition, it needs to be more user-friendly. 

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      There is no downtime, and it is working great. 

      What do I think about the scalability of the solution?

      It is scalable. We have had no issues. 

      What's my experience with pricing, setup cost, and licensing?

      The initial setup was complex. But, after that, to maintain and keep creating rules it was easy.

      Which other solutions did I evaluate?

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Munish Gupta - PeerSpot reviewer
      Partner - Consulting & Advisory at Wipro Technologies
      Real User
      It provides the transparency of a single UI to ensure security
      Pros and Cons
      • "The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it."
      • "The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."

      What is our primary use case?

      Our primary use case is security.

      How has it helped my organization?

      From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.

      What is most valuable?

      The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.

      What needs improvement?

      The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      The stability is alright.

      What do I think about the scalability of the solution?

      Scalability is not an issue.

      How is customer service and technical support?

      Its technical support is the main reason why we selected the product.

      How was the initial setup?

      The integration and configuration are transparent and easy.

      What's my experience with pricing, setup cost, and licensing?

      We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.

      Which other solutions did I evaluate?

      We evaluated VMware Virtual Networking and Check Point.

      We chose Cisco because of the support and their roadmap for the changing technology landscape is good. Therefore, it is always better to be partnered with them.

      What other advice do I have?

      When you are going to select a product, don't look at the cost, but at the functionality. Also, look at the stability. These days, the startups will show a new function or functionality, but when looking for a partner, make sure the company is sustainability for the new four years? Do they have the funding?

      We have a large ecosystem system: Symantec, McAfee, Splunk, Check Point firewalls, Cisco firewalls and IPS IDS from Cisco. They integrate and work well together. Cisco has been security leader for the last 20 years, so the products are quite stable working in sync.

      We are using every version of the product: On-premise, Azure, and AWS, which is a new offering.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
      Ryan Partington - PeerSpot reviewer
      Systems Administrator at Universal Audio
      Real User
      We need the product to have HA pairs, so we can failover. It is relatively stable.
      Pros and Cons
      • "The integration and configuration were pretty straightforward."
      • "Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version."

      What is our primary use case?

      It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.

      I have been using the product for two years, but it has been installed in my company for four years.

      What needs improvement?

      Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      It has been relatively stable, in the sense that it stays up. It doesn't die on us.

      What do I think about the scalability of the solution?

      Scalability has been a pain point for us. 

      It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.

      How is customer service and technical support?

      We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.

      How was the initial setup?

      The integration and configuration were pretty straightforward.

      What's my experience with pricing, setup cost, and licensing?

      We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.

      The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.

      With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.

      Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.

      Which other solutions did I evaluate?

      Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.

      We are now looking into Cisco Meraki, the CSR stuff, and the SD-WAN technology.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Vikram Arsid - PeerSpot reviewer
      Cyber Security Software Engineer at FireEye
      MSP
      Performance-wise, it is top-notch. However, it is a bit tough to navigate and see what is going on.
      Pros and Cons
      • "It is a comprehensive suite and complete package."
      • "Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on."

      What is our primary use case?

      For the AWS version, Cisco is our primary use. We have our own appliances and products, which are indicated as Cisco ASA. So, we test these product against Cisco ASA using different types of rules for new cases. During the test process, we make sure the integration works. 

      We have been using the solution for two years.

      How has it helped my organization?

      Right now, it serves a purpose and has everything that we need. Performance-wise, it is top-notch.

      What is most valuable?

      It is a comprehensive suite and complete package. We have the following with the product:

      • Interest point detection
      • Firewall stuff
      • VPN
      • It's configurable.
      • It guards with its own threat intelligence. 

      We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.

      What needs improvement?

      Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on. While I like the UI and dashboards of Cisco ASA, if you compare them to Palo Alto or Fortinet, they have much richer UIs. An analyst (or anyone) can see them, and say, "I have got all these important pointers on my dashboard." However, with Cisco ASA, we need to dig into many things and go to many views to see what is actually there.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      It is stable. We put a good amount of stress on it.

      What do I think about the scalability of the solution?

      Especially for the AWS version, we can spin up multiple instances and do load-balancing. 

      We have 15 to 20 Cisco ASA switches with a couple of physical appliances and twelve machines. Our team is using four to five machines.

      How is customer service and technical support?

      It is all self-guided, and we were already using the physical appliances. Therefore, we knew how to use the product.

      What was our ROI?

      Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase. 

      For example, if you are working with a physical appliance, then you need to have a dedicated lab administrator to work with it, even to test a simple use case. This takes time because we would need to frequently reset that appliance and load all the data. It is no longer like that.

      What's my experience with pricing, setup cost, and licensing?

      Purchasing from the AWS Marketplace was easy. It was just point and click.

      It is pay-as-you-go, so it much cheaper than buying in the plants.

      Which other solutions did I evaluate?

      We also checked Fortinet and Palo Alto, their AWS versions. 

      When compared products, Cisco ASA is easy on AWS. We received a trial version. It is easy to setup and evaluate.

      We also already had Cisco products. This provided a tighter integration with what we already had. Since most of our traffic stays in AWS, it made sense to use AWS Cisco ASAv.

      What other advice do I have?

      Once you deploy a virtual database or virtual machine for any product, like Cisco. The first thing to do with your data is test it. So, you need to be prepared with the test that you want to test before you deploy the instances. Because after deploying instances, you wait and see what the data come back with, how to configure it, and review what doesn't work. Therefore, you need to do some background homework before starting, such as what type of data you need to put into it, how to test it, and will the system process it.

      We have used both the on-premise and AWS version. We started using AWS in the past six to seven months. Prior to that, we used the on-premise version. The AWS version is better as it is quick to spin up and configure. Also, with AWS, everything is preset, and it is more flexible.

      We have it integrated with many other products, like threat intelligence and analytics. For example, all our logs go into Splunk, then we receive our analytics from there. We also have Splunk on AWS. Thus, all the data stays on the cloud, so there is no latency, etc.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Technical Services Manager at a comms service provider with 10,001+ employees
      Real User
      They have the integrated ITS/IPS source powered modules. This is a new screen for us, and it is also very useful.

      What is our primary use case?

      I have been using this product for over ten years. Most of the features fulfill my requirements. It protects our network.

      What is most valuable?

      The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      The stability of the product is good.

      What do I think about the scalability of the solution?

      The scalability of the solution is OK for me. It basically fulfills my requirement.

      How are customer service and technical support?

      I would rate the technical support a rating of seven out of ten.

      What about the implementation team?

      I always consider the stability and scalability of a product when choosing a vendor.

      What's my experience with pricing, setup cost, and licensing?

      The cost is a bit high compared to other solutions in the market.

      Which other solutions did I evaluate?

      We have looked at Juniper, Palo Alto and other brands.

      What other advice do I have?

      We like that Cisco has a lot of experience on the market trends.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user588258 - PeerSpot reviewer
      Network Administrator at a healthcare company with 501-1,000 employees
      Vendor
      It is a strong solution.
      Pros and Cons
      • "Cisco ASA is very strong."
      • "Migration with other appliances is not easy. It has to be done manually, and this takes a long time."

      What is our primary use case?

      It is primarily used as a firewall. I think that all firewalls basically work the same, but some have different configurations of the switches. Cisco ASA is very strong. 

      What needs improvement?

      I think that there should be better security of other firewall appliances. Migration is another main issue. If you migrate from the ASA to the new Fire Power Threat Defense appliance, it is not an easy migration. You have to do some of the migration manually, and if you are relacing those firewalls it will take a long time. It should be a smoother migration process. Some of the new engineers are still not familiar with it, and I think that Cisco should rehire some of the engineers coming from Sourcefire to do so.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      There is not much to say about the stability of the product. Migration is the painful aspect of the solution.

      How is customer service and technical support?

      During the mitigation process, I used tech support. But, I still have not had a completely clean migration process.

      What about the implementation team?

      I do not like to have too many vendors it becomes difficult to diagnose and deal with. If all the switches also ran the same, I would be OK. But, this does not usually happen. Often there are many configurations of switches and we end up switching on the switches.

      What's my experience with pricing, setup cost, and licensing?

      Cisco has recently become very expensive. Other solutions on the market are cheaper than this solution.

      Which other solutions did I evaluate?

      We have also evaluated Fortinet and Sophos UTM as possible solutions.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Johnsey Kivoto - PeerSpot reviewer
      IT Manager at a manufacturing company with 51-200 employees
      Real User
      It is a very secure product. But, it has limitations.
      Pros and Cons
      • "It is a secure product."
      • "It is not easy to configure."
      • "The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting."

      What is our primary use case?

      Our primary use case is to use it as a firewall.

      What is most valuable?

      I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. 

      What needs improvement?

      It is a secure product. But, it is not very easy to configure. You need to be knowledgeable to be able to manage it. 

      In addition, due to changes in management, we found Cisco slightly behind some of the competitors in the market. Furthermore, the internet protection system seems to be lacking, in comparison to some of the competitors. This is why we are currently looking at other possible solutions.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      It is a stable solution.

      What do I think about the scalability of the solution?

      The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting.

      How is customer service and technical support?

      I have not used the technical support for Cisco ASA.

      How was the initial setup?

      It was a bit complex to setup this solution. When we used the command line, it was not easy to implement. We needed Cisco technical knowledge to be able to manage the implementation.

      What's my experience with pricing, setup cost, and licensing?

      The cost is a bit higher than other competitive solutions on the market.

      What other advice do I have?

      Yes, it's a good provider when it comes to firewall solution, but maybe limiting when you are looking at the wall UTM management. It's delayed behind some of the competitors.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Information Security Officer at a non-tech company with 10,001+ employees
      Real User
      We find this product scalable and stable.

      What is our primary use case?

      We primarily use this product for networking. We are a Cisco shop, as far as networking goes.

      What needs improvement?

      I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      We have not encountered issues with stability of the solution.

      What do I think about the scalability of the solution?

      The scalability is fine. We have no problems with the solution. We have two of them in a standby configuration.

      How is customer service and technical support?

      If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.

      What's my experience with pricing, setup cost, and licensing?

      I would consider this solution on the "high end" of the pricing spectrum.

      Which other solutions did I evaluate?

      I have considered Check Point and Juniper in the past.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Network Operations Center Team Leader at a financial services firm with 10,001+ employees
      Real User
      It speaks well to high productive platforms and it has good capabilities.

      What is our primary use case?

      Generally, it has highly productive platforms and it has good capabilities.

      How has it helped my organization?

      It just works like an internal firewall. It's an ordinary role of this platform, nothing special.

      What is most valuable?

      At this point, we find that this product has high productivity and high availability and there is no need for improvement. 

      What needs improvement?

      If there is old hardware, or old appliances, it does not necessarily work with the new Cisco generation firewalls.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      It is a highly stable product. We rarely receive any serious outdates, so it works quite well. 

      How is customer service and technical support?

      Yes, we use the technical support maybe twice a year. We received a very fast response time.

      How was the initial setup?

      It was very straightforward. It was not complex at all.

      What was our ROI?

      When evaluating a possible solution, I always consider:

      • Availability
      • Productivity
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Manager at BSB Cadmin Ltd
      User
      Works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly.

      What is our primary use case?

      It was used for a remote office deployment connect back via VPN to the corporate office and services.

      How has it helped my organization?

      Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users.

      What is most valuable?

      The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.

      What needs improvement?

      More intuitive support for SIP services are needed. This took a long time to configure properly for the user.

      For how long have I used the solution?

      Less than one year.
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      IT Manager at Citizens Bank
      Real User
      Top 10
      Streamlines lockdown and the management of that aspect of security
      Pros and Cons
        • "The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all."

        What is our primary use case?

        The primary use is that it manages all of our incoming and outgoing VOIP transmissions as well as data transmissions between our branches and our third-party bank processor. It has performed well.

        How has it helped my organization?

        The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

        What is most valuable?

        I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

        What needs improvement?

        The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all. 

        For how long have I used the solution?

        Three to five years.

        What do I think about the scalability of the solution?

        The scalability is very good. We use the 5600 models and the lower 5000s. We were able to upgrade as needed. We added a ton of VPN tunnels to them and they handled all that traffic quite well.

        How are customer service and technical support?

        Support has been very good, very professional, got right to the point. My third-party administrator got stuck on setting up some tunnels. We called ASA support and they walked him right through how to do it. That was good.

        How was the initial setup?

        The third-party did all of the setup. I told him what I wanted and he set everything up and got the tunnels for us as well.

        What's my experience with pricing, setup cost, and licensing?

        The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

        What other advice do I have?

        Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface.

        We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product.

        When selecting a vendor the most important factors are

        • Security - obviously that is number one because we are a financial institution
        • stability of the vendor
        • how the product is ranked in the market.

        In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier.

        I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        BURAK YESILDERYA - PeerSpot reviewer
        IT System Administrator at PFW HAVACILIK
        Real User
        Creates a unified strategy for event logging and correlation
        Pros and Cons
        • "Beats sophisticated cyber attacks with a superior security appliance."
        • "The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network."

        What is our primary use case?

        IT landscape is dynamic, requiring security policy, controls, and visibility to be better than ever. 

        • 1Gbps
        • Multi-service
        • Beats sophisticated cyber attacks with a superior security appliance.
        • IT landscape is dynamic.
        • Requires security policy, controls, and visibility to be better than ever. 

        This applies to all ASA-related Management/to-the-box traffic, like SNMP, SSH, etc., with Firepower services combined with our proven network firewall along with the industry’s most effective next-generation IPS and advanced malware protection. Therefore, you can get more visibility, be more flexible, save more, and protect better.

        How has it helped my organization?

        Historic events related to security incidents. My organization must have a unified strategy for event logging and correlation.

        What is most valuable?

        The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.

        What needs improvement?

        The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network. The operational procedures in use on the network contribute as much to security as the configuration on devices.

        For how long have I used the solution?

        Still implementing.

        How are customer service and technical support?

        There is 24/7 support anytime, anywhere.

        Which solution did I use previously and why did I switch?

        Before, I did not manage my private network well (or professionally). For this reason, I have been updating products.

        What's my experience with pricing, setup cost, and licensing?

        Commercial leasing is the best option.         

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Solutions Architect at a tech services company with 10,001+ employees
        Consultant
        Allowed us to consolidating multiple security devices into a single appliance
        Pros and Cons
        • "It allowed us to consolidating multiple security devices into a single appliance."
        • "We are looking for software taxi capabilities."

        What is our primary use case?

        • High-performance intrusion prevention
        • Malware protection
        • Multiple firewalls to control departments on a business by business level (security policies per department).
        • Allowed us to consolidating multiple security devices into a single appliance.

        How has it helped my organization?

        • Intrusion protection
        • We were able to determine when we are being attacked.
        • We determine that our inspections were causing latency.

        We needed a way to monitor threat protection and not cause latency.

        What is most valuable?

        It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.

        What needs improvement?

        We are looking for software taxi capabilities.   

        For how long have I used the solution?

        One to three years.

        Which other solutions did I evaluate?

        Going forward, we are evaluating Anomali. The founder of ArcSight founded Anomali. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        IT Manager at a construction company with 11-50 employees
        Real User
        User-based firewall rules are helpful but the solution needs to be more reliable
        Pros and Cons
          • "The product crashes. We have a cluster of firewalls and we regularly get failovers."

          What is our primary use case?

          Firewall and VPN.

          How has it helped my organization?

          I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.

          What is most valuable?

          Pro user-based firewall rules.

          What needs improvement?

          The solution that we have right now doesn't do what I want it to do. We don't have a ratified solution for all the things that I wanted to right across our business. We're doing similar functions using different technology and I want ratification. I want to be able to do more than what we are currently able to do with the existing service, all under the umbrella of improving security.

          What do I think about the stability of the solution?

          The product crashes. We have a cluster of firewalls and we regularly get failovers.

          How are customer service and technical support?

          I have used technical support once, and they were superb.

          Which solution did I use previously and why did I switch?

          When selecting a vendor, the most important criteria include:

          • Security - the ability of the technology from a security perspective.
          • The ability of the company to support the technology - knowledge of the product by the company. It may sound really silly to say that, but you'd be surprised how poor some companies' technical support is.
          • The financial stability of the company.

          How was the initial setup?

          I was involved in the initial setup. It was complex. 

          What other advice do I have?

          Do your research, know what you want to achieve.

          Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          User at IDF technology
          User
          Valuable features include AnyConnect, double translations, and an independent IPS module

          What is our primary use case?

          This solution is involved in the protection of the network perimeter and the VPN gateway.

          How has it helped my organization?

          It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

          What is most valuable?

          • AnyConnect
          • Double translations
          • Independent IPS module
          • High performance
          • Various methods of organizing a VPN

          What needs improvement?

          • Simplify licensing
          • Do not combine the IPS module with the main operating system.
          • In new products, leave the CLI.

          For how long have I used the solution?

          More than five years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          student at MC
          User
          Manual deep bracket inspection is required to use web filtering. ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security

          What is our primary use case?

          We offer publishing services. It depends on our business, but we use this solution for security.

          What is most valuable?

          ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

          What needs improvement?

          Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

          For how long have I used the solution?

          Three to five years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          PeerSpot user
          Information Technologies Consultant at a tech services company
          Consultant
          Everything is based on high securities standards

          What is our primary use case?

          Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

          How has it helped my organization?

          It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

          What is most valuable?

          • Reliability
          • Robustness
          • Security features
          • High encryption, hashing, and integrity support
          • Support
          • High performance

          What needs improvement?

          Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

          For how long have I used the solution?

          Three to five years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          IT Manager with 51-200 employees
          User
          Once configured to suit your needs, these firewalls are rock solid appliances

          These firewalls are used in enterprise level environments, which require granular control and customization to meet security and compliance guidelines for an organization. Once configured to suit your needs, they are rock solid appliances. 

          These firewalls are not for beginners. 

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user806910 - PeerSpot reviewer
          Manager at SAP
          Real User
          A nice GUI, but poor performance

          Cisco ASA has an okay CLI with a nice GUI, but has poor performance.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          Sikander Ali - PeerSpot reviewer
          IT Infrastructure Engineer at Atlas Group
          Real User
          My confidence continues to build upon using Cisco firewalls

          How has it helped my organization?

          My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others. 

          What needs improvement?

          Antivirus features must be integrated for end user security. They must be increased in the next version along with audit and restriction for the incoming user. Security must be increased when a new user connects over the LAN and an alarm must be generated.

          For how long have I used the solution?

          Three to five years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          Supervisor of Computer Operations at Neil McFadyen
          User
          Setting up rules for HTTPS and SSH access to the management interface are straightforward
          Pros and Cons
          • "I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful."
          • "I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type."
          • "10Gb interfaces should be available on more models."
          • "It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it."
          • "It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center."

          What is our primary use case?

          We use it for our university department firewall. It replaced our 12-year-old Cisco ASA 5520, which used to protect web servers, mail servers, SVN repositories, office computers, research computers, and computer labs. It was used for blocking the internet for exams. It was not used for IPS, so we did not buy the new threat protection or malware license. We connected it to a Layer 3 switch for faster Inter-VLAN routing.

          How has it helped my organization?

          It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.  

          What is most valuable?

          • Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. 
          • I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
          • Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
          • I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
          • I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
          • I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
          • It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
          • The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
          • While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.

          What needs improvement?

          • It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center. It would be nice to have a Windows program instead of a virtual appliance for the Firepower Management Center.  The ASA and Firepower module seem redundant, not sure which one to set the rules in, but maybe that was for backward compatibility. I am not sure that is very useful.
          • It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it.
          • 10Gb interfaces should be available on more models. 

          For how long have I used the solution?

          Still implementing.

          What's my experience with pricing, setup cost, and licensing?

          ASA pricing seems high compared to other firewalls, such as the Sophos XG models. 

          The licensing features are getting more complicated. These should be simplified. 

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          PeerSpot user
          Sales Manager at Entiresoft Technologies Pvt Ltd
          Real User
          VPN load balancing has been essential for my connections to integrate via multiple time zones

          What is our primary use case?

          I am using Cisco ASA as the firewall for my business to guard the boundary of my business. It has been very helpful in my sector of media with my clients, essentially focusing on how secure their data is, especially when we are working on a few projects which involve multiple citations across Europe. 

          Our content, which is the main asset for our firm, is pretty elusive behind the firewall of Cisco ASA.

          How has it helped my organization?

          It has improved my client's trust. 

          What is most valuable?

          VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

          What needs improvement?

          I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info and wasted some operational costs. I would like to advise others to please be wary from the start.

          For how long have I used the solution?

          Less than one year.

          What was our ROI?

          It was initially heavy on my pocket, but it soon actualised its worth.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user874149 - PeerSpot reviewer
          Tehcnician at Belize Telemedia Limited
          User
          ASDM has made configuring ASA easy. No need to memorize CLI commands.

          What is our primary use case?

          Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

          How has it helped my organization?

          Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

          What is most valuable?

          ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

          What needs improvement?

          • UTM features would be nice or some NextGen features. 
          • The ASA has become a bit old and needs updating.

          For how long have I used the solution?

          One to three years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          PeerSpot user
          Network Administrator at Modern Woodmen of America
          Real User
          Sourcefires' visibility and control have been a great addition to the product
          Pros and Cons
          • "Sourcefire has been a great addition. The visibility and control have been nice."
          • "If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great."

          What is our primary use case?

          The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.  

          How has it helped my organization?

          Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had. 

          What is most valuable?

          Sourcefire has been a great addition. The visibility and control have been nice. 

          I also like the active/standby HA. 

          What needs improvement?

          The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great. 

          Also, AnyConnect is very difficult to manage and use. 

          For how long have I used the solution?

          More than five years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          Business Development Executive at CBI
          Reseller
          Though not NextGen, it is a good firewall

          What is our primary use case?

          The gateway firewall is where we use it the most.  

          How has it helped my organization?

          The firewall and policy side are easy to use. 

          What is most valuable?

          IDS.

          What needs improvement?

          Make the IPS baked-in. It is a good firewall, though not NextGen.

          For how long have I used the solution?

          One to three years.
          Disclosure: My company has a business relationship with this vendor other than being a customer: CBI is a VAR for these products.
          it_user857937 - PeerSpot reviewer
          ICT Manager with 1-10 employees
          Real User
          A stable, reliable solution used to protect the network's perimeter

          What is our primary use case?

          We use it to protect the perimeter of the network.

          How has it helped my organization?

          It is reliable, and does the job that it is supposed to be doing.

          What is most valuable?

          • IPS
          • Antivirus
          • IP filtering

          What needs improvement?

          it is not very user-friendly for the administration.

          What do I think about the stability of the solution?

          The Cisco solution that we have now is very stable. That is why we are interested in continuing with the Cisco solution and upgrading to the next generation.

          What do I think about the scalability of the solution?

          It can be used by multiple users.

          How are customer service and technical support?

          We use the technical support of Cisco through a partner, so I do not have direct access to the Cisco IT technical support.

          Which solution did I use previously and why did I switch?

          We just shortlisted Cisco and Fortinet.

          What about the implementation team?

          We needed a Cisco technician to do the initial setup. We had to outsource the implementation.

          What other advice do I have?

          We need to upgrade our security requirements due to the new security requirement applicable in Europe (from GDPR) and the cyber security guidelines for our vessel (we are a US shipping company). 

          Most important criteria when selecting a vendor: familiarity, reliability, and price.

          Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          Information Technology at Giumarra
          User
          ​It is worth every penny that we have invested in it

          What is our primary use case?

          I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

          How has it helped my organization?

          It is much better than most of the other firewalls that I have worked with.

          What needs improvement?

          It needs more tunneling capabilities. 

          For how long have I used the solution?

          More than five years.

          What was our ROI?

          It is worth every penny that we have invested in it.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user862920 - PeerSpot reviewer
          ‎Enterprise Manager at One Advanced
          User
          Provides perimeter and internal firewall services, but needs an MSSP oriented interface

          What is our primary use case?

          • VPN services
          • IDS/IPS services using Firepower
          • Provides perimeter and internal firewall services.

          How has it helped my organization?

          We provide managed services based on the Cisco ASA product. The brand is reassuring to customers when procuring our services.

          What is most valuable?

          • VPN
          • Firewall
          • IDS/IPS

          These features allow us to deliver services to meet client needs across various industry verticals.

          What needs improvement?

          MSSP oriented interface: I would like a single console which would allow me to manage settings creating consistency across all customers.

          For how long have I used the solution?

          Less than one year.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user850275 - PeerSpot reviewer
          Pre-sales engineer with 51-200 employees
          Reseller
          Provides visibility as well as management and administration capabilities

          What is our primary use case?

          We use it as a perimiter firewall and do VPNs and filtering.

          How has it helped my organization?

          As a reseller, because Cisco includes different companies like Sourcefire, Meraki, and Talos, I think Cisco has a good portfolio for the security business, with their own devices too. For example, we have our firewall, we have a Web security appliance, things like OpenDNS with Umbrella. I think Cisco can cover with all the platforms.

          What is most valuable?

          All the visibility the device gives us as well as management and administration facilities.

          What needs improvement?

          It needs better documentation for when we present solutions to non-technical people. They need to bring together all the information, across the various firewalls, so that we can more clearly explain them.

          Also, pricing could be better.

          What do I think about the stability of the solution?

          It's very stable. 

          What do I think about the scalability of the solution?

          When we implement a firewall we need to be aware of whether it is growing over a short time period or a long time period. I think the scalability, from our implementation, is good because you can use the same configuration for another platform. If you implement on a small platform, it It is easy to implement the same configuration to another, bigger device.

          How are customer service and technical support?

          I think tech support is a large part of Cisco. It's good, it provides support around the clock, answers problems. I would rate it nine out of 10.

          Which solution did I use previously and why did I switch?

          SonicWall.

          How was the initial setup?

          For some things it is very easy, but configuring other things is a little complex. It depends on the use case.

          What's my experience with pricing, setup cost, and licensing?

          Cisco may be a little expensive but it has everything, and they support very well.

          Which other solutions did I evaluate?

          Juniper, Fortinet.

          What other advice do I have?

          I think Cisco has all the solutions: switching, routing, security, they have wireless. You can cover all the devices with Cisco. They have all the network and engineered tools to help resolve the issues that we have. They are really very good devices.

          In terms of advice, I would say Cisco is the best company. They're very stable, there aren't too many issues. And when there is an issue they have many engineers who can solve the problem.

          Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
          reviewer847167 - PeerSpot reviewer
          Network and Securirty Engineer at a tech vendor with 501-1,000 employees
          User
          Filtering is the best feature
          Pros and Cons
          • "Filtering is the best feature."
          • "The IPS and GUI are outdated."
          • "It is slowly not supported and other vendors are a few years ahead of Cisco in development."

          What is our primary use case?

          We use it for security of branch offices and data centers. 

          How has it helped my organization?

          It works like a firewall for security reasons. 

          What is most valuable?

          Filtering is the best feature, as I have gotten used to using it.                               .

          What needs improvement?

          The IPS and GUI are outdated. It is finally getting IPS inside, which will be a big improvement. The GUI is outdated, and they are slowly improving it. We will see if they go in the correct direction. Unfortunately, they usually just follow other vendors.

          It is slowly not supported and other vendors are a few years ahead of Cisco in development.  

          For how long have I used the solution?

          More than five years.

          What other advice do I have?

          Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user821520 - PeerSpot reviewer
          Information Systems Manager at a manufacturing company with 201-500 employees
          Real User
          Its most valuable feature is its ability to work with the traffic

          What is our primary use case?

          Business use. It has performed well.

          What is most valuable?

          Its ability to work with the traffic.

          What needs improvement?

          I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface.

          What do I think about the stability of the solution?

          Stability has been fine.

          What do I think about the scalability of the solution?

          It is good.

          How are customer service and technical support?

          I have not used technical support.

          Which solution did I use previously and why did I switch?

          We have always been with Cisco.

          How was the initial setup?

          Initial setup was fairly complex. Just having to know the command prompt rather than having a better user interface.

          What's my experience with pricing, setup cost, and licensing?

          We looking for a possible new solution because of the licensing and VPN.

          Which other solutions did I evaluate?

          We evaluated Cisco and Meraki.

          What other advice do I have?

          Look through what your needs are.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          PeerSpot user
          Network Consulting Engineer at a energy/utilities company with 10,001+ employees
          Real User
          It is very stable. Setting it up is not as intuitive as other more modern NGFWs.

          What is our primary use case?

          Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

          How has it helped my organization?

          Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.

          Do not do cluster to add more bandwidth.

          What is most valuable?

          Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

          What needs improvement?

          The needed features are already being done on Firepower, but this software is still in flux. 

          For how long have I used the solution?

          Three to five years.

          What do I think about the stability of the solution?

          It is very stable.

          How was the initial setup?

          Setting it up is not as intuitive as other more modern NGFWs.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user824748 - PeerSpot reviewer
          User at a comms service provider with 1,001-5,000 employees
          User
          Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%

          What is our primary use case?

          Service Provider Operations manipulating thousands of firewall rules deploying Network Access Translations (NAT) for various multiservice networks.

          How has it helped my organization?

          • Easy and fast to deploy.
          • User-friendly GUI
          • REST API offering with rich capabilities which makes the product very robust.

          What is most valuable?

          Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.

          What needs improvement?

          ASDM needs to be able to customize applets.

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          REST API stability needs improvement in order for customizing resource allocation available to the user rather than just being there transparently. This way users can customize REST API and tailor it to their needs.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user814596 - PeerSpot reviewer
          Senior Network Manager with 51-200 employees
          Vendor
          Easy to deploy in a working environment between servers and users

          What is our primary use case?

          • Datacenter and edge firewalls
          • Used in central and remote sites.
          • Used in datacenter production sites.

          How has it helped my organization?

          • Deployed between users and servers transparently.
          • Easy to deploy in a working environment between servers and users.
          • Improved security and visibility.

          What is most valuable?

          • Failover
          • Transparent firewall
          • Multi-context
          • Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.

          What needs improvement?

          HTTPs inspection and higher throughput/spec would be good. Now, it has been replace by Firepower, which is a lot faster. 

          For how long have I used the solution?

          More than five years.
          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          PeerSpot user
          Security Governance at a comms service provider with 1,001-5,000 employees
          Real User
          It brought our network down several times due to a memory leakage bug. Protects 3G/4G Internet customers and the Private APN.
          Pros and Cons
          • "We have been using a 5520 for seven years in our datacenter and we are satisfied by this version."
          • "The solution is used for the protection of the mobile data network. It is protecting 3G/4G Internet customers and the Private APN."
          • "The throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput."
          • "A memory leakage issue which literally freeze the nodes (we have an HA environment). The issue is still not solved and the only recommendation from Cisco is to reboot the node."

          What is our primary use case?

          ASA5585-SSP-60 was deployed after a migration from Juniper SRX5600. The solution is used for the protection of the mobile data network. It is protecting 3G/4G Internet customers and the Private APN.

          How has it helped my organization?

          So far, we are not satisfied by the move. The precedent solution is much more adapted to the Telco environment, although Cisco recommended this platform. Cisco ASA also brought our network down several times due to a memory leakage bug, which is still not resolved.

          What is most valuable?

          All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers

          What needs improvement?

          • VPN creation with Cisco is quite difficult: Some DH groups are not supported (compared to Juniper).
          • Expected to see the enablement of virtual routing, which is key in a Telco environment. We need to provide this in LAN to LAN services with shared platforms (DNS, proxies, etc.).
          • Application visibility 

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          Yes, a memory leakage issue which literally freeze the nodes (we have an HA environment). The issue is still not solved and the only recommendation from Cisco is to reboot the node.

          What do I think about the scalability of the solution?

          Yes, the throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput.

          How are customer service and technical support?

          Experience with technical support was mitigated. 

          Technically, they denied any issues on the node and call the memory leak issue, "A cosmetic issue." They were stating that memory disappearance reported by SNMP was an error and will have no impact on the traffic. They have reviewed this since we have recorded several blackouts during the year.

          Which solution did I use previously and why did I switch?

          We were using Juniper SRX5600. The switch was more a strategic decision than a technical one.

          We are also using a 5520 for seven years in our datacenter and we are satisfied by this version.

          How was the initial setup?

          The initial setup was very complex. Migration from Juniper (with wide usage of VR) to Cisco is complex and you should make sure to master all the flows on the node. Also, Juniper is more permissive on asymmetric traffic, which Cisco will deny by default. 

          What about the implementation team?

          Implementation was performed by a Cisco recommended local partner. 

          We were not satisfied at all (from the pre to post implementation). Their level of expertise was zero.

          What was our ROI?

          I do not know.

          What's my experience with pricing, setup cost, and licensing?

          Nothing to highlight at this level. 

          Which other solutions did I evaluate?

          We did an evaluation with Check Point.

          What other advice do I have?

          It is definitely not for Telco.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user698436 - PeerSpot reviewer
          ESS Security with 201-500 employees
          MSP
          Allows us to implement active/backup HA with ASAv (Adaptive Security Virtual Appliance)
          Pros and Cons
          • "In v9.8 you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure."
          • "The relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA."

          What is most valuable?

          Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.

          What needs improvement?

          There is always room for improvement in virtually anything. However, the relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA. Moreover, with FMC (Firepower Management Console) you can complement it with even more admin and reporting capabilities for the entire platform.

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          No stability issues.

          What do I think about the scalability of the solution?

          No scalability issues.

          How is customer service and technical support?

          Excellent.

          How was the initial setup?

          New version comes with initial setup tutorial, with very nice security policies baseline, set up by default.

          What's my experience with pricing, setup cost, and licensing?

          Be sure of what features you are going to utilize to add/remove some from new bundles.

          What other advice do I have?

          Best value will always be delivered by adding FMC (Firepower Management Console); at least their virtual edition.

          Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor.
          it_user413292 - PeerSpot reviewer
          Regional Manager - Pre Sales at a tech services company with 51-200 employees
          Consultant
          Helps us to identify key, persistent threats so we can set policies accordingly

          How has it helped my organization?

          It helps us to identify key, persistent threats so we can set policies accordingly.

          What is most valuable?

          In-depth monitoring and analysis. It helps us to make better decisions and policies.

          What needs improvement?

          • Integration aspects
          • Traffic shaping

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          Initially there were some stability issues, but in the long-run no.

          What do I think about the scalability of the solution?

          It requires additional licensing to enable 10G ports.

          How is customer service and technical support?

          Technical support is very good.

          How was the initial setup?

          It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes requires extensive troubleshooting, even for smaller issues.

          Which other solutions did I evaluate?

          We evaluated Huawei, briefly.

          What other advice do I have?

          It is a good datacenter firewall, as they have now overcome integration issues with latest versions.

          Disclosure: My company has a business relationship with this vendor other than being a customer: Cisco Premier Partner.
          it_user793611 - PeerSpot reviewer
          Account Manager
          Real User
          Blocks malicious URLs, but bandwidth allocation and detection of new bugs need work
          Pros and Cons
          • "Malicious URLs are being blocked."
          • "Bandwidth allocation needs improvement."
          • "Critical bugs need to be addressed before releasing the version."
          • "Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues."

          How has it helped my organization?

          Malicious URLs are being blocked.

          What is most valuable?

          Advanced malware protection, it blocks malicious attacks.

          What needs improvement?

          • Bandwidth allocation.
          • SSL decryption (avoid installing the intermediate device certificate in the client) should happen from Firepower itself.
          • Critical bugs need to be addressed before releasing the version.
          • Need to reduce the time to for detection of new threats.
          • Enable a feature for importing/exporting logs when required for analysis.
          • Dynamic IP address in client systems mapping with respect to OS change or device change should be updated periodically in FireSIGHT management.
          • Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues.

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          Yes, there were stability issues due to memory issues in the cluster environment and Firepower misbehaved due to non-responding of service/process.

          What do I think about the scalability of the solution?

          No scalability issues.

          How are customer service and technical support?

          Good support.

          Which solution did I use previously and why did I switch?

          We switched from our previous solution because of scalability issues.

          How was the initial setup?

          It was straightforward, even though we migrated from a third-party to Cisco.

          What's my experience with pricing, setup cost, and licensing?

          Price should be judged based on the above answers, among the most capable vendors.

          Which other solutions did I evaluate?

          FortiGate.

          What other advice do I have?

          We are using ASA5585-X with Firepower SSP-20 (ASA version 9.6(1)3, Firepower version 6.1.0.5).

          When looking at different solutions, take a deep look at the features.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          PeerSpot user
          Solutions Architect at a tech services company with 51-200 employees
          Consultant
          A multitude of valuable features but a little pricey
          Pros and Cons
          • "Signature-based detection; user-defined signatures with regular expressions; integrated URL and content filtering; custom URL categories filtering."

            How has it helped my organization?

            Secured our network from outside and inside intruders.

            What is most valuable?

            • Network attack detection
            • DoS and DDoS attack prevention
            • Signature-based detection
            • User-defined signatures with regular expressions
            • Integrated URL and content filtering
            • Custom URL categories filtering
            • Integarted antrivirus
            • Protocols scanning

            What needs improvement?

            License capacity needs to be extended and the vendor needs to work on the pricing.

            For how long have I used the solution?

            Three to five years.

            What do I think about the stability of the solution?

            No stability issues.

            What do I think about the scalability of the solution?

            No scalability issues.

            How are customer service and technical support?

            10 out of 10.

            Which solution did I use previously and why did I switch?

            No, Cisco was part of our solution from the start.

            How was the initial setup?

            Straightforward.

            What's my experience with pricing, setup cost, and licensing?

            Value for your money, but bit a costly.

            What other advice do I have?

            Good product, give it a chance.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Solution Partner.
            it_user346116 - PeerSpot reviewer
            I.T Security Consultant
            Vendor
            Once set up properly, it can run for a whole year without any major issues
            Pros and Cons
            • "The most stable firewall I’ve ever worked with. Once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration."
            • "The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses."

            What is most valuable?

            This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.

            What needs improvement?

            The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses.

            For how long have I used the solution?

            Three to five years.

            What do I think about the stability of the solution?

            No stability issues at all, the most stable firewall I’ve ever worked with.

            What do I think about the scalability of the solution?

            No scalability issues.

            How are customer service and technical support?

            Quite good.

            Which solution did I use previously and why did I switch?

            We’ve always used ASA from the get go. We added the UTM is to compliment it.

            How was the initial setup?

            Straightforward.

            What's my experience with pricing, setup cost, and licensing?

            Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM).

            Which other solutions did I evaluate?

            Juniper, Check Point, Astaro

            What other advice do I have?

            Go for it. I really like how, once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            PeerSpot user
            Technical Administrator at a tech services company
            Real User
            Since deployment, we have not encountered the attacks we had before
            Pros and Cons
            • "Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security."

              What is our primary use case?

              We have been using this model for three years, to place a firewall between ISPs and our corporate network. As of now, we have configured some SSL VPNs on our end for our convenience.

              How has it helped my organization?

              Three years ago we encountered malicious attacks from the internet, most of which were Chinese attackers, so we deployed Cisco ASA to strengthen our network. Since the deployment, we haven't seen the risk we encountered before.

              What is most valuable?

              Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security.

              What needs improvement?

              There are more powerful firewalls, other than the Cisco NGFW, like Fortinet, Palo Alto and so on. I can't say Cisco is the leading firewall brand as of now, as the technology innovates. 

              What do I think about the stability of the solution?

              No stability issues yet.

              What do I think about the scalability of the solution?

              No scalability issues yet.

              How is customer service and technical support?

              Awesome.

              What other advice do I have?

              I rate it an eight out of 10. 

              I am only handling or supporting the ASA 5520 model in our company.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Security Engineer at a tech services company with 201-500 employees
              Real User
              Syslog generation and forwarding are good but it lacks many UTM features
              Pros and Cons
              • "One thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog."
              • "It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line."
              • "It should have packets, deep level inspections and controls, like the features which other IPS solutions used to have."
              • "Other firewalls, upgrading is a very easy task; from the graphical user interface, you just need to import the firmware versions into it and install it. In this firewall, you need to have a third-party solution in both. It's a process. It's a procedure, a hard procedure, actually, so there is no straightforward procedure for upgrading."

              What is most valuable?

              If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. 

              The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the only feature, I feel, that is good. I have worked with other firewall products, so I know it very well. The logs are pretty good. Then it forwards. When it forwards the logs to a third-party syslog server, it then writes the Syslog very well. That is the only feature I like about it.

              What needs improvement?

              It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line.

              Its a sort of legacy product nowadays. The firewalls which are the next generation have loads of features added to them, and they are all in one box.

              It should have packets, deep level inspections and controls, like the features which other IPS solutions have. It just doesn't have any. It's just a box which does firewalling. 

              Threat management features also should be added into it. 

              So, the first thing is that the GUI has to be improved. The second thing is that the UTM features have to be added to it in a much broader way; not by relating to other third-party solutions which is how it is done right now. It should have built-in UTM features like other firewalls have now. Plus it should have the ability to analyze any packets which have malicious behaviors. Currently it doesn't have anything like that. It's just a layer-3 firewall.

              Regarding the GUI, it's a very childish sort of attempt. It hasn't been improved since I started working with it. Yes, it shows the logs as they are but it doesn't have any option to do proper reporting.

              For how long have I used the solution?

              Three to five years.

              What do I think about the stability of the solution?

              Stability is really good, actually.

              What do I think about the scalability of the solution?

              Scalability is not that good, I think. Other firewalls, upgrading is a very easy task; from the graphical user interface, you just need to import the firmware versions into it and install it. In this firewall, you need to have a third-party solution in both. It's a process. It's a procedure, a hard procedure, actually, so there is no straightforward procedure for upgrading.

              How are customer service and technical support?

              I have never called the tech support, apart from a hardware issue, but that is done through the vendor, a third-party support team.

              Which solution did I use previously and why did I switch?

              I was actually using ASA and I switched to another one.

              How was the initial setup?

              I actually have lots of experience working on multiple firewalls and technical solutions, so for me I don't have any problem doing things by the command line. But for others, for a person who has two years of experience or one year of experience in general, they will definitely face issues working in the command line. You have to remember all of the commands, to search for the commands. If you're in a graphical user interface, you can go search somewhere and find some options. So I would say in that way it is complex.

              What other advice do I have?

              If I were to advise others who are looking into implementing this product I would say I don't think they will like it. They would be able to meet business requirements better with other products, other vendors' firewalls. That's what I think, that's what I know from my own experience, from dealing with customers.

              If those features, which I mentioned above in the first few questions, if they can add those features into the firewall as a standalone box, it can definitely become a player on the stage. They already have a good platform, even if it's a legacy product, it has that bit of maturity. So if, on top of that very good platform, they can add those features - security, threat intelligence features - they can get back into the market.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user789333 - PeerSpot reviewer
              President and CTO with 51-200 employees
              User
              Very good as a stateful inspection firewall, but weak in all other areas
              Pros and Cons
              • "Strong in NAT and access-lists."
              • "Very good as a stateful inspection firewall."
              • "VPNs are weak as this product still does not support route-based VPNs."

              What is our primary use case?

              Firewall only - no advanced services. 

              How has it helped my organization?

              In the early days, before UTM and NGFW, this product was awesome. Cisco tried to add Firepower, but it requires a different management interface and is still too expensive.

              What is most valuable?

              • Strong in NAT and access-lists 
              • Very good as a stateful inspection firewall, but weak in all other areas. 

              What needs improvement?

              • Integrated threat management
              • Route-based VPNs: VPNs are weak as this product still does not support route-based VPNs. 
              • Single management interface
              • Better throughput for price point 

              For how long have I used the solution?

              More than five years.

              What's my experience with pricing, setup cost, and licensing?

              Price point is too high for features and throughput available.

              What other advice do I have?

              Overall, this is a legacy product. 

              Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
              davidstrom - PeerSpot reviewer
              Owner at David Strom Inc.
              Using Cisco ASA CX Firewall To Protect Your Network

              Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Senior Consultant at Unify Square
              Real User
              An excellent firewall, and one of the best available choices for big size companies. As usual excellence requires money.
              Pros and Cons
              • "ASA is stable and with a low level of work required on the maintenance side."
              • "You have to know the ASA command line very well because not all operations are available in the graphical interface"

              What is our primary use case?

              Cisco ASA is born as an hardware firewall. The user case is security check on company's external connections (Internet and VPN access).

              Most recent versions include antivirus and intrusion prevention to add security layers (including the above scenarios and the internal network) 

              How has it helped my organization?

              Cisco ASA have been the main security device for many years, slowly replaced with Check Point on the main datacentre.

              What is most valuable?

              ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web sites filtering and so on.The routing part is high level as usual with Cisco products.  

              What needs improvement?

              You have to know the ASA command line very well because not all operations are available in the graphical interface (or let's say that sometimes it is better to operate with the ASA CLI).If you are searching for an "all in one product" it is not for you

              What do I think about the stability of the solution?

              No, stability is a really strong point with ASA.

              What do I think about the scalability of the solution?

              No, an assessment about the workload is important to select the right device.

              How are customer service and technical support?

              Over many year, the only kind of support we needed directly from Cisco was (really seldom) for parts replacement

              Which solution did I use previously and why did I switch?

              The previous solution was based on software firewalls that where not able to perform as the Cisco ASA

              How was the initial setup?

              Setup of a firewall, on a medium / large deployment is always a complex work.

              Cisco ASA (more than other vendors' solutions) require a lot of know-how and real world expertise to be configured properly.

              What about the implementation team?

              More than one external team (Cisco partners) has been involved over time.

              All of them were outstanding in their work.

              What was our ROI?

              Positive. The devices serves thousands of users for many years, outliving other vendors solutions.

              What's my experience with pricing, setup cost, and licensing?

              Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution. 

              Which other solutions did I evaluate?

              When the choice was made, some comparison was made with other market leaders but integration with the existing Cisco network was a really important positive side in the final decision.

              What other advice do I have?

              ASA is one of the the state-of-the-art firewall devices for security.
              It is affordable and not too complicated to use if you are doing standard operations (modifying ACLs, natting and so on) on an existing deployment.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              davidstrom - PeerSpot reviewer
              Owner at David Strom Inc.
              Cisco has done a superior job at its next generation of firewall technology.

              What is most valuable?

              The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.

              How has it helped my organization?

              Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.

              What needs improvement?

              Prime manager is just for the CX line for now. CX features also add about a 30% overhead on throughput.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user682167 - PeerSpot reviewer
              Network and System Engineer at a non-tech company with 201-500 employees
              Vendor
              IPS features can be accessed from a separate interface

              What is most valuable?

              I enjoy the interface of Cisco products, especially the CLI version. I think the IPS feature in the product is best compared to products of other vendors. All the IPS features can be accessed from a separate interface, e.g., Cisco IDM.

              How has it helped my organization?

              We are an educational institute, and we are required to block many websites that are not suitable for students and teachers. Most of the sites, like YouTube uses an https version, thus blocking with IP address was becoming problematic. Moreover, certificate domains for Gmail and YouTube are the same. But the IPS feature in this product helps us to overcome this limitation.

              What needs improvement?

              Pricing of this product needs improvement.

              For how long have I used the solution?

              I have used this solution for two years.

              What do I think about the stability of the solution?

              I did not encounter any issues with stability.

              What do I think about the scalability of the solution?

              I did not encounter any issues with scalability.

              How are customer service and technical support?

              I would give technical support a rating of a nine out of 10.

              Which solution did I use previously and why did I switch?

              I worked with Cyberoam and Fortinet UTM at my previous job. When I joined my present company, they were already using the Cisco ASA solution. But my present company may switch to other vendors, especially Fortinet, because of the license renewal price.

              How was the initial setup?

              As I enjoy working on CLI, I would say that the initial setup was not complex.

              What's my experience with pricing, setup cost, and licensing?

              License and appliance costs are more expensive as compared to other vendors on the market.

              What other advice do I have?

              If your company is small or mid-range, it is better to go with other vendors, because of the pricing.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Frank Theilen - PeerSpot reviewer
              IT Adviser/Manager with 51-200 employees
              Real User
              Top 20
              The Cisco ASDM management tool was helpful. I would like to see good reporting options.
              Pros and Cons
              • "The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes."
              • "Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options."

              How has it helped my organization?

              The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes.

              If you ask how a firewall can improve our business: It can’t. It is securing our business IT network.

              But if you want to know what the ASA5520 can do to secure our network:
              Not much more than any firewall. It is a solid port firewall, nothing more, nothing less.

              What is most valuable?

              The Cisco ASDM management tool was helpful.

              What needs improvement?

              Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options.

              For example, to update or add a feature, you end up buying new support and licenses. The process is complex and changes so rapidly that you won't find a salesperson who will offer you the right products.

              New generation firewalls are cloud managed or provide a good interface. They integrate into the environment. They are application aware and come with security features that are especially designed for the purpose.

              What do I think about the stability of the solution?

              There were no stability issues.

              What do I think about the scalability of the solution?

              You need to buy a new product if you want to scale. I once tried to put in another network card and ended up in a support nightmare. I had to buy more support, licenses, and it was more expensive than buying a new one.

              How are customer service and technical support?

              Customer Service:

              Customer service is non-existent. You need to go through a very complex and annoying approval system before you can get any help. The support then gets asked a question and you get one word answers. It takes you hours to find out what version of an update you need to install, and then another day to find out how to install it.

              Technical Support:

              I would give technical support a rating of zero out of 10. It is clear that Cisco is not for the end-customer, but rather for resellers and providers. They might have better contracts and get more technical support.

              Which solution did I use previously and why did I switch?

              I usually have to take what is there. If I had a choice, I would now take something newer.

              How was the initial setup?

              You can start very easy and set up the network cards, but it also has many traps to find out the right setting for your environment.

              For example, you need fixed network settings on your switch to connect with full duplex 100Mb/s. There is no autonegotiation nor other settings. This is the same problem with the WAN connection. You need to know exactly what to configure to match the WAN, or it will not work.

              What about the implementation team?

              I once had support from a reseller and once from a provider. Both depended on the level of the person you speak with. Most have some knowledge.

              What was our ROI?

              Once installed, they last a long time. I would recommend replacing them after some years to get better security features.

              What's my experience with pricing, setup cost, and licensing?

              If you look for user internet access, many new products can help with filtering and rules or procedures, like Meraki. This replaces the purpose of proxy servers.

              If you have to secure web servers from the internet, you need a decent firewall with web features to process the requests and redirect traffic to web servers.

              Cisco is no longer the only vendor offering these features. With Microsoft TMG out of the race, others have to push in. But firewalls are also no longer the first frontier of security. Cloud services are in there as well.

              Which other solutions did I evaluate?

              I had no choice.

              What other advice do I have?

              Get someone to help you plan and set up the firewall concept, as well as the initial setup and testing. Waiting for later is not the time to test or change anything without an outage.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Presales Consultant at a tech services company with 51-200 employees
              Consultant
              One of the most valuable features is the correlation of events -- including the path that a file is taking in the network and its integration with the endpoint protection.

              What is most valuable?

              Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.

              One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.

              How has it helped my organization?

              Visibility in the network traffic.

              What needs improvement?

              Management console – Firesight Management Center.

              When deploying Cisco FMC versions 6.0 and 6.1, some issues may appear when trying to register ASA sensors. The problem needs Cisco TAC involvement, adding more effort and time. I guess this will be fixed in version 6.2.

              For how long have I used the solution?

              I've used this solution for three to five years.

              What do I think about the stability of the solution?

              Some releases of the unified image (FTD – Firepower Threat Defense – Cisco ASA + Sourcefire IPS) are not very stable, but things are getting improved.

              What do I think about the scalability of the solution?

              Some clustering functions are not available in the unified image.

              How are customer service and technical support?

              Excellent.

              Which solution did I use previously and why did I switch?

              Old ASA 5500. Natural upgrade to next generation functions.

              How was the initial setup?

              Initial setup is pretty straightforward.

              What's my experience with pricing, setup cost, and licensing?

              The licensing model has been simplified and is easy to understand. The price is higher compared to UTM solutions, such as Fortinet, but in the same range as Checkpoint and Palo Alto.

              Which other solutions did I evaluate?

              We also work with Palo Alto Networks, Fortinet, FireEye, and some other vendors.

              What other advice do I have?

              Take a look at the features included in the unified image. Some classic ASA functionality has not been integrated yet, go for non-unified image if the deployment requires something that is not available – classic ASA iOS plus Sourcefire code.

              Disclosure: My company has a business relationship with this vendor other than being a customer:
              Sergei Chernooki - PeerSpot reviewer
              IT SecOps Manager at a computer software company with 1,001-5,000 employees
              Vendor
              The best features are NAT, transport-layer inspections, and VPN

              What is most valuable?

              Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.

              How has it helped my organization?

              With ASAs, we can keep operational expenses as low as possible. Disaster risks should be observed as usual, but this is definitely not the weak point.

              What needs improvement?

              I would like to see new SW versions being more stable and HW performance increase. However, the new 2000 series has high performance, but it is not shipped widely so far.

              For how long have I used the solution?

              I started using Cisco firewalls when old PIX models were produced. I then observed all model changes. This makes about 10 years of continuous experience.

              What do I think about the stability of the solution?

              There are no real stability issues, if upgrades are done carefully.

              What do I think about the scalability of the solution?

              I believe scalability issues are caused by poor design.

              How are customer service and technical support?

              Cisco technical support makes a good impression most of the time.

              Which solution did I use previously and why did I switch?

              Some of my customers switched from ZyXel to Cisco and this is an obvious decision for me. It will be much harder to imagine a customer replacing Check Point or Fortinet with Cisco.

              How was the initial setup?

              The initial setup should not be left to the customer. The best way to do this is to make a basic setup and integration along with cabling and power-up, then verifying requirements and adjusting the configuration.

              What's my experience with pricing, setup cost, and licensing?

              Basic features and IPs can work without subscriptions. All next-generation features require per-year payments. Enterprise customers usually agree with price and license fees, so I don't see any painful issues with pricing and licensing.

              Which other solutions did I evaluate?

              I compared Cisco with Fortinet, Checkpoint, and DIY solutions.

              What other advice do I have?

              All you need to succeed is careful design, professional setup, and a support contract.

              Disclosure: My company has a business relationship with this vendor other than being a customer: We have been Cisco channel partners for over 15 years.
              ramesh1923 - PeerSpot reviewer
              Technical Specialist with 5,001-10,000 employees
              Real User
              The throughput and reliability of the product improve the network stability of our organization.

              What is most valuable?

              VPN (site to site VPN and remote access ), NAT policies, modular policy framework, detailed troubleshooting methods.

              How has it helped my organization?

              The throughput and reliability of the product improve the network stability of our organization.

              What needs improvement?

              Area : URL filtering and content filtering.

              When Cisco ASA is presented as an enterprise firewall, that should be capable doing IPS/IDS, firewalling, VPN concentrator, application filtering, URL filtering and content filtering.

              Of course, the last three technologies can do by a proxy. But nowadays, all next generation firewalls like Fortinet, Check Point, and Palo Alto are each bundling the UTM features into a single box with multiple separate content processors (hardware) to do these jobs.

              This would enable single pane glass for management. No need to look at different devices for change management and troubleshooting.

              I would say Cisco ASA is the best except for its URL and content filtering module. And these modules in ASA are not straightforward, rather complex in managing the device.

              What was my experience with deployment of the solution?

              I've been using this solution since 2007.

              What do I think about the stability of the solution?

              No.

              What do I think about the scalability of the solution?

              All product-based firewalls will encounter scalability issues. The firewall sizing is important during the sizing.

              How are customer service and technical support?

              Good.

              Which solution did I use previously and why did I switch?

              I used to work with most of the hardware firewalls, Cisco ASA is reliable and few technologies are good enough to compete for the market (VPN, Modular policy framework, NAT, etc.).

              How was the initial setup?

              Straightforward -- console or via the interface.

              What's my experience with pricing, setup cost, and licensing?

              Expensive when compared to other products.

              Which other solutions did I evaluate?

              Yes, all.

              What other advice do I have?

              If you are looking into implementing VPN or advanced features, I recommend using this product. URL or content filtering is not good as much as the NGFWs are.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Computer Networking Consultant and Contractor
              Consultant
              Initial setup was very straightforward because the training and certification provided by the vendor helped us to solve rapidly any configuration issues.​
              Pros and Cons
              • "Stability, high availability of services, and very high MTBU were the most valuable features for me."
              • "The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc."

              How has it helped my organization?

              I have 15 years’ experience with Cisco products and I've had very, very little problems with them. Also, for resolving appeared issues Cisco was a good partner.

              Crescendo (www.crescendo.ro) is an IT&C integrator and this product (based on Cisco Partnership) helped us to grow our business, and Cisco ASA was one of most sold product in our solutions portfolio.

              What is most valuable?

              Stability, high availability of services, and very high MTBU were the most valuable features for me -- because in my work as network and security consultant, it is very important to guarantee to my customer the security of his business.

              What needs improvement?

              The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc.

              What do I think about the stability of the solution?

              With Cisco ASA firewall, no.

              What do I think about the scalability of the solution?

              No. Based on their recent acquisition of Firepower, Cisco added "multi 10Gbps" NGFW performance in their solutions portfolio, which can be used by us, as a Gold Partner with Advance Security Architecture Specialization, in our network architecture proposals.

              How are customer service and technical support?

              Very satisfied.

              Which solution did I use previously and why did I switch?

              I haven' t used another solution.

              How was the initial setup?

              Initial setup was very straightforward because the training and certification provided by the vendor helped us to solve rapidly any configuration issues.

              What's my experience with pricing, setup cost, and licensing?

              To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive.

              Which other solutions did I evaluate?

              We evaluated other solutions, like Fortinet, HPE, Juniper, Check Point, but Cisco ASA was what we need.

              What other advice do I have?

              To test the product in their network and to evaluate other products. I am sure that the Cisco ASA Firewall will be the winner.

              Our complete relationship is based on the following partner competencies:
              Certifications:

              • Gold Certified Partner
              Specializations:
              • Advanced Collaboration Architecture Specialization
              • Advanced Data Center Architecture Specialization
              • Advanced Enterprise Networks Architecture Specialization
              • Advanced Security Architecture Specialization


              Cloud Partners:
              • Storage: EMC
              • Virtualization: VMware
              • Cloud Management: VMware
              • Cloud Professional Services
              • SaaS Simple Resale


              Other Authorizations:
              • Registered Partner
              • Cisco Certified Refurbished Equipment
              • Cisco Developer Network Cisco Products Marketplace
              • Cisco Meeting Server formerly Acano
              • PSPP Defense
              • Smart Care Registered Partner
              • ATP - Unified Contact Center Enterprise

              Partner since:

              • More than 10 years

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Network Engineer with 201-500 employees
              Real User
              Before anything, you need to know your infrastructure really well
              Pros and Cons
              • "IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
              • "ASDM can be improved."

              How has it helped my organization?

              The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.

              What is most valuable?

              IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.

              The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.

              Also, the IP access list counter is a good feature while troubleshooting.

              What needs improvement?

              ASDM can be improved.

              Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.

              What do I think about the stability of the solution?

              Yep, more than once, but only on one box out of the three we purchased. Suppose we got a lemon, because once replaced, everything was fine.

              What do I think about the scalability of the solution?

              We never had an infrastructure that required scalability.

              How is customer service and technical support?

              An eight out of 10. TAC was very good but some engineers were quite slow and I ended up figuring out the issue myself.

              But overall, I like Cisco TAC a 1000 times more than Juniper TAC. Arista is the best TAC so far in my experience, they have the best talent pool.

              How was the initial setup?

              Quite straightforward for the most part, since I had TAC on call while setting it up.

              What's my experience with pricing, setup cost, and licensing?

              Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now.

              Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All other TACs do not come close, except Arista, but they do not make firewalls.

              Which other solutions did I evaluate?

              None. My old company was a complete Cisco shop.

              What other advice do I have?

              Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well.

              For example, we brought a PAN firewall for east-west traffic control so we could implement a zero trust network. But our business traffic is a bidding traffic which has extremely small packet size and huge connection size per seconds happening, which sent the PAN firewall into a tailspin. Since we bought the device without a POC, we had to eat the cost. So make sure to do a PoC with all the vendor equipment before you purchase it.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user700158 - PeerSpot reviewer
              Senior Network Security Engineer at a university
              Vendor
              Spec the right hardware model and choose the right license for your needs.
              Pros and Cons
              • "The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users."
              • "The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment."

              How has it helped my organization?

              The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users.

              What is most valuable?

              It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote access VPN are always useful.

              What needs improvement?

              It's not perfect, and does have room for improvement with certain features.

              The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment.

              Certain documentation on the newer models of ASA (specifically, ASA 5500-X with FirePower services) is a little out of date and in some cases incorrect, although this may have been corrected since my last deployment.

              What do I think about the stability of the solution?

              I've never seen a firewall that didn't need an RMA at some point! And that is true of the ASA, however, the failure rate (in my experience) has always been very low with ASA's (and Cisco equipment in general).

              What do I think about the scalability of the solution?

              Nope.

              How are customer service and technical support?

              With Cisco TAC, you can always get an answer to technical issues, and with the thriving Cisco support forum, you can always get answers to questions even if you don't have TAC.

              Which solution did I use previously and why did I switch?

              Not in my current organization.

              How was the initial setup?

              I would say it's only complex if you're not familiar with either the CLI or ASDM.

              So for me, it was easy, for those without Cisco CLI (or ASDM) experience, deployment can be a little daunting.

              That being said, there are plenty of configuration documents available on the Cisco website that will "hold your hand" through any deployment.

              What's my experience with pricing, setup cost, and licensing?

              Hardware and licensing can be expensive, and licensing can be a complicated affair. I would strongly recommend you speak with your distributor to ensure you choose the right license for your needs, and read the hardware comparison guide to make sure you spec the correct hardware for your specific needs.

              Which other solutions did I evaluate?

              It's great buying the latest and greatest equipment, but no so great if your engineers don't know how to operate it!

              From experience, hardware purchasing is normally dependent on the technical expertise of engineers, so if all your engineers are Cisco trained, it makes no sense to buy another vendor firewall.

              What other advice do I have?

              Spec the right hardware model and choose the right license for your needs.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Alexander Kostov - PeerSpot reviewer
              Senior IT Networking and Security Manager at a tech services company with 10,001+ employees
              Real User
              It is supported on many platforms and helps us gain access to the network.

              What is most valuable?

              There are a lot of features which are good and can be implemented, especially in the latest IOS version of the product.

              They saved me a lot of time thinking how to solve different scenarios with other solutions.

              Cisco AnyConnect for remote access is one of them. It is supported on most of the platforms, which business users use. They can gain access to the network, via functions like PBR, Security groups, contexts, and DNS doctoring. This gives a lot of flexibility to the product.

              How has it helped my organization?

              It gave us a more secure environment and a lot of flexibility to the business.

              What needs improvement?

              The next generations part of these products need a better approach. A lot of vendors are definitely a step or two in front of them.

              For how long have I used the solution?

              I have worked with these types of firewalls for more than 10 years.

              What do I think about the stability of the solution?

              I can say that this product is one of the most stable products I have ever worked with.

              What do I think about the scalability of the solution?

              In terms of scalability, this always depends on how the product was chosen and what purpose it will work for. I haven't experienced any issues with the scalability of the product.

              How are customer service and technical support?

              In terms of technical support, it depends on the different cases. I would surely give Cisco technical support a rating of 9/10.

              Which solution did I use previously and why did I switch?

              I used to work with open source solutions, but the support and complication behind them was definitely not OK. If you want to have flexibility and stability, you have to move on to something that receives more development in that specific area.

              How was the initial setup?

              The initial setup was straightforward and there was a lot of documentation that can help out with specific cases.

              What's my experience with pricing, setup cost, and licensing?

              This is definitely not a cheap solution, but I think it is worth the investment.

              Which other solutions did I evaluate?

              We evaluated other solutions like Juniper, but we chose Cisco, since our network was becoming more and more Cisco oriented.

              What other advice do I have?

              I would recommend that you understand the needs of the business case before choosing the product and start implementing it. It is very important to choose the right licenses from the beginning.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Georges Samaha - PeerSpot reviewer
              Security Consultant at a tech services company with 501-1,000 employees
              Reseller
              Top 5Leaderboard
              Detection engine and historical file analysis ease threat investigations
              Pros and Cons
              • "The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot."
              • "I would like to see more integration with third-party devices in general. There is great integration with Cisco devices, but there's not much integration with third-party devices."

              What is our primary use case?

              Cisco next-generation firewalls are mainly used either for data center protection - north-south traffic - or internet traffic.

              How has it helped my organization?

              The application and user-visibility and control, along with very powerful IPS and malware protection, enables our clients to secure their data centers and internet perimeter in a much better way. It provides them with traffic visibility and reporting as well.

              The main advantage is when you put it between users and servers internally or between different VLANs in the network. You have full visibility over the traffic, over all the internal applications. Usually, there's a lot of traffic that is not very clear and no one knows what is on their network. So, once deploy it internally, you have full visibility over the internal traffic, who's accessing what, which protocol. It can directly detect all kinds of malicious traffic, traffic that abuses bandwidth. 

              It makes different kinds of internal behavior that is useful to a network admin. And for security of course: Any kind of file infection, any kind of internal scanning, internal attacks; it gives you full visibility.

              Finally, you have communication of VLANs, internally, in the network, of course. So you have a granular access control based on user and application, instead of IP and port as you would have with a traditional firewall.

              What is most valuable?

              During the first phase of use, it was an extra module on standard Cisco ASA firewalls. It then became a standalone solution known as FTD, Firepower Threat Defense.

              The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot.

              I value the integration with other products (Cisco ISE, Cisco Endpoint AMP) which increases the protection intelligence within the enterprise by sharing security info between different products, which function on different layers. It furnishes fully connected security.

              It also provides detection of the client operating system, which gives very good reporting and correlation with the signatures. It can relay the signature IP to the client operating system, to give a better correlation decision.

              What needs improvement?

              Some ASA known features are still missing, but are being added bit by bit in each new version release, such as:

              • Remote Access VPN (the last release only supported the 2100 series): The next firewall model version is expected to support Remote Access VPN in the next software release in July 2017.
              • Virtualization of the appliance (multiple contexts) is still missing.
              • You always need an external management system, the onboard one is not very good. You have to use FMC, FirePOWER Management Center, as external software. There's always an add-on, whereas all the competition has an onboard management interface.

              I would like to see more integration with third-party devices in general. There is great integration with Cisco devices, but there's not much integration with third-party devices.

              For how long have I used the solution?

              One to three years.

              What do I think about the stability of the solution?

              We did not encounter any issues with stability. Cisco Firepower FW is very stable in all of the deployments we have made.

              What do I think about the scalability of the solution?

              The scalability is very good. They have a clustering mechanism, so you can start with an appliance and then cluster, adding more bandwidth and nodes into your cluster. If you don't have a big budget you can start with a medium appliance and then cluster appliances. Or if you want to buy it all in one shot, there is a big range.

              Although it allows scaling by adding multiple firewalls together (clustering), we have never used that, as all new hardware supports high-performance throughput and connections at a reasonable price.

              How are customer service and technical support?

              Technical support is perfect. Cisco is always known for its good technical support. We have never had any issues with them.

              Which solution did I use previously and why did I switch?

              As a Cisco Gold Partner, we always proposed Cisco firewalls for our clients.

              How was the initial setup?

              The setup was straightforward. A new Cisco FTD can be set up and running in a couple of hours. If you're used to firewalls you can quickly get along with it. There is nothing complicated.

              The time deploy is short. But the time to tune and create the policies involves a learning phase. Traffic changes over time, so the tuning for firewall rules has to be as granular as possible takes a bit of time. But to deploy you can go live is fast.

              The strategy is to start with high-level security policies and then monitor the traffic and the applications affected. Then on the detection logs, create more granular rules.

              What's my experience with pricing, setup cost, and licensing?

              It has a great performance-to-price value, compared to competitive solutions. Subscriptions are annual. The licensing fee and standard support are the only costs we pay for.

              Which other solutions did I evaluate?

              We did not evaluate any alternative solutions.

              What other advice do I have?

              Make sure you tune your rules very well, as some clients just leave the firewall as it is and don't maintain the access rules or tighten them to be more granular and efficient.

              In terms of maintenance, you need one person for security analysis and one to create rules and for daily support.

              Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Cisco Gold Partner.
              it_user654645 - PeerSpot reviewer
              Senior Network Specialist
              Vendor
              It has an important role as a firewall and it improves our access control.

              What is most valuable?

              The security features are valuable because it is easy to use and it has an important role as a firewall.

              How has it helped my organization?

              It has improved our access control.

              What needs improvement?

              It would be useful to gather all security features in one box. For example, certain features like URL filtering and application control licenses need to be purchased separately and it depends on the hardware spec, as not all models are supporting these two features. This causes the user to be highly dependent on the pre-sales person.

              For how long have I used the solution?

              We have been using the solution for six years.

              What do I think about the stability of the solution?

              We did not encounter any issues with stability.

              What do I think about the scalability of the solution?

              We had a scalability issue, as each feature is based on license or hardware support.

              How are customer service and technical support?

              I would rate the technical support at 8/10.

              Which solution did I use previously and why did I switch?

              We did not use a previous solution.

              How was the initial setup?

              The setup was straightforward with two layers of firewall.

              What's my experience with pricing, setup cost, and licensing?

              It is too pricey if you want to activate more features in a box, which necessitates you to purchase a license.

              Which other solutions did I evaluate?

              We evaluated Palo Alto and CheckPoint.

              What other advice do I have?

              Know what features are needed, and then purchase the necessary hardware and license.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user430797 - PeerSpot reviewer
              Network Engineer at a mining and metals company with 1,001-5,000 employees
              Vendor
              The simple access rule, Internet NAT and routing are valuable features.

              What is most valuable?

              The simple access rule, Internet NAT and routing are valuable features. It is very simple and the most reliable perimeter firewall.

              How has it helped my organization?

              We were using Cisco Security Manager (CSM) to control and configure all of our Cisco products. ASA worked very well on the CSM.

              What needs improvement?

              The next-generation firewall could improve. Still, they have NGFW 5525 but I haven’t tried it yet.

              For how long have I used the solution?

              We have been using this solution for seven years.

              What do I think about the stability of the solution?

              We have never faced any stability issues.

              What do I think about the scalability of the solution?

              Sometimes, the throughput and CPU counter issues were faced, maybe because we started to use it a long time ago.

              How are customer service and technical support?

              Technical support is great. They are very responsible, know the bugs and workaround.

              Which solution did I use previously and why did I switch?

              We have used it from the beginning.

              How was the initial setup?

              The initial setup is not simple and straightforward, because it is Cisco and you need to configure it by CLI.

              What's my experience with pricing, setup cost, and licensing?

              Obviously, Cisco products are not cheap.

              What other advice do I have?

              If you are looking for a stable run and it is easy to find someone to configure the service, then better go for Cisco; their support is very professional.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user674844 - PeerSpot reviewer
              Executive Manager with 11-50 employees
              Vendor
              The solution's reliability, performance, and security are most valuable.

              What is most valuable?

              The solution's reliability, performance, and security are most valuable.

              What needs improvement?

              The price and compatibility with other vendors' products can be improved.

              For how long have I used the solution?

              I have used this solution for three years.

              What do I think about the stability of the solution?

              I have not encountered any issue with stability.

              What do I think about the scalability of the solution?

              I have not encountered any issues with scalability.

              How are customer service and technical support?

              I would give technical support a rating of 9/10.

              Which solution did I use previously and why did I switch?

              I used Juniper Networks and I switched due to the lack of technical and sales support in Romania.

              How was the initial setup?

              The initial setup was complex because of its outdoor position. We had to solve this problem with outdoor protection.

              What's my experience with pricing, setup cost, and licensing?

              Negotiate the quote.

              Which other solutions did I evaluate?

              Before choosing, I evaluated Juniper Networks SRX.

              What other advice do I have?

              Be careful with temperature control in the rack area, since Cisco ASA 5585-X with SSP-10 heats up a lot.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              IT Operation Manager
              Real User
              Provides software updates for known bugs and vulnerabilities.

              What is most valuable?

              • Hardware reliability
              • Software stability
              • Quick software updates for known bugs/vulnerabilities

              These are very important in an enterprise environment.

              How has it helped my organization?

              It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

              What needs improvement?

              • License politics
              • License price
              • Precise vendor roadmap for this product

              For how long have I used the solution?

              I have used Cisco ASA for five years.

              What do I think about the stability of the solution?

              We have not had stability issues.

              How are customer service and technical support?

              I would give them a high rating.

              Which solution did I use previously and why did I switch?

              We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
              Cisco has good documentation and it is easy for Cisco certified engineers.

              How was the initial setup?

              The initial setup was straightforward.

              What's my experience with pricing, setup cost, and licensing?

              Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.

              Which other solutions did I evaluate?

              We did not evaluate any alternatives.

              What other advice do I have?

              The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user477366 - PeerSpot reviewer
              Security Technical Architect at a tech services company with 10,001+ employees
              Consultant
              It provides detection of zero day infections. The feature sets are great when there are no software bugs.

              What is most valuable?

              The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

              How has it helped my organization?

              It provides detection of zero day infections through FirePOWER AMP.

              What needs improvement?

              Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.

              For how long have I used the solution?

              I have used the ASA portion for over eight years and the FirePOWER portion for about three years.

              What do I think about the stability of the solution?

              We did have stability issues with the FirePOWER software.

              What do I think about the scalability of the solution?

              We did not have scalability issues with the high end devices.

              How are customer service and technical support?

              I give technical support a rating of 5/10.

              Which solution did I use previously and why did I switch?

              We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

              How was the initial setup?

              The setup was reasonably straightforward.

              What's my experience with pricing, setup cost, and licensing?

              Get a clear understanding of what the licensing entails before committing.

              Which other solutions did I evaluate?

              We checked out Check Point and FortiGate.

              What other advice do I have?

              Plan very well in order to have a seamless project implementation and transition.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Security Consultant at Accenture
              Real User
              Cisco doesn't have many features but only basic firewalls. Technical support and documentation is great.

              What is most valuable?

              Cisco doesn't have many features but only basic firewalls.

              How has it helped my organization?

              No improvement. My clients have been using this product and moving to other products.

              What needs improvement?

              This product should have moved towards making UTMs.

              For how long have I used the solution?

              Eight years.

              What do I think about the stability of the solution?

              No.

              What do I think about the scalability of the solution?

              No.

              How are customer service and technical support?

              Technical support and documentation is great.

              Which solution did I use previously and why did I switch?

              No, I worked with this product by working for a client.

              How was the initial setup?

              It is easy to set up and implement.

              What's my experience with pricing, setup cost, and licensing?

              Never worked on pricing and licensing.

              Which other solutions did I evaluate?

              I would always prefer to evaluate other products when I have been asked for advice on firewall solutions.

              What other advice do I have?

              Evaluate other product before using this product.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user470943 - PeerSpot reviewer
              ICT Manager - Network Operations at a healthcare company
              Vendor
              ​Pricing is competitive and licensing cost is on the higher side for non-profit organizations​.

              What is most valuable?

              Firewall, VPN and Single Sign On.

              How has it helped my organization?

              Remote Access and SSO Authentication.

              For how long have I used the solution?

              One year.

              What do I think about the stability of the solution?

              No.

              What do I think about the scalability of the solution?

              Not yet.

              How are customer service and technical support?

              Good.

              Which solution did I use previously and why did I switch?

              Watchguard Firewall. Switched due to license cost.

              How was the initial setup?

              A bit complex compared to Watchguard Firewall.

              What's my experience with pricing, setup cost, and licensing?

              Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

              Which other solutions did I evaluate?

              If so, which ones? Yes, Checkpoint, Juniper, Cyberoam.

              What other advice do I have?

              Cisco is good. Look at your requirements and create a matrix to figure out the best option.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Sr Network Engineer at a tech services company with 501-1,000 employees
              Consultant
              Valuable features are its ​VPNs and reliability.

              What is most valuable?

              VPNs, reliability.

              How has it helped my organization?

              Connectivity with client Telcos works perfectly way and administration is simple.

              What needs improvement?

              I think it's the perfect Firewall for SME.

              For how long have I used the solution?

              Five years.

              What do I think about the stability of the solution?

              No.

              What do I think about the scalability of the solution?

              No.

              How are customer service and technical support?

              10 out of 10.

              Which solution did I use previously and why did I switch?

              Version 5515 is better than 5510 or 5505.

              How was the initial setup?

              If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way
              of configuring it with ease.

              What's my experience with pricing, setup cost, and licensing?

              Go for the complete bundle, it's a one time investment only. Otherwise, in the future you will have to buy other tools as licenses for some add-on services.

              Which other solutions did I evaluate?

              FortiGate 100D.

              What other advice do I have?

              I would go for bundle licenses and hire a Cisco engineer for implementation.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              IT Manager at a manufacturing company
              Vendor
              Valuable features are Cisco IPSec VPn , VPN Client, Port Restrictions .​

              What is most valuable?

              • Cisco IPSec VPn
              • VPN Client
              • Port Restrictions

              How has it helped my organization?

              We could connect data securely from outside the company.

              What needs improvement?

              I need application user-IP blocking, Intrusion Prevention, QoS; I can't do these with Cisco and have to change it.

              For how long have I used the solution?

              Five years.

              What do I think about the stability of the solution?

              No.

              What do I think about the scalability of the solution?

              No.

              How are customer service and technical support?

              I have never needed support from Cisco.

              Which solution did I use previously and why did I switch?

              I couldn’t meet all my needs with the Cisco 5505 so I changed it with a next-generation firewall.

              How was the initial setup?

              Actually it was simple, making port based policies more simple than PA.

              What's my experience with pricing, setup cost, and licensing?

              Cisco price-performance is very successful.

              Which other solutions did I evaluate?

              I evaluated Sophos UTM, Checkpoint, Cisco and PA. PA is the best fit for my company because Sophos acquired Cyberoam and their software wasn’t successful for domain user restrictions. Checkpoint was very slow for me and too many licences and it was complicated. Cisco acquired Sourcefire and they need to improve next-gen features. So I chose PA.

              What other advice do I have?

              I know that Cisco acquired Sourcefire and they re-introduced next-generation firewall features and I think they’ll improve NX features.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user400626 - PeerSpot reviewer
              Senior Network & Data Communication Engineer at a tech services company with 201-500 employees
              Consultant
              ​Most valuable features are Security, Routing and NAT.

              What is most valuable?

              Security, Routing and NAT.

              How has it helped my organization?

              Gives flexibility and several deployment options.

              What needs improvement?

              Some default inspection rules need better tuning. Focus development on CLI version.

              For how long have I used the solution?

              11 years.

              What do I think about the stability of the solution?

              Rarely.

              What do I think about the scalability of the solution?

              Yes, before Clustering was introduced.

              How are customer service and technical support?

              Nine out of 10.

              Which solution did I use previously and why did I switch?

              Yes. We changed for no special reason, just to mix things up.

              How was the initial setup?

              Yes, but you need to read and understand how the device functions before deployment.

              What's my experience with pricing, setup cost, and licensing?

              Like with all vendors, know what options you require and request the proper license accordingly. Prices are on the same level as competitors.

              Which other solutions did I evaluate?

              Not really, as all firewalls do most of what enterprises look for. What matters most is the after sales support.

              What other advice do I have?

              Read, read, read and understand your requirements beforehand.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Manager Network Security at a financial services firm with 5,001-10,000 employees
              Vendor
              I love its CLI mode of working, it gives plenty of information with single line of command.

              What is most valuable?

              I love its CLI mode of working, it gives plenty of information with a single line of command.

              This feature allows its administrator to perform advanced level tasks with much ease.

              How has it helped my organization?

              These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.

              What needs improvement?

              This product lacks in GUI format; that needs to be more mature and composed.

              For how long have I used the solution?

              10 years +

              What was my experience with deployment of the solution?

              No issues.

              What do I think about the stability of the solution?

              Rarely, due to software issues.

              What do I think about the scalability of the solution?

              As of now, no.

              How are customer service and technical support?

              Excellent but if non-Indian engineer is assigned.

              Which solution did I use previously and why did I switch?

              We have almost 99% Cisco based infrastructure.

              How was the initial setup?

              Pretty straightforward.

              Which other solutions did I evaluate?

              Usually yes. We did like Huawei and Juniper.

              What other advice do I have?

              Cisco has done great job in introducing new features in their security product by acquiring specialized companies in the past. However, they still need to improve their unique feature products as they are in a challenger position, but not on top, at various product review portals.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Network Security Administrator at a tech company with 5,001-10,000 employees
              Vendor
              It helped us and our customers to implement more granular and flexible connections to and from our/their environments.
              Pros and Cons
              • "The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging."
              • "It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes."

              How has it helped my organization?

              It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

              What is most valuable?

              The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

              What needs improvement?

              It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

              In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

              What do I think about the stability of the solution?

              There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

              What do I think about the scalability of the solution?

              There were no problems in terms of scaling an existing solution, though very expensive.

              How are customer service and technical support?

              I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

              Which solution did I use previously and why did I switch?

              I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

              How was the initial setup?

              The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

              What's my experience with pricing, setup cost, and licensing?

              I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

              What other advice do I have?

              Choose it if you aim to have a stable environment.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user614874 - PeerSpot reviewer
              Gerente de Telecomunicaciones at a financial services firm with 1,001-5,000 employees
              Vendor
              The front page of device manager is the most valuable feature. We suffered an attack and the firewall was down repeatedly.

              What is most valuable?

              The front page of device manager is the most valuable feature because it makes it easy to know the system status.

              How has it helped my organization?

              It’s hard to say because our equipment was EoS.

              For how long have I used the solution?

              I have used Cisco ASA for three years.

              What do I think about the stability of the solution?

              We suffered an attack and the firewall was down repeatedly.

              What do I think about the scalability of the solution?

              We have to buy more licenses to get more VPN connections.

              How are customer service and technical support?

              I rate support 7/10.

              Which solution did I use previously and why did I switch?

              We didn’t have a previous solution. I actually searched after another solution.

              How was the initial setup?

              Setup was complex because we had not taken a course previously.

              What's my experience with pricing, setup cost, and licensing?

              Sincerely, I prefer other products with no limit on licensing of VPNs, for example.

              What other advice do I have?

              You have to find more confidentiality, integrity and availability.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user398799 - PeerSpot reviewer
              Sr. Security Analyst with 1,001-5,000 employees
              Real User
              Centralized policy creation simplifies matters more than previously. URL, Malware and IPS built-in has been a great help.

              What is most valuable?

              Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.

              How has it helped my organization?

              It provides centralized management. I would also add that URL, Malware and IPS built-in has been a great help as well. Where we used to need several products for all these features, we now only need the ASAs with the additional licensing. So now, it is more a matter of license management over hardware and licensing management.

              What needs improvement?

              More centralization and simplification of product lines would help most engineers, but I think licensing is the key here. Most organizations won’t pay the money to have ELA licensing, so all the individual licenses for these products can be overwhelming. Plus, they never really synch for expiration time.

              This is mainly due to reliance on other Cisco products and licensing. For example, Palo Alto includes several features in one whereas Cisco requires multiples. However, I still think Cisco offers great products but to get a "10" they might consolidate devices or simplify licensing.

              For how long have I used the solution?

              I have used this for two years, but company has used Cisco solutions for many years.

              What do I think about the stability of the solution?

              We did somewhat have stability problems. Upgrading the ASA, ASDM, and SFR can be a pain if you have as many firewalls as we do (21). Once you can get them to fall under FPMC management it can be a little easier, but it is a battle to get to that point.

              What do I think about the scalability of the solution?

              There have been no scalability issues from my point of view. I was handed the solution, so some of the initial work was done.

              How are customer service and technical support?

              I rate support 10/10. TAC has always done a great job with answering my questions and providing remote support when needed.

              Which solution did I use previously and why did I switch?

              Previously, I used ASAs without FirePower; and unsure what my company used prior to that.

              How was the initial setup?

              For me, setup was half-and-half. In one update run I missed the step that discusses how the ASA and ASDM need to be on a specific patch prior to upgrading the SFR. FPMC attempted to push the new update to the devices regardless of this mismatch that caused FPMC to loose communication. I had to downgrade the SFR all the way back to v5.4.1 before I could install the latest version. You also have to step through several updates before you are done, so that can be tedious as well.

              What's my experience with pricing, setup cost, and licensing?

              Read everything and track all your licenses. Research all options and maybe pick a few to PoC. It doesn’t hurt to trial others. Maybe they are a better fit for your environment.

              Which other solutions did I evaluate?

              We are moving forward with ELA 5.0 for all Cisco security devices. Prior to that decision, we did a PoC with Palo Alto 3020 and 220 firewalls and Panorama. Those are some great products, but we are so Cisco centric that the cost of ELA isn’t much more than we are spending now.

              What other advice do I have?

              Do research. FPMC is great for us but it requires a lot of time and attention.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user511224 - PeerSpot reviewer
              IT Support Engineer
              Vendor
              Its security features are the most valuable aspect. The equipment is too expensive.

              What is most valuable?

              Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.

              How has it helped my organization?

              The product has helped organizations secure their infrastructure and data. Most organizations are happy to adopt the technology.

              What needs improvement?

              The equipment is too expensive compared with other firewall products.

              For how long have I used the solution?

              I have used ASA for about three months. I just bought and configured it for a client.

              What do I think about the stability of the solution?

              Since I installed and configured it, the client has never called with complaints.

              What do I think about the scalability of the solution?

              I have not had scalability issues at all. Maybe it is because I have not used it quite extensively.

              How are customer service and technical support?

              I haven't had a chance to interact with the support team.

              Which solution did I use previously and why did I switch?

              The previous product was limited in throughput and security.

              How was the initial setup?

              The initial setup was quite complex.

              What's my experience with pricing, setup cost, and licensing?

              As much as there is value for money, there is a need to make it affordable.

              Which other solutions did I evaluate?

              I tried Sophos.

              What other advice do I have?

              It is a very good device to use for those who value their network security.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              PeerSpot user
              Member of the Board of Directors at a tech services company with 1,001-5,000 employees
              Consultant
              Class-based policing is the most important part of the ASA, and was its differentiator.

              What is most valuable?

              Class-based policing is the most important part of the ASA, and was its differentiator.

              How has it helped my organization?

              It gave us more organized DMZs and logical segments.

              What needs improvement?

              I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a case-by-case basis. This makes it difficult for people who want to study and trial new technologies and features.

              For how long have I used the solution?

              I’ve been using ASA technology since it was PIX, so since 1999.

              What do I think about the stability of the solution?

              We have not had stability issues.

              What do I think about the scalability of the solution?

              We have not had scalability issues.

              How are customer service and technical support?

              Support with Cisco TAC, or with VARs like WWT and Trace3 is usually pretty good.

              Which solution did I use previously and why did I switch?

              I have used both ASA and PAN. Different strokes for different folks.

              How was the initial setup?

              Initial setup is straightforward. You can get as granular and complex as you want, but out of the box, ASAs provide a secure FW solution.

              Which other solutions did I evaluate?

              We evaluate all other options.

              What other advice do I have?

              ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution. Documentation and use cases alone tend to make me a fan of Cisco's way of engineering, and they have come a long way over the last few years when it comes to integrating their solutions into comprehensive security communications platforms using tools like PRIME and ISE. FirePOWER and AMP make Cisco an even better overall contender for top FW status.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user579180 - PeerSpot reviewer
              Networking Specialist at a insurance company with 1,001-5,000 employees
              Vendor
              Provides management with the adaptive security device manager.

              What is most valuable?

              It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.

              It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.

              Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.

              The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.

              How has it helped my organization?

              It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.

              What needs improvement?

              • The SSL VPN portal could be better.
              • The ASAs support both IPSEC as an SSL VPN.
              • For IPSEC you need a Cisco VPN client.
              • You can only have two SSL VPN sessions.
              • For more SSL sessions you have to pay (750 IPSEC sessions are included with an ASA).
              • With SSL, you connect through a browser, so it is clientless. The SSL portal offers a few functionalities which you can offer a user. Configuring this portal is not an easy task.

              For how long have I used the solution?

              We have been using the solution for almost five years.

              What do I think about the stability of the solution?

              We didn't encounter any issues with stability.

              What do I think about the scalability of the solution?

              Scalability is limited depending on the chosen model.

              How are customer service and technical support?

              I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.

              Which solution did I use previously and why did I switch?

              We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.

              How was the initial setup?

              The setup was easy with lots of documentation and configuration examples provided.

              What's my experience with pricing, setup cost, and licensing?

              You have to negotiate well.

              Which other solutions did I evaluate?

              We did not evaluate any alternative options for stateful firewalling.

              What other advice do I have?

              You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user456837 - PeerSpot reviewer
              Project Manager with 11-50 employees
              Vendor
              It is very robust, trustworthy and highly customizable.

              What is most valuable?

              It is very robust, trustworthy and highly customizable.

              How has it helped my organization?

              Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.

              What needs improvement?

              It could have more functions for load balance on the internet.

              For how long have I used the solution?

              We have been using the solution for two years.

              What do I think about the stability of the solution?

              We never had any stability issues. It is the most stable platform that I have used, and I have used several including Fortinet, Sophos, Hillstone, Cisco and D-Link.

              What do I think about the scalability of the solution?

              We did not encounter any issues with scalability.

              How are customer service and technical support?

              I would rate the technical support at 10/10. It is the best.

              Which solution did I use previously and why did I switch?

              I implement solutions on several clients, Redneet is a technology integration company and I prefer Cisco ASA for my security solutions.

              How was the initial setup?

              The setup is a little more complex than other solutions.

              What's my experience with pricing, setup cost, and licensing?

              It is a bit more expensive than other solutions, but offers more customization and security than other solutions.

              Which other solutions did I evaluate?

              We evaluated Fortinet, Sophos, Palo Alto.

              What other advice do I have?

              Use the best practice guides and online documentation. Cisco has more information online free that any other brand, so use it!!!

              Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Cisco Partner.
              Senior Network Designer at ODI
              Real User
              You can extend your visibility in network infrastructure for monitoring.

              What is most valuable?

              The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in Cisco devices and services.

              How has it helped my organization?

              You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication:

              • Users login just one time
              • You can control all user access to the internet, data center resources, and across the network.

              What needs improvement?

              After Firepower V6.1, Cisco added bandwidth shaping on the FTD product. This feature is a little bit weak. You cannot have customized shaping in different projects.

              For how long have I used the solution?

              I have used this product, as well as Cisco Firepower Threat Defense, for about two years.

              What do I think about the stability of the solution?

              I have heard about some bugs, but I have never encountered any.

              What do I think about the scalability of the solution?

              This product is very scalable in our experience.

              How was the initial setup?

              It is easy to initialize. For advanced configurations, it is sometimes complicated.

              What's my experience with pricing, setup cost, and licensing?

              The base license is delivered with the device. This license includes IPS and user authentication. You should buy a license for an IPS update. You should also buy another license for AMP and URL filtering.

              These are the important licenses: BASE, IPS, AMP, and URL filtering. Apart from the base license, the other licenses are subscription based for one, three, or five years.

              Which other solutions did I evaluate?

              I evaluated many products, such as CheckPoint, Palo Alto, Fortinet Firewall, Sophos, and Cyberoam Firewall.

              What other advice do I have?

              This product is very usable when you need integrity in your network. This product is very functional when you use a Cisco Identity Services engine.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user349320 - PeerSpot reviewer
              Corporate Information Security Officer
              Vendor
              A standard rule based firewall that has solved many remote access problems.

              What is most valuable?

              It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

              How has it helped my organization?

              It has secured our DMZ.

              What needs improvement?

              I would like to see the following made easier:

              • Objects
              • Removing objects
              • Correlating access rules and AnyConnect ACLs

              Sometimes we suffer from older versions, such as objects, object groups, and aliases (name).

              For how long have I used the solution?

              We have been using the solution for nine years.

              What do I think about the stability of the solution?

              We did not encounter any stability issues.

              What do I think about the scalability of the solution?

              We did not encounter any scalability issues.

              How are customer service and technical support?

              The technical support is good.

              Which solution did I use previously and why did I switch?

              We used Cisco PIX.

              How was the initial setup?

              I can't really remember the setup. It was too long ago.

              What's my experience with pricing, setup cost, and licensing?

              We bought the solution, so there were no real recurring costs at that time.

              Which other solutions did I evaluate?

              We didn't evaluate any alternative products.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Rizwan Siddiqi - PeerSpot reviewer
              Network Security Consultant at a tech services company with 51-200 employees
              Real User
              It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN.

              What is most valuable?

              Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

              How has it helped my organization?

              It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.

              What needs improvement?

              Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

              For how long have I used the solution?

              I am using it more than five years.

              What was my experience with deployment of the solution?

              No issues, very easy to deploy.

              What do I think about the stability of the solution?

              No.

              What do I think about the scalability of the solution?

              Migration to new version is very easy, therefore no issue.

              How are customer service and technical support?

              Customer Service:

              9/10.

              Technical Support:

              9/10.

              Which solution did I use previously and why did I switch?

              Cisco ASA firewall is most reliable to protect the network, therefore I switched.

              How was the initial setup?

              Yes, straightforward and simple.

              What about the implementation team?

              I am also vendor.

              What was our ROI?

              100%.

              What's my experience with pricing, setup cost, and licensing?

              Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

              Which other solutions did I evaluate?

              Yes, Fortinet and Palo Alto.

              What other advice do I have?

              No.

              Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
              Ed Dallal - PeerSpot reviewer
              Founder, CEO, & President at Krystal Sekurity
              Consultant
              Simplified the complexity of our security architecture.

              What is most valuable?

              Provides advanced malware capabilities.

              How has it helped my organization?

              Simplified the complexity of our security architecture.

              What needs improvement?

              Integration of advanced malware services with the firewall through Firepower services.

              For how long have I used the solution?

              We have been using this solution for six months.

              What was my experience with deployment of the solution?

              There were no issues with deployment.

              What do I think about the stability of the solution?

              There were no issues with stability.

              What do I think about the scalability of the solution?

              There were no issues with scalability.

              How are customer service and technical support?

              Customer Service:

              I would give customer service a rating of 10/10.

              Technical Support:

              I would give technical support a rating of 10/10.

              Which solution did I use previously and why did I switch?

              We were looking to upgrade to a comprehensive firewall solution that integrated Next Generation Prevention System (NGIPS).

              How was the initial setup?

              There were no issues with setup.

              What about the implementation team?

              We implemented in-house.

              What was our ROI?

              We calculated for the entire year, but the ROI seemed very decent from the first six months.

              What's my experience with pricing, setup cost, and licensing?

              Pricing: Negotiate

              Licensing: Buy the advanced Malware Protection license subscription for one year. It is worth the investment.

              Which other solutions did I evaluate?

              We evaluated Juniper, Fortinet, and Huawei.

              Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CISCO Security Business partner
              PeerSpot user
              Principal Network Engineer at a tech services company with 51-200 employees
              Consultant
              Provides the capability of the higher end firewall products to handle most network tasks without issues.
              Pros and Cons
              • "It makes it very easy to have delineated roles and responsibilities between network engineering and network security."
              • "In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."

              How has it helped my organization?

              It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

              What is most valuable?

              I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

              What needs improvement?

              People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.

              In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.

              I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.

              Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.

              What do I think about the stability of the solution?

              Stability issues did not occur in my experience, as long as we stayed with the correct image builds.

              What do I think about the scalability of the solution?

              There were no scalability issues.

              How is customer service and technical support?

              Customer Service:

              Generally, we do not need customer support, so it is hard to rate.

              Technical Support:

              Generally we do not need technical support, so it is hard to rate.

              How was the initial setup?

              The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.

              What about the implementation team?

              We implemented the solution in-house.

              What was our ROI?

              We cannot determine ROI just yet.

              What's my experience with pricing, setup cost, and licensing?

              Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.

              Which other solutions did I evaluate?

              In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.

              What other advice do I have?

              I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              Alberto E. Luna Rodriguez - PeerSpot reviewer
              Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
              Real User
              We decided to go with Cisco because stability and reliability were major concerns for us.

              What is most valuable?

              Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.

              How has it helped my organization?

              We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.

              What needs improvement?

              Only problem in my opinion is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part you'll need to stick to the CLI which is a bit difficult specially if you don't have a lot of experience around Cisco equipment.

              For how long have I used the solution?

              We've operated this firewalls for around 2 years now.

              What was my experience with deployment of the solution?

              ASAs are as complex as they are powerful. Configuration and administration are not as straightforward as other solutions and will take some time and studying to get used to them.

              What do I think about the stability of the solution?

              In my experience with various Firewall solutions, the stability and reliability of Cisco ASAs is unparalleled.

              What do I think about the scalability of the solution?

              No

              How are customer service and technical support?

              Customer Service:

              Cisco offers great customer service.

              Technical Support:

              The best I have worked with.

              Which solution did I use previously and why did I switch?

              We used to have a SonicWall and an older ASA 5510 platform. Both were replaced by a Cisco ASA cluster using a pair of 5525x.

              What's my experience with pricing, setup cost, and licensing?

              ASAs are expensive. The initial cost is high compared to other similar solutions, and chances are the personnel that will operate them will require some training. But if you're aiming for stability and reliability, this is the best solution you will find.

              Which other solutions did I evaluate?

              We evaluated Fortinet and SonicWall, both great UTM vendors. Although those platforms are cheaper, we decided to go with Cisco because stability and reliability were mayor concerns for us, also the support is much better in my experience.

              Disclosure: I am a real user, and this review is based on my own experience and opinions.
              it_user560229 - PeerSpot reviewer
              Security Engineer at a healthcare company with 1,001-5,000 employees
              Vendor
              I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations - PCI and HIPAA.

              What is most valuable?

              I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).

              How has it helped my organization?

              This product has made visible some areas that were previously hidden.

              What needs improvement?

              There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those issues are based on our environment.

              For how long have I used the solution?

              I have used the product for 1.5 years with nearly a year for this version.

              What do I think about the stability of the solution?

              We did not have any problem with the previous (v7) version but when we upgraded to (v8) the new version, we were well aware that there would be some bugs and issues that would require resolution.

              What do I think about the scalability of the solution?

              We have had no scalability issues.

              How are customer service and technical support?

              Tech Support is awesome. I never get someone who has no clue what they are doing. These guys are well trained and know their stuff.

              Which solution did I use previously and why did I switch?

              We did not use a previous solution. FireMon was implemented as part of a security mandate and we chose this product over its competitors.

              How was the initial setup?

              Setup was pretty simple, because we implemented the single server model.

              What's my experience with pricing, setup cost, and licensing?

              We purchased licenses for our High Availability (HA) devices as well but they were not really needed.

              Which other solutions did I evaluate?

              I was not the researcher and decision maker. I inherited the tool.

              What other advice do I have?

              To make sure they have the cooperation of the networking team that supports the firewalls. It has been difficult for us to get the tool working to its full potential because our network team is resistant to some of the things we want to monitor.

              Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.