No more typing reviews! Try our Samantha, our new voice AI agent.
System Administrator at a healthcare company with 501-1,000 employees
Real User
Feb 22, 2023
Robust, integrates well, and offers effective protection against internal risks
Pros and Cons
  • "Collaboration with other Cisco products such as ISE and others is the most valuable feature."
  • "While this applies to all vendors, pricing can be always lower. In my opinion, Cisco is the most expensive. The pricing can be reduced."

What is our primary use case?

The Cisco Secure Firewall is placed between the separate VLANs. It's a common and effective method of protecting VLANs against internal risks such as Checkpoints and external parameters.

How has it helped my organization?

It certainly saves time. You can detect anything if you have nothing. This is why, in the end, it saves time.

What is most valuable?

Collaboration with other Cisco products such as ISE and others is the most valuable feature.

What needs improvement?

it is difficult to say what it needs in terms of what needs to be improved. I don't work with it on a daily basis.

I haven't heard anything negative about it.

While this applies to all vendors, pricing can be always lower. In my opinion, Cisco is the most expensive. 

The pricing can be reduced.

Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.

For how long have I used the solution?

Our organization has been working with Cisco Secure Firewall for three to five years.

What do I think about the stability of the solution?

There are no complaints about performance or stability.

What do I think about the scalability of the solution?

There are no issues with the scalability. It works fine.

It is simple to upgrade.

We only need one person to maintain the product.

How are customer service and support?

My colleague has experience with technical support. I'm not sure if it was with Cisco's technical support directly or through Conscia in between.

Which solution did I use previously and why did I switch?

This was the first solution we were using.

We are primarily Cisco housed, and I believe that practically everything is Cisco. 

It might be part of the contract for a small fee. I don't think there's any particular reason.

I am familiar with CheckPoint, as well as Microsoft ISA.

How was the initial setup?

We have an implementation partner.

It's a hands-on job with a colleague of mine.

I don't know if it is particularly easy or not.

There was also some learning involved, such as knowing the traffic. This took some time. It took six months to deploy.

With the implementation partner, everything was written out. It was the best-case scenario for us.

We did not use the Cisco Firewall Migration tool.

What about the implementation team?

Conscia assisted us with implementation.

They are one of the best in the Netherlands.

What's my experience with pricing, setup cost, and licensing?

I am not aware of the pricing. 

It's an all-in-one contract.

What other advice do I have?

I would rate Cisco Secure Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1639311 - PeerSpot reviewer
Solutions Consultant at a comms service provider with 10,001+ employees
Real User
Jul 17, 2022
A capable box for UTM
Pros and Cons
  • "It's quite a capable box for UTM."
  • "Once installed, it's quite stable."
  • "Sometimes my customers say that Cisco Firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved."

What is our primary use case?

We use it as a firewall or for UTM at the data center.

What is most valuable?

We like the standard firewall features. It's quite a capable box for UTM.

What needs improvement?

Sometimes my customers say that Cisco firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved.

For how long have I used the solution?

I have been using Cisco ASA Firewalls for as long as I have been working here, which is seven years.

What do I think about the stability of the solution?

Once installed, it's quite stable. We don't have many issues after it's deployed. Both the hardware and software are quite stable.

What do I think about the scalability of the solution?

As a firewall, it's in use all the time. Whether there will be increased usage depends on how security risks increase. But at the moment, there's no expectation for an increase in use.

How are customer service and support?

Cisco's technical support is usually quite satisfactory, and we get a reasonable response in a reasonable time to any inquiry we make.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is not that simple. I don't do the installation myself, but from what I hear it's more complicated than some of the other firewall products.

We usually do our installation in two or three hours. Our customers usually have between 10 and 50 users and they are generally IT admins.

We have three people who work in the field and manage deployments, and another five to 10 to manage the solution.

What was our ROI?

If you use the full functionality of Cisco ASA, it's worth the cost. But I don't think our company product is using the full capacity of the Cisco ASA.

What's my experience with pricing, setup cost, and licensing?

Licensing, recently, has been getting more complicated. In particular, the Smart Licensing that came out is quite complicated. I don't know what's going on. Our sales team asks us questions about Smart accounts, but I don't know what it is and Cisco is making it so complicated. They call it Smart, but it's complicated. I prefer the traditional license where you buy it once.

What other advice do I have?

When talking with our customers, I would not recommend our company's Cisco products for their security. It depends on their requirements, but if they want full security, I wouldn't say that Cisco ASA is the one choice.

My advice would be to do a PoC first.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
reviewer1895547 - PeerSpot reviewer
Director of network engineering at a computer software company with 5,001-10,000 employees
Vendor
Jul 7, 2022
Is easy to use, stable, and scalable
Pros and Cons
  • "Cisco ASA Firewall is a well known product. They're always updating it, and you know what they're doing and that it works."
  • "Cisco ASA Firewall has improved our organization by allowing connectivity to the outside world and into different places, and the firewall is the first line of defense in protecting the network."
  • "It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."

What is our primary use case?

Our primary use case includes basic firewalls, VPNs, NAT, and our connections to customers.

It's used in our data centers to protect the network and customer circuits.

How has it helped my organization?

Cisco ASA Firewall has improved our organization by allowing connectivity to the outside world and into different places.

Cybersecurity resilience is very important to our organization. There are always threats from the outside, and the firewall is the first line of defense in protecting the network.

What is most valuable?

Cisco ASA Firewall is a well-known product. They're always updating it, and you know what they're doing and that it works.

What needs improvement?

It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't.

For how long have I used the solution?

I've been using it for probably 10 to 15 years.

What do I think about the stability of the solution?

For the most part, it's stable.

What do I think about the scalability of the solution?

It's a very scalable solution.

How are customer service and support?

The technical support is very good, and I would give them a nine out of ten.

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are getting more complicated, and I'd like that to be simpler.

Which other solutions did I evaluate?

We evaluated some Palo Alto and Juniper solutions, but Cisco ASA Firewall is better in terms of ease of use. You could get certified in it.

What other advice do I have?

To leaders who want to build more resilience within their organization, I would say that the ASA, along with its features, is a good product to have as one of the lines of defense.

The solution does require maintenance. We have four network engineers who
are responsible for upgrading code and firewall rules, and for new implementations.

On a scale from one to ten, I would rate Cisco ASA Firewall a nine. Also, it's a very good product, and it compares well to others.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1895580 - PeerSpot reviewer
System programmer 2 at a government with 10,001+ employees
Real User
Jul 3, 2022
Has versatile, flexible policies and packet captures that help debug connections
Pros and Cons
  • "The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
  • "Cisco Firepower NGFW Firewall was introduced as a migration of many firewalls into one."
  • "I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."

What is our primary use case?

We use it to protect our DMZs and externals, to protect our network from our other city partners who manage their own networks to which we have direct connections, like VPNs, and to manage the security parameters between inside and outside connectivity and vice versa.

How has it helped my organization?

Cisco Firepower NGFW Firewall was introduced as a migration of many firewalls into one. Just having one firewall with one place of security and one place to look for your packets has really helped.

What is most valuable?

The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on.

The security correlation events and the network map help me to drill down on a host at will.

I really like the flexibility of the policies such as those you can use and the layer three policies with which you can block applications. It's really versatile. I like the security zones.

Cybersecurity resilience is our main focus right now. Because we're a government organization, everybody's really nervous about security and what the ramifications are. My device generates all the logs that our security team goes through and correlates all the events, so it's really important right now.

What needs improvement?

I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, that don't talk to each other, and that really annoys me.

They should either build an application or get away from the web. They need to do something that's uniform and more streamlined.

We have a multi-person firewall team, and I can't look at a policy while somebody else is in it. It'll kick me out. I might be working on something that the other guy has to modify. I know that in the next versions they will be dealing with it with a soft lock, but it should've already been there.

One of Cisco's strengths is the knowledge depth of their staff. The solutions engineer we worked with knew the routing and each protocol. If he didn't know something, he would reach out to someone else at Cisco who did. He would even talk to a developer if he needed to.

For how long have I used the solution?

I've been using Firepower for about three years.

What do I think about the stability of the solution?

There are some stability issues. We ran CheckPoint for years and didn't have problems with the firewall itself. However, with Firepower, in the past two years, we've had two major crashes and a software bug switchover.

We were debugging NAT rules. I did a show xlate for the NAT translation, and the firewall rebooted itself.

It has only been three instances in two years, but when I compare the stability to that of CheckPoint, it seems higher. CheckPoint just seemed to run.

What do I think about the scalability of the solution?

We have about 8000 end users. Scalability-wise, it's already handling a large amount of traffic.

How are customer service and support?

I like that Cisco's technical support will help me recover the firewall when everything falls apart. I'd give them a nine out of ten. They've really been consistently good, and they go after the problem.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used CheckPoint and Fortinet. We switched from CheckPoint because it was unsupported, and we wanted to move to a next-generation firewall.

We went to Fortinet, and when we switched over, it caused a huge network outage. The Cisco engineers helped fish us out of that. Our GM at the time preferred Cisco, and we switched to Cisco Firepower NGFW Firewall.

How was the initial setup?

Setting up the machines was straightforward, but exporting was complex. That is, it wasn't a complex deployment as far as the hardware goes. It was more of a complex deployment as far as transferring all the rules go because of our routing architecture.

Firepower is our main interface out to the outside world. We have about eight DMZs that are interface-based. You can do a logical DMZ or you can have an interface and a logical DMZ. We have about eight that are on interfaces. Then, we have our cloud providers and the firewall. We have rules so that our cloud providers can't ingress into our network.

I've found that Firepower does need a lot of maintenance. It needs a lot more software updates than other solutions. We have three people to maintain the solution.

What about the implementation team?

For the deployment, we had about 18 team members including firewall administrators, Cisco firewall engineers, and techs.

What's my experience with pricing, setup cost, and licensing?

The licensing scheme is completely confusing, and they need to streamline it. They have classic licensing and a new type of licensing now. Also, the licensing for the actual firewall is separate from the one for TAC support.

What other advice do I have?

My advice to leaders who want to build more resilience within their organizations is that they should help make policies. Leaders don't want to make policies; they don't want to put their names on policies or write policy documents. I as a firewall administrator am the one saying what the policy should be. I tell them what should happen, and sometimes, they resist.

Also, because the system is just too big to really manage without TAC, you would need TAC along with Firepower.

My advice would also be to go with HA or a cluster up front and not to be cheap. You really need to go in with a robust solution up front.

I would rate Firepower an eight on a scale from one to ten because the firewall and tech support together make it a very robust solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Tim Maina - PeerSpot reviewer
Network Engineer at a tech vendor with 5,001-10,000 employees
Real User
Jul 3, 2022
Provides us with a critical piece of our in-depth security stack
Pros and Cons
  • "The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
  • "It's a great investment and there's a lot of value for your money if you're a CSO or a C-leader."
  • "One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."

What is our primary use case?

We have the Cisco 5585-X in our data center for perimeter security, internet protection, and for applications behind Cisco ASA DMZs. The challenges we wanted to address were security and segregating the internal networks and the DMZs.

How has it helped my organization?

Security-wise, it's given us the protection that we were looking for. Obviously, we're using an in-depth type of design, but the Cisco ASA has been critical in that stack for security.

What is most valuable?

The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot. As a troubleshooting tool, Packet Tracer is one of the things that I like. It comes up in all my interviews. When I want to figure out if someone knows how to use the ASA, I ask them about use cases when they use the Packet Tracer.

What needs improvement?

One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time. There was a time I was using what I think was called CMC, a Cisco product that was supposed to manage other Cisco products, although not the ASA. It wasn't very stable.

The controller is probably the biggest differentiator and why people are choosing other products. I don't see any other reason.

For how long have I used the solution?

I've used the Cisco ASA going back to the 2014 or 2015 timeframe.

What do I think about the stability of the solution?

The ASA has been very stable for us. Since I deployed the ASA 5585 in our data center, we've not had to resolve anything and I don't even recall ever calling TAC for an issue. I can't complain about its stability as a product.

Our Cisco ASA deployment is an Active-Standby setup. That offers us resilience. We've never had a case where both of them have gone down. In fact, we have never even had the primary go down. We've mainly used that configuration when we're doing code upgrades or maintenance on the network so that we have full network connectivity. When we're working on the primary, we can switch over to the standby unit. That type of resiliency works well for our architecture.

How are customer service and support?

TAC is good, although we've had junior engineers who were not able to figure things out or fix things but, with escalations, we have eventually gotten to the right person. We also have the option to call our sales rep, but we have never used that option. It seems like things are working.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

In the old days, we used Check Point. We did an evaluation of the Cisco ASA and we liked it and we brought it on board.

At that time, it was easy for our junior operations engineers to learn about it because they were already familiar with Cisco's other products. It was easier to bring it in and fit it in without a lot of training. Also, the security features that we got were very good.

How was the initial setup?

The one we deployed in the data center was pretty straightforward. I also deployed the Cisco ASA for AnyConnect purposes and VPN. I didn't have to call TAC or any professional services. I did it myself.

What about the implementation team?

We used a Cisco reseller called LookingPoint. I would recommend them. We've done a lot of other projects with them as well.

What was our ROI?

It's a great investment and there's a lot of value for your money if you're a CSO or a C-leader. As an engineer, personally, I have seen it work great wonders for us. When we're doing code upgrades or other maintenance we are able to keep the business going 100 percent of the time. We have definitely seen return on our investment.

What's my experience with pricing, setup cost, and licensing?

I don't look at the pricing side of things, but from what I hear from people, it's a little pricey.

Which other solutions did I evaluate?

At the time, we looked at Juniper and at Palo Alto. We didn't get a feeling of confidence with Palo Alto. We didn't feel that it offered the visibility into traffic that we were looking for.

What other advice do I have?

We use Cisco AnyConnect and we've not had any issues with it. During COVID we had to scale up and buy licenses that supported the number of users we had, and we didn't have any problems with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1895532 - PeerSpot reviewer
Senior Network Engineer at a manufacturing company with 1,001-5,000 employees
Real User
Jul 3, 2022
The VPN solution works much better than our previous solutions
Pros and Cons
  • "So far, it has been very stable."
  • "So far, the remote VPN access has been a perfect solution for our company."
  • "The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be."

What is our primary use case?

We are using it for border firewalls, VPN access, and site-to-site VPN tunnels.

It is deployed at a single location with about 2,500 users.

What is most valuable?

So far, the remote VPN access has been a perfect solution for our company.

What needs improvement?

The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be.

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

So far, it has been very stable.

It does require maintenance. There is a team of two who manage it.

What do I think about the scalability of the solution?

We haven't scaled it much at this point.

How are customer service and support?

The technical support has been good so far. I would rate them as eight out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The VPN solution works much better than our previous solutions.

We previously used Palo Alto. The switch was driven by Cisco's pitch.

How was the initial setup?

It was fairly straightforward. We stood it up side by side with our nesting firewalls. We did some testing during an outage window, then migrated it over.

What about the implementation team?

We used a partner, CDW, to help us with the deployment. Our experience with CDW was good.

Internally, it was just me for the deployment.

What's my experience with pricing, setup cost, and licensing?

The pricing seems fair. It is above average.

What other advice do I have?

Take the time to really learn it, then it becomes a lot easier to use.

I would rate the solution as eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1895514 - PeerSpot reviewer
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees
Vendor
Jun 29, 2022
Decreased our downtime and enables us to get users connected faster and more easily
Pros and Cons
  • "AnyConnect has been very helpful, along with the ability to use LDAP for authentication."
  • "It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need."
  • "The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other."

What is our primary use case?

We use it for VPN access for our two-factor authentication. We were looking to get access through AnyConnect, to gain access to devices behind boundaries and firewalls.

How has it helped my organization?

It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need. We have also had less downtime using these firewalls.

What is most valuable?

AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.

What needs improvement?

The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other.

For how long have I used the solution?

I have been using Cisco ASA Firewalls for 20 years.

What do I think about the stability of the solution?

The stability is very good. It has been a very stable environment. Since the new AnyConnect came out, it's been very easy to use and very much self-sufficient.

What do I think about the scalability of the solution?

You can vary scalability from very few users to thousands of users.

How are customer service and support?

Technical support has been very helpful at times, helping us to know what bugs and what things are getting fixed in the next releases.

How would you rate customer service and support?

Positive

How was the initial setup?

As an architecture team, we had a pretty good idea of what we wanted to do and how we wanted to do it, so it was pretty straightforward and easy. We have each one across many different avenues and many different boundaries, so each one took about a day to deploy.

We needed two to three people to deploy them and another one to go over some things to make sure everything was good to go.

There is routine maintenance, keeping it up to date and making sure the licensing versions are all good to go. We have a four-man team for maintenance and they work a regular shift of eight hours.

What about the implementation team?

We used a reseller, FedData. Our experience with them was good.

What was our ROI?

It took us about six months to see benefits from our ASA Firewalls. We've seen return on our investment in terms of the timeframe of downtime, and the ability to get users connected faster and more easily has been a big benefit.

What's my experience with pricing, setup cost, and licensing?

The pricing of the products isn't terrible. They're not too expensive. They're a little more expensive than other products, but you are getting the name, the company, and the support.

It's also nice that you can buy different avenues of licensing, depending on how you want to go about using them.

We buy a support license to get support if we have any issues or problems or need help on how we want to implement things.

Which other solutions did I evaluate?

We evaluated other options, but that was a long time ago. We went with Cisco because it is so robust as well as because they have been able to integrate their solutions into many different architectures. That makes their products easier to use.

What other advice do I have?

Each use case is different and things depend upon your cost analysis and how much you need. We have these firewalls in different avenues over about 30 different sites.

The biggest lesson from using the solution is being agile which has included learning to understand how to use the ASDM and figuring out how to configure everything—the little nuances—and what can and can't be done on the CLI.

These firewalls, along with the upcoming Firepower that they're being replaced by, are going to be very good assets for two-factor authentication and VPN access.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Admin Network Engineer at Xcaret
Real User
Jun 27, 2022
Offers more security and flexibility for VPNs
Pros and Cons
  • "It helped us a lot with our VPNs for the home office during COVID, and there has been more security and flexibility for VPNs and other applications."
  • "I would like more features in conjunction with other solutions, like Fortinet."

What is our primary use case?

It is for our VPNs and filters out websites. 

How has it helped my organization?

It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications.

What is most valuable?

Its security is easy to use.

What needs improvement?

I would like more features in conjunction with other solutions, like Fortinet.

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

It has very good stability.

What do I think about the scalability of the solution?

It has really good scalability.

How are customer service and support?

The customer service and technical support are good. I would rate them as nine out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were previously using Fortinet. We switched to ASA and Firepower when our contract with Fortinet ended. Now, we are only using ASA.

How was the initial setup?

The deployment was simple.

What was our ROI?

The ROI is good. Using ASA, we have saved 10% to 20% on our costs.

What's my experience with pricing, setup cost, and licensing?

The pricing is fine. It is not too bad.

What other advice do I have?

We had it integrated with the Umbrella solution a few years ago.

I would rate this solution as nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1885482 - PeerSpot reviewer
Network Engineer at a computer software company with 201-500 employees
Real User
Jun 27, 2022
Gives us remote connectivity and helps workers connect remotely
Pros and Cons
  • "It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches."
  • "I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down."
  • "I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices."

What is our primary use case?

We use it for basic firewalling, building VPN tunnels, and for some remote VPN connections.

We have two ASAs servicing external remote connectivity sessions for about 300 users.

How has it helped my organization?

It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches.

What needs improvement?

It would be nice if it had the client to actually access the firewall. Though, web-based access over HTTPS is actually a lot nicer than having to put on a client just to access the device.

For Firepower Threat Defense and ASAs, I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down.

For how long have I used the solution?

I have been using ASA for about three years.

What do I think about the stability of the solution?

It is stable.

We just run updates on them. I don't know if we have had to do any hardware maintenance, which is good.

What do I think about the scalability of the solution?

We have been just using ASAs for a smaller environment.

I don't know if I have ever worked with ASA in a highly scalable environment.

How are customer service and support?

I haven't really gotten involved with the technical support for ASAs.

Which solution did I use previously and why did I switch?

I work with a lot of different companies and a number of different firewalls. A lot of times it is really about the price point and their specific needs. 

This solution was present when I showed up.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty standard. 

I wish there was an easier way to license the product in closed environments. I have worked in a number of closed environments, then it is a lot of head scratching. I know that we could put servers in these networks and that would help with the licensing. I have never been in a situation where we connected multiple networks, i.e., having an external network as well as an internal network, as those kinds of solutions are not always the best. I think licensing is always a headache for everyone, and I don't know if there is a simple solution.

Which other solutions did I evaluate?

We can build GRE tunnels. Whereas, Firepower can't route traffic nor do a bit more traffic engineering within the VPN tunnels. This is what I like about using ASAs over Firepower.

Firepower Threat Defense has a mode where you can manage multiple firewalls through a single device. 

I really like how Palo Alto does a much better job separating the network functions from the firewalling functions.

I would consider if there is a need to centralize all the configurations. If you have many locations and want to centrally manage it, I would use the ASA to connect to a small number of occasions. As that grew, I would look for a solution where I could centrally manage the policies, then have a little more autonomous control over the networking piece of it.

What other advice do I have?

Know specifically what you want out of the firewall. If you are looking for something that will build the GRE tunnel so you can route between different sites, I would go with ASA over Firepower Threat Defense.

I like the ASA. I would probably rate it as eight or nine out of 10, as far as the firewalls that I have worked with.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1885305 - PeerSpot reviewer
Analytical Engineer at a pharma/biotech company with 10,001+ employees
Real User
Jun 26, 2022
Keeps away threats trying to come into my organization
Pros and Cons
  • "With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
  • "It did help my organization; the firewall pretty much covers most stuff, and with the pandemic and everyone working from home, ASA handled the increased remote VPN capacity very well."
  • "It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices."

What is our primary use case?

We are using it for our VPN. We have a remote VPN and then a VPLS connection. Overall, it is a pretty big design.

We were looking for an opportunity to integrate our Firepower with Cisco ASA.

We mainly have these appliances on the data center side and in our headquarters.

How has it helped my organization?

It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that. 

The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.

With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.

What is most valuable?

The most valuable features are the remote VPN and site-to-site VPN tunnels.

I use the solution to write policies and analyze the data coming in via the firewalls.

What needs improvement?

It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.

I would like to see more identity awareness.

For how long have I used the solution?

I have been using it for over six years.

What do I think about the stability of the solution?

The stability is pretty good. They are keeping up the good work and making updates to the current platform. 

How are customer service and support?

The support is good. They have been there every time that we need them. I would rate them as nine out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have used Check Point and Palo Alto. We are still using those but for more internal stuff. For external use, we are using the Cisco client.

How was the initial setup?

The initial deployment was straightforward. We have worldwide data centers. For one data center, it took three days from design to implementation. 

What about the implementation team?

It was a self-deployment. It took eight people to deploy.

What's my experience with pricing, setup cost, and licensing?

It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this.

Which other solutions did I evaluate?

We also evaluated Zscaler, which is more cloud-based. It was pretty new and has a lack of support on the system side.

What other advice do I have?

They have been keeping up by adding more features to the next-gen and cooperating with other vendors.

I would rate this solution as nine out of 10. It is pretty good compared to its competitors. Cisco is doing well. They have kept up their old traditional routing and fiber policies while bringing on new next-gen features.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.