Cisco Secure Firewall Reviews

It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.

I have been using the product for two years, but it has been installed in my company for four years.

Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.

It has been relatively stable, in the sense that it stays up. It doesn't die on us.

Scalability has been a pain point for us. 

It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.

We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.

The integration and configuration were pretty straightforward.

We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.

The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.

With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.

Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.

Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.

We are now looking into Cisco Meraki, the CSR stuff, and the SD-WAN technology.

For the AWS version, Cisco is our primary use. We have our own appliances and products, which are indicated as Cisco ASA. So, we test these product against Cisco ASA using different types of rules for new cases. During the test process, we make sure the integration works. 

We have been using the solution for two years.

Right now, it serves a purpose and has everything that we need. Performance-wise, it is top-notch.

It is a comprehensive suite and complete package. We have the following with the product:

• Interest point detection
• Firewall stuff
• VPN
• It's configurable.
• It guards with its own threat intelligence. 

We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.

Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on. While I like the UI and dashboards of Cisco ASA, if you compare them to Palo Alto or Fortinet, they have much richer UIs. An analyst (or anyone) can see them, and say, "I have got all these important pointers on my dashboard." However, with Cisco ASA, we need to dig into many things and go to many views to see what is actually there.

It is stable. We put a good amount of stress on it.

Especially for the AWS version, we can spin up multiple instances and do load-balancing. 

We have 15 to 20 Cisco ASA switches with a couple of physical appliances and twelve machines. Our team is using four to five machines.

It is all self-guided, and we were already using the physical appliances. Therefore, we knew how to use the product.

Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase. 

For example, if you are working with a physical appliance, then you need to have a dedicated lab administrator to work with it, even to test a simple use case. This takes time because we would need to frequently reset that appliance and load all the data. It is no longer like that.

Purchasing from the AWS Marketplace was easy. It was just point and click.

It is pay-as-you-go, so it much cheaper than buying in the plants.

We also checked Fortinet and Palo Alto, their AWS versions. 

When compared products, Cisco ASA is easy on AWS. We received a trial version. It is easy to setup and evaluate.

We also already had Cisco products. This provided a tighter integration with what we already had. Since most of our traffic stays in AWS, it made sense to use AWS Cisco ASAv.

Once you deploy a virtual database or virtual machine for any product, like Cisco. The first thing to do with your data is test it. So, you need to be prepared with the test that you want to test before you deploy the instances. Because after deploying instances, you wait and see what the data come back with, how to configure it, and review what doesn't work. Therefore, you need to do some background homework before starting, such as what type of data you need to put into it, how to test it, and will the system process it.

We have used both the on-premise and AWS version. We started using AWS in the past six to seven months. Prior to that, we used the on-premise version. The AWS version is better as it is quick to spin up and configure. Also, with AWS, everything is preset, and it is more flexible.

We have it integrated with many other products, like threat intelligence and analytics. For example, all our logs go into Splunk, then we receive our analytics from there. We also have Splunk on AWS. Thus, all the data stays on the cloud, so there is no latency, etc.

I have been using this product for over ten years. Most of the features fulfill my requirements. It protects our network.

The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.

More than five years.

The stability of the product is good.

The scalability of the solution is OK for me. It basically fulfills my requirement.

I would rate the technical support a rating of seven out of ten.

I always consider the stability and scalability of a product when choosing a vendor.

The cost is a bit high compared to other solutions in the market.

We have looked at Juniper, Palo Alto and other brands.

We like that Cisco has a lot of experience on the market trends.

It is primarily used as a firewall. I think that all firewalls basically work the same, but some have different configurations of the switches. Cisco ASA is very strong. 

I think that there should be better security of other firewall appliances. Migration is another main issue. If you migrate from the ASA to the new Fire Power Threat Defense appliance, it is not an easy migration. You have to do some of the migration manually, and if you are relacing those firewalls it will take a long time. It should be a smoother migration process. Some of the new engineers are still not familiar with it, and I think that Cisco should rehire some of the engineers coming from Sourcefire to do so.

There is not much to say about the stability of the product. Migration is the painful aspect of the solution.

During the mitigation process, I used tech support. But, I still have not had a completely clean migration process.

I do not like to have too many vendors it becomes difficult to diagnose and deal with. If all the switches also ran the same, I would be OK. But, this does not usually happen. Often there are many configurations of switches and we end up switching on the switches.

Cisco has recently become very expensive. Other solutions on the market are cheaper than this solution.

We have also evaluated Fortinet and Sophos UTM as possible solutions.

Our primary use case is to use it as a firewall.

I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. 

It is a secure product. But, it is not very easy to configure. You need to be knowledgeable to be able to manage it. 

In addition, due to changes in management, we found Cisco slightly behind some of the competitors in the market. Furthermore, the internet protection system seems to be lacking, in comparison to some of the competitors. This is why we are currently looking at other possible solutions.

It is a stable solution.

The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting.

I have not used the technical support for Cisco ASA.

It was a bit complex to setup this solution. When we used the command line, it was not easy to implement. We needed Cisco technical knowledge to be able to manage the implementation.

The cost is a bit higher than other competitive solutions on the market.

Yes, it's a good provider when it comes to firewall solution, but maybe limiting when you are looking at the wall UTM management. It's delayed behind some of the competitors.

We primarily use this product for networking. We are a Cisco shop, as far as networking goes.

I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.

We have not encountered issues with stability of the solution.

The scalability is fine. We have no problems with the solution. We have two of them in a standby configuration.

If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.

I would consider this solution on the "high end" of the pricing spectrum.

I have considered Check Point and Juniper in the past.

Generally, it has highly productive platforms and it has good capabilities.

It just works like an internal firewall. It's an ordinary role of this platform, nothing special.

At this point, we find that this product has high productivity and high availability and there is no need for improvement. 

If there is old hardware, or old appliances, it does not necessarily work with the new Cisco generation firewalls.

It is a highly stable product. We rarely receive any serious outdates, so it works quite well. 

Yes, we use the technical support maybe twice a year. We received a very fast response time.

It was very straightforward. It was not complex at all.

When evaluating a possible solution, I always consider:

• Availability
• Productivity

It was used for a remote office deployment connect back via VPN to the corporate office and services.

Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users.

The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.

More intuitive support for SIP services are needed. This took a long time to configure properly for the user.