Cisco Secure Firewall Reviews

In our organization, we are using it as an internal firewall.

It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.

All of the licensing features can be upgrades.

The interface is user-friendly.

The cost is very high. Most organizations cannot afford it.

We have been using the latest version of this solution for the last five years.

It's a stable product.

It's a scalable solution. We have more than 2000 users in our organization.

Technical support is fine, we have no issues.

The initial setup was very easy. Cisco documentation is online, so it was no problem at all.

It took approximately 30 minutes to install.

If we compare it with FortiGate and the co-existing ASA, FortiGate is better in terms of price.

This is a product that I can recommend to others.

I would rate this solution a ten out of ten.

I'm the group information technology manager and we are customers of Cisco. 

The best feature for me is the VPN and I also like the firewall. 

In terms of improvement, we'd like to see a good graphical user interface. I'd also like to see the initial setup simplified. In comparison, if I were to implement the Fortigate firewall from scratch, it's a fairly simple set up. That is not the case with the ASA firewall, where you really need to have the skill and know what you're doing.

I've been using this solution for 18 years. 

The solution is stable, we haven't had any issues. If we need something, we go to a consultant. In terms of product stability, it works very well.

We haven't made any changes since implementing and we haven't tried scaling.  

We get our support from the resellers, not from Cisco. 

For those who have the technical know-how with Cisco products, I would recommend going with the ASA firewall, but if you're new to the field and running a smaller business, deployment will be complicated. 

I would rate this solution a nine out of 10. 

We had legacy Sourcefire Sensors and ASA state full firewalls.

Cisco offered the FTD NGFW solution, but the implementation of the two systems was not successful.

The firepower sensors have been great; they do a good job of dropping unwanted traffic.

The VDB updates run on schedule, so less hands-on configuration is needed.

The software was very buggy, to the point it had to be removed.

We are moving completely away from Cisco NGFW.  The product was pushed out before it was ready.

Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.

One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.

Visibility in the network traffic.

Management console – Firesight Management Center.

When deploying Cisco FMC versions 6.0 and 6.1, some issues may appear when trying to register ASA sensors. The problem needs Cisco TAC involvement, adding more effort and time. I guess this will be fixed in version 6.2.

I've used this solution for three to five years.

Some releases of the unified image (FTD – Firepower Threat Defense – Cisco ASA + Sourcefire IPS) are not very stable, but things are getting improved.

Some clustering functions are not available in the unified image.

Excellent.

Old ASA 5500. Natural upgrade to next generation functions.

Initial setup is pretty straightforward.

The licensing model has been simplified and is easy to understand. The price is higher compared to UTM solutions, such as Fortinet, but in the same range as Checkpoint and Palo Alto.

We also work with Palo Alto Networks, Fortinet, FireEye, and some other vendors.

Take a look at the features included in the unified image. Some classic ASA functionality has not been integrated yet, go for non-unified image if the deployment requires something that is not available – classic ASA iOS plus Sourcefire code.

• Hardware reliability
• Software stability
• Quick software updates for known bugs/vulnerabilities

These are very important in an enterprise environment.

It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

• License politics
• License price
• Precise vendor roadmap for this product

I have used Cisco ASA for five years.

We have not had stability issues.

I would give them a high rating.

We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
Cisco has good documentation and it is easy for Cisco certified engineers.

The initial setup was straightforward.

Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.

We did not evaluate any alternatives.

The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.

The ASDM has significantly improved over the years. Real-time logging and filtering is useful. Firewall rules are easy to understand, and enable/disable.

Change from Java for ASDM to HTML5. Better options to enable/disable site-to-site VPN tunnels.

8 years

The new NAT configuration is difficult to understand especially for people familiar with the pre v8.3 code.

Cisco TAC is good. They will set up a remote viewing session so they can work on the firewall as if they are sitting next to you.

Typically fast and useful.

In-house team.