Cisco Secure Firewall Reviews

VPN - Both site to site (IPsec) and remote access (IPsec and SSL).

Through the use of VPNs, we were able to connect our branches together through the internet without the any additional cost.

• Throughput
• Price

Since 2008, so seven years, and I have been a heavy/daily user, and all of my jobs were related to network security.

No issues encountered.

Sometimes, due to software bugs, but in the long run the ASA is a very stable product when compared to other vendors firewall solutions.

One of the major disadvantages with the ASAs is the throughput, while the network evolves, the ASA was usually causing the bottle neck.

Customer Service:

It's very good when compared to other vendors.

Technical Support:

It's very good when compared to other vendors.

Mainly switching from the old Cisco PIX to a new Cisco ASA. The reason for switching is to get a higher throughput, and due to the fact the that the Cisco PIX went EoL.

It requires training, but after that it is straight forward.

I work for a vendor, and we implement the solution for multiple customers.

Yes, and we chose Cisco ASA mainly due to the fact that they have a very good, reliable and very responsive technical customer support.

I have worked on the best firewalls in the market, and Cisco ASA is one of the best.

The below screenshots are taken from a demo of ASDM.

We choose Cisco ASA 5500 Series for our branch office primarily because it is a stable firewall. Many home and even business grade firewalls will often start acting up and have to be rebooted, but the ASA is completely rock-solid. ASA Firewall Chains STP and RST Protocol allows us to build redundant uplinks to STP compatible switches. It has 256 MB RAM and 128 MB of flash which is plenty for future upgrades. I personally like to have the multitude of VPN options such as - IPsec VPN, DMVPN, L2TP, SSL, Any Connect, etc. The IPsec VPN is supported on the iPhone, so it is cool to be able to access my home network from my phone.

Extraordinary learning curve, especially if you do not have previous skill with Cisco PIX or routers. Even using the Java-based ASDM, it can take time to find your way. In addition, ASDM is not compatible with the latest version of Java (you will get an 'unconnected sockets' error). No support for DHCP reservations. I like to configure Servers and Printers this way, and cannot find any decent reason Cisco would not support it as they do on their routers and Layer 3 switches.

I am using the solution as a firewall.

I like the IPS feature, it is the most valuable.

I do not like the assembly of this solution. For example, they should combine FirePOWER into one solution.

I have used Fortinet, Palo Alto, and Check Point previously and I prefer the process of everything working together. We are in the process of moving on to Fortinet from this solution.

I rate Cisco ASA Firewall a six out of ten.

Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.

Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.

They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.

I have been using Cisco ASA Firewall for roughly four years.

It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.

I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.

Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.

If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

We handle the implementation for our customers. 

I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.

We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.

My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. 

Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.

On-premises

We use Cisco ASA with Firepower. Currently, we have been implementing the solution for around four years. Our company has been around for a long time, more than ten years. We cover the solutions for Network Direct Turbo ATM at the moment, it's a lot of the security work.

Cisco ASA is best at the technical part of the business, related to our selling and management services. We have to improve the technical functionality of the product as part of making an efficient service for the customer. We need to improve the customer's technical experience with Cisco ASA & Firepower.

There are two main ways that using Cisco ASA & Firepower has improved our organization:

1. Technical features
2. Our Sales team

With Cisco ASA, we used the SMB of the model. The customers are usually satisfied, but I am going to recommend that all clients upgrade to Firepower management.

For Cisco ASA Firepower, I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.

Three to five years.

The stability of Cisco ASA is excellent compared to other products on the market. The performance is good. Compared to Fortinet on the watchband firewall, it is indispensable. Because of our customer experience as an integration company, our clients never report any performance problems. We have good performance from Cisco ASA.

ASA is limited in terms of its scalability because of our customer environments. They are in the banking and microfinance sector. Our clients always want to move to the next generation firewall so they like FirePOWER. When we move clients to Firepower, they need to integrate with Sourcefire and move into more complicated management.

We have the staff perform the migrations to Firepower. We redirected traffic with Sourcefire and also require the use of FMC by our management center with Firepower.

I've been exploring the technical support for Cisco ASA. I haven't had any problems with it.

The initial setup is straightforward. 

I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300.

I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.

My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others. 

Antivirus features must be integrated for end user security. They must be increased in the next version along with audit and restriction for the incoming user. Security must be increased when a new user connects over the LAN and an alarm must be generated.

Three to five years.

I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

It is much better than most of the other firewalls that I have worked with.

It needs more tunneling capabilities. 

More than five years.

It is worth every penny that we have invested in it.