Cisco Secure Firewall Reviews

Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

• UTM features would be nice or some NextGen features. 
• The ASA has become a bit old and needs updating.

It helps us to identify key, persistent threats so we can set policies accordingly.

In-depth monitoring and analysis. It helps us to make better decisions and policies.

• Integration aspects
• Traffic shaping

Initially there were some stability issues, but in the long-run no.

It requires additional licensing to enable 10G ports.

Technical support is very good.

It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes requires extensive troubleshooting, even for smaller issues.

We evaluated Huawei, briefly.

It is a good datacenter firewall, as they have now overcome integration issues with latest versions.

I enjoy the interface of Cisco products, especially the CLI version. I think the IPS feature in the product is best compared to products of other vendors. All the IPS features can be accessed from a separate interface, e.g., Cisco IDM.

We are an educational institute, and we are required to block many websites that are not suitable for students and teachers. Most of the sites, like YouTube uses an https version, thus blocking with IP address was becoming problematic. Moreover, certificate domains for Gmail and YouTube are the same. But the IPS feature in this product helps us to overcome this limitation.

Pricing of this product needs improvement.

I have used this solution for two years.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

I would give technical support a rating of a nine out of 10.

I worked with Cyberoam and Fortinet UTM at my previous job. When I joined my present company, they were already using the Cisco ASA solution. But my present company may switch to other vendors, especially Fortinet, because of the license renewal price.

As I enjoy working on CLI, I would say that the initial setup was not complex.

License and appliance costs are more expensive as compared to other vendors on the market.

If your company is small or mid-range, it is better to go with other vendors, because of the pricing.

Firewall, VPN and Single Sign On.

Remote Access and SSO Authentication.

One year.

No.

Not yet.

Good.

Watchguard Firewall. Switched due to license cost.

A bit complex compared to Watchguard Firewall.

Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

If so, which ones? Yes, Checkpoint, Juniper, Cyberoam.

Cisco is good. Look at your requirements and create a matrix to figure out the best option.

Security, Routing and NAT.

Gives flexibility and several deployment options.

Some default inspection rules need better tuning. Focus development on CLI version.

11 years.

Rarely.

Yes, before Clustering was introduced.

Nine out of 10.

Yes. We changed for no special reason, just to mix things up.

Yes, but you need to read and understand how the device functions before deployment.

Like with all vendors, know what options you require and request the proper license accordingly. Prices are on the same level as competitors.

Not really, as all firewalls do most of what enterprises look for. What matters most is the after sales support.

Read, read, read and understand your requirements beforehand.

It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

It has secured our DMZ.

I would like to see the following made easier:

• Objects
• Removing objects
• Correlating access rules and AnyConnect ACLs

Sometimes we suffer from older versions, such as objects, object groups, and aliases (name).

We have been using the solution for nine years.

We did not encounter any stability issues.

We did not encounter any scalability issues.

The technical support is good.

We used Cisco PIX.

I can't really remember the setup. It was too long ago.

We bought the solution, so there were no real recurring costs at that time.

We didn't evaluate any alternative products.

• It provides our company with security and protection on all our devices.
• It's highly available.

We're able to implement best security practices to secure our company data.

We've used it for over seven years.

We had some issues during deployment.

No issues encountered.

No issues encountered.

Customer service is excellent.

Technical support is excellent.

It was a little complex, but not so much that we couldn't figure it out.

I was the implementor for a client.

It's excellent.

Depends on the customer's budget, but we evaluate all vendors that meet the them. It's a mission-critical product.

I give it a thumbs up.

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

NGIPS: Application visibility, file policies (store files), network discovery, correlation features

SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL.

Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be integrated that would be nice.

5 years+

Basic setup is easy, but if you need to do some advanced stuff, it can be intuitive, but some things require some kind of tutorial to understand how it can be done. Good thing is that this device is becoming popular and there are many 3rd party free tutorials and guides that can help.

I heard about defect that were encountered by my colleagues, but not something that cannot be fixed using an upgrade.

Clustering is available for ASA with firepower services.

Also for firepower appliances, there is stacking available for some models.

Great support. The engineers know what they are doing.

10/10

No

Well, it is straight forward as long as you understand the components available.

ASA can be configured using the CLI or ASDM.

For the Firepower you will need to use a FireSIGHT as a management solution.

Since you will be using two GUIs, I wouldn't call it straight forward.