Cisco Secure Firewall Reviews

• Stateful inspection
• CLI of the firewall

It has increased the security and works best for VPN users.

The product has been introduced with UTM i.e. FirePower, and I would like to use it and comment on it.

I've used it for three years.

Encountered IOS related bugs in later versions.

No issues encountered.

No issues encountered.

Customer Service:

10/10.

Technical Support:

It depends on the support contract that you have.

I previously used CheckPoint, and switched because of the UTM features.

It was straightforward.

I implemented it myself.

I think evaluated other options with reference to our architecture.

You should analyze the current setup and implement it as per the customers' requirement.

The features that we use are:

• The stateful firewall
• VPN with AnyConnect
• Site-to-site IPSEC solutions
• High availability

The ASA gives us a secure appliance at the perimeter and allows us to provide VPN connectivity to our users. We have the ability to control our VPN users as well as use two-factor authentication if needed (using an outside Radius source).

The ASA has room for improvement in the areas of layers four through seven. I would love to see application specific control, e.g.Facebook, Gmail, etc.

I have used this solution for five years.

No issues with the deployment of the ASA as long as you are using it for what it is intended for.

No issues encountered.

As long as you buy the correct model for your company, in regards to throughput, licenses etc., you will be fine.

Customer Service:

8/10.

Technical Support:

8/10.

I believe it is straightforward, but again it depends on what you are trying to accomplish.

The multi-context mode.

Being able to use the multi-context on the firewall to keep costs down.

No improvement needed.

I've used it for four years.

Yes but I was able to get the support that was needed to resolve any issues.

No issues encountered.

No issues encountered.

Customer Service:

9/10.

Technical Support:

8/10.

Yes and we switched because we needed a fully redundant solution.

If you have no experience with the device it may be complex but being trained on the device helps drastically.

We used a mix of both - vendor help and in-house.

We also evaluated Juniper firewalls.

Excellent product and excellent customer support.

Anyconnect VPN

The features are quite powerful, easy to set-up and for ease of use end user too is excellent. Moreover, this has been quite stable since the day we installed them.

More than 5 years

No

No

No

Customer Service: Very GoodTechnical Support: Excellent

Yes, the document repository is pretty robust and easy to understand.

In-house

Yes, Checkpoint & Juniper

1. I have found tje Cisco ASA to be less expensive than Check Point firewalls. 2. It is smaller in size than Check Point firewall. 3. It is easy to operate and manage with both GUI and Command Line

1. When I integrate Cisco ASA with Cisco IPS it creates lots of problem such as an increase in CPU utilization - as a result I have to stop the IPS service. 2. Cisco ASA does not provide a flash card for free so I cannot back up the firewall configuration for disaster recovery.

In my opinion it is a nice firewall product at a low price and good value for medium and large enterprises.

-Powerful firewall provides multiple contexts. -Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login. -Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM

-Latency and delay due to configuration and monitoring of multiple VLANS and traffic -Increases the delay as the firewall and IPS polices increase -We faced usually a problem with NATING

Cisco delivers a powerful firewall -- it’s not just a firewall but also a modular device that can deliver IPS hosting and wireless LAN controller as well. It also provides site to site VPN and remote access VPN services.

We primarily provide implementation and maintenance services to our clients.

The software itself is very simple.

The solution is easy to operate. It's not overly complex.

The command line is the same as it is on the Cisco iOS router.

The technical support is very helpful and responsive.

The solution needs to have better logging features.

Cisco needs to migrate its ASA Firewall to a management console or to a web console.

I've been working with the solution for six years at this point.

The solution is largely stable. Once we adopted Cisco services, we found that everything was pretty reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's quite good.

The scalability is a problem as the solution has a low throughput.

We've been in touch with technical support and I've always found them easy to reach. They're responsive and helpful. I find their service much better than, for example, Fortinet or Palo Alto. Overall, we're satisfied with Cisco with respect to their technical support.

We have some experience working with Palo Alto and Fortinet solutions as well.

While I don't have the exact pricing of the solution, it's my understanding that Cisco is rather costly. It's not the cheapest option on the market. It's expensive. It's more costly, for example than Palo Alto.

We have a gold partnership status with Cisco, however, we are also partners with companies such as Fortinet and Palo Alto.

For a next-generation firewall, I would likely recommend Palo Alto. However, if a company had the budget, I would recommend Fortinet. That said, for a VPN gateway, I would recommend Cisco ASA.

In general, I would rate Cisco's ASA Firewall at seven out of ten.

This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.

The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses.

Three to five years.

No stability issues at all, the most stable firewall I’ve ever worked with.

No scalability issues.

Quite good.

We’ve always used ASA from the get go. We added the UTM is to compliment it.

Straightforward.

Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM).

Juniper, Check Point, Astaro

Go for it. I really like how, once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration.