- Stateful inspection
- CLI of the firewall
Sr. Network Engineer at a tech services company with 10,001+ employees
CLI of the firewall is valuable, but there are IOS related bugs in later versions.
What is most valuable?
How has it helped my organization?
It has increased the security and works best for VPN users.
What needs improvement?
The product has been introduced with UTM i.e. FirePower, and I would like to use it and comment on it.
For how long have I used the solution?
I've used it for three years.
Buyer's Guide
Cisco Secure Firewall
May 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
769,976 professionals have used our research since 2012.
What was my experience with deployment of the solution?
Encountered IOS related bugs in later versions.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and support?
Customer Service:
10/10.
Technical Support:It depends on the support contract that you have.
Which solution did I use previously and why did I switch?
I previously used CheckPoint, and switched because of the UTM features.
How was the initial setup?
It was straightforward.
What about the implementation team?
I implemented it myself.
Which other solutions did I evaluate?
I think evaluated other options with reference to our architecture.
What other advice do I have?
You should analyze the current setup and implement it as per the customers' requirement.
Disclosure: My company has a business relationship with this vendor other than being a customer: Platinum Partner
Senior Network Architect/Owner with 51-200 employees
We have the ability to control our VPN users as well as use two-factor authentication if needed, but I would love to see application specific control.
Valuable Features
The features that we use are:
- The stateful firewall
- VPN with AnyConnect
- Site-to-site IPSEC solutions
- High availability
Improvements to My Organization
The ASA gives us a secure appliance at the perimeter and allows us to provide VPN connectivity to our users. We have the ability to control our VPN users as well as use two-factor authentication if needed (using an outside Radius source).
Room for Improvement
The ASA has room for improvement in the areas of layers four through seven. I would love to see application specific control, e.g.Facebook, Gmail, etc.
Use of Solution
I have used this solution for five years.
Deployment Issues
No issues with the deployment of the ASA as long as you are using it for what it is intended for.
Stability Issues
No issues encountered.
Scalability Issues
As long as you buy the correct model for your company, in regards to throughput, licenses etc., you will be fine.
Customer Service and Technical Support
Customer Service:
8/10.
Technical Support:8/10.
Initial Setup
I believe it is straightforward, but again it depends on what you are trying to accomplish.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
May 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
769,976 professionals have used our research since 2012.
Senior Network Engineer at a aerospace/defense firm with 51-200 employees
Setup can be complex if you don't have previous experience with ASA but it's an excellent product.
What is most valuable?
The multi-context mode.
How has it helped my organization?
Being able to use the multi-context on the firewall to keep costs down.
What needs improvement?
No improvement needed.
For how long have I used the solution?
I've used it for four years.
What was my experience with deployment of the solution?
Yes but I was able to get the support that was needed to resolve any issues.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
9/10.
Technical Support:8/10.
Which solution did I use previously and why did I switch?
Yes and we switched because we needed a fully redundant solution.
How was the initial setup?
If you have no experience with the device it may be complex but being trained on the device helps drastically.
What about the implementation team?
We used a mix of both - vendor help and in-house.
Which other solutions did I evaluate?
We also evaluated Juniper firewalls.
What other advice do I have?
Excellent product and excellent customer support.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Engineer at a tech services company with 501-1,000 employees
The features are quite powerful and it's easy to set-up
Valuable Features
Anyconnect VPN
Improvements to My Organization
The features are quite powerful, easy to set-up and for ease of use end user too is excellent. Moreover, this has been quite stable since the day we installed them.
Use of Solution
More than 5 years
Deployment Issues
No
Stability Issues
No
Scalability Issues
No
Customer Service and Technical Support
Customer Service: Very GoodTechnical Support: Excellent
Initial Setup
Yes, the document repository is pretty robust and easy to understand.
Implementation Team
In-house
Other Solutions Considered
Yes, Checkpoint & Juniper
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Manager at a insurance company with 1,001-5,000 employees
Good value compared to Check Point. But I had issues when integrating with Cisco IPS.
Valuable Features:
1. I have found tje Cisco ASA to be less expensive than Check Point firewalls.
2. It is smaller in size than Check Point firewall.
3. It is easy to operate and manage with both GUI and Command Line
Room for Improvement:
1. When I integrate Cisco ASA with Cisco IPS it creates lots of problem such as an increase in CPU utilization - as a result I have to stop the IPS service.
2. Cisco ASA does not provide a flash card for free so I cannot back up the firewall configuration for disaster recovery.
Other Advice:
In my opinion it is a nice firewall product at a low price and good value for medium and large enterprises.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a university with 51-200 employees
Powerful firewall and VPN device that is highly stable with multiple contexts but has latency and NATing issues
Valuable Features:
-Powerful firewall provides multiple contexts.
-Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login.
-Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM
Room for Improvement:
-Latency and delay due to configuration and monitoring of multiple VLANS and traffic
-Increases the delay as the firewall and IPS polices increase
-We faced usually a problem with NATING
Other Advice:
Cisco delivers a powerful firewall -- it’s not just a firewall but also a modular device that can deliver IPS hosting and wireless LAN controller as well. It also provides site to site VPN and remote access VPN services.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a tech services company with 201-500 employees
Easy to operate with good technical support, but needs better logging features
Pros and Cons
- "The command line is the same as it is on the Cisco iOS router."
- "The solution needs to have better logging features."
What is our primary use case?
We primarily provide implementation and maintenance services to our clients.
What is most valuable?
The software itself is very simple.
The solution is easy to operate. It's not overly complex.
The command line is the same as it is on the Cisco iOS router.
The technical support is very helpful and responsive.
What needs improvement?
The solution needs to have better logging features.
Cisco needs to migrate its ASA Firewall to a management console or to a web console.
For how long have I used the solution?
I've been working with the solution for six years at this point.
What do I think about the stability of the solution?
The solution is largely stable. Once we adopted Cisco services, we found that everything was pretty reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's quite good.
What do I think about the scalability of the solution?
The scalability is a problem as the solution has a low throughput.
How are customer service and technical support?
We've been in touch with technical support and I've always found them easy to reach. They're responsive and helpful. I find their service much better than, for example, Fortinet or Palo Alto. Overall, we're satisfied with Cisco with respect to their technical support.
Which solution did I use previously and why did I switch?
We have some experience working with Palo Alto and Fortinet solutions as well.
What's my experience with pricing, setup cost, and licensing?
While I don't have the exact pricing of the solution, it's my understanding that Cisco is rather costly. It's not the cheapest option on the market. It's expensive. It's more costly, for example than Palo Alto.
What other advice do I have?
We have a gold partnership status with Cisco, however, we are also partners with companies such as Fortinet and Palo Alto.
For a next-generation firewall, I would likely recommend Palo Alto. However, if a company had the budget, I would recommend Fortinet. That said, for a VPN gateway, I would recommend Cisco ASA.
In general, I would rate Cisco's ASA Firewall at seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
I.T Security Consultant
Once set up properly, it can run for a whole year without any major issues
Pros and Cons
- "The most stable firewall I’ve ever worked with. Once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration."
- "The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses."
What is most valuable?
This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.
What needs improvement?
The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
No stability issues at all, the most stable firewall I’ve ever worked with.
What do I think about the scalability of the solution?
No scalability issues.
How are customer service and technical support?
Quite good.
Which solution did I use previously and why did I switch?
We’ve always used ASA from the get go. We added the UTM is to compliment it.
How was the initial setup?
Straightforward.
What's my experience with pricing, setup cost, and licensing?
Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM).
Which other solutions did I evaluate?
Juniper, Check Point, Astaro
What other advice do I have?
Go for it. I really like how, once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: May 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco ISE (Identity Services Engine)
Meraki MX
Zscaler Internet Access
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
Palo Alto Networks WildFire
SonicWall TZ
Sophos UTM
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?