Cisco Secure Firewall Reviews

It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.

It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.

Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.

The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.

It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.

• The SSL VPN portal could be better.
• The ASAs support both IPSEC as an SSL VPN.
• For IPSEC you need a Cisco VPN client.
• You can only have two SSL VPN sessions.
• For more SSL sessions you have to pay (750 IPSEC sessions are included with an ASA).
• With SSL, you connect through a browser, so it is clientless. The SSL portal offers a few functionalities which you can offer a user. Configuring this portal is not an easy task.

We have been using the solution for almost five years.

We didn't encounter any issues with stability.

Scalability is limited depending on the chosen model.

I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.

We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.

The setup was easy with lots of documentation and configuration examples provided.

You have to negotiate well.

We did not evaluate any alternative options for stateful firewalling.

You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.

It is very robust, trustworthy and highly customizable.

Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.

It could have more functions for load balance on the internet.

We have been using the solution for two years.

We never had any stability issues. It is the most stable platform that I have used, and I have used several including Fortinet, Sophos, Hillstone, Cisco and D-Link.

We did not encounter any issues with scalability.

I would rate the technical support at 10/10. It is the best.

I implement solutions on several clients, Redneet is a technology integration company and I prefer Cisco ASA for my security solutions.

The setup is a little more complex than other solutions.

It is a bit more expensive than other solutions, but offers more customization and security than other solutions.

We evaluated Fortinet, Sophos, Palo Alto.

Use the best practice guides and online documentation. Cisco has more information online free that any other brand, so use it!!!

The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in Cisco devices and services.

You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication:

• Users login just one time
• You can control all user access to the internet, data center resources, and across the network.

After Firepower V6.1, Cisco added bandwidth shaping on the FTD product. This feature is a little bit weak. You cannot have customized shaping in different projects.

I have used this product, as well as Cisco Firepower Threat Defense, for about two years.

I have heard about some bugs, but I have never encountered any.

This product is very scalable in our experience.

It is easy to initialize. For advanced configurations, it is sometimes complicated.

The base license is delivered with the device. This license includes IPS and user authentication. You should buy a license for an IPS update. You should also buy another license for AMP and URL filtering.

These are the important licenses: BASE, IPS, AMP, and URL filtering. Apart from the base license, the other licenses are subscription based for one, three, or five years.

I evaluated many products, such as CheckPoint, Palo Alto, Fortinet Firewall, Sophos, and Cyberoam Firewall.

This product is very usable when you need integrity in your network. This product is very functional when you use a Cisco Identity Services engine.

It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

It has secured our DMZ.

I would like to see the following made easier:

• Objects
• Removing objects
• Correlating access rules and AnyConnect ACLs

Sometimes we suffer from older versions, such as objects, object groups, and aliases (name).

We have been using the solution for nine years.

We did not encounter any stability issues.

We did not encounter any scalability issues.

The technical support is good.

We used Cisco PIX.

I can't really remember the setup. It was too long ago.

We bought the solution, so there were no real recurring costs at that time.

We didn't evaluate any alternative products.

Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.

Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

I am using it more than five years.

No issues, very easy to deploy.

No.

Migration to new version is very easy, therefore no issue.

9/10.

9/10.

Cisco ASA firewall is most reliable to protect the network, therefore I switched.

Yes, straightforward and simple.

I am also vendor.

100%.

Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

Yes, Fortinet and Palo Alto.

No.

Provides advanced malware capabilities.

Simplified the complexity of our security architecture.

Integration of advanced malware services with the firewall through Firepower services.

We have been using this solution for six months.

There were no issues with deployment.

There were no issues with stability.

There were no issues with scalability.

I would give customer service a rating of 10/10.

I would give technical support a rating of 10/10.

We were looking to upgrade to a comprehensive firewall solution that integrated Next Generation Prevention System (NGIPS).

There were no issues with setup.

We implemented in-house.

We calculated for the entire year, but the ROI seemed very decent from the first six months.

Pricing: Negotiate

Licensing: Buy the advanced Malware Protection license subscription for one year. It is worth the investment.

We evaluated Juniper, Fortinet, and Huawei.

It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.

In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.

I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.

Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.

Stability issues did not occur in my experience, as long as we stayed with the correct image builds.

There were no scalability issues.

Customer Service:

Generally, we do not need customer support, so it is hard to rate.

Technical Support:

Generally we do not need technical support, so it is hard to rate.

The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.

We implemented the solution in-house.

We cannot determine ROI just yet.

Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.

In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.

I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.

We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.

Only problem in my opinion is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part you'll need to stick to the CLI which is a bit difficult specially if you don't have a lot of experience around Cisco equipment.

We've operated this firewalls for around 2 years now.

ASAs are as complex as they are powerful. Configuration and administration are not as straightforward as other solutions and will take some time and studying to get used to them.

In my experience with various Firewall solutions, the stability and reliability of Cisco ASAs is unparalleled.

No

Cisco offers great customer service.

The best I have worked with.

We used to have a SonicWall and an older ASA 5510 platform. Both were replaced by a Cisco ASA cluster using a pair of 5525x.

ASAs are expensive. The initial cost is high compared to other similar solutions, and chances are the personnel that will operate them will require some training. But if you're aiming for stability and reliability, this is the best solution you will find.

We evaluated Fortinet and SonicWall, both great UTM vendors. Although those platforms are cheaper, we decided to go with Cisco because stability and reliability were mayor concerns for us, also the support is much better in my experience.