Cisco Secure Firewall Reviews

It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.

I've used the devices for over 10 years.

I have never had an issue with my deployments.

One of the best things about ASA's is that they are very stable.

With ASA, you can scale to the largest deplyments. As an example, I have installed an ASA in an environment with 80.000 users.

Cisco Support is very good, you don't have problems using it.

10/10.

I have migrated customers from Cisco's competitors to ASA's.

Once you have the knowledge it is not complex to install an ASA, but it does depend on the network of the customer.

Our customers also evaluate PaloAlto.

• Firewall
• VPN
• FirePOWER mobile

They should make the ASA accessible via the web instead of ASDM. Also, a big improvement is needed on the transparent mode.

I've used it for over six months.

There were some issues.

There have been some issues with Java.

There were some issues.

8/10.

8/10.

It was straightforward.

Make sure to plan your network carefully.

The filter with NAT mode is valuable.

Not really, as we are a subcontractor we install and configure it for other companies.

Speed of execution and security options needs to be improved.

I've used the devices for, more or less, one year.

No issues so far.

No issues so far.

No issues so far.

3.5/5.

3/5.

Yes we did, but we switched due to Ciscos ASA's ability to support big data stream in some networks.

It's not too complex, but it depends on the customers' network architecture.

As a vendor, we find IT experts with CCIE certifications.

I haven't, and my first experience working with ASA, was a project with the specifications already defined

You must specify your needs and choose the right options depending on the network requirements.

• NAT
• IPSec
• ACL

It solved an IPSec issue we had with a customer. We have moved from Linux IPSec to Cisco.

• Routing
• It needs GRE supports
• Application visibility
• Context

I have used Cisco ASA products since 2010.

No, it's very easy to deploy.

With versions 8.4.4 and version 8.4.6, they had a lot of bugs. Also, after I moved to 8.4.5, route lookup changed to NAT divert and that kicked me.

No issues encountered.

No service.

No service.

Yes we previously used Linux and we moved because Cisco is great.

It was straightforward as Cisco Asia integrated it into OSPF, another router on the stack, and for NAT IPSec.

I implemented it by myself.

It's good.

No other options were evaluated.

It's a great product.

The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.

This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and reduce impact on other network elements, such as the backend firewall, DMZ zone and VPN concentrators.

Cisco ASA lacks some functionalities, when compared with other vendors’ products. Cisco need to implement some more functionalities, like client-less VPN (HTML5), but I expect that Cisco will continue to add, and improve, features of the product. One of the features that should be improved is the URL filtering engine, as currently it has limited functionality. For full functionality, you will need an external URL filtering server, like Websense.

We have used it for more than five years, and have implemented it for perimeter network protection. It is designed for basic network protection for our corporate environment.

No issues during the deployment, as we had good planning.

No issues with stability. The device is designed for hard work 24/7. I never have a lack of resources like RAM or CPU. The only reason I need to restart the device is during a software upgrade.

In our deployment, we did not have a scalability issue.

It is very high.

We did not have any technical problems with this product, so we have not had need of technical support

We implemented ASA after a complete redesign of our network, and we believe that Cisco ASA is the right solution for our needs.

The initial setup is straightforward, as there is a lot of documentation available on the Cisco site, and other sites, which makes planning and deployment pass without any problems. However, the ASA is a complex device, with a lot of features and further tuning is complex and you must have the right knowledge to do it. Configuration can be done through a Java based application called ASDM or through the CLI interface. Using ASDM is much more simple and easy, but ASDM is not compatible with the newer Java version, so before implementation you must read the compatibility notes. Also, keep in mind that when upgrading ASA software, you must also upgrade the ASDM package.

Initial implementation was through a vendor. I would rate their experience and expertise as 9/10.

Calculating the ROI for network security or IT security is complex and dependent on many factors, like the implementation, role, expectation etc. IT security cannot be compromised, but on the other hand, we must ask how much is enough. In our case, we do not have a defined ROI for this product.

The cost of the setup was only the product price, local vendor support for the implementation, and employee training. This product is set it and forget it, so we do not have day to day costs.

We did not evaluate other products. One reason was that we believe that the ASA is a reliable product and fits our needs. Another reason, was the lack of local support for other solutions.

Unfortunately, the ASA 5500 is EoS and EoL, and I hope that Cisco’s NGF 5500-X series will be a worthy successor. This does not mean that Cisco will stop software support and will continue to release new software versions with new and improved features for the ASA 5500 series.

As with any other product, the main things for a successful implementation are to decide what you want to achieve, and what your main goal is, and then, you need good planning, not only for your current needs, but you also need to keep in mind further grow and needs. Good planning is, at least, 80% of successful implementation.

It has very advanced security features including FirePOWER threat management, which is the most valuable, but also URL filtering, FireSIGHT, and advanced malware protection.

The cost of this product should be reconsidered.

I've used it for almost a year.

So far, I have found this model very smooth.

We had a slight issue with IPS, as the signature update was, sometimes, getting stuck.

I believe this product is very scalable with our current needs and requirements.

Yes, I used a normal model of Cisco ASA and found it a  very successful experience. Therefore we have it to a more advanced ASA box for improved, and more advanced, security management.

Cisco implementations are always very straightforward.

Evaluation is mandatory in IT, and we have found this device has better features and reliability when compared to other products.

I would suggest implementing this product ascand has advanced security features.

• Stateful inspection
• CLI of the firewall

It has increased the security and works best for VPN users.

The product has been introduced with UTM i.e. FirePower, and I would like to use it and comment on it.

I've used it for three years.

Encountered IOS related bugs in later versions.

No issues encountered.

No issues encountered.

10/10.

It depends on the support contract that you have.

I previously used CheckPoint, and switched because of the UTM features.

It was straightforward.

I implemented it myself.

I think evaluated other options with reference to our architecture.

You should analyze the current setup and implement it as per the customers' requirement.

• Scalability
• Debugging messages
• Context modes

Context modes as this means there is no need to buy additional firewall for different customers.

IPS, IDS, anti-virus etc. should be added to IOS instead of separate cards.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

Dedicated experts are available in support contract with Cisco.

100% skilled engineers with knowledge are available 24/7.

It is straightforward.

We implemented it in-house.

It is £2,000 to set up, and the running costs, depend on the customers' issue(s) or tickets raised.

• Juniper
• FortiGate

Its a nice professional product with lots of scalability. Easy to troubleshoot and there is tool called PACKET TRACER which simulates the packet and it will tell you whether a packet is allowed inbound or outbound for testing purposes.