No more typing reviews! Try our Samantha, our new voice AI agent.
it_user2871 - PeerSpot reviewer
it_user2871
Network Engineer at a university with 51-200 employees
Vendor
Nov 28, 2012
Download
Powerful firewall and VPN device that is highly stable with multiple contexts but has latency and NATing issues
Pros and Cons
  • "Cisco delivers a powerful firewall -- it’s not just a firewall but also a modular device that can deliver IPS hosting and wireless LAN controller as well."
  • "Latency and delay due to configuration and monitoring of multiple VLANs and traffic."

What is most valuable?

-Powerful firewall provides multiple contexts. -Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login. -Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM

What needs improvement?

-Latency and delay due to configuration and monitoring of multiple VLANS and traffic -Increases the delay as the firewall and IPS polices increase -We faced usually a problem with NATING

What other advice do I have?

Cisco delivers a powerful firewall -- it’s not just a firewall but also a modular device that can deliver IPS hosting and wireless LAN controller as well. It also provides site to site VPN and remote access VPN services.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
it_user1998 - PeerSpot reviewer
it_user1998
Infrastructure Expert at a tech company with 51-200 employees
Real User
Aug 30, 2012
Download
The most powerful and expensive firewall
Pros and Cons
  • "I have never seen such a powerful device which can handle 2 million connections at 20Gbps speed."
  • "The product is expensive. A 5580 series costs more than $50000."

Valuable Features:

There are a lot of companies who create firewalls but there is not a single one which can compete with ASA. It can have access control from layer 3 to layer 7. The ASA 5510 is more than enough for small to medium business. It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA. You can use ASA to route traffic. AAA service supports plenty of Authentication server types. You can configure advanced NAT in this device. It uses Modular Policy Framework (MPF) to inspect traffic. You can inspect traffic at different layers separately. You can use this as a transparent firewall & fail over is instant. The virtualization works beautifully for this device. VPN is another added advantage.All the types of VPNs are managed through ASA.

Room for Improvement:

The 5505 does not support multiple mode. While running this device on multiple mode you cannot use dynamic routing protocols or multicast routing. Also the IPSEC and SSL VPNs are not supported while running in multiple mode. sometimes analysis might take too long while performing DPI in real-time traffic. The product is expensive. A 5580 series costs more than $50000.

Other Advice:

Its very difficult to write something about this product as it has so many options. I have studied 1000 pages about this product and most of the organizations use this firewall as it is the best in the world. I have never seen such a powerful device which can handle 2 million connections at 20Gbps speed. It can also inspect 4 million packets per second.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
it_user2895 - PeerSpot reviewer
it_user2895Senior InfoSec Engineer at a tech services company with 10,001+ employees
Real User
Report as inappropriate

There are companies that can compete with Cisco. Gartner has provided a report from 2012 showing that the new leader in firewalls with a new behavioral approach to firewalls is Palo Alto Networks. Not saying that Gartner has the right reports all the time but this one was correct. So remember that Checkpoint also exists and have been giving Cisco a run for their money. The caveat with Checkpoint is that some ports like X11 have to be hard coded into the top of the ACL in both directions in order to allow the traffic.

Anyone on any given day can beat the number one provider. The shift is now towards behavioral firewalling against unapproved applications and provide protection to the user no matter where they are based on user and not where they are coming from. Stay tuned as more developments come in the security field.

Like(0)Reply
See all 2 comments
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: May 2026
DOWNLOAD NOW
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Buyer's Guide
Cisco Secure Firewall
May 2026
DOWNLOAD NOW
Quick Links
Learn More: Questions: