Name: Cisco Secure Firewall
Brand: Cisco
Rating: 4.1 (457 reviews)

it_user1998

Infrastructure Expert at a tech company with 51-200 employees

Aug 30, 2012

Download

The most powerful and expensive firewall

What is most valuable?

There are a lot of companies who create firewalls but there is not a single one which can compete with ASA. It can have access control from layer 3 to layer 7. The ASA 5510 is more than enough for small to medium business. It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA. You can use ASA to route traffic. AAA service supports plenty of Authentication server types. You can configure advanced NAT in this device. It uses Modular Policy Framework (MPF) to inspect traffic. You can inspect traffic at different layers separately. You can use this as a transparent firewall & fail over is instant. The virtualization works beautifully for this device. VPN is another added advantage.All the types of VPNs are managed through ASA.

What needs improvement?

The 5505 does not support multiple mode. While running this device on multiple mode you cannot use dynamic routing protocols or multicast routing. Also the IPSEC and SSL VPNs are not supported while running in multiple mode. sometimes analysis might take too long while performing DPI in real-time traffic. The product is expensive. A 5580 series costs more than $50000.

What other advice do I have?

Its very difficult to write something about this product as it has so many options. I have studied 1000 pages about this product and most of the organizations use this firewall as it is the best in the world. I have never seen such a powerful device which can handle 2 million connections at 20Gbps speed. It can also inspect 4 million packets per second.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user2895Senior InfoSec Engineer at a tech services company with 10,001+ employees

Report as inappropriate

Jul 30, 2013

There are companies that can compete with Cisco. Gartner has provided a report from 2012 showing that the new leader in firewalls with a new behavioral approach to firewalls is Palo Alto Networks. Not saying that Gartner has the right reports all the time but this one was correct. So remember that Checkpoint also exists and have been giving Cisco a run for their money. The caveat with Checkpoint is that some ports like X11 have to be hard coded into the top of the ACL in both directions in order to allow the traffic.

Anyone on any given day can beat the number one provider. The shift is now towards behavioral firewalling against unapproved applications and provide protection to the user no matter where they are based on user and not where they are coming from. Stay tuned as more developments come in the security field.

See all 2 comments