2018-07-30T09:01:00Z

What advice do you have for others considering Cisco ASA NGFW?

Miriam Tover - PeerSpot reviewer
  • 0
  • 11
PeerSpot user
33

33 Answers

KUMAR SAIN - PeerSpot reviewer
Real User
2020-05-14T10:16:00Z
May 14, 2020

If you're looking for a complete solution, such as URL filtering and threat protection, we recommend Palo Alto firewalls, but this Cisco product is also good. We are using three to four security tools: one for web security, and another tool for application security, and another for email security. For email we have an Office 365 email domain so we are using other tools for that. For firewall security we are using Cisco ASA, Palo Alto, and Fortinet for protecting our business. We have about 15 people on my team managing the solutions. They are network admins, and some are in security.

Search for a product comparison
RO
Reseller
2020-05-07T05:03:00Z
May 7, 2020

I would recommend this solution. If you have the money, it's a very stable product. Make sure to keep critical spare parts. You might have for instance some modules that will need acceleration cards and those types of things. I would rate it a nine out of ten.

MR
Real User
2019-11-04T06:15:00Z
Nov 4, 2019

The biggest lesson I've learned so far from using the next-gen firewall is that it has visibility up to Layer 7. Traditionally, it was IP or port, TCP or any protocol we were looking for. But now we can go all the way up to Layer 7, and make sure STTP traffic is not a bit torn. That was something that we did not have before on the up-to-Layer-3 firewall. Do your research, do your homework, so you know what you're looking for, what you're trying to protect, and how much you can manage. Use that to narrow down the devices out there. So far, in our environment, we haven't had any issues with the ASA firewalls. From the first-gen, we have seen that they are pretty good. We are pretty content and happy with them. The solution can help with the application visibility and control but that is one portion we have really not dived into. That's one of the things we are looking forward to. As a small utility, a small organization, with our number of employees available, we can only stretch things so far. It has helped us to identify and highlight things to management. Hopefully, as our staff grows, we'll be able to devote more towards application visibility and all the stuff we really want to do with it. Similarly, when it comes to automated policy application and enforcement, we don't use it as much as we would like to. We're a small enough environment that we can do most of that manually. I'm still a little hesitant about it, because I've talked to people where an incident has happened and quite a bit of their devices were locked out. That is something we try to avoid. But as we grow, and there are more IoT things and more devices get on the network, that is something we'll definitely have to do. As DevNet gets going and we get more involved with it, I'm pretty sure more automation on the ASA, on the network side and security side, will take place on our end. We do find most of the features we are looking on the ASA. Between the ASA firewall and the Sourcefire management console, we have pretty much all the features that we need in this environment. In terms of how the solution future-proofs our organization, that depends. I'm waiting to find out from Cisco what their roadmap is. They're still saying they're going to stick with ASA 55 series. We're also looking at the Sourcefire FireSIGHT product that they have for the firewalls. It depends. Are they going to continue to stick with the 55s or are they going to migrate all that into one product? Based on that, we'll have to adjust our needs and strategize. If I include some of the hiccups we had with the 5506 models, which was a sad event, I would give the ASAs a nine out of ten.

JS
Real User
2019-10-07T11:43:00Z
Oct 7, 2019

The biggest lesson I've learned from using the ASAs is the fact that they can do a lot. It's just figuring out how to do it. We don't do a lot, although once in a while we will do something a little interesting. These things can do more than what we're using them for. It's just a matter of our trying to figure it out or getting with our Cisco rep to figure it out. My advice would be to have a good handle on your rules and, if you can, take the upgrades easily. We have desktop security, application security, and then we have Umbrella. We use five or six different tools for security, at least. It would be nicer to have fewer but as far as I know there isn't one tool that does it all. We do application firewall rules where it does deep packet inspection and looks at certain things. We don't use it as much as we should, but we do application inspection and have rules that are based on just an application. We usually have two people on a call when we do maintenance, and we usually have Cisco involved. It's usually me and a colleague who is also a network/security engineer. I would rate the ASA overall at eight out of ten. The thing that comes to mind with that rating is the code. As I said, we just upgraded to 6.4.04 and we ran into a handful of bugs. We've done upgrades before and we've run into a bug as well. Just last week, we finished upgrading, and I still have one final service request, a TAC case, open. I had four open at one point. That's at the forefront of my thoughts right now.

IA
Real User
2019-09-20T12:56:00Z
Sep 20, 2019

Think before you buy, as this solution can be your success or failure. Always work with professionals and not promoters.

AG
Real User
2019-09-12T09:06:00Z
Sep 12, 2019

For any organization looking for a secure solution that can be deployed in their domain or infrastructure, my advice is to go with Cisco Next-Generation Firewalls because they have a complete bundle of security features. There is a single pane of glass with complete management capabilities and analytic features to understand and gather information about the traffic. The lessons that most of our clients have learned is that in deployment it is easy to configure and it is easy to manage. It's quite stable and they do not get into difficulties in terms of day-to-day operations. We haven't faced any problems with this product. Compared to other OEMs, such as Juniper and Fortinet, Cisco's product is excellent. There are no bugs and I don't see any lack in terms of backend and technical support. In my opinion, at the moment, there is no room for product enhancement. Most of the users are system administrators working on their own domains. The minimum number of users among our clients is a team of 15 to 20 we have clients with up to 700 users at the largest site. The product is quite extensively used in each department, to protect assets and data centers. We are using the attack prevention engine and URL filtering is also used at most of our sites. We are also using it for data center connectivity and for offloading transactions. I would rate Cisco at ten out of ten for the functionality and the features they provide.

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Heritier Daya - PeerSpot reviewer
Real User
Top 5
2019-08-28T09:52:00Z
Aug 28, 2019

My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets. This is a very good solution but it is not perfection. I would rate this solution a nine out of ten.

SN
Real User
2019-08-26T06:42:00Z
Aug 26, 2019

This is the number one firewall product that I recommend. I would rate this solution an eight out of ten.

MG
Real User
2019-08-25T05:17:00Z
Aug 25, 2019

We are using the on-premises deployment model. My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product. I would rate the solution nine out of ten.

PC
Real User
2019-08-25T05:17:00Z
Aug 25, 2019

In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.

AA
Consultant
2019-08-22T05:49:00Z
Aug 22, 2019

I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product. You should have a good technician and admin support for all this product in order to maximize the value and benefits. I would rate it an eight out of ten.

MA
Real User
2019-08-12T05:55:00Z
Aug 12, 2019

On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface. As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.

it_user1073460 - PeerSpot reviewer
Real User
2019-07-04T07:00:00Z
Jul 4, 2019

I would recommend this solution. I would rate this solution as eight out of ten.

DC
Real User
2019-07-02T06:57:00Z
Jul 2, 2019

As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.

FL
Real User
2019-07-02T06:57:00Z
Jul 2, 2019

This is a good product from a trustworthy vendor, but it is not perfect. I would rate this solution an eight out of ten.

DS
Real User
2019-07-02T06:57:00Z
Jul 2, 2019

This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into. I would rate this solution a nine out of ten.

BD
Real User
2019-07-02T06:57:00Z
Jul 2, 2019

With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward. My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco. I don't have any issues with this solution, so I would rate it a ten out of ten.

MC
MSP
2019-06-23T09:40:00Z
Jun 23, 2019

I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. I would rate the solution 8 out of 10.

CS
Real User
2019-05-09T16:21:00Z
May 9, 2019

Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively? We chose a different solution after performing in-house testing.

MT
Real User
2019-04-18T09:59:00Z
Apr 18, 2019

For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them. I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight.

BG
Real User
2019-04-10T10:52:00Z
Apr 10, 2019

In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem. I would rate Cisco ASA NGFW an 8 out of 10.

MD
Real User
2019-04-02T07:02:00Z
Apr 2, 2019

Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency. I would rate Cisco ASA with an 8 out of 10 points.

SH
Real User
2019-03-26T08:09:00Z
Mar 26, 2019

I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300. I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.

NP
Real User
2019-03-12T07:26:00Z
Mar 12, 2019

I would advise someone considering this solution to just go for it. It's expensive but it's a robust solution. The only thing is that you have to convince your finance guy to go for it. I would rate it a nine out of ten.

HJ
Real User
2019-02-11T08:11:00Z
Feb 11, 2019

I would recommend the product, but cost is a big factor. Some companies cannot afford expensive products, like Cisco and Palo Alto.

Ahmed Nagm - PeerSpot reviewer
Real User
Top 10
2019-02-10T10:06:00Z
Feb 10, 2019

I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me. I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution. Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution. I would give this product a rating of 9 out of 10!

NH
Real User
2019-02-03T08:25:00Z
Feb 3, 2019

I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide.

MA
Real User
2019-02-03T06:24:00Z
Feb 3, 2019

I would rate it a seven out of ten. I would recommend this solution to a colleague. No product will give you 100% of what you're looking for but this solution is close.

GS
Real User
2019-01-22T10:45:00Z
Jan 22, 2019

This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good. I would rate this solution an eight out of ten.

KS
Real User
2018-10-28T09:33:00Z
Oct 28, 2018

We like that Cisco has a lot of experience on the market trends.

JK
Real User
2018-10-08T17:34:00Z
Oct 8, 2018

Yes, it's a good provider when it comes to firewall solution, but maybe limiting when you are looking at the wall UTM management. It's delayed behind some of the competitors.

CM
Real User
2018-08-19T09:34:00Z
Aug 19, 2018

Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface. We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product. When selecting a vendor the most important factors are * Security - obviously that is number one because we are a financial institution * stability of the vendor * how the product is ranked in the market. In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier. I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

PD
Real User
2018-07-30T09:01:00Z
Jul 30, 2018

Do your research, know what you want to achieve. Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.

Cisco Secure Firewall stands as a robust and adaptable security solution, catering to organizations of all sizes. It's designed to shield networks from a diverse array of cyber threats, such as ransomware, malware, and phishing attacks. Beyond mere protection, it also offers secure access to corporate resources, beneficial for employees, partners, and customers alike. One of its key functions includes network segmentation, which serves to isolate critical assets and minimize the risk of...
Download Cisco Secure Firewall ReportRead more

Related Q&As