2018-12-05T07:52:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 18

What needs improvement with Cisco ASAv?

Please share with the community what you think needs improvement with Cisco ASAv.

What are its weaknesses? What would you like to see changed in a future version?

14
PeerSpot user
14 Answers
Bashir Bashir - PeerSpot reviewer
IT Administrator at Vegol
Real User
2019-07-14T10:21:00Z
Jul 14, 2019

I tried to buy licenses, but I had trouble. Their licensing is too expensive. If they can get the reporting to go into deeper detail, it would really be helpful because in order to get the reports in Cisco you have to go to look at the information that you don't necessarily need. Also, the pricing is quite high.

Search for a product comparison
it_user861456 - PeerSpot reviewer
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
Real User
2019-07-09T05:26:00Z
Jul 9, 2019

I would definitely say the pricing could be improved. If you're going to get the latest and greatest of this solution, it's very expensive and it's actually the reason my organization is moving away from it. I'm working on a slightly older version, but what it needs is better alert management. It's pretty standard, but there are no real advanced features involved around it.

Jonathan LELOU - PeerSpot reviewer
Ingénieur technico-commercial at Inter-Continental Business Machines (ICBM)
Reseller
2019-07-09T05:26:00Z
Jul 9, 2019

I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified. Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions. To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us. For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.

EM
Technical Manager at GTT
Real User
2019-07-04T07:00:00Z
Jul 4, 2019

Normally in terms of design, the user prefers to use Cisco ASAv as a border router or a border firewall, because you have two different kinds of firewalls. You have a firewall when the data communication enters the network, and then you have a firewall, for when you've been inside the network. So, for the inside network firewall, Check Point is better because it can make a better notation of your network infrastructure. But, for the incoming data, or border firewall, ASAv is better. In terms of improving the interface, if you compared to the Check Point file, then I think that ASAv should be better. They should improve the interface so that it's similar to the Check Point firewall.

WB
Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019

My opinion is that the new direction Cisco is taking to improve its product is not correct. They want to make the old ASA firewall into a next-generation firewall. FirePower is a next-generation firewall and they want to combine the two solutions into one device. I think that this combination — and I know that even my colleagues who work with ASA and have more experience than me agree — everybody says that it's not a good combination. They shouldn't try to upgrade the older ASA solution from the older type Layer 4 firewall. It was not designed to be a next-generation firewall. As it is, it is good for simple purposes and it has a place in the market. If Cisco wants to offer a more sophisticated Layer 7 next-generation firewall, they should build it from scratch and not try to extend the capabilities of ASA. Several versions ago they added support for BGP (Border Gateway Protocol). Many engineers' thought that their networks needed to have BGP on ASA. It was a very good move from Cisco to add support for that option because it was desired on the market. Right now, I don't think there are other features needed and desired for ASA. I would prefer that they do not add new features but just continue to make stable software for this equipment. For me, and for this solution, it's enough.

George Karani - PeerSpot reviewer
IT Manager
Real User
2019-06-30T10:29:00Z
Jun 30, 2019

I would say the pricing could be improved. It's quite expensive, especially for the economy. I'd like to see them more integration so that I don't need other parties for protecting my network. If I could just have ASA firewalls for perimeter protection and LAN protection, then I'm good. I don't need so many devices. I would like to see improvements for client protection.

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,849 professionals have used our research since 2012.
NA
IT Infrastructure Manager at Beltone Securities Brokerage S.A.E.
Real User
2019-06-24T12:13:00Z
Jun 24, 2019

The overall application security features can be improved. It could also use a reporting dashboard.

Farhad Foladi - PeerSpot reviewer
Cloud Services Operation Engineer at Informatic Services Company (ISC)
Real User
2019-06-24T12:13:00Z
Jun 24, 2019

I don't have any experience with the price, but ASA is a comprehensive solution. In the next update of the Cisco ASAv, I would like to see them release a patch for ASAv, i.e. to put the FirePower solution into the cross-platform integration.

Donald Fitzai - PeerSpot reviewer
LAN admin at Cluj County Council
Real User
2019-06-16T07:23:00Z
Jun 16, 2019

There definitely is room for improvement. We found it difficult to publish an antenna plug with the ASDM. Cisco should make the interface for the firewall more simple.

Cristian Serban - PeerSpot reviewer
Network Engineer at a financial services firm with 5,001-10,000 employees
Real User
2019-02-03T06:24:00Z
Feb 3, 2019

* Interaction with the equipment * Different interface with the product * A more simple procedure in delivering policies to the equipment * Simplified upgrade procedure * Tracking flows * Monitoring and logs should be easier.

it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital
Real User
Top 5
2019-01-16T09:22:00Z
Jan 16, 2019

We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates. Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.

Munish Gupta - PeerSpot reviewer
Partner - Consulting & Advisory at Wipro Technologies
Real User
2018-12-11T08:31:00Z
Dec 11, 2018

The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.

Ryan Partington - PeerSpot reviewer
Systems Administrator at Universal Audio
Real User
2018-12-09T08:34:00Z
Dec 9, 2018

Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.

Vikram Arsid - PeerSpot reviewer
Cyber Security Software Engineer at FireEye
MSP
2018-12-05T07:52:00Z
Dec 5, 2018

Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on. While I like the UI and dashboards of Cisco ASA, if you compare them to Palo Alto or Fortinet, they have much richer UIs. An analyst (or anyone) can see them, and say, "I have got all these important pointers on my dashboard." However, with Cisco ASA, we need to dig into many things and go to many views to see what is actually there.

Related Questions
Steve Chiyenda - PeerSpot reviewer
IT Supervisor at Blantyre Netting Company Limited
May 20, 2022
Hi peers, A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.  Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
2 out of 3 answers
Bennett Gomonda - PeerSpot reviewer
Pre-Sales Support Engineer at Skyband Corporation
May 18, 2022
I prefer Sophos. I find it easy to use and it has better features on malware and threat management.
Carlos Roberto Da Silva - PeerSpot reviewer
Pre-Sales Director at 4 IT Solution
May 19, 2022
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.  Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.
ID
User at Zm3
May 15, 2022
Hi community members, I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost. Is this the right thing to do? What would be your advice? Please elaborate. Thank you for your help!
2 out of 8 answers
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
May 9, 2022
Hi @Isaiah Dominic, ​I have a few questions:Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?  If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?Both devices are good enough.I expect this could help you,  Good luck!
DanielValente - PeerSpot reviewer
Head of Platforms and Infrastructure at LOQR
May 9, 2022
Hi,  You are comparing a piece of old equipment with a true next-gen firewall.  Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.  But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Download Free Report
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
DOWNLOAD NOW
657,849 professionals have used our research since 2012.