What is our primary use case?
We are an ISP, so it's primarily for customer firewalls that we help customers setup and maintain. While we do use Cisco ASA in our company, we mostly configure it for customers. Our customers use it as a company firewall and AnyConnect VPN solution.
How has it helped my organization?
A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.
What is most valuable?
The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.
It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.
What needs improvement?
One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes.
If you use Cisco ASDM with the command line configuration, it can look a bit messy. We have some people who use them both. If you use one, it's not a problem. If you use both, it can be an issue.
For how long have I used the solution?
What do I think about the stability of the solution?
We haven't had any issues with the firewalls.
The maturity of our company's security implementation is good. We are very satisfied as long as we maintain the software. It has needed to be updated quite a few times.
What do I think about the scalability of the solution?
We don't have any firewalls that can handle more than a couple of gigabits, which is pretty small. I think the largest one we have is the 5525-X, though we haven't checked it for scalability.
In my company, there are probably 16 people (mostly network engineers) working with the solution: seven or eight from my group and the others from our IT department.
How are customer service and technical support?
I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.
Which solution did I use previously and why did I switch?
This was the first firewall solution that I worked with.
How was the initial setup?
The initial setup has been pretty straightforward. We have set up a lot of them. The solution works.
The deployment takes about half an hour. It takes a little longer than if we were using their virtual firewalls, which we could implement in a minute.
What about the implementation team?
We have a uniform implementation strategy for this solution. We made some basic configurations with a template which we just edited to fit a customer's needs.
What was our ROI?
We haven't notice any threats. The firewalls is doing its job because we haven't noticed any security issues.
What's my experience with pricing, setup cost, and licensing?
The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference.
Which other solutions did I evaluate?
Our company has fix or six tools that it uses for security. For firewalls, we have Check Point, Palo Alto, Juniper SRX, and CIsco ASA. Those are the primary ones. I think it's good there is some diversity.
The GUI for Cisco ASA is the easiest one to use, if you get it to work. Also, Cisco ASA is stable and easy to use, which are the most important things.
What other advice do I have?
We use this solution with Cisco CPEs and background routers. These work well together.
We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now.
We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD.
I would rate the product as an eight (out of 10).