Cisco ASA Firewall Review

The most powerful and expensive firewall

Valuable Features:

There are a lot of companies who create firewalls but there is not a single one which can compete with ASA. It can have access control from layer 3 to layer 7. The ASA 5510 is more than enough for small to medium business. It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA. You can use ASA to route traffic. AAA service supports plenty of Authentication server types. You can configure advanced NAT in this device. It uses Modular Policy Framework (MPF) to inspect traffic. You can inspect traffic at different layers separately. You can use this as a transparent firewall & fail over is instant. The virtualization works beautifully for this device. VPN is another added advantage.All the types of VPNs are managed through ASA.

Room for Improvement:

The 5505 does not support multiple mode. While running this device on multiple mode you cannot use dynamic routing protocols or multicast routing. Also the IPSEC and SSL VPNs are not supported while running in multiple mode. sometimes analysis might take too long while performing DPI in real-time traffic. The product is expensive. A 5580 series costs more than $50000.

Other Advice:

Its very difficult to write something about this product as it has so many options. I have studied 1000 pages about this product and most of the organizations use this firewall as it is the best in the world. I have never seen such a powerful device which can handle 2 million connections at 20Gbps speed. It can also inspect 4 million packets per second.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cisco ASA Firewall reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Add a Comment

author avatarit_user7665 (Network Engineer at a tech services company with 501-1,000 employees)

The New Cisco ASA 5505 and 5550 models strengthen security in small business, remote office and enterprise environments. The Cisco ASA 5500 Series 7.2 Software delivers more than 50 new features, including advanced firewall services not found in similar products from other well-known brands.

author avatarit_user2895 (Senior InfoSec Engineer at a tech services company with 10,001+ employees)

There are companies that can compete with Cisco. Gartner has provided a report from 2012 showing that the new leader in firewalls with a new behavioral approach to firewalls is Palo Alto Networks. Not saying that Gartner has the right reports all the time but this one was correct. So remember that Checkpoint also exists and have been giving Cisco a run for their money. The caveat with Checkpoint is that some ports like X11 have to be hard coded into the top of the ACL in both directions in order to allow the traffic.

Anyone on any given day can beat the number one provider. The shift is now towards behavioral firewalling against unapproved applications and provide protection to the user no matter where they are based on user and not where they are coming from. Stay tuned as more developments come in the security field.