- VPN
- ASDM configuration
For FirePOWER:
- IPS
- AMP
- URL filtering
Cisco ASA Firewall Review
Site to site VPN is easy, but it's very expensive.
What is most valuable?
How has it helped my organization?
It's pretty easy to connect between different branches using site to site VPN.
What needs improvement?
Cost, it's very expensive. To migrate from a Cisco ASA 5550 and not drop in performance, you have to go to a Cisco ASA 5555-X with FirePOWER. To fully use the Cisco FirePOWER IPS, AMP and URL filtering, you are forced to (MUST) buy the Cisco FireSIGHT management centre. You also have to buy licensing for Cisco AnyConnect VPN client
For how long have I used the solution?
I've been using it since October 2004, so for 10 years.
What was my experience with deployment of the solution?
Due to the cost, I am still waiting for more funds to deploy the final phase, FirePOWER IPS, AMP and URL filtering.
Cisco did an upgrade from v8.2 to v8.3 of the migration system. NAT configuration is different from 8.2 to 8.3. It's not easy to upgrade to 8.3 and above leading to running different software versions.
What do I think about the stability of the solution?
V8.2 is very stable. With the latest versions it's still early to tell.
What do I think about the scalability of the solution?
Upgrading from v8.2 to v8.3 is a nightmare. The risks of down time are so high that I am forced to run different versions. Stay with 8.2 on all NAT dependent on your ASA, but again it's all about the cost.
How are customer service and technical support?
Customer Service:
Excellent customer service. Cisco listens to their customers.
Technical Support:Excellent customer service and documentation.
Which solution did I use previously and why did I switch?
We previously used Checkpoint, and I switched because Checkpoint was expensive but now it looks like Cisco is following the same route.
How was the initial setup?
It was not that complex because I was using Cisco routers and switches five years prior.
What about the implementation team?
It was an in-house implementation.
What was our ROI?
I can't tell right now as I am still investing.
What's my experience with pricing, setup cost, and licensing?
The initial investment on the Cisco ASAs was around one million South African Rand and there's a R200,000 annual maintenance cost with Cisco's partners.
Which other solutions did I evaluate?
No. I went straight to Cisco because of my experience with their CUCM IPT solutions, routers and switches.
What other advice do I have?
Budget a lot of money, especially on the initial setup and the annual licensing and maintenance cost.
Which version of this solution are you currently using?
5555-X With FirePOWER SW v9.2.5, 5550 SW v8.2.5, 5510 SW v9.1.1 and 5520 SW v9.1.1
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 11 2015
More Cisco ASA Firewall reviews from users...who work at a Financial Services Firm
...at Large Enterprises
...who compared it with Fortinet FortiGate
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,812 professionals have used our research since 2012.
Add a Comment
3 Comments
it_user9858 (Network Head at a manufacturing company with 1,001-5,000 employees)Vendor
First, I would question you need a 5555. That is a lot of throughput. You have Internet connections faster than 1G?
A 5545x matches 5550. In almost every upgrade I've done to NextGen X series, I've been able to go down a model number.
NAT difference after 8.3 wasn't trivial, but you should be on 9.x or higher by now. PBR and BGP are now available on the firewall.
AnyConnect pricing changes to be more favorable on version 4. You license across all firewalls and no hard limit. You license for 50, the 51st user connects.
I had everything in my environment of 300+ locations - Fortigate, Juniper, Checkpoint, Sonicwalls. Cisco is the most reliable. When you factor in soft costs troubleshooting of non-Cisco firewalls. Cisco is by far the cheapest.
it_user230721 (User)User
@finny47 - If you want to make a step forward and start segmenting your network on the firewall, than you need every bit of throughput a box can deliver.
If you stay on the classical flat network architecture, than you are right.
Simon ChabaReal User
Yes, we have 3 x 1Gbps and 1 x 155Mbps. We have four internet breakouts in different cities around the country and three of them are 1Gbps each. The fourth internet breakout is 155Mbps. There's only 2 ASA which are still on 8.3 and all others have been upgraded to 9.1. The remaining two will be upgraded in a few weeks time. Cisco ASAs are reliable, very stable and the best. The Cisco Firepower works like magic, application visibility, URL filtering and the ability to drop p2p protocols like torrent, on the fly are some of the best capabilities of the product.
Author
Simon Chaba
ICT Manager at a aerospace/defense firm
Real User
Websitewww.itcyclessolutions.co.za
Twitter samakgowa
Highlights
The IPS (In-plane switching) is the most valuable feature.
The greatest benefit for the organization is the confidence that we are secured.
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.
I haven't had any major problems so I haven't had to open a ticket with technical support.
I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward.
We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area.
The initial setup was completely straightforward.
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Cisco Firepower NGFW Firewall
Meraki MX
Palo Alto Networks WildFire
SonicWall TZ
Juniper SRX
Sophos XG
Sophos UTM
SonicWall NSA
WatchGuard Firebox
Azure Firewall
Check Point Virtual Systems
Barracuda CloudGen Firewall
Palo Alto Networks VM-Series
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the main differences between Palo Alto and Cisco firewalls ?
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- If you could go back, would you change your decision to buy that firewall and why?
- What is the best way to prevent DoppelPaymer Ransomware?
- Can you recommend a solution to replace Cyberoam 200ing Firewall?
- Best firewall models for 750 to 1000 users
- Which lesser known firewall product has the best chance at unseating the market leaders?