Class-based policing is the most important part of the ASA, and was its differentiator.
Class-based policing is the most important part of the ASA, and was its differentiator.
It gave us more organized DMZs and logical segments.
I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a case-by-case basis. This makes it difficult for people who want to study and trial new technologies and features.
I’ve been using ASA technology since it was PIX, so since 1999.
We have not had stability issues.
We have not had scalability issues.
Support with Cisco TAC, or with VARs like WWT and Trace3 is usually pretty good.
I have used both ASA and PAN. Different strokes for different folks.
Initial setup is straightforward. You can get as granular and complex as you want, but out of the box, ASAs provide a secure FW solution.
We evaluate all other options.
ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution. Documentation and use cases alone tend to make me a fan of Cisco's way of engineering, and they have come a long way over the last few years when it comes to integrating their solutions into comprehensive security communications platforms using tools like PRIME and ISE. FirePOWER and AMP make Cisco an even better overall contender for top FW status.