How has it helped my organization?
The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes.
If you ask how a firewall can improve our business: It can’t. It is securing our business IT network.
But if you want to know what the ASA5520 can do to secure our network:
Not much more than any firewall. It is a solid port firewall, nothing more, nothing less.
What is most valuable?
The Cisco ASDM management tool was helpful.
What needs improvement?
Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options.
For example, to update or add a feature, you end up buying new support and licenses. The process is complex and changes so rapidly that you won't find a salesperson who will offer you the right products.
New generation firewalls are cloud managed or provide a good interface. They integrate into the environment. They are application aware and come with security features that are especially designed for the purpose.
What do I think about the stability of the solution?
There were no stability issues.
What do I think about the scalability of the solution?
You need to buy a new product if you want to scale. I once tried to put in another network card and ended up in a support nightmare. I had to buy more support, licenses, and it was more expensive than buying a new one.
How are customer service and technical support?
Customer service is non-existent. You need to go through a very complex and annoying approval system before you can get any help. The support then gets asked a question and you get one word answers. It takes you hours to find out what version of an update you need to install, and then another day to find out how to install it.
I would give technical support a rating of zero out of 10. It is clear that Cisco is not for the end-customer, but rather for resellers and providers. They might have better contracts and get more technical support.
Which solution did I use previously and why did I switch?
I usually have to take what is there. If I had a choice, I would now take something newer.
How was the initial setup?
You can start very easy and set up the network cards, but it also has many traps to find out the right setting for your environment.
For example, you need fixed network settings on your switch to connect with full duplex 100Mb/s. There is no autonegotiation nor other settings. This is the same problem with the WAN connection. You need to know exactly what to configure to match the WAN, or it will not work.
What about the implementation team?
I once had support from a reseller and once from a provider. Both depended on the level of the person you speak with. Most have some knowledge.
What was our ROI?
Once installed, they last a long time. I would recommend replacing them after some years to get better security features.
What's my experience with pricing, setup cost, and licensing?
If you look for user internet access, many new products can help with filtering and rules or procedures, like Meraki. This replaces the purpose of proxy servers.
If you have to secure web servers from the internet, you need a decent firewall with web features to process the requests and redirect traffic to web servers.
Cisco is no longer the only vendor offering these features. With Microsoft TMG out of the race, others have to push in. But firewalls are also no longer the first frontier of security. Cloud services are in there as well.
Which other solutions did I evaluate?
What other advice do I have?
Get someone to help you plan and set up the firewall concept, as well as the initial setup and testing. Waiting for later is not the time to test or change anything without an outage.