Cisco ASA Firewall Review

Protects from external threats to our network as a firewall and VPN solution

What is our primary use case?

The primary use of Cisco ASA (Adaptive Security Appliances) for us it to protect from external threats to our network as a firewall and VPN solution.

How has it helped my organization?

Cisco ASA serves a purpose more than it improves us. It is good at what it does. We are using other vendors and splitting the traffic to different devices based on what they do best. Even though we use other products the trend at our company is that we will increase the traffic through Cisco ASA.

What is most valuable?

It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability.

It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device.

What needs improvement?

My opinion is that the new direction Cisco is taking to improve its product is not correct. They want to make the old ASA firewall into a next-generation firewall. FirePower is a next-generation firewall and they want to combine the two solutions into one device. I think that this combination — and I know that even my colleagues who work with ASA and have more experience than me agree — everybody says that it's not a good combination. 

They shouldn't try to upgrade the older ASA solution from the older type Layer 4 firewall. It was not designed to be a next-generation firewall. As it is, it is good for simple purposes and it has a place in the market. If Cisco wants to offer a more sophisticated Layer 7 next-generation firewall, they should build it from scratch and not try to extend the capabilities of ASA.

Several versions ago they added support for BGP (Border Gateway Protocol). Many engineers' thought that their networks needed to have BGP on ASA. It was a very good move from Cisco to add support for that option because it was desired on the market. Right now, I don't think there are other features needed and desired for ASA.

I would prefer that they do not add new features but just continue to make stable software for this equipment. For me, and for this solution, it's enough. 

For how long have I used the solution?

We have been using the solution for about five years.

What do I think about the stability of the solution?

It is a stable solution. It is predictable when using different protocol and mechanics.

What do I think about the scalability of the solution?

We've used several models of the product, from the smallest to the biggest. I think that this family of the ASAs is scalable enough for everything up to an enterprise environment. I think the family of products is able to handle small and large company needs.

How are customer service and technical support?

Cisco is a well-known vendor and its support is good. In my previous company, we sometimes used a vendor rather than direct Cisco support, but sometimes we used Cisco. For ASA in my current company, we have additional support from the local vendor. If we have a problem we can also initiate a ticket directly on the Cisco support site.

Which solution did I use previously and why did I switch?

About one-and-a-half years ago we implemented a different solution to handle certain situations like BGP. But when we upgraded our Cisco devices just few months ago, we could have BGP on ASA. Now our devices from Cisco have enhanced capability, not just something new and maybe less dependable. Implementing BGP on ASA was a late addition. It had been tested, the bugs were worked out and engineers wanted the solution. The stability of ASA as an older solution is what is important.

How was the initial setup?

I think it is not the simplest solution to set up because it is sophisticated equipment. For engineers to work with vendors and incorporate totally different solutions, it could be difficult. It is also different from the other Cisco devices like Cisco Router IOS. It differs in a strange way, I would say, because the syntax or CRI differs. If you are used to other OSs, it is not easy to switch to ASA because you have to learn the syntax differences. 

It's common for there to be differences in syntax between vendors. But, I would say that this is more complex. The learning curve for start-up and configuration of ASA is at mid-level when it comes to the difficulty of implementation.

What about the implementation team?

I did the implementation myself. ASA is not the newest solution for Cisco or the newest equipment. You can use the vendor and ask for help if you need it during the installation and for support. Because it was an older solution, it was already somewhat familiar to me.

Which other solutions did I evaluate?

My current company has been using ASA for quite a long time, so I was not involved in the choices.

I have been participating in choosing a new vendor and new equipment for some specific purposes as we go forward. For a next-generation firewall, Cisco's product — a combination of ASA and Firepower — is not the best solution. We are choosing a different vendor and going with Palo Alto for next-generation solutions because we feel it is better.

What other advice do I have?

I think I can rate this product as an eight out of ten. A strong eight. The newest version of software and solutions often have bugs and functional problems because they have not been rigorously tested in a production environment. It is not the modern, next-generation firewall, but it solidly serves simple purposes. For simple purposes, it's the best in my opinion. I am used to its CRI (Container Runtime Interface) and its environment, so for me, familiarity and stability are the most important advantages.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cisco ASA Firewall reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Add a Comment