The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic, but quite a few of the other IDS/IPS appliances are way too complicated and too time consuming to properly deploy. This will lead to improper deployments and often missing important spots in your network.
Cisco ASA Firewall Review
It's a straightforward setup with easy to follow instructions, however, some IDS/IPS appliances can be too complicated and too time consuming to properly deploy.
What is most valuable?
How has it helped my organization?
Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.
What needs improvement?
Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high value threats, most departments want to have these signatures available and able to deploy automatically. SourceFire makes this a manual process with third party rules.
For how long have I used the solution?
I've used it for two years.
What was my experience with deployment of the solution?
No, it was quite easy.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
The only issue I have is with the price, as SourceFire is VERY expensive.
How are customer service and technical support?
Customer Service:
Customer service is very helpful and there are some extremely knowledgeable people on board.
Technical Support:Very technical! The men and women know what they are doing and are very helpful.
Which solution did I use previously and why did I switch?
No previous solution was used.
How was the initial setup?
It's straightforward with easy to follow instructions. You just plug-in and go.
What about the implementation team?
I implemented it myself.
What was our ROI?
Lousy! $250K/year just for maintenance and licensing costs for a defense center and five sensors? This is insane! There is a better way.
What's my experience with pricing, setup cost, and licensing?
The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring charge and this really racks up, but luckily the day to day operational costs aren't bad at all, unless you break out the recurring charge daily!
Which other solutions did I evaluate?
Other IDS/IPS products were looked at.
What other advice do I have?
The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the differences please!), Aanval for the central management and the emerging threats rules.
Which version of this solution are you currently using?
4.x & 5.x
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 31 2015
More Cisco ASA Firewall reviews from users...who work at a Financial Services Firm
...at Large Enterprises
...who compared it with Fortinet FortiGate
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,719 professionals have used our research since 2012.
Add a Comment
2 Comments
it_user221862 (Cloud Engineer at a tech services company with 1,001-5,000 employees)Consultant
I use pfSense at home and HIGHLY recommend this over anything else. But for a very distributed environment, checkout Aanval and Suricata combo with rules from Emerging Threats. At my old employer, I developed a plan to replace their $250K/year SourceFire deployment with a $80K/year custom solution that scales much better.
But again, each their own. For small/medium business, I would recommend pfSense, but for larger enterprise, I would recommend a custom solution based around Aanval/Suricata/ETPro with Firewall/VPN as separate devices.
Author
it_user221862
Cloud Engineer at a tech services company with 1,001-5,000 employees
Consultant
Highlights
The IPS (In-plane switching) is the most valuable feature.
The greatest benefit for the organization is the confidence that we are secured.
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.
I haven't had any major problems so I haven't had to open a ticket with technical support.
I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward.
We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area.
The initial setup was completely straightforward.
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Cisco Firepower NGFW Firewall
Meraki MX
Palo Alto Networks WildFire
SonicWall TZ
Juniper SRX
Sophos XG
Sophos UTM
SonicWall NSA
WatchGuard Firebox
Azure Firewall
Check Point Virtual Systems
Barracuda CloudGen Firewall
Palo Alto Networks VM-Series
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the main differences between Palo Alto and Cisco firewalls ?
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- If you could go back, would you change your decision to buy that firewall and why?
- What is the best way to prevent DoppelPaymer Ransomware?
- Can you recommend a solution to replace Cyberoam 200ing Firewall?
- Best firewall models for 750 to 1000 users
- Which lesser known firewall product has the best chance at unseating the market leaders?