Cisco ASA NGFW Review

One of the features that should be improved is the URL filtering engine, but the stability of this product is one of the key functionalities in our deployment.


What is most valuable?

The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.

How has it helped my organization?

This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and reduce impact on other network elements, such as the backend firewall, DMZ zone and VPN concentrators.

What needs improvement?

Cisco ASA lacks some functionalities, when compared with other vendors’ products. Cisco need to implement some more functionalities, like client-less VPN (HTML5), but I expect that Cisco will continue to add, and improve, features of the product. One of the features that should be improved is the URL filtering engine, as currently it has limited functionality. For full functionality, you will need an external URL filtering server, like Websense.

For how long have I used the solution?

We have used it for more than five years, and have implemented it for perimeter network protection. It is designed for basic network protection for our corporate environment.

What was my experience with deployment of the solution?

No issues during the deployment, as we had good planning.

What do I think about the stability of the solution?

No issues with stability. The device is designed for hard work 24/7. I never have a lack of resources like RAM or CPU. The only reason I need to restart the device is during a software upgrade.

What do I think about the scalability of the solution?

In our deployment, we did not have a scalability issue.

How are customer service and technical support?

Customer Service:

It is very high.

Technical Support:

We did not have any technical problems with this product, so we have not had need of technical support

Which solution did I use previously and why did I switch?

We implemented ASA after a complete redesign of our network, and we believe that Cisco ASA is the right solution for our needs.

How was the initial setup?

The initial setup is straightforward, as there is a lot of documentation available on the Cisco site, and other sites, which makes planning and deployment pass without any problems. However, the ASA is a complex device, with a lot of features and further tuning is complex and you must have the right knowledge to do it. Configuration can be done through a Java based application called ASDM or through the CLI interface. Using ASDM is much more simple and easy, but ASDM is not compatible with the newer Java version, so before implementation you must read the compatibility notes. Also, keep in mind that when upgrading ASA software, you must also upgrade the ASDM package.

What about the implementation team?

Initial implementation was through a vendor. I would rate their experience and expertise as 9/10.

What was our ROI?

Calculating the ROI for network security or IT security is complex and dependent on many factors, like the implementation, role, expectation etc. IT security cannot be compromised, but on the other hand, we must ask how much is enough. In our case, we do not have a defined ROI for this product.

What's my experience with pricing, setup cost, and licensing?

The cost of the setup was only the product price, local vendor support for the implementation, and employee training. This product is set it and forget it, so we do not have day to day costs.

Which other solutions did I evaluate?

We did not evaluate other products. One reason was that we believe that the ASA is a reliable product and fits our needs. Another reason, was the lack of local support for other solutions.

What other advice do I have?

Unfortunately, the ASA 5500 is EoS and EoL, and I hope that Cisco’s NGF 5500-X series will be a worthy successor. This does not mean that Cisco will stop software support and will continue to release new software versions with new and improved features for the ASA 5500 series.

As with any other product, the main things for a successful implementation are to decide what you want to achieve, and what your main goal is, and then, you need good planning, not only for your current needs, but you also need to keep in mind further grow and needs. Good planning is, at least, 80% of successful implementation.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest