Cisco ASA Firewall Review

Review about Cisco ASA


What is most valuable?

  • Network firewall
  • FirePOWER services (URL filtering, IPS)

How has it helped my organization?

With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never had before, now we can see all the applications that our users are using the most and we can see if there is malware on our network.

What needs improvement?

The FirePOWER defense system has no integration with the firewall management of the ASA, I mean you can’t create ACLS, rules, VPNS NAT, and so on. All of this has to be done with the ASDM which, from my point of view, is very complex if you are not used to it, you should be able to manage the entire solution from one central software like Defense system, but right now you can’t. This is one of the biggest problems I see right now

For how long have I used the solution?

I've used it for two years.

What was my experience with deployment of the solution?

The FirePOWER deployment has to be done from the management port of the ASA. This port has to be dedicated because all the communication from the defense system to the appliance goes by that port, so you need to have different networks (inside and management port) to be able to implement this feature. It would be nice again if you can just configure this from one single point and not two (defense system and ASDM).

What do I think about the stability of the solution?

No, I have never had any problems with Cisco equipment regarding stability.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

8/10.

Technical Support:

6/10 - I mean you need luck when you open a case with Cisco to have someone with expertise on the product. I’ve had great TAC experiences and the worst ones too, if you have a loss of service they put you with people that know what they are doing, but if you want to configure something extra and you just ask the TAC how to do it, sometimes you get someone that appears to be learning the solution. Many times, I´ve been able to solve it by myself sooner than the TAC.

Which solution did I use previously and why did I switch?

We previously used Microsoft ISA and switched because it's no longer supported.

How was the initial setup?

In our case straightforward, because we do not have many rules on our firewall, but I’ve seen cases where the migration from one firewall to another can be very tedious.

What about the implementation team?

We did it in-house.

What other advice do I have?

If you are using Cisco, then you will be very familiar with the product, and maybe you won't encounter any problems at all. However, if Cisco is a new solution, you should ask for a demo to see the interface of the ASDM and the defense system in action, and then decide if this is the kind of insight you need of your network.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Premier partner.
More Cisco ASA Firewall reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Add a Comment
Guest