Cisco ASA NGFW Review

Review about Cisco ASA

Valuable Features

  • Network firewall
  • FirePOWER services (URL filtering, IPS)

Improvements to My Organization

With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never had before, now we can see all the applications that our users are using the most and we can see if there is malware on our network.

Room for Improvement

The FirePOWER defense system has no integration with the firewall management of the ASA, I mean you can’t create ACLS, rules, VPNS NAT, and so on. All of this has to be done with the ASDM which, from my point of view, is very complex if you are not used to it, you should be able to manage the entire solution from one central software like Defense system, but right now you can’t. This is one of the biggest problems I see right now

Use of Solution

I've used it for two years.

Deployment Issues

The FirePOWER deployment has to be done from the management port of the ASA. This port has to be dedicated because all the communication from the defense system to the appliance goes by that port, so you need to have different networks (inside and management port) to be able to implement this feature. It would be nice again if you can just configure this from one single point and not two (defense system and ASDM).

Stability Issues

No, I have never had any problems with Cisco equipment regarding stability.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:


Technical Support:

6/10 - I mean you need luck when you open a case with Cisco to have someone with expertise on the product. I’ve had great TAC experiences and the worst ones too, if you have a loss of service they put you with people that know what they are doing, but if you want to configure something extra and you just ask the TAC how to do it, sometimes you get someone that appears to be learning the solution. Many times, I´ve been able to solve it by myself sooner than the TAC.

Previous Solutions

We previously used Microsoft ISA and switched because it's no longer supported.

Initial Setup

In our case straightforward, because we do not have many rules on our firewall, but I’ve seen cases where the migration from one firewall to another can be very tedious.

Implementation Team

We did it in-house.

Other Advice

If you are using Cisco, then you will be very familiar with the product, and maybe you won't encounter any problems at all. However, if Cisco is a new solution, you should ask for a demo to see the interface of the ASDM and the defense system in action, and then decide if this is the kind of insight you need of your network.

Disclosure: My company has a business relationship with this vendor other than being a customer: Premier partner.
Add a Comment
Sign Up with Email