Cisco ASA NGFW Review

It currently does not support VPN, but I like the documentation, reliability, and support.

Valuable Features

  • Site-to-site IPsec VPN
  • Remote IPsec VPN
  • Reverse route injection

Improvements to My Organization

Cisco Context gave us the feature of creating a virtual firewall, which is good. It provides us with maximum network isolation. Also impressive is the ISP redundancy.

Room for Improvement

WCCP, and URLs, in the Cisco ASA Context both need work. When changing from single mode to multiple mode or back, the commands must be done from the command line (CLI) and cannot be done via the ASDM GUI interface. ASA context should be able to support site-to-site VPN, but the current Cisco Context does not support VPN

Use of Solution

I've used them for six years.

Deployment Issues

During the deployment of WCCP, we noted some loopholes like it only supports ports 80 & 443. Application which is running on multiple ports doesn't work with WCCP and to make it work we need to allow respective traffic outside the firewall.

Stability Issues

Sometimes there is an issue with the site-to-site VPN.

Scalability Issues

In certain cases, like an any access-list, if we add a URL the Cisco ASA access-list does not resolve that URL while this can be done in Juniper, and Fortinet.

Customer Service and Technical Support

Customer Service:


Technical Support:


Previous Solutions

I have migrated some set-ups from Cisco to Juniper, but not from Juniper to Cisco.

Initial Setup

We have multiple ASA firewalls for different clients now we migrated to Cisco Context.

Implementation Team

It was done in-house.


It's 8/10.

Other Advice

If it is for a banking domain, your organisation should use Cisco which can assure better security than any other vendors' products. Also, they have the best documentation, reliability and support.

Disclosure: My company has a business relationship with this vendor other than being a customer: Channel partner
Add a Comment
Sign Up with Email