Cisco ASA NGFW Review

The various NGFW and NGIPS features are valuable, but the option to use ASA to decrypt SSL would be an improvement.

Valuable Features

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

NGIPS: Application visibility, file policies (store files), network discovery, correlation features

Room for Improvement

SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL.

Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be integrated that would be nice.

Use of Solution

5 years+

Deployment Issues

Basic setup is easy, but if you need to do some advanced stuff, it can be intuitive, but some things require some kind of tutorial to understand how it can be done. Good thing is that this device is becoming popular and there are many 3rd party free tutorials and guides that can help.

Stability Issues

I heard about defect that were encountered by my colleagues, but not something that cannot be fixed using an upgrade.

Scalability Issues

Clustering is available for ASA with firepower services.

Also for firepower appliances, there is stacking available for some models.

Customer Service and Technical Support

Customer Service:

Great support. The engineers know what they are doing.

Technical Support:


Previous Solutions


Initial Setup

Well, it is straight forward as long as you understand the components available.

ASA can be configured using the CLI or ASDM.

For the Firepower you will need to use a FireSIGHT as a management solution.

Since you will be using two GUIs, I wouldn't call it straight forward.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Add a Comment
Sign Up with Email