Cisco ASA NGFW Review

It gives us the ability to do Lan-to-Lan VPN, but it needs support for automation tools, such as Puppet.

Valuable Features

It gives us the ability to do lan-to-lan VPN.

Improvements to My Organization

So far it has proven to be rock solid and relatively easy to maintain.

Room for Improvement

  • Support for automation tools (Puppet)
  • More granular logging

Use of Solution

I've used ASA for four years.

Deployment Issues

No issues encountered.

Stability Issues

No issues encountered.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:


Technical Support:


Previous Solutions

We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing and VPN termination.

Initial Setup

The most complex part was figuring out the failover and what NAT mode to implement.

Implementation Team

We did it in-house.

Pricing, Setup Cost and Licensing

Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

Other Solutions Considered

No options were evaluated. We heavily rely on Cisco hardware for our infrastructure

Other Advice

I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good knowledge of procedures and best practices. Being a CCIE R&S I know the value of those certifications, and I wish I had a CCNP Security to better handle the task.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Sign Up with Email