Cisco ASA NGFW Review

It gives us the ability to do Lan-to-Lan VPN, but it needs support for automation tools, such as Puppet.


What is most valuable?

It gives us the ability to do lan-to-lan VPN.

How has it helped my organization?

So far it has proven to be rock solid and relatively easy to maintain.

What needs improvement?

  • Support for automation tools (Puppet)
  • More granular logging

For how long have I used the solution?

I've used ASA for four years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

8/10

Technical Support:

8/10

Which solution did I use previously and why did I switch?

We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing and VPN termination.

How was the initial setup?

The most complex part was figuring out the failover and what NAT mode to implement.

What about the implementation team?

We did it in-house.

What's my experience with pricing, setup cost, and licensing?

Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

Which other solutions did I evaluate?

No options were evaluated. We heavily rely on Cisco hardware for our infrastructure

What other advice do I have?

I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good knowledge of procedures and best practices. Being a CCIE R&S I know the value of those certifications, and I wish I had a CCNP Security to better handle the task.


Disclosure: I am a real user, and this review is based on my own experience and opinions.

1 visitor found this review helpful
Add a Comment
Guest