What is most valuable?
It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.
It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.
Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.
The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.
How has it helped my organization?
It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.
What needs improvement?
- The SSL VPN portal could be better.
- The ASAs support both IPSEC as an SSL VPN.
- For IPSEC you need a Cisco VPN client.
- You can only have two SSL VPN sessions.
- For more SSL sessions you have to pay (750 IPSEC sessions are included with an ASA).
- With SSL, you connect through a browser, so it is clientless. The SSL portal offers a few functionalities which you can offer a user. Configuring this portal is not an easy task.
For how long have I used the solution?
We have been using the solution for almost five years.
What do I think about the stability of the solution?
We didn't encounter any issues with stability.
What do I think about the scalability of the solution?
Scalability is limited depending on the chosen model.
How is customer service and technical support?
I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.
Which solutions did we use previously?
We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.
How was the initial setup?
The setup was easy with lots of documentation and configuration examples provided.
What's my experience with pricing, setup cost, and licensing?
You have to negotiate well.
Which other solutions did I evaluate?
We did not evaluate any alternative options for stateful firewalling.
What other advice do I have?
You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jun 25 2017