Cisco ASA NGFW Review

Spec the right hardware model and choose the right license for your needs.


How has it helped my organization?

The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users.

What is most valuable?

It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote access VPN are always useful.

What needs improvement?

It's not perfect, and does have room for improvement with certain features.

The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment.

Certain documentation on the newer models of ASA (specifically, ASA 5500-X with FirePower services) is a little out of date and in some cases incorrect, although this may have been corrected since my last deployment.

What do I think about the stability of the solution?

I've never seen a firewall that didn't need an RMA at some point! And that is true of the ASA, however, the failure rate (in my experience) has always been very low with ASA's (and Cisco equipment in general).

What do I think about the scalability of the solution?

Nope.

How is customer service and technical support?

With Cisco TAC, you can always get an answer to technical issues, and with the thriving Cisco support forum, you can always get answers to questions even if you don't have TAC.

Which solutions did we use previously?

Not in my current organization.

How was the initial setup?

I would say it's only complex if you're not familiar with either the CLI or ASDM.

So for me, it was easy, for those without Cisco CLI (or ASDM) experience, deployment can be a little daunting.

That being said, there are plenty of configuration documents available on the Cisco website that will "hold your hand" through any deployment.

What's my experience with pricing, setup cost, and licensing?

Hardware and licensing can be expensive, and licensing can be a complicated affair. I would strongly recommend you speak with your distributor to ensure you choose the right license for your needs, and read the hardware comparison guide to make sure you spec the correct hardware for your specific needs.

Which other solutions did I evaluate?

It's great buying the latest and greatest equipment, but no so great if your engineers don't know how to operate it!

From experience, hardware purchasing is normally dependent on the technical expertise of engineers, so if all your engineers are Cisco trained, it makes no sense to buy another vendor firewall.

What other advice do I have?

Spec the right hardware model and choose the right license for your needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email