What is most valuable?
Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.
One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.
How has it helped my organization?
Visibility in the network traffic.
What needs improvement?
Management console – Firesight Management Center.
When deploying Cisco FMC versions 6.0 and 6.1, some issues may appear when trying to register ASA sensors. The problem needs Cisco TAC involvement, adding more effort and time. I guess this will be fixed in version 6.2.
For how long have I used the solution?
I've used this solution for three to five years.
What do I think about the stability of the solution?
Some releases of the unified image (FTD – Firepower Threat Defense – Cisco ASA + Sourcefire IPS) are not very stable, but things are getting improved.
What do I think about the scalability of the solution?
Some clustering functions are not available in the unified image.
How is customer service and technical support?
Which solutions did we use previously?
Old ASA 5500. Natural upgrade to next generation functions.
How was the initial setup?
Initial setup is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
The licensing model has been simplified and is easy to understand. The price is higher compared to UTM solutions, such as Fortinet, but in the same range as Checkpoint and Palo Alto.
Which other solutions did I evaluate?
We also work with Palo Alto Networks, Fortinet, FireEye, and some other vendors.
What other advice do I have?
Take a look at the features included in the unified image. Some classic ASA functionality has not been integrated yet, go for non-unified image if the deployment requires something that is not available – classic ASA iOS plus Sourcefire code.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Jul 23 2017