Cisco ASA NGFW Review

Robust cyber-security features protects server infrastructure


What is our primary use case?

I have been using the Cisco ASA NGFW for about four months. Everything works fine right now. We have only been using this device for a very short period of time. 

  • We have about 500 registered users and about 400-600 static users. 
  • For 400 to 600 users with wireless devices, we use Cisco ASA NGFW to control device traffic. We're using the new web filters. 
  • We use Cisco ASA NGFW as the bit application.

Thus far, we are using it as a web filter to filter the data against incoming traffic. We are an educational organization, so there is no gambling allowed. We don't want to allow students access to gambling sites or adult sites, etc. We use lots of web filters. That's the primary reason I installed the Cisco firewall. 

We are also happy with the Cisco ASA NGFW router firewall. It protects your small server infrastructure, but it's not complete. We purchased the Cisco ASA NGFW for the web filter. That's why we moved to the firewall.

How has it helped my organization?

Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization. 

We have an opportunity to grow now. The Cisco ASA NGFW firewall can be upgraded to another version, so it's better for us long term. It is much better because we can control the traffic that students are accessing and downloading. There are still a lot of improvements that can be done. 

What is most valuable?

For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections.

What needs improvement?

We installed a Cisco path a month ago. There was a new update for the Cisco firewall and there were security issues.

We like Cisco filtering as a firewall, but in the current market, Cisco's passive firewall is not unique. We don't have any warranty problems with Cisco. 

I asked our carrier several times to provide the exact gap code for me, but there is no Cisco dealer in our region. There is also no software accessibility with Cisco ASA NGFW. You can't always access the product that way. I also tried pfSense.

There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products. 

Cisco products are more supported by lots of companies who are producing technical services for cloud platforms. The certification is very easy in Georgia now. There are lots of people using Cisco in Georgia because their accessibility is better than the other products on the market. I also talked to several guys about the Barracuda firewall.

The Barracuda firewall is very expensive. You need to pay three or four thousand dollars every three months, so it's very expensive for us. We are not a big company.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

For our users, there are rules for the students and staff have another RF for authorization. There are small file servers also within the domain controller. 

There is no special restriction for the students. They can print. They can visit outside websites online, but there is no gambling allowed at other sites.The students can access whatever they want over email or HTTP. Only the gambling and the betting sites, they cannot install the software. There are restrictions. 

The students can use their own mobile phones or wireless devices, whatever they want. They are using the shared public key authorization. Our institution doesn't have any restrictions about accessing legal data. Except in Georgia, we have a very big problem with gambling websites. There are a lot of gambling websites, so we are trying to restrict all of the gambling sites at our company. We have a contract for the next year. 

What do I think about the scalability of the solution?

We are growing. In the next two years, we will have an additional 600 users, so we will double the capacity. We will see even more in the next three years. 

It will be like very tough. In about five-year cycles, you need to update the firewall and add other new Cisco devices for the next generation of innovation.

In five years, we will be ready for a complete upgrade cycle for everything. The stability and scalability of the Cisco ASA NGFW are good for when we need to grow. 

For the next five years, everything is fine. After that, we will see because there will be a lot of changes.

How are customer service and technical support?

Technical support with Cisco is very good. We feel the company is very reliable and very competent. I have very good feelings about the future for project operations.

If you previously used a different solution, which one did you use and why did you switch?

We had the old version of the Kerio firewall, but because in our country, there is no official dealer for Kerio, we moved to the Cisco ASA NGFW. This is the main reason why we moved to the Cisco firewall.

How was the initial setup?

We announced the tender and bought this product with the installation plus setup included in the price. I was not involved in the installation or in the setup. 

The company just asked a consultant to do it. The whole process, after we announced the tender, took about one to two weeks. The consultant company installed the software. They also helped us to optimize other parts of the network such as the routers and switches.

The setup of the Cisco ASA NGFW was complex, not only for us as a firewall. We have now submitted another tender for a device router with two-node switchless support. We updated almost everything on the Cisco ASA NGFW with the core and distribution level software upgrades.

What's my experience with pricing, setup cost, and licensing?

We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.

The Cisco license was not yearly. It was a yearly license for the firewall. For the router and switch, it was a lifetime license.

Which other solutions did I evaluate?

The other option we considered was Kerio. I tried to contact their office in Russia, but it is in the UK. I wanted to communicate with them because we cannot buy things without a warranty.

We considered buying Kerio products with the warranty, but they said we needed to send the device to them to repair it. This meant it would take too much time to replace it. In Georgia, we need a local distributor, i.e. a local representative here who we can work with, so that's the problem.

What other advice do I have?

In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem.

I would rate Cisco ASA NGFW an 8 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Free Trial

Start your two week free trial.

Add a Comment
Guest

Sign Up with Email