Cisco ASA Review
Provides the capability of the higher end firewall products to handle most network tasks without issues.


How has it helped my organization?

It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

What is most valuable?

I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

What needs improvement?

People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.

In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.

I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.

Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.

What do I think about the stability of the solution?

Stability issues did not occur in my experience, as long as we stayed with the correct image builds.

What do I think about the scalability of the solution?

There were no scalability issues.

How is customer service and technical support?

Customer Service:

Generally, we do not need customer support, so it is hard to rate.

Technical Support:

Generally we do not need technical support, so it is hard to rate.

How was the initial setup?

The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.

What about the implementation team?

We implemented the solution in-house.

What was our ROI?

We cannot determine ROI just yet.

What's my experience with pricing, setup cost, and licensing?

Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.

Which other solutions did I evaluate?

In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.

What other advice do I have?

I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

1 Comment

Kiarash BarzoodehReal User

hello
respectfully, you are right about routing, Cisco ASA is a best firewall that support routing. however, in best practices offer: do not use firewall as router and also is better to use firewall as transparent mode. because technically firewall designed for access control or something like that, so in high routing environment, sometime firewall cannot handle routing as router.

26 June 17
Guest
Why do you like it?

Sign Up with Email