Cisco ASA Review
Before anything, you need to know your infrastructure really well


How has it helped my organization?

The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.

What is most valuable?

IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.

The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.

Also, the IP access list counter is a good feature while troubleshooting.

What needs improvement?

ASDM can be improved.

Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.

What do I think about the stability of the solution?

Yep, more than once, but only on one box out of the three we purchased. Suppose we got a lemon, because once replaced, everything was fine.

What do I think about the scalability of the solution?

We never had an infrastructure that required scalability.

How is customer service and technical support?

An eight out of 10. TAC was very good but some engineers were quite slow and I ended up figuring out the issue myself.

But overall, I like Cisco TAC a 1000 times more than Juniper TAC. Arista is the best TAC so far in my experience, they have the best talent pool.

How was the initial setup?

Quite straightforward for the most part, since I had TAC on call while setting it up.

What's my experience with pricing, setup cost, and licensing?

Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now.

Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All other TACs do not come close, except Arista, but they do not make firewalls.

Which other solutions did I evaluate?

None. My old company was a complete Cisco shop.

What other advice do I have?

Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well.

For example, we brought a PAN firewall for east-west traffic control so we could implement a zero trust network. But our business traffic is a bidding traffic which has extremely small packet size and huge connection size per seconds happening, which sent the PAN firewall into a tailspin. Since we bought the device without a POC, we had to eat the cost. So make sure to do a PoC with all the vendor equipment before you purchase it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Guest
Why do you like it?

Sign Up with Email