Improvements to My Organization
The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes.
If you ask how a firewall can improve our business: It can’t. It is securing our business IT network.
But if you want to know what the ASA5520 can do to secure our network:
Not much more than any firewall. It is a solid port firewall, nothing more, nothing less.
The Cisco ASDM management tool was helpful.
Room for Improvement
Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options.
For example, to update or add a feature, you end up buying new support and licenses. The process is complex and changes so rapidly that you won't find a salesperson who will offer you the right products.
New generation firewalls are cloud managed or provide a good interface. They integrate into the environment. They are application aware and come with security features that are especially designed for the purpose.
There were no stability issues.
You need to buy a new product if you want to scale. I once tried to put in another network card and ended up in a support nightmare. I had to buy more support, licenses, and it was more expensive than buying a new one.
Customer Service and Technical Support
Customer service is non-existent. You need to go through a very complex and annoying approval system before you can get any help. The support then gets asked a question and you get one word answers. It takes you hours to find out what version of an update you need to install, and then another day to find out how to install it.
I would give technical support a rating of zero out of 10. It is clear that Cisco is not for the end-customer, but rather for resellers and providers. They might have better contracts and get more technical support.
I usually have to take what is there. If I had a choice, I would now take something newer.
You can start very easy and set up the network cards, but it also has many traps to find out the right setting for your environment.
For example, you need fixed network settings on your switch to connect with full duplex 100Mb/s. There is no autonegotiation nor other settings. This is the same problem with the WAN connection. You need to know exactly what to configure to match the WAN, or it will not work.
I once had support from a reseller and once from a provider. Both depended on the level of the person you speak with. Most have some knowledge.
Once installed, they last a long time. I would recommend replacing them after some years to get better security features.
Pricing, Setup Cost and Licensing
If you look for user internet access, many new products can help with filtering and rules or procedures, like Meraki. This replaces the purpose of proxy servers.
If you have to secure web servers from the internet, you need a decent firewall with web features to process the requests and redirect traffic to web servers.
Cisco is no longer the only vendor offering these features. With Microsoft TMG out of the race, others have to push in. But firewalls are also no longer the first frontier of security. Cloud services are in there as well.
Other Solutions Considered
Get someone to help you plan and set up the firewall concept, as well as the initial setup and testing. Waiting for later is not the time to test or change anything without an outage.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jul 24 2017