Cisco Adaptive Security Appliance (ASA) Firewall Valuable Features

MohammadRauf
Security Officer at a government
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos. We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point. View full review »
reviewer1357989
Cisco Security Specialist at a tech services company with 10,001+ employees
All the features are very valuable. Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users. The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago. Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA. Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center. View full review »
JoelStech
Senior Network Engineer at Orvis Company, Inc
The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment. I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be. We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols. One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades. View full review »
Learn what your peers think about Cisco Adaptive Security Appliance (ASA) Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,168 professionals have used our research since 2012.
Othniel Atseh
Network Security Consultant at a consultancy with 1-10 employees
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering. Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple. When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected. Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial. When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good. View full review »
NSA0898776
Network & Security Administrator at Diamond Bank Plc
I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience. * All my change requests are for Cisco ASA to work more on ease of management. * All of the features of Cisco ASA are used by all of the other vendors on the market. * The firewall solutions are all based on the same network equipment. The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features. View full review »
Jonathan Muwanga
Head of Information Communication Technology at National Building Society
Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed. View full review »
Beka Gurushidze
System Administrator at ISET
For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections. View full review »
Ashraf-Sadek
CSD Manager at BTC
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control. The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products. Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco. It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat. One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic. In addition, Talos is an enhancement to Cisco firewalls, and provides a better view. The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes. View full review »
Amit Gumber
Senior Manager at HCL Technologies
One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies. The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos. View full review »
Mustafa Ahmed
Network Security Engineer at qicard
The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature. View full review »
KUMAR SAIN
Sr. Network and Security Engineer at Eli Research
Cisco provides the most solutions. We use some of our Cisco firewalls offsite. They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy. View full review »
Lwazi Xashimba
Network Specialist at a financial services firm with 501-1,000 employees
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed. It's not so difficult to pull out reports for what we need. It comes with IPS, the Intrusion Prevention System, and we're also using that. View full review »
SherifNour
IT Manager, Infrastructure, Solution Architecture at ADCI Group
The Cisco security rules are very strict and very strong. I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall. View full review »
Ahmed Nagm
IT Solution Consultant at PCS
The feature that I found the most valuable is the overall stability of the product. View full review »
Heritier Daya
Network Administrator at a financial services firm with 1,001-5,000 employees
The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats. The IPS is a must for a firewall. View full review »
Seniorntwrk56
Senior Network Administrator at a construction company with 1,001-5,000 employees
The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well. The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice. View full review »
Nadika Perera
CEO at Synergy IT
I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward. View full review »
Imad Awwad
IT Director at Malia Group
Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints. View full review »
Solution7499
Solutions Architect at a manufacturing company with 10,001+ employees
This solution is easy to use if you know how to set it up. The most valuable features are on the routing side, with the control between the two networks and the rules that are in there. View full review »
DonCheney
Senior Network Administrator at Washington Trust Bank
The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage. Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security. View full review »
reviewer818484
Information Security Officer at a government with 501-1,000 employees
Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well. View full review »
Mbaunguraije Tjikuzu
Information Security Administrator at Bank of Namibia
The most valuable features are the firewall capabilities, filtering, and intrusion prevention. I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features. View full review »
Seang Haing
Team Leader Network Egnieer at deam
There are two main ways that using Cisco ASA & Firepower has improved our organization: * Technical features * Our Sales team View full review »
Michael Collin
Senior System Engineer at a tech services company with 11-50 employees
The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor. View full review »
Ahmad Alkoragaty
IT Consultant at MOD
The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. View full review »
Ray-Ost
CEO at Smart Secure Solutions N.V.
The most valuable feature is that the encryption is solid. View full review »
Nelda Hojas
Chief Information Officer at Finance Corporation Limited
Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection. View full review »
Ntwrksec457
Network Security/Network Management at a K-12 educational company or school with 201-500 employees
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management. View full review »
NGFW677
IT Specialist at a government with 1,001-5,000 employees
The most valuable features are the flexibility and level of security that this solution provides. View full review »
FranciscoLopez
Integration / Wireless Engineer at J.B. Hunt Transport Services, Inc.
The most valuable feature of this solution is its ability to integrate vertically. View full review »
SecSolArch32291
Security Solution Architect at a financial services firm with 5,001-10,000 employees
The most important feature is its categorization because on the site and social media you are unified in the way they are there. View full review »
Johnsey Kivoto
IT Manager at a manufacturing company with 51-200 employees
I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. View full review »
Mahmoud Ashoub
Team Leader, Information Risk Engineer at National Bank of Egypt
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good. View full review »
Tech432SrvcMn
Technical Services Manager at a comms service provider with 10,001+ employees
The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful. View full review »
Net823Eng2
Network Engineer at a media company with 51-200 employees
The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility. View full review »
reviewer994896
Center for Creative Leadership at a professional training and coaching company with 501-1,000 employees
Its security is the most valuable feature. View full review »
Fadil Kadrat
Network Engineer at Banque des Mascareignes
* Its VPN and ASN features are very stable. * It is easy to configure. View full review »
NetworkO9ae4
Network Operations Center Team Leader at a financial services firm with 10,001+ employees
At this point, we find that this product has high productivity and high availability and there is no need for improvement. View full review »
Moraima Matilda
Coordinator Network Support at a manufacturing company with 501-1,000 employees
The most valuable feature is the security that it provides our company and users. Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge. View full review »
Tracey Jackson
Senior Network Engineer at Johnson & Wales University
The VDB updates run on schedule, so less hands-on configuration is needed. View full review »
JohnMorris
Manager at BSB Cadmin Ltd
The ability to have a protected home network on the unit and a separate secured office network linked back to corporate. View full review »
Samuel May
Information Security Manager at Tactical Air Support
The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights. View full review »
Learn what your peers think about Cisco Adaptive Security Appliance (ASA) Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,168 professionals have used our research since 2012.