Cisco ASA Firewall Archived Reviews (More than two years old)

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
In432TchMn89
Real User
IT Manager at Citizens Bank
Aug 21 2018

What is most valuable?

I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that.

How has it helped my organization?

The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

What needs improvement?

The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all.

What's my experience with pricing, setup cost, and licensing?

The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

What other advice do I have?

Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even… more »
BURAK YESILDERYA
Real User
IT System Administrator at PFW HAVACILIK
Aug 20 2018

What is most valuable?

The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.

How has it helped my organization?

Historic events related to security incidents. My organization must have a unified strategy for event logging and correlation.

What needs improvement?

The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network. The operational procedures in use on the network contribute as much to security as the configuration on devices.

What's my experience with pricing, setup cost, and licensing?

Commercial leasing is the best option.

Which solution did I use previously and why did I switch?

Before, I did not manage my private network well (or professionally). For this reason, I have been updating products.
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,827 professionals have used our research since 2012.
Consultant
Solutions Architect at a tech services company with 10,001+ employees
Aug 16 2018

What is most valuable?

It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.

How has it helped my organization?

* Intrusion protection * We were able to determine when we are being attacked. * We determine that our inspections were causing latency. We needed a way to monitor threat protection and not cause latency.

What needs improvement?

We are looking for software taxi capabilities.

Which other solutions did I evaluate?

Going forward, we are evaluating Anomali. The founder of ArcSight founded Anomali. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.
ITmgr302604
Real User
IT Manager at a construction company with 11-50 employees
Aug 07 2018

What is most valuable?

Pro user-based firewall rules.

How has it helped my organization?

I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.

What needs improvement?

The solution that we have right now doesn't do what I want it to do. We don't have a ratified solution for all the things that I wanted to right across our business. We're doing similar functions using different technology and I want… more »

Which solution did I use previously and why did I switch?

When selecting a vendor, the most important criteria include: * Security - the ability of the technology from a security perspective. * The ability of the company to support the technology - knowledge of the product by the company. It may… more »

What other advice do I have?

Do your research, know what you want to achieve. Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.
PetrPetrov
User
User at IDF technology
Jul 17 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

This solution is involved in the protection of the network perimeter and the VPN gateway.

How has it helped my organization?

It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

What is most valuable?

AnyConnect Double translations Independent IPS module High performance Various methods of organizing a VPN

What needs improvement?

Simplify licensing Do not combine the IPS module with the main operating system. In new products, leave the CLI.

For how long have I used the solution?

More than five years.
MohamedMostafa2
User
student at MC
Jul 16 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

We offer publishing services. It depends on our business, but we use this solution for security.

What is most valuable?

ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

What needs improvement?

Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

For how long have I used the solution?

Three to five years.
Hector Carmenates
Consultant
Information Technologies Consultant at a tech services company
Jun 20 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

How has it helped my organization?

It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

What is most valuable?

Reliability Robustness Security features High encryption, hashing, and integrity support Support High performance

What needs improvement?

Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

For how long have I used the solution?

Three to five years.
User
IT Manager with 51-200 employees
Jun 14 2018

What do you think of Cisco ASA Firewall?

These firewalls are used in enterprise level environments, which require granular control and customization to meet security and compliance guidelines for an organization. Once configured to suit your needs, they are rock solid appliances.  These firewalls are not for beginners. 
Vendor
Manager at SAP
Jun 11 2018

What do you think of Cisco ASA Firewall?

Cisco ASA has an okay CLI with a nice GUI, but has poor performance.
Sikander Ali
Real User
IT Infrastructure Engineer at Atlas Group
Jun 10 2018

What do you think of Cisco ASA Firewall?

How has it helped my organization?

My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others. 

What needs improvement?

Antivirus features must be integrated for end user security. They must be increased in the next version along with audit and restriction for the incoming user. Security must be increased when a new user connects over the LAN and an alarm must be generated.

For how long have I used the solution?

Three to five years.
Neil McFadyen
User
Supervisor of Computer Operations at Neil McFadyen
May 31 2018

What is most valuable?

* Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. * I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am… more »

How has it helped my organization?

It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.

What needs improvement?

* It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center. It would be nice to have a Windows program instead of a virtual appliance for the Firepower Management Center. The ASA and Firepower module seem redundant, not sure which one to set the rules in, but… more »

What's my experience with pricing, setup cost, and licensing?

ASA pricing seems high compared to other firewalls, such as the Sophos XG models. The licensing features are getting more complicated. These should be simplified.
Real User
Sales Manager at Entiresoft Technologies Pvt Ltd
May 30 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

I am using Cisco ASA as the firewall for my business to guard the boundary of my business. It has been very helpful in my sector of media with my clients, essentially focusing on how secure their data is, especially when we are working on a few projects which involve multiple citations across Europe.  Our content, which is the main asset for our firm, is pretty elusive behind the firewall of Cisco ASA.

How has it helped my organization?

It has improved my client's trust. 

What is most valuable?

VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

What needs improvement?

I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info…
User
Tehcnician at Belize Telemedia Limited
May 27 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

How has it helped my organization?

Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

What is most valuable?

ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

What needs improvement?

UTM features would be nice or some NextGen features.  The ASA has become a bit old and needs updating.

For how long have I used the solution?

One to three years.
Reviewer83902
Real User
Network Administrator at Modern Woodmen of America
May 27 2018

What is most valuable?

Sourcefire has been a great addition. The visibility and control have been nice. I also like the active/standby HA.

How has it helped my organization?

Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had.

What needs improvement?

The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great. Also, AnyConnect is very difficult to manage and use.
Tony Petcou
Reseller
Business Development Executive at CBI
May 03 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

The gateway firewall is where we use it the most.  

How has it helped my organization?

The firewall and policy side are easy to use. 

What is most valuable?

IDS.

What needs improvement?

Make the IPS baked-in. It is a good firewall, though not NextGen.

For how long have I used the solution?

One to three years.
Real User
ICT Manager with 1-10 employees
May 02 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

We use it to protect the perimeter of the network.

How has it helped my organization?

It is reliable, and does the job that it is supposed to be doing.

What is most valuable?

IPS Antivirus IP filtering

What needs improvement?

it is not very user-friendly for the administration.

What do I think about the stability of the solution?

The Cisco solution that we have now is very stable. That is why we are interested in continuing with the Cisco solution and upgrading to the next generation.

What do I think about the scalability of the solution?

It can be used by multiple users.

How are customer service and technical support?

We use the technical support of Cisco through a partner, so I do not have direct access to the Cisco IT technical…
Luis_Garcia
User
Information Technology at Giumarra
May 01 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

How has it helped my organization?

It is much better than most of the other firewalls that I have worked with.

What needs improvement?

It needs more tunneling capabilities. 

For how long have I used the solution?

More than five years.

What was our ROI?

It is worth every penny that we have invested in it.
User
‎Enterprise Manager at One Advanced
Apr 26 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

VPN services IDS/IPS services using Firepower Provides perimeter and internal firewall services.

How has it helped my organization?

We provide managed services based on the Cisco ASA product. The brand is reassuring to customers when procuring our services.

What is most valuable?

VPN Firewall IDS/IPS These features allow us to deliver services to meet client needs across various industry verticals.

What needs improvement?

MSSP oriented interface: I would like a single console which would allow me to manage settings creating consistency across all customers.

For how long have I used the solution?

Less than one year.
Reseller
Pre-sales engineer with 51-200 employees
Apr 25 2018

What is most valuable?

All the visibility the device gives us as well as management and administration facilities.

How has it helped my organization?

As a reseller, because Cisco includes different companies like Sourcefire, Meraki, and Talos, I think Cisco has a good portfolio for the security business, with their own… more »

What needs improvement?

It needs better documentation for when we present solutions to non-technical people. They need to bring together all the information, across the various firewalls, so that… more »

What's my experience with pricing, setup cost, and licensing?

Cisco may be a little expensive but it has everything, and they support very well.

Which solution did I use previously and why did I switch?

SonicWall.

What other advice do I have?

I think Cisco has all the solutions: switching, routing, security, they have wireless. You can cover all the devices with Cisco. They have all the network and engineered… more »

Which other solutions did I evaluate?

Juniper, Fortinet.
User
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
Apr 16 2018

What is most valuable?

Filtering is the best feature, as I have gotten used to using it. .

How has it helped my organization?

It works like a firewall for security reasons.

What needs improvement?

The IPS and GUI are outdated. It is finally getting IPS inside, which will be a big improvement. The GUI is outdated, and they are slowly improving it. We will see if they go in the correct direction. Unfortunately, they usually just follow other vendors. It is slowly not supported and other vendors… more »

What other advice do I have?

Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module.
Real User
Information Systems Manager at a manufacturing company with 201-500 employees
Mar 12 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

Business use. It has performed well.

What is most valuable?

Its ability to work with the traffic.

What needs improvement?

I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface.

What do I think about the stability of the solution?

Stability has been fine.

What do I think about the scalability of the solution?

It is good.

How are customer service and technical support?

I have not used technical support.

Which solution did I use previously and why did I switch?

We have always been with Cisco.

How was the initial setup?

Initial setup was fairly complex. Just having to know the command prompt rather than having a better user interface. …
JuanMartinez1
Real User
Network Consulting Engineer at a energy/utilities company with 10,001+ employees
Mar 04 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

How has it helped my organization?

Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this. Do not do cluster to add more bandwidth.

What is most valuable?

Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

What needs improvement?

The needed features are already being done on Firepower, but this software is still in flux. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is…
User
User at a comms service provider with 1,001-5,000 employees
Feb 28 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

Service Provider Operations manipulating thousands of firewall rules deploying Network Access Translations (NAT) for various multiservice networks.

How has it helped my organization?

Easy and fast to deploy. User-friendly GUI REST API offering with rich capabilities which makes the product very robust.

What is most valuable?

Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.

What needs improvement?

ASDM needs to be able to customize applets.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

REST API stability needs improvement in…
Vendor
Senior Network Manager with 51-200 employees
Feb 26 2018

What do you think of Cisco ASA Firewall?

What is our primary use case?

Datacenter and edge firewalls Used in central and remote sites. Used in datacenter production sites.

How has it helped my organization?

Deployed between users and servers transparently. Easy to deploy in a working environment between servers and users. Improved security and visibility.

What is most valuable?

Failover Transparent firewall Multi-context Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.

What needs improvement?

HTTPs inspection and higher throughput/spec would be good. Now, it has been replace by Firepower, which is a lot faster. 

For how long have I used the solution?

More than five years.
Real User
Security Governance at a comms service provider with 1,001-5,000 employees
Feb 22 2018

What is most valuable?

All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers

How has it helped my organization?

So far, we are not satisfied by the move. The precedent solution is much more adapted to the Telco environment, although Cisco recommended this platform. Cisco ASA also… more »

What needs improvement?

* VPN creation with Cisco is quite difficult: Some DH groups are not supported (compared to Juniper). * Expected to see the enablement of virtual routing, which is key in… more »

What's my experience with pricing, setup cost, and licensing?

Nothing to highlight at this level.

Which solution did I use previously and why did I switch?

We were using Juniper SRX5600. The switch was more a strategic decision than a technical one. We are also using a 5520 for seven years in our datacenter and we are… more »

What other advice do I have?

It is definitely not for Telco.

Which other solutions did I evaluate?

We did an evaluation with Check Point.
Real User
ESS Security with 201-500 employees
Jan 28 2018

What is most valuable?

Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.

What needs improvement?

There is always room for improvement in virtually anything. However, the relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA. Moreover, with FMC (Firepower Management Console) you can complement it with… more »

What's my experience with pricing, setup cost, and licensing?

Be sure of what features you are going to utilize to add/remove some from new bundles.

What other advice do I have?

Best value will always be delivered by adding FMC (Firepower Management Console); at least their virtual edition.
Consultant
Regional Manager - Pre Sales at a tech services company with 51-200 employees
Jan 24 2018

What do you think of Cisco ASA Firewall?

How has it helped my organization?

It helps us to identify key, persistent threats so we can set policies accordingly.

What is most valuable?

In-depth monitoring and analysis. It helps us to make better decisions and policies.

What needs improvement?

Integration aspects Traffic shaping

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Initially there were some stability issues, but in the long-run no.

What do I think about the scalability of the solution?

It requires additional licensing to enable 10G ports.

How is customer service and technical support?

Technical support is very good.

How was the initial setup?

It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes…
Real User
Account Manager
Jan 24 2018

What is most valuable?

Advanced malware protection, it blocks malicious attacks.

How has it helped my organization?

Malicious URLs are being blocked.

What needs improvement?

* Bandwidth allocation. * SSL decryption (avoid installing the intermediate device certificate in the client) should happen from Firepower itself. * Critical bugs need to… more »

What's my experience with pricing, setup cost, and licensing?

Price should be judged based on the above answers, among the most capable vendors.

Which solution did I use previously and why did I switch?

We switched from our previous solution because of scalability issues.

What other advice do I have?

We are using ASA5585-X with Firepower SSP-20 (ASA version 9.6(1)3, Firepower version 6.1.0.5). When looking at different solutions, take a deep look at the features.

Which other solutions did I evaluate?

FortiGate.
Consultant
Solutions Architect at a tech services company with 51-200 employees
Jan 24 2018

What is most valuable?

* Network attack detection * DoS and DDoS attack prevention * Signature-based detection * User-defined signatures with regular expressions * Integrated URL and content filtering * Custom URL… more »

How has it helped my organization?

Secured our network from outside and inside intruders.

What needs improvement?

License capacity needs to be extended and the vendor needs to work on the pricing.

What's my experience with pricing, setup cost, and licensing?

Value for your money, but bit a costly.

Which solution did I use previously and why did I switch?

No, Cisco was part of our solution from the start.

What other advice do I have?

Good product, give it a chance.
Vendor
I.T Security Consultant
Jan 24 2018

What is most valuable?

This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.

What needs improvement?

The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses.

What's my experience with pricing, setup cost, and licensing?

Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM).

Which solution did I use previously and why did I switch?

We’ve always used ASA from the get go. We added the UTM is to compliment it.

What other advice do I have?

Go for it. I really like how, once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration.

Which other solutions did I evaluate?

Juniper, Check Point, Astaro
Real User
Technical Administrator at a tech services company
Jan 23 2018

What is most valuable?

Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security.

How has it helped my organization?

Three years ago we encountered malicious attacks from the internet, most of which were Chinese attackers, so we deployed Cisco ASA to strengthen our network. Since the deployment, we haven't seen the risk we encountered before.

What needs improvement?

There are more powerful firewalls, other than the Cisco NGFW, like Fortinet, Palo Alto and so on. I can't say Cisco is the leading firewall brand as of now, as the technology innovates.

What other advice do I have?

I rate it an eight out of 10. I am only handling or supporting the ASA 5520 model in our company.
Real User
Security Engineer at a tech services company with 201-500 employees
Jan 23 2018

What is most valuable?

If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It… more »

What needs improvement?

It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line. Its a sort of legacy product nowadays. The firewalls which are the next generation have loads of features added to them, and they are all in one box. It should have packets, deep level inspections… more »

Which solution did I use previously and why did I switch?

I was actually using ASA and I switched to another one.

What other advice do I have?

If I were to advise others who are looking into implementing this product I would say I don't think they will like it. They would be able to meet business requirements better with other products, other vendors' firewalls. That's what I think, that's what I know from my own experience, from dealing… more »
User
President and CTO with 51-200 employees
Jan 11 2018

What is most valuable?

* Strong in NAT and access-lists * Very good as a stateful inspection firewall, but weak in all other areas.

How has it helped my organization?

In the early days, before UTM and NGFW, this product was awesome. Cisco tried to add Firepower, but it requires a different management interface and is still too expensive.

What needs improvement?

* Integrated threat management * Route-based VPNs: VPNs are weak as this product still does not support route-based VPNs. * Single management interface * Better throughput for price point

What's my experience with pricing, setup cost, and licensing?

Price point is too high for features and throughput available.

What other advice do I have?

Overall, this is a legacy product.
davidstrom
Writer
Owner at David Strom Inc.
Dec 19 2017

What do you think of Cisco ASA Firewall?

Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.
Real User
Senior Consultant at Unify Square
Dec 11 2017

What is most valuable?

ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web… more »

How has it helped my organization?

Cisco ASA have been the main security device for many years, slowly replaced with Check Point on the main datacentre.

What needs improvement?

You have to know the ASA command line very well because not all operations are available in the graphical interface (or let's say that sometimes it is better to operate… more »

What's my experience with pricing, setup cost, and licensing?

Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution.

Which solution did I use previously and why did I switch?

The previous solution was based on software firewalls that where not able to perform as the Cisco ASA

What other advice do I have?

ASA is one of the the state-of-the-art firewall devices for security. It is affordable and not too complicated to use if you are doing standard operations (modifying ACLs… more »

Which other solutions did I evaluate?

When the choice was made, some comparison was made with other market leaders but integration with the existing Cisco network was a really important positive side in the… more »
davidstrom
Writer
Owner at David Strom Inc.
Aug 20 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.

How has it helped my organization?

Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.

What needs improvement?

Prime manager is just for the CX line for now. CX features also add about a 30% overhead on throughput.
Vendor
Network and System Engineer at a non-tech company with 201-500 employees
Jul 31 2017

What is most valuable?

I enjoy the interface of Cisco products, especially the CLI version. I think the IPS feature in the product is best compared to products of other vendors. All the IPS features can be accessed from a… more »

How has it helped my organization?

We are an educational institute, and we are required to block many websites that are not suitable for students and teachers. Most of the sites, like YouTube uses an https version, thus blocking with… more »

What needs improvement?

Pricing of this product needs improvement.

What's my experience with pricing, setup cost, and licensing?

License and appliance costs are more expensive as compared to other vendors on the market.

Which solution did I use previously and why did I switch?

I worked with Cyberoam and Fortinet UTM at my previous job. When I joined my present company, they were already using the Cisco ASA solution. But my present company may switch to other vendors… more »

What other advice do I have?

If your company is small or mid-range, it is better to go with other vendors, because of the pricing.
Frank Theilen
Real User
IT Adviser/Manager with 51-200 employees
Jul 24 2017

What is most valuable?

The Cisco ASDM management tool was helpful.

How has it helped my organization?

The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes. If you ask how a firewall can improve our business: It can’t. It is… more »

What needs improvement?

Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide… more »

What's my experience with pricing, setup cost, and licensing?

If you look for user internet access, many new products can help with filtering and rules or procedures, like Meraki. This replaces the purpose of proxy servers. If you… more »

Which solution did I use previously and why did I switch?

I usually have to take what is there. If I had a choice, I would now take something newer.

What other advice do I have?

Get someone to help you plan and set up the firewall concept, as well as the initial setup and testing. Waiting for later is not the time to test or change anything… more »

Which other solutions did I evaluate?

I had no choice.
Consultant
Presales Consultant at a tech services company with 51-200 employees
Jul 23 2017

What is most valuable?

Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of… more »

How has it helped my organization?

Visibility in the network traffic.

What needs improvement?

Management console – Firesight Management Center. When deploying Cisco FMC versions 6.0 and 6.1, some issues may appear when trying to register ASA sensors. The problem… more »

What's my experience with pricing, setup cost, and licensing?

The licensing model has been simplified and is easy to understand. The price is higher compared to UTM solutions, such as Fortinet, but in the same range as Checkpoint and… more »

Which solution did I use previously and why did I switch?

Old ASA 5500. Natural upgrade to next generation functions.

What other advice do I have?

Take a look at the features included in the unified image. Some classic ASA functionality has not been integrated yet, go for non-unified image if the deployment requires… more »

Which other solutions did I evaluate?

We also work with Palo Alto Networks, Fortinet, FireEye, and some other vendors.
Sergei Chernooki
Vendor
IT SecOps Manager at a computer software company with 1,001-5,000 employees
Jul 19 2017

What is most valuable?

Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.

How has it helped my organization?

With ASAs, we can keep operational expenses as low as possible. Disaster risks should be observed as usual, but this is definitely not the weak point.

What needs improvement?

I would like to see new SW versions being more stable and HW performance increase. However, the new 2000 series has high performance, but it is not shipped widely so far.

What's my experience with pricing, setup cost, and licensing?

Basic features and IPs can work without subscriptions. All next-generation features require per-year payments. Enterprise customers usually agree with price and license… more »

Which solution did I use previously and why did I switch?

Some of my customers switched from ZyXel to Cisco and this is an obvious decision for me. It will be much harder to imagine a customer replacing Check Point or Fortinet… more »

What other advice do I have?

All you need to succeed is careful design, professional setup, and a support contract.

Which other solutions did I evaluate?

I compared Cisco with Fortinet, Checkpoint, and DIY solutions.
Consultant
Technical Specialist with 5,001-10,000 employees
Jul 18 2017

What is most valuable?

VPN (site to site VPN and remote access ), NAT policies, modular policy framework, detailed troubleshooting methods.

How has it helped my organization?

The throughput and reliability of the product improve the network stability of our organization.

What needs improvement?

Area : URL filtering and content filtering. When Cisco ASA is presented as an enterprise firewall, that should be capable doing IPS/IDS, firewalling, VPN concentrator… more »

What's my experience with pricing, setup cost, and licensing?

Expensive when compared to other products.

Which solution did I use previously and why did I switch?

I used to work with most of the hardware firewalls, Cisco ASA is reliable and few technologies are good enough to compete for the market (VPN, Modular policy framework… more »

What other advice do I have?

If you are looking into implementing VPN or advanced features, I recommend using this product. URL or content filtering is not good as much as the NGFWs are.

Which other solutions did I evaluate?

Yes, all.
Danut Agache
Consultant
Computer Networking Consultant and Contractor
Jul 17 2017

What is most valuable?

Stability, high availability of services, and very high MTBU were the most valuable features for me -- because in my work as network and security consultant, it is very… more »

How has it helped my organization?

I have 15 years’ experience with Cisco products and I've had very, very little problems with them. Also, for resolving appeared issues Cisco was a good partner. Crescendo… more »

What needs improvement?

The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc.

What's my experience with pricing, setup cost, and licensing?

To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive.

Which solution did I use previously and why did I switch?

I haven' t used another solution.

What other advice do I have?

To test the product in their network and to evaluate other products. I am sure that the Cisco ASA Firewall will be the winner. Our complete relationship is based on the… more »

Which other solutions did I evaluate?

We evaluated other solutions, like Fortinet, HPE, Juniper, Check Point, but Cisco ASA was what we need.
Real User
Network Engineer with 201-500 employees
Jul 16 2017

What is most valuable?

IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now. The packet tracer command is a great tool for troubleshooting… more »

How has it helped my organization?

The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control… more »

What needs improvement?

ASDM can be improved. Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.

What's my experience with pricing, setup cost, and licensing?

Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now. Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All… more »

What other advice do I have?

Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well. For example, we brought a PAN firewall for east-west… more »

Which other solutions did I evaluate?

None. My old company was a complete Cisco shop.
Vendor
Senior Network Security Engineer at a university
Jul 13 2017

What is most valuable?

It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote… more »

How has it helped my organization?

The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users.

What needs improvement?

It's not perfect, and does have room for improvement with certain features. The SSL VPN is, and always has been, painful to configure and the Java plugin does not… more »

What's my experience with pricing, setup cost, and licensing?

Hardware and licensing can be expensive, and licensing can be a complicated affair. I would strongly recommend you speak with your distributor to ensure you choose the… more »

Which solution did I use previously and why did I switch?

Not in my current organization.

What other advice do I have?

Spec the right hardware model and choose the right license for your needs.

Which other solutions did I evaluate?

It's great buying the latest and greatest equipment, but no so great if your engineers don't know how to operate it! From experience, hardware purchasing is normally… more »
Alexander Kostov
Real User
Senior IT Networking and Security Manager at a tech services company with 10,001+ employees
Jul 11 2017

What is most valuable?

There are a lot of features which are good and can be implemented, especially in the latest IOS version of the product. They saved me a lot of time thinking how to solve… more »

How has it helped my organization?

It gave us a more secure environment and a lot of flexibility to the business.

What needs improvement?

The next generations part of these products need a better approach. A lot of vendors are definitely a step or two in front of them.

What's my experience with pricing, setup cost, and licensing?

This is definitely not a cheap solution, but I think it is worth the investment.

Which solution did I use previously and why did I switch?

I used to work with open source solutions, but the support and complication behind them was definitely not OK. If you want to have flexibility and stability, you have to… more »

What other advice do I have?

I would recommend that you understand the needs of the business case before choosing the product and start implementing it. It is very important to choose the right… more »

Which other solutions did I evaluate?

We evaluated other solutions like Juniper, but we chose Cisco, since our network was becoming more and more Cisco oriented.
Reseller
Security Consultant at a tech services company with 501-1,000 employees
Jul 06 2017

What is most valuable?

During the first phase of use, it was an extra module on standard Cisco ASA firewalls. It then became a standalone solution known as FTD, Firepower Threat Defense. The… more »

How has it helped my organization?

The application and user-visibility and control, along with very powerful IPS and malware protection, enables our clients to secure their data centers and internet… more »

What needs improvement?

Some ASA known features are still missing, but are being added bit by bit in each new version release, such as: * Remote Access VPN (the last release only supported the… more »

What's my experience with pricing, setup cost, and licensing?

It has a great performance-to-price value, compared to competitive solutions. Subscriptions are annual. The licensing fee and standard support are the only costs we pay… more »

Which solution did I use previously and why did I switch?

As a Cisco Gold Partner, we always proposed Cisco firewalls for our clients.

What other advice do I have?

Make sure you tune your rules very well, as some clients just leave the firewall as it is and don't maintain the access rules or tighten them to be more granular and… more »

Which other solutions did I evaluate?

We did not evaluate any alternative solutions.
Vendor
Senior Network Specialist
Jul 06 2017

What is most valuable?

The security features are valuable because it is easy to use and it has an important role as a firewall.

How has it helped my organization?

It has improved our access control.

What needs improvement?

It would be useful to gather all security features in one box. For example, certain features like URL filtering and application control licenses need to be purchased… more »

What's my experience with pricing, setup cost, and licensing?

It is too pricey if you want to activate more features in a box, which necessitates you to purchase a license.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

What other advice do I have?

Know what features are needed, and then purchase the necessary hardware and license.

Which other solutions did I evaluate?

We evaluated Palo Alto and CheckPoint.
Vendor
Network Engineer at a mining and metals company with 1,001-5,000 employees
Jul 04 2017

What is most valuable?

The simple access rule, Internet NAT and routing are valuable features. It is very simple and the most reliable perimeter firewall.

How has it helped my organization?

We were using Cisco Security Manager (CSM) to control and configure all of our Cisco products. ASA worked very well on the CSM.

What needs improvement?

The next-generation firewall could improve. Still, they have NGFW 5525 but I haven’t tried it yet.

What's my experience with pricing, setup cost, and licensing?

Obviously, Cisco products are not cheap.

Which solution did I use previously and why did I switch?

We have used it from the beginning.

What other advice do I have?

If you are looking for a stable run and it is easy to find someone to configure the service, then better go for Cisco; their support is very professional.
Vendor
Executive Manager with 11-50 employees
Jun 29 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

The solution's reliability, performance, and security are most valuable.

What needs improvement?

The price and compatibility with other vendors' products can be improved.

For how long have I used the solution?

I have used this solution for three years.

What do I think about the stability of the solution?

I have not encountered any issue with stability.

What do I think about the scalability of the solution?

I have not encountered any issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 9/10.

Which solution did I use previously and why did I switch?

I used Juniper Networks and I switched due to the lack of technical and sales support in Romania.

How was the initial setup?

The…
Azar Mammadli
Real User
IT Operation Manager
Jun 29 2017

What is most valuable?

* Hardware reliability * Software stability * Quick software updates for known bugs/vulnerabilities These are very important in an enterprise environment.

How has it helped my organization?

It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

What needs improvement?

* License politics * License price * Precise vendor roadmap for this product

What's my experience with pricing, setup cost, and licensing?

Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support… more »

Which solution did I use previously and why did I switch?

We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server. Cisco has good documentation and it is easy for Cisco certified engineers.

What other advice do I have?

The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the… more »

Which other solutions did I evaluate?

We did not evaluate any alternatives.
Consultant
Security Technical Architect at a tech services company with 10,001+ employees
Jun 29 2017

What is most valuable?

The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

How has it helped my organization?

It provides detection of zero day infections through FirePOWER AMP.

What needs improvement?

Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our… more »

What's my experience with pricing, setup cost, and licensing?

Get a clear understanding of what the licensing entails before committing.

Which solution did I use previously and why did I switch?

We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

What other advice do I have?

Plan very well in order to have a seamless project implementation and transition.

Which other solutions did I evaluate?

We checked out Check Point and FortiGate.
Consultant
Security Consultant at Accenture
Jun 29 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

Cisco doesn't have many features but only basic firewalls.

How has it helped my organization?

No improvement. My clients have been using this product and moving to other products.

What needs improvement?

This product should have moved towards making UTMs.

For how long have I used the solution?

Eight years.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Technical support and documentation is great.

Which solution did I use previously and why did I switch?

No, I worked with this product by working for a client.

How was the initial setup?

It is easy to set up and implement.

What's my experience with pricing, setup

Vendor
ICT Manager - Network Operations at a healthcare company
Jun 29 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

Firewall, VPN and Single Sign On.

How has it helped my organization?

Remote Access and SSO Authentication.

For how long have I used the solution?

One year.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

Good.

Which solution did I use previously and why did I switch?

Watchguard Firewall. Switched due to license cost.

How was the initial setup?

A bit complex compared to Watchguard Firewall.

What's my experience with pricing, setup cost, and licensing?

Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

Which other solutions did I evaluate?

If so, which ones? Yes,…
Consultant
Sr Network Engineer at a tech services company with 501-1,000 employees
Jun 29 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

VPNs, reliability.

How has it helped my organization?

Connectivity with client Telcos works perfectly way and administration is simple.

What needs improvement?

I think it's the perfect Firewall for SME.

For how long have I used the solution?

Five years.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

10 out of 10.

Which solution did I use previously and why did I switch?

Version 5515 is better than 5510 or 5505.

How was the initial setup?

If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way of configuring it with ease.

What's my experience with pricing, setup cost, and licensing?

Go for the…
Vendor
IT Manager at a manufacturing company
Jun 29 2017

What is most valuable?

* Cisco IPSec VPn * VPN Client * Port Restrictions

How has it helped my organization?

We could connect data securely from outside the company.

What needs improvement?

I need application user-IP blocking, Intrusion Prevention, QoS; I can't do these with Cisco and have to change it.

What's my experience with pricing, setup cost, and licensing?

Cisco price-performance is very successful.

Which solution did I use previously and why did I switch?

I couldn’t meet all my needs with the Cisco 5505 so I changed it with a next-generation firewall.

What other advice do I have?

I know that Cisco acquired Sourcefire and they re-introduced next-generation firewall features and I think they’ll improve NX features.

Which other solutions did I evaluate?

I evaluated Sophos UTM, Checkpoint, Cisco and PA. PA is the best fit for my company because Sophos acquired Cyberoam and their software wasn’t successful for domain user… more »
Consultant
Senior Network & Data Communication Engineer at a tech services company with 201-500 employees
Jun 29 2017

What is most valuable?

Security, Routing and NAT.

How has it helped my organization?

Gives flexibility and several deployment options.

What needs improvement?

Some default inspection rules need better tuning. Focus development on CLI version.

What's my experience with pricing, setup cost, and licensing?

Like with all vendors, know what options you require and request the proper license accordingly. Prices are on the same level as competitors.

Which solution did I use previously and why did I switch?

Yes. We changed for no special reason, just to mix things up.

What other advice do I have?

Read, read, read and understand your requirements beforehand.

Which other solutions did I evaluate?

Not really, as all firewalls do most of what enterprises look for. What matters most is the after sales support.
Vendor
Manager Network Security at a financial services firm with 5,001-10,000 employees
Jun 28 2017

What is most valuable?

I love its CLI mode of working, it gives plenty of information with a single line of command. This feature allows its administrator to perform advanced level tasks with much ease.

How has it helped my organization?

These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.

What needs improvement?

This product lacks in GUI format; that needs to be more mature and composed.

Which solution did I use previously and why did I switch?

We have almost 99% Cisco based infrastructure.

What other advice do I have?

Cisco has done great job in introducing new features in their security product by acquiring specialized companies in the past. However, they still need to improve their unique feature products as they… more »

Which other solutions did I evaluate?

Usually yes. We did like Huawei and Juniper.
Vendor
Network Security Administrator at a tech company with 5,001-10,000 employees
Jun 28 2017

What is most valuable?

The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely… more »

How has it helped my organization?

It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our… more »

What needs improvement?

It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to… more »

What's my experience with pricing, setup cost, and licensing?

I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

Which solution did I use previously and why did I switch?

I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the… more »

What other advice do I have?

Choose it if you aim to have a stable environment.
Vendor
Gerente de Telecomunicaciones at a financial services firm with 1,001-5,000 employees
Jun 28 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

The front page of device manager is the most valuable feature because it makes it easy to know the system status.

How has it helped my organization?

It’s hard to say because our equipment was EoS.

For how long have I used the solution?

I have used Cisco ASA for three years.

What do I think about the stability of the solution?

We suffered an attack and the firewall was down repeatedly.

What do I think about the scalability of the solution?

We have to buy more licenses to get more VPN connections.

How are customer service and technical support?

I rate support 7/10.

Which solution did I use previously and why did I switch?

We didn’t have a previous solution. I actually searched after another solution.

How was the initial setup?

Setup was…
Real User
Sr. Security Analyst with 1,001-5,000 employees
Jun 28 2017

What is most valuable?

Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.

How has it helped my organization?

It provides centralized management. I would also add that URL, Malware and IPS built-in has been a great help as well. Where we used to need several products for all these… more »

What needs improvement?

More centralization and simplification of product lines would help most engineers, but I think licensing is the key here. Most organizations won’t pay the money to have… more »

What's my experience with pricing, setup cost, and licensing?

Read everything and track all your licenses. Research all options and maybe pick a few to PoC. It doesn’t hurt to trial others. Maybe they are a better fit for your… more »

Which solution did I use previously and why did I switch?

Previously, I used ASAs without FirePower; and unsure what my company used prior to that.

What other advice do I have?

Do research. FPMC is great for us but it requires a lot of time and attention.

Which other solutions did I evaluate?

We are moving forward with ELA 5.0 for all Cisco security devices. Prior to that decision, we did a PoC with Palo Alto 3020 and 220 firewalls and Panorama. Those are some… more »
Vendor
IT Support Engineer
Jun 27 2017

What is most valuable?

Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.

How has it helped my organization?

The product has helped organizations secure their infrastructure and data. Most organizations are happy to adopt the technology.

What needs improvement?

The equipment is too expensive compared with other firewall products.

What's my experience with pricing, setup cost, and licensing?

As much as there is value for money, there is a need to make it affordable.

Which solution did I use previously and why did I switch?

The previous product was limited in throughput and security.

What other advice do I have?

It is a very good device to use for those who value their network security.

Which other solutions did I evaluate?

I tried Sophos.
Consultant
Member of the Board of Directors at a tech services company with 1,001-5,000 employees
Jun 27 2017

What is most valuable?

Class-based policing is the most important part of the ASA, and was its differentiator.

How has it helped my organization?

It gave us more organized DMZs and logical segments.

What needs improvement?

I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a… more »

Which solution did I use previously and why did I switch?

I have used both ASA and PAN. Different strokes for different folks.

What other advice do I have?

ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution… more »

Which other solutions did I evaluate?

We evaluate all other options.
Vendor
Networking Specialist at a insurance company with 1,001-5,000 employees
Jun 25 2017

What is most valuable?

It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting. It’s a really good firewall… more »

How has it helped my organization?

It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.

What needs improvement?

* The SSL VPN portal could be better. * The ASAs support both IPSEC as an SSL VPN. * For IPSEC you need a Cisco VPN client. * You can only have two SSL VPN sessions. * For… more »

What's my experience with pricing, setup cost, and licensing?

You have to negotiate well.

Which solution did I use previously and why did I switch?

We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.

What other advice do I have?

You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.

Which other solutions did I evaluate?

We did not evaluate any alternative options for stateful firewalling.
Vendor
Project Manager with 11-50 employees
Jun 25 2017

What is most valuable?

It is very robust, trustworthy and highly customizable.

How has it helped my organization?

Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.

What needs improvement?

It could have more functions for load balance on the internet.

What's my experience with pricing, setup cost, and licensing?

It is a bit more expensive than other solutions, but offers more customization and security than other solutions.

Which solution did I use previously and why did I switch?

I implement solutions on several clients, Redneet is a technology integration company and I prefer Cisco ASA for my security solutions.

What other advice do I have?

Use the best practice guides and online documentation. Cisco has more information online free that any other brand, so use it!!!

Which other solutions did I evaluate?

We evaluated Fortinet, Sophos, Palo Alto.
Kiarash Barzoodeh
Real User
Senior Network Designer at ODI
Jun 25 2017

What is most valuable?

The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in… more »

How has it helped my organization?

You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication: * Users login just one time *… more »

What needs improvement?

After Firepower V6.1, Cisco added bandwidth shaping on the FTD product. This feature is a little bit weak. You cannot have customized shaping in different projects.

What's my experience with pricing, setup cost, and licensing?

The base license is delivered with the device. This license includes IPS and user authentication. You should buy a license for an IPS update. You should also buy another license for AMP and URL… more »

What other advice do I have?

This product is very usable when you need integrity in your network. This product is very functional when you use a Cisco Identity Services engine.

Which other solutions did I evaluate?

I evaluated many products, such as CheckPoint, Palo Alto, Fortinet Firewall, Sophos, and Cyberoam Firewall.
Vendor
Corporate Information Security Officer
Jun 25 2017

What is most valuable?

It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

How has it helped my organization?

It has secured our DMZ.

What needs improvement?

I would like to see the following made easier: * Objects * Removing objects * Correlating access rules and AnyConnect ACLs Sometimes we suffer from older versions, such as objects, object groups, and… more »

What's my experience with pricing, setup cost, and licensing?

We bought the solution, so there were no real recurring costs at that time.

Which solution did I use previously and why did I switch?

We used Cisco PIX.

Which other solutions did I evaluate?

We didn't evaluate any alternative products.
Rizwan Siddiqi
Reseller
Network Security Consultant at a tech services company with 51-200 employees
Jun 21 2017

What is most valuable?

Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling… more »

How has it helped my organization?

It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch… more »

What needs improvement?

Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

What's my experience with pricing, setup cost, and licensing?

Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

Which solution did I use previously and why did I switch?

Cisco ASA firewall is most reliable to protect the network, therefore I switched.

What other advice do I have?

No.

Which other solutions did I evaluate?

Yes, Fortinet and Palo Alto.
Ed Dallal
Consultant
Founder, CEO, & President at Krystal Sekurity
Jun 21 2017

What do you think of Cisco ASA Firewall?

What is most valuable?

Provides advanced malware capabilities.

How has it helped my organization?

Simplified the complexity of our security architecture.

What needs improvement?

Integration of advanced malware services with the firewall through Firepower services.

For how long have I used the solution?

We have been using this solution for six months.

What was my experience with deployment of the solution?

There were no issues with deployment.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

Customer Service: I would give customer service a rating of 10/10. Technical Support: I…
Consultant
Principal Network Engineer at a tech services company with 51-200 employees
Jun 21 2017

What is most valuable?

I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI… more »

How has it helped my organization?

It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

What needs improvement?

People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's… more »

What's my experience with pricing, setup cost, and licensing?

Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security… more »

What other advice do I have?

I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

Which other solutions did I evaluate?

In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.
Vendor
Security Engineer at a healthcare company with 1,001-5,000 employees
Mar 31 2017

What is most valuable?

I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and… more »

How has it helped my organization?

This product has made visible some areas that were previously hidden.

What needs improvement?

There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those… more »

What's my experience with pricing, setup cost, and licensing?

We purchased licenses for our High Availability (HA) devices as well but they were not really needed.

Which solution did I use previously and why did I switch?

We did not use a previous solution. FireMon was implemented as part of a security mandate and we chose this product over its competitors.

What other advice do I have?

To make sure they have the cooperation of the networking team that supports the firewalls. It has been difficult for us to get the tool working to its full potential… more »

Which other solutions did I evaluate?

I was not the researcher and decision maker. I inherited the tool.
Vendor
Manager of Engineering with 1,001-5,000 employees
Sep 12 2016

What is most valuable?

Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a… more »

How has it helped my organization?

Cisco is a huge name in the networking world. Having a solution that includes their firewall technology adds value from an operability and support perspective. Cisco… more »

What needs improvement?

When running multiple firewalls in your network, you need someone to manage them from a central point. Cisco’s answer is Cisco Security Manager (CSM). Unfortunately, this… more »

What's my experience with pricing, setup cost, and licensing?

Work very closely with your channel partners to verify you have all the licensing you need (VPN, Firepower, etc.). Pricing is always a challenge. Buy closer to Cisco's EOY… more »

Which solution did I use previously and why did I switch?

I previously used Check Point. Check Point relied on a thick, Windows-based client and, at the time, did not support transparent contexts. However, Check Point has a solid… more »

What other advice do I have?

Read the Cisco Validated Designs (CVDs) regarding ASAs. Find some decent blogs, discuss topologies and scenarios with a seasoned engineer, and get your final design… more »

Which other solutions did I evaluate?

Before choosing this product, I also evaluated Palo Alto. I really liked their firewall platform, their Panorama management platform, and wildfire technology. Their SSL… more »
Marcelo Zamorano
Real User
Middle-Tier Admin Integrator at a tech services company with 51-200 employees
Aug 22 2016

What do you think of Cisco ASA Firewall?

What is most valuable?

Robustness

How has it helped my organization?

Reliability

What needs improvement?

No idea -- I learn a lot from them

For how long have I used the solution?

From 2000 until 2014

What was my experience with deployment of the solution?

Learning at the beginning

What do I think about the stability of the solution?

Nope -- If well planed you should be alright

What do I think about the scalability of the solution?

Price maybe...

How are customer service and technical support?

Customer Service: Excellent Technical Support: Excellent

Which solution did I use previously and why did I switch?

Not reliable for long term -- seem inferior quality

How was the initial setup?

Depends on the product and the knowledge. Cisco firewalls can be…
Consultant
I.T. Security/Projects Specialist at a tech services company with 501-1,000 employees
Feb 16 2016

What do you think of Cisco ASA Firewall?

What is most valuable?

Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.

How has it helped my organization?

It has taken the pressure off of the IS engineer.

What needs improvement?

URL AVC Advanced malware protection

For how long have I used the solution?

We've used it for two years.

What was my experience with deployment of the solution?

There was an issue, but it was rectified promptly after troubleshooting the device's configuration.

What do I think about the stability of the solution?

There were no issues with the scalability.

What do I think about the scalability of the solution?

We've not had any issues scaling yet.

How are customer service and technical support?

Customer…
Consultant
Senior Technical Consultant - Network and Security at a tech services company with 51-200 employees
Nov 23 2015

What do you think of Cisco ASA Firewall?

Valuable Features

It provides our company with security and protection on all our devices. It's highly available.

Improvements to My Organization

We're able to implement best security practices to secure our company data.

Use of Solution

We've used it for over seven years.

Deployment Issues

We had some issues during deployment.

Stability Issues

No issues encountered.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service: Customer service is excellent. Technical Support: Technical support is excellent.

Initial Setup

It was a little complex, but not so much that we couldn't figure it out.

Implementation Team

I was the implementor for a client.

ROI

It's excellent.

Other Solutions Considered

Depends on the…
Vendor
System and Network Administrator at a hospitality company with 501-1,000 employees
Nov 16 2015

What is most valuable?

It gives us the ability to do lan-to-lan VPN.

How has it helped my organization?

So far it has proven to be rock solid and relatively easy to maintain.

What needs improvement?

* Support for automation tools (Puppet) * More granular logging

What's my experience with pricing, setup cost, and licensing?

Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

Which solution did I use previously and why did I switch?

We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing… more »

What other advice do I have?

I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good… more »

Which other solutions did I evaluate?

No options were evaluated. We heavily rely on Cisco hardware for our infrastructure
Real User
IT Security Engineer at a financial services firm with 501-1,000 employees
Sep 04 2015

What is most valuable?

Cisco ASA's CLI is very effective and fast to configure the firewall and make changes, but monitoring logs and connections can be eye bothering by reading all the line outputs. ASDM, however, have improved the overall ASA configuration from an GUI standpoint. I really enjoy the log monitor where I can see live logs in a more user friendly interface. The down side of ASDM is that it is build with… more »

How has it helped my organization?

The packet tracer function, which I use the most, have provided me a packet flow through the firewall and see which rule or policy can cause a drop. Also, I can see if my NAT statement is working properly. This has allowed me to quickly troubleshoot potential firewall related issues for my organization.

What needs improvement?

L7 firewall is a key for the ASA to be competitive in the current and future market place. By integrating with SourceFire, now call FirePower, on the ASA has helped it to get into the next-generation firewall segment.
Rizwan Siddiqi
Reseller
Network Security Consultant at a tech services company with 51-200 employees
Aug 23 2015

What is most valuable?

It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest… more »

How has it helped my organization?

It blocked all kinds of internet attacks from outside like DOS or DDOS and avoided any down time. We created a remote tunnel from head office to data center network for easy access of servers that… more »

What needs improvement?

It would be great if they would add web filtering functionality to this product.

What's my experience with pricing, setup cost, and licensing?

It is one time cost of about $10,000 and there is no day to day cost.

What other advice do I have?

Cisco ASA is a reliable product and it benefits you a lot in your network.

Which other solutions did I evaluate?

Yes, I evaluated Fortigate, SonicWall and Juniper but found Cisco ASA to be the best solution for us above all of the others.
Vendor
System/Network administrator at a computer software company with 501-1,000 employees
Aug 18 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

It's a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM.

How has it helped my organization?

Easy to setup VPNs Firewall ACL Easy to modify Easy to perform maintenance

What needs improvement?

The ADSM is incompatible with different versions of Java.

For how long have I used the solution?

I've used it for six years.

What do I think about the stability of the solution?

I have issues with some versions of Java and ASDM.

How are customer service and technical support?

Customer Service: It's high. Technical Support: It's high.

Which solution did I use previously and why did I switch?

I used a Cisco 881 router as a firewall and VPN solution. ASA allows conformity and various amounts of…
Consultant
Senior Presales Engineer at a tech services company with 501-1,000 employees
Jul 20 2015

What is most valuable?

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility) NGIPS: Application visibility, file policies (store files), network discovery, correlation features

What needs improvement?

SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL. Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be… more »

Which solution did I use previously and why did I switch?

No
Vendor
Business Development Director with 51-200 employees
Jun 30 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

The fact that it's a full inspection firewall.

How has it helped my organization?

In fact there is no relevant improvement, but this is the kind of device that every company must have.

What needs improvement?

Recognition of appliances UTM features

For how long have I used the solution?

I've used it for five years.

What was my experience with deployment of the solution?

It was mainly issues regarding the management and VPN setup.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: 8/10. Technical Support: 8/10.

Which solution did I use previously and why did I switch?

Consultant
Technolgy Analyst/Lead at a tech services company with 10,001+ employees
Jun 30 2015

What is most valuable?

* Site-to-site IPsec VPN * Remote IPsec VPN * Reverse route injection

How has it helped my organization?

Cisco Context gave us the feature of creating a virtual firewall, which is good. It provides us with maximum network isolation. Also impressive is the ISP redundancy.

What needs improvement?

WCCP, and URLs, in the Cisco ASA Context both need work. When changing from single mode to multiple mode or back, the commands must be done from the command line (CLI) and cannot be done via the ASDM GUI interface. ASA context should be… more »

Which solution did I use previously and why did I switch?

I have migrated some set-ups from Cisco to Juniper, but not from Juniper to Cisco.

What other advice do I have?

If it is for a banking domain, your organisation should use Cisco which can assure better security than any other vendors' products. Also, they have the best documentation, reliability and support.
Vendor
Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer with 1,001-5,000 employees
May 29 2015

What is most valuable?

* Firewall mode * AnyConnect gateway * Client-less SSL VPN

How has it helped my organization?

The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single… more »

What needs improvement?

The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations.

Which solution did I use previously and why did I switch?

Checkpoint Firewalls - the primary reason we switched was cost and limited support options.

What other advice do I have?

The product line offers tremendous capability. Please look into all of the solutions it can provide for you to maximize your investment.

Which other solutions did I evaluate?

* Watchguard * Sonicwall * Checkpoint
Vendor
Constructor of the computer systems at a security firm with 51-200 employees
May 29 2015

What is most valuable?

* Reliability * Security * Flexibility * Functionality * Availability - controllability anywhere and with different methods

How has it helped my organization?

I can tell that when we have started using the Cisco AnyConnect for remote access to business apps it makes the work for remote staff much simpler. It's also easier to… more »

What needs improvement?

The ASA is an almost perfect device.

What's my experience with pricing, setup cost, and licensing?

Cisco ASA 5512-X was bought for $3,000, and a further $1,000 was needed for installation and pre-configuration.

Which solution did I use previously and why did I switch?

We use MySQL and Nagios devices alongside the ASA as our network infrastructure needs expanding and required more serious hardware solutions.

What other advice do I have?

As a rule, any device upon delivery is obsolete. Pick up the solution for your business, based on your specific needs.

Which other solutions did I evaluate?

* Fortinet * Juniper
Consultant
Cisco Systems Engineer at a tech services company with 1,001-5,000 employees
May 27 2015

What is most valuable?

* Network firewall * FirePOWER services (URL filtering, IPS)

How has it helped my organization?

With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never… more »

What needs improvement?

The FirePOWER defense system has no integration with the firewall management of the ASA, I mean you can’t create ACLS, rules, VPNS NAT, and so on. All of this has to be done with the ASDM which, from my point of view, is very complex if you… more »

Which solution did I use previously and why did I switch?

We previously used Microsoft ISA and switched because it's no longer supported.

What other advice do I have?

If you are using Cisco, then you will be very familiar with the product, and maybe you won't encounter any problems at all. However, if Cisco is a new solution, you should ask for a demo to see the interface of the ASDM and the defense… more »
Consultant
Network Security Engineer at a tech services company with 1,001-5,000 employees
May 25 2015

What is most valuable?

VPN - Both site to site (IPsec) and remote access (IPsec and SSL).

How has it helped my organization?

Through the use of VPNs, we were able to connect our branches together through the internet without the any additional cost.

What needs improvement?

* Throughput * Price

Which solution did I use previously and why did I switch?

Mainly switching from the old Cisco PIX to a new Cisco ASA. The reason for switching is to get a higher throughput, and due to the fact the that the Cisco PIX went EoL.

What other advice do I have?

I have worked on the best firewalls in the market, and Cisco ASA is one of the best. The below screenshots are taken from a demo of ASDM.

Which other solutions did I evaluate?

Yes, and we chose Cisco ASA mainly due to the fact that they have a very good, reliable and very responsive technical customer support.
Consultant
Network Consultant at a tech services company with 51-200 employees
May 25 2015

What is most valuable?

With the ASA there are multiple products depending on your needs based on the two generations of the ASA. Roughly split-up there are 4 products. * 5500 Series basic/standard firewall - This I would rate as 7/10 due to the fact that it's… more »

How has it helped my organization?

For many of my customers, the SourceFIRE solution has been an eye opener of exactly what their users are generating of traffic. Some customers, after reviewing the traffic application usage reports are astounded by the amount of traffic… more »

What needs improvement?

Definitely the throughput could use an upgrade when running the SourceFIRE/AMP with the ASA. Also, it could use better troubleshooting capabilities. You are, most of the time, bound to have access to TAC for troubleshooting advanced… more »

Which solution did I use previously and why did I switch?

Mainly customers switch from other vendor because of VPN features, ease-of-management, and good consultant/partner relationship.

What other advice do I have?

Make sure you get the right product/license to do the job you need done. If you are in doubt ask a consultant or a Cisco Partner. I have seen cases where a firewall wasn't the right hardware for the job and you can't just switch off the… more »
Vendor
Network Security Administrator at a tech company with 5,001-10,000 employees
May 21 2015

What is most valuable?

* Modular scalability * High availability * VPN services

How has it helped my organization?

It provided more secure access to the resources of my organization and created a more stable environment for the business activities between us and our partners.

What needs improvement?

Security through integrated cloud and software based services.

Which solution did I use previously and why did I switch?

I previously used a Fortinet solution. I switched to Cisco because Fortinet lacked stability and robust troubleshooting features.

What other advice do I have?

You should try it without restraints, and it is worth every penny.

Which other solutions did I evaluate?

I also evaluated Juniper and CheckPoint solutions.
Real User
Senior Network and Security Engineer at a tech services company with 51-200 employees
May 20 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.

For how long have I used the solution?

I've used the devices for over 10 years.

What was my experience with deployment of the solution?

I have never had an issue with my deployments.

What do I think about the stability of the solution?

One of the best things about ASA's is that they are very stable.

What do I think about the scalability of the solution?

With ASA, you can scale to the largest deplyments. As an example, I have installed an ASA in an…
Consultant
Security Engineer at a tech services company with 501-1,000 employees
May 20 2015

What do you think of Cisco ASA Firewall?

Valuable Features

Firewall VPN FirePOWER mobile

Room for Improvement

They should make the ASA accessible via the web instead of ASDM. Also, a big improvement is needed on the transparent mode.

Use of Solution

I've used it for over six months.

Deployment Issues

There were some issues.

Stability Issues

There have been some issues with Java.

Scalability Issues

There were some issues.

Customer Service and Technical Support

Customer Service: 8/10. Technical Support: 8/10.

Initial Setup

It was straightforward.

Other Advice

Make sure to plan your network carefully.
Vendor
Network System Engineer with 51-200 employees
May 20 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

The filter with NAT mode is valuable.

How has it helped my organization?

Not really, as we are a subcontractor we install and configure it for other companies.

What needs improvement?

Speed of execution and security options needs to be improved.

For how long have I used the solution?

I've used the devices for, more or less, one year.

What was my experience with deployment of the solution?

No issues so far.

What do I think about the stability of the solution?

No issues so far.

What do I think about the scalability of the solution?

No issues so far.

How are customer service and technical support?

Customer Service: 3.5/5. Technical Support: 3/5.

Which solution did I use previously and why did I switch?

Yes we did, but we switched due…
Consultant
Network, Unix and Security Engineer at a tech services company with 501-1,000 employees
May 19 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

NAT IPSec ACL

How has it helped my organization?

It solved an IPSec issue we had with a customer. We have moved from Linux IPSec to Cisco.

What needs improvement?

Routing It needs GRE supports Application visibility Context

For how long have I used the solution?

I have used Cisco ASA products since 2010.

What was my experience with deployment of the solution?

No, it's very easy to deploy.

What do I think about the stability of the solution?

With versions 8.4.4 and version 8.4.6, they had a lot of bugs. Also, after I moved to 8.4.5, route lookup changed to NAT divert and that kicked me.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: No…
NwkSysAdmin564
Real User
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
May 19 2015

What is most valuable?

The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our… more »

How has it helped my organization?

This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and… more »

What needs improvement?

Cisco ASA lacks some functionalities, when compared with other vendors’ products. Cisco need to implement some more functionalities, like client-less VPN (HTML5), but I… more »

What's my experience with pricing, setup cost, and licensing?

The cost of the setup was only the product price, local vendor support for the implementation, and employee training. This product is set it and forget it, so we do not… more »

Which solution did I use previously and why did I switch?

We implemented ASA after a complete redesign of our network, and we believe that Cisco ASA is the right solution for our needs.

What other advice do I have?

Unfortunately, the ASA 5500 is EoS and EoL, and I hope that Cisco’s NGF 5500-X series will be a worthy successor. This does not mean that Cisco will stop software support… more »

Which other solutions did I evaluate?

We did not evaluate other products. One reason was that we believe that the ASA is a reliable product and fits our needs. Another reason, was the lack of local support for… more »
Vendor
Network Security Engineer at a manufacturing company with 10,001+ employees
May 18 2015

What is most valuable?

It has very advanced security features including FirePOWER threat management, which is the most valuable, but also URL filtering, FireSIGHT, and advanced malware protection.

What needs improvement?

The cost of this product should be reconsidered.

Which solution did I use previously and why did I switch?

Yes, I used a normal model of Cisco ASA and found it a very successful experience. Therefore we have it to a more advanced ASA box for improved, and more advanced, security management.

What other advice do I have?

I would suggest implementing this product ascand has advanced security features.

Which other solutions did I evaluate?

Evaluation is mandatory in IT, and we have found this device has better features and reliability when compared to other products.
Consultant
Sr. Network Engineer at a tech services company with 10,001+ employees
May 14 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

Stateful inspection CLI of the firewall

How has it helped my organization?

It has increased the security and works best for VPN users.

What needs improvement?

The product has been introduced with UTM i.e. FirePower, and I would like to use it and comment on it.

For how long have I used the solution?

I've used it for three years.

What was my experience with deployment of the solution?

Encountered IOS related bugs in later versions.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: 10/10. Technical Support: It depends on the support contract that you have.

Which

Consultant
Network Security Engineer at a tech services company with 51-200 employees
May 13 2015

What is most valuable?

* Scalability * Debugging messages * Context modes

How has it helped my organization?

Context modes as this means there is no need to buy additional firewall for different customers.

What needs improvement?

IPS, IDS, anti-virus etc. should be added to IOS instead of separate cards.

What's my experience with pricing, setup cost, and licensing?

It is £2,000 to set up, and the running costs, depend on the customers' issue(s) or tickets raised.

What other advice do I have?

Its a nice professional product with lots of scalability. Easy to troubleshoot and there is tool called PACKET TRACER which simulates the packet and it will tell you whether a packet is allowed… more »

Which other solutions did I evaluate?

* Juniper * FortiGate
Simon Chaba
Real User
ICT Manager at a aerospace/defense firm
May 11 2015

What is most valuable?

* VPN * ASDM configuration For FirePOWER: * IPS * AMP * URL filtering

How has it helped my organization?

It's pretty easy to connect between different branches using site to site VPN.

What needs improvement?

Cost, it's very expensive. To migrate from a Cisco ASA 5550 and not drop in performance, you have to go to a Cisco ASA 5555-X with FirePOWER. To fully use the Cisco… more »

What's my experience with pricing, setup cost, and licensing?

The initial investment on the Cisco ASAs was around one million South African Rand and there's a R200,000 annual maintenance cost with Cisco's partners.

Which solution did I use previously and why did I switch?

We previously used Checkpoint, and I switched because Checkpoint was expensive but now it looks like Cisco is following the same route.

What other advice do I have?

Budget a lot of money, especially on the initial setup and the annual licensing and maintenance cost.

Which other solutions did I evaluate?

No. I went straight to Cisco because of my experience with their CUCM IPT solutions, routers and switches.
Vendor
Chief Technical Officer at a comms service provider with 501-1,000 employees
May 10 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

Content filtering VPN features User interface is also very friendly

How has it helped my organization?

Users can VPN into the network from remote locations. It has given us a very robust and well firewalled LAN, that we use for authentication as well for our core network infrastructure.

For how long have I used the solution?

I've used it for seven years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

It's a very stable product.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: It's good. Technical Support: It's good.

Which solution did I use previously and

Vendor
Senior Network Architect/Owner with 51-200 employees
Apr 19 2015

What is most valuable?

The features that we use are: * The stateful firewall * VPN with AnyConnect * Site-to-site IPSEC solutions * High availability

How has it helped my organization?

The ASA gives us a secure appliance at the perimeter and allows us to provide VPN connectivity to our users. We have the ability to control our VPN users as well as use two-factor authentication if needed (using an outside Radius source).

What needs improvement?

The ASA has room for improvement in the areas of layers four through seven. I would love to see application specific control, e.g.Facebook, Gmail, etc.
Chris Gurley
Vendor
Federal Civ/Intel Engineering Lead at a tech vendor with 1,001-5,000 employees
Apr 09 2015

What do you think of Cisco ASA Firewall?

I started to title this a "Review" of the Cisco ASA with FirePOWER, but my objective is to highlight a few limitations of the integrated solution so that potential customers understand the product. It may turn out to be a review after all, but that's the focus. Let's set some product context. Cisco completed its acquisition of Sourcefire on October 7, 2013, and its initial integration into the Cisco Security family on November 10, 2014. That makes this union very fresh--think of Cisco FirePOWER as newlyweds. They're starting to share the same roof, but carry a lot of individuality and his/her domain around with them. Next, let's zoom in on the word, "Services", or as you may see elsewhere, "Module". Sourcefire makes a number of standalone, independent intrusion prevention system…
Consultant
Cloud Engineer at a tech services company with 1,001-5,000 employees
Mar 31 2015

What is most valuable?

The ease of use and ease of deployment were the most important features. As a signature based appliance, SourceFire hits it on the head at detection and capturing traffic… more »

How has it helped my organization?

Being able to detect intrusions is very valuable, and this can be anything from reconnaissance attacks to malware beaconing from inside our network.

What needs improvement?

Being able to incorporate third party rules as the SourceFire rules often lag behind current threats. When the latest zero day or other threats hit the market and are high… more »

What's my experience with pricing, setup cost, and licensing?

The original setup cost was very high, not sure of the exact numbers because this product was purchased prior to me joining, but it was expensive Tack on the recurring… more »

Which solution did I use previously and why did I switch?

No previous solution was used.

What other advice do I have?

The same level of protection can be had at a much lower cost! Look at rolling your own with commodity hardware, Suricata (Or SNORT if you choose, but look at the… more »

Which other solutions did I evaluate?

Other IDS/IPS products were looked at.
Consultant
Consulting Engineer at a tech services company with 5,001-10,000 employees
Mar 31 2015

What is most valuable?

I'm most impressed with the visibility and control SourceFire solutions provide in to the types of traffic flowing in and out of an environment. It makes the discovery of applications and classification of user traffic simple, which in turn… more »

How has it helped my organization?

I've worked with customers that have dealt with malware issues in the past and preventing its spread laterally within the environment has always been a concern. With SourceFire, we've been able to detect malicious files and stop them at the… more »

What needs improvement?

The overall product line is sound, but I'd like to see a roadmap for SSL decryption as part of the ASA with FirePOWER solution.

Which solution did I use previously and why did I switch?

I've used Palo Alto's FW/IPS offerings and Cisco's older IPS platform on the ASA. Usually, I don't decide what organizations purchase, but I am impressed with SourceFire's capabilities over the latter.

What other advice do I have?

Do research in to the types of offerings out there and make a determination of what may be the best fit for your organizations requirements and future security goals.
Consultant
Senior Network Engineer at a tech services company with 1,001-5,000 employees
Mar 28 2015

What do you think of Cisco ASA Firewall?

Valuable Features

The ASDM has significantly improved over the years. Real-time logging and filtering is useful. Firewall rules are easy to understand, and enable/disable.

Room for Improvement

Change from Java for ASDM to HTML5. Better options to enable/disable site-to-site VPN tunnels.

Use of Solution

8 years

Deployment Issues

The new NAT configuration is difficult to understand especially for people familiar with the pre v8.3 code.

Customer Service and Technical Support

Customer Service: Cisco TAC is good. They will set up a remote viewing session so they can work on the firewall as if they are sitting next to you. Technical Support: Typically fast and useful.

Implementation Team

In-house team.
Vendor
Senior Network Engineer at a aerospace/defense firm with 51-200 employees
Mar 24 2015

What do you think of Cisco ASA Firewall?

What is most valuable?

The multi-context mode.

How has it helped my organization?

Being able to use the multi-context on the firewall to keep costs down.

What needs improvement?

No improvement needed.

For how long have I used the solution?

I've used it for four years.

What was my experience with deployment of the solution?

Yes but I was able to get the support that was needed to resolve any issues.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: 9/10. Technical Support: 8/10.

Which solution did I use previously and why did I switch?

Yes and we switched because we needed a fully…
Consultant
Network Consultant at a tech consulting company with 51-200 employees
Mar 24 2015

What is most valuable?

The most valuable features are the IPS and Botnet software modules. These security features, working in tandem, truly provide a peace-of-mind against all levels of… more »

How has it helped my organization?

Since the 5512-x is software license based, there is no need to purchase additional hardware to enable much needed features.

What needs improvement?

Since most features are license based and some licenses are time-based, there should be a way for the device to alert via SNMP that licenses are about to expire. Also, I… more »

What's my experience with pricing, setup cost, and licensing?

The original setup cost of the SA520W was approx. US$500. The setup for the 5512-x was approx. US$3000. For the 5512-x, additional costs were endured for the IPS and… more »

Which solution did I use previously and why did I switch?

The previous firewall was a Cisco SA520W. This device was great as it was a firewall, IPS and WLC all in one. I switched due to this device being EOL/EOS. Also, the main… more »

What other advice do I have?

The next-gen firewalls are a great solution. Be aware of the additional hardware costs (120GB SSD) that are needed to implement some features like the CX module. Also, if… more »

Which other solutions did I evaluate?

I was considering going to the ISA550W (the replacement for the SA520W) or a 5505. I ultimately went with the 5512-x due to its speed and software licensing model.
Consultant
Security Consultant at Webernetz.net - Network Security Consulting
Mar 11 2015

What do you think of Cisco ASA Firewall?

Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning the management options: How to add and rename objects. How to update a device. How to find log entries. Etc. Cisco ASA Fast Management Suite: The ASDM GUI is really fast. You do not have to wait for the next window if you click on a certain button. It simply appears directly. On the Palo, each entry to add, e.g., an application inside a security rule, takes a few seconds. Better “Preview CLI Commands”: I am always checking the CLI commands before I send them to the firewall. On the Cisco…
Consultant
Senior Network Engineer at a tech services company with 501-1,000 employees
Sep 04 2014

What do you think of Cisco ASA Firewall?

Valuable Features

Anyconnect VPN

Improvements to My Organization

The features are quite powerful, easy to set-up and for ease of use end user too is excellent. Moreover, this has been quite stable since the day we installed them.

Use of Solution

More than 5 years

Deployment Issues

No

Stability Issues

No

Scalability Issues

No

Customer Service and Technical Support

Customer Service: Very GoodTechnical Support: Excellent

Initial Setup

Yes, the document repository is pretty robust and easy to understand.

Implementation Team

In-house

Other Solutions Considered

Yes, Checkpoint & Juniper
sandeep
Real User
Senior Manager of Network at a tech company with 1,001-5,000 employees
Aug 06 2013

What do you think of Cisco ASA Firewall?

Cisco ASA 5505 overview Selecting a new fire wall is matter of individual requirements and preferences. For small office it is economical to have a single device having small switch and firewall capability. Cisco ASA 5505 is perfectly suitable for small office as it has 8 port connecting end device switch and two of which have PoE capability for connecting cisco ip phones or external wireless access point. Has a expansion slot for connecting IPS (Intrusion prevention System). Additional IPS card (AIP SSC-5), IPS protects form virus, worms Trojans, DDoS attacks. This all features makes it a truly multipurpose firewall for small office. Pros: 1) Is small in size and light in weight, requires less space suitable for small office. 2) Has integrated 8 port Switch so no need to purchase…
Vendor
Network Manager at a insurance company with 1,001-5,000 employees
May 06 2013

What is most valuable?

1. I have found tje Cisco ASA to be less expensive than Check Point firewalls. 2. It is smaller in size than Check Point firewall. 3. It is easy to operate and manage with both GUI and Command Line

What needs improvement?

1. When I integrate Cisco ASA with Cisco IPS it creates lots of problem such as an increase in CPU utilization - as a result I have to stop the IPS service. 2. Cisco ASA does not provide a flash card for free so I cannot back up the firewall configuration for disaster recovery.

What other advice do I have?

In my opinion it is a nice firewall product at a low price and good value for medium and large enterprises.
Vendor
Manager of Infrastructure at a manufacturing company with 51-200 employees
May 05 2013

What is most valuable?

We choose Cisco ASA 5500 Series for our branch office primarily because it is a stable firewall. Many home and even business grade firewalls will often start acting up and have to be rebooted, but the ASA is completely rock-solid. ASA Firewall Chains STP and RST Protocol allows us to build redundant uplinks to STP compatible switches. It has 256 MB RAM and 128 MB of flash which is plenty for future upgrades. I personally like to have the multitude of VPN options such as - IPsec VPN, DMVPN, L2TP, SSL, Any Connect, etc. The IPsec VPN is supported on the iPhone, so it is cool to be able to access… more »

What needs improvement?

Extraordinary learning curve, especially if you do not have previous skill with Cisco PIX or routers. Even using the Java-based ASDM, it can take time to find your way. In addition, ASDM is not compatible with the latest version of Java (you will get an 'unconnected sockets' error). No support for DHCP reservations. I like to configure Servers and Printers this way, and cannot find any decent reason Cisco would not support it as they do on their routers and Layer 3 switches.
Vendor
Network Engineer at a university with 51-200 employees
Nov 28 2012

What is most valuable?

-Powerful firewall provides multiple contexts. -Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login. -Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM

What needs improvement?

-Latency and delay due to configuration and monitoring of multiple VLANS and traffic -Increases the delay as the firewall and IPS polices increase -We faced usually a problem with NATING

What other advice do I have?

Cisco delivers a powerful firewall -- it’s not just a firewall but also a modular device that can deliver IPS hosting and wireless LAN controller as well. It also provides site to site VPN and remote access VPN services.
Vendor
Infrastructure Expert at a tech company with 501-1,000 employees
Aug 30 2012

What is most valuable?

There are a lot of companies who create firewalls but there is not a single one which can compete with ASA. It can have access control from layer 3 to layer 7. The ASA 5510 is more than enough for small to medium business. It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA. You can use ASA to route traffic. AAA service supports plenty of Authentication server… more »

What needs improvement?

The 5505 does not support multiple mode. While running this device on multiple mode you cannot use dynamic routing protocols or multicast routing. Also the IPSEC and SSL VPNs are not supported while running in multiple mode. sometimes analysis might take too long while performing DPI in real-time traffic. The product is expensive. A 5580 series costs more than $50000.

What other advice do I have?

Its very difficult to write something about this product as it has so many options. I have studied 1000 pages about this product and most of the organizations use this firewall as it is the best in the world. I have never seen such a powerful device which can handle 2 million connections at 20Gbps speed. It can also inspect 4 million packets per second.

What is Cisco ASA Firewall?

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Also known as
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls
Cisco ASA Firewall customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.

BUYER'S GUIDE
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.