Cisco ASA Firewall Overview

Cisco ASA Firewall is the #3 ranked solution in our list of best firewalls. It is most often compared to Fortinet FortiGate: Cisco ASA Firewall vs Fortinet FortiGate

What is Cisco ASA Firewall?

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Cisco ASA Firewall is also known as Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv.

Cisco ASA Firewall Buyer's Guide

Download the Cisco ASA Firewall Buyer's Guide including reviews and more. Updated: January 2021

Cisco ASA Firewall Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.

Cisco ASA Firewall Video

Pricing Advice

What users are saying about Cisco ASA Firewall pricing:

"Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us."
"We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution."
"When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active."
"It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up."
"We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement."

Cisco ASA Firewall Reviews

MohammadRauf

Security Officer at a government

Nov 11, 2019

Download

Gives us visibility into potential outbreaks as well as malicious users trying to access the site

What is our primary use case?

We use them for perimeter defense and for VPN, and we also do web filtering. We're using ASAs at the moment. Going forward, we'll probably look at the FirePOWERs. We currently have anywhere from low end to the mid-range, starting with 5506s all the way up to 5555s. Everything is on-prem. We have a total of five different security tools in our organization. A couple of them complement each other so that's one of the reasons that we have so many, instead of just having one. For an organization like ours, it works out pretty well. We are a utility owned by a municipality, with a little over 200… more »

Pros and Cons

"For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world."

"We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out."

What other advice do I have?

The biggest lesson I've learned so far from using the next-gen firewall is that it has visibility up to Layer 7. Traditionally, it was IP or port, TCP or any protocol we were looking for. But now we can go all the way up to Layer 7, and make sure STTP traffic is not a bit torn. That was something that we did not have before on the up-to-Layer-3 firewall. Do your research, do your homework, so you know what you're looking for, what you're trying to protect, and how much you can manage. Use that to narrow down the devices out there. So far, in our environment, we haven't had any issues with the…

See Entire Cisco ASA Firewall Review (1866 Words) »

reviewer1357989

Cisco Security Specialist at a tech services company with 10,001+ employees

Jun 8, 2020

Download

Robust solution that integrates well with both Cisco products and products from other vendors

What is our primary use case?

The ASAs are a defense solution for companies. Many of them use the AnyConnect or the VPN licenses. They also use it to have a next-generation firewall and to be compliant with GDPR. The majority of our usage of the solution is on-prem or hybrid. The culture, here in Portugal — even knowing that the future is full cloud, in my opinion — is to only be on the way to full cloud.

Pros and Cons

"If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning."

"Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough."

What other advice do I have?

Cisco ASA is a very robust solution. It does its job and it has all the top features. If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning. It lacks when it comes to the configuration steps and the pain that that process is. You need to spend loads of time with it at setup. Overall, it does everything they say it does. It's a very good solution but don't only go with the ASA. Go for Cisco Umbrella and join them together. If you have…

See Entire Cisco ASA Firewall Review (1814 Words) »

Free Report: Cisco ASA Firewall Reviews and More

Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.

Download now

454,950 professionals have used our research since 2012.

JoelStech

Senior Network Engineer at Orvis Company, Inc

Oct 28, 2019

Download

Policy rulesets are key, and upgrades are relatively seamless in terms of packet loss

What is our primary use case?

We use them to block or allow traffic out to the internet and to control a handful of DMZs. Overall, they're for access control. We do IPS and IDS as well. We have the FMC (FirePOWER Management Center) which manages the 4110s and we have 5516s and the ASA5545-Xs. It's an ASA running the Next Generation Firewall code. We're using all of the FMC with 6.4.04, so they're all running the Next Generation Firewall code. We deploy the software on-prem.

Pros and Cons

"The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall."

"Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help."

What other advice do I have?

The biggest lesson I've learned from using the ASAs is the fact that they can do a lot. It's just figuring out how to do it. We don't do a lot, although once in a while we will do something a little interesting. These things can do more than what we're using them for. It's just a matter of our trying to figure it out or getting with our Cisco rep to figure it out. My advice would be to have a good handle on your rules and, if you can, take the upgrades easily. We have desktop security, application security, and then we have Umbrella. We use five or six different tools for security, at least…

See Entire Cisco ASA Firewall Review (1718 Words) »

Othniel Atseh

Network Security Consultant at a consultancy with 1-10 employees

Jun 11, 2020

Download

URL filtering and easy integration with other Cisco products are key features for us

What is our primary use case?

The first time I deployed Cisco ASA was for one of our clients. This client had a Palo Alto firewall and he wanted to migrate. He bought an ASA 2505, and he wanted us to come in and deploy it and, after that, to put in high-availability. We deployed it and the high-availability means that in case one fails, there is a second one to take over. I have deployed Cisco ISE and, in the same environment, we had a Cisco FTD. In that environment, we were using the ASA for VPN, and we were using the FTD like an edge device. The ASA was deployed as VPN facilitator and for the wireless part too, so that… more »

Pros and Cons

"If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering."
"It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple."

"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."

What other advice do I have?

Cisco firewalls are not for kids. They are for people who understand security. Now I know why people with Cisco training are very good, because they train you to be competent. They train you to have ability. And when you have ability, their firewall becomes very easy to configure. When Cisco is teaching you, Cisco teaches you the concept. Cisco gives you a concept. They don't focus on how to configure the device. With Fortinet, for instance, Fortinet teaches you how to configure their device, without giving you the concepts. Cisco gives you the concepts about how the technology is working. And…

See Entire Cisco ASA Firewall Review (1423 Words) »

NSA0898776

Network & Security Administrator at Diamond Bank Plc

Apr 8, 2019

Download

Enables us to to track traffic in inbound and outbound patterns so we can set expectations for network traffic

What is our primary use case?

I am a banker. I'm working in the bank and our equipment is mostly based on Cisco for the moment. We have some incoming projects to deploy from Fortigate to firewalls. Cisco ASA is that something I used when I was preparing for my CCNP exams. I've been using it on the incoming project that we want to do right now. It is easy to deploy Cisco ISP solution in the bank I'm working in, i.e. Cisco Identity Services Engine. We're already used Cisco ISSO. I have three Cisco ASA modules: * Security for perimeters * Security for data centers * Data center recovery I have been using Cisco ASA since I've… more »

Pros and Cons

"I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference."

"The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used."

What other advice do I have?

Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency. I would rate Cisco ASA with an 8 out of 10 points.

See Entire Cisco ASA Firewall Review (1349 Words) »

Jonathan Muwanga

Head of Information Communication Technology at National Building Society

Jun 11, 2020

Download

Standard reports allow us to constantly monitor our environment and take corrective steps

What is our primary use case?

We use the Cisco firewall for a number of things. We've got VPN tunnels, IPsec tunnels. We also use it for basic network layer filtering for our internal service, because we have a number of services that we offer out to clients, so that is the first device that they come across when they get into the network. We have a network of six remote sites and we use proxy to go to the internet, and from the internet Cisco is the first line of defense. We have internet banking services that we offer to our clients, and that also makes use of the Cisco firewall as the first line of defense. And we've… more »

Pros and Cons

"The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks."

"If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges."

What other advice do I have?

My advice is "go for it," 100 percent. If ever I was told to implement a network, ASA would definitely be part and parcel of the solution. The biggest lesson we've learned from using the product is about the rapid growth of the product's offerings. In terms of the maturity of our organization's security implementation, I would like to believe that we are about midway. We still need to harden our security. We need to conduct penetration testing every two years and, resources permitting, maybe yearly. The guys out there who do cyber security crimes are becoming more and more advanced, so there…

See Entire Cisco ASA Firewall Review (1326 Words) »

EricHart

CEO at NPI Technology Management

Sep 29, 2020

Download

Great support and extremely stable with an excellent command-line interface

What is our primary use case?

We primarily use it for our clients. We have one or more at each client site - or multiple locations if they have multiple locations. Typically our clients are up to about 500 users. Most of them are smaller than that, but they go as large as 500. They're using the solution for the full next-gen firewall stacks - intrusion protection, URL filtering, advanced malware protection, or so-called AMP. Those are the three subscription services that Cisco sells. All of our clients have those subscription services enabled at their main location. Typically, they're just protecting users that are behind… more »

Pros and Cons

"Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."

"I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. Too much, if you don't know what you are looking for or trying to do."

What other advice do I have?

We're Cisco resellers. We're always on the latest version. I don't actually keep track of the version numbers myself, however, part of what the service that we provide for our clients is updating their firewalls to the latest version. We use multiple deployment models. We use both on-premises and cloud versions. They are also all different sizes, according to the requirements of the company. I'd advise other companies considering Cisco to be sure to factor in the cost of the ongoing security subscriptions and the ongoing SmartNet into the purchase price. Those things, over the years, represent…

See Entire Cisco ASA Firewall Review (1277 Words) »

Beka Gurushidze

System Administrator at ISET

Apr 10, 2019

Download

Robust cyber-security features protects server infrastructure

What is our primary use case?

I have been using the Cisco ASA NGFW for about four months. Everything works fine right now. We have only been using this device for a very short period of time. * We have about 500 registered users and about 400-600 static users. * For 400 to 600 users with wireless devices, we use Cisco ASA NGFW to control device traffic. We're using the new web filters. * We use Cisco ASA NGFW as the bit application. Thus far, we are using it as a web filter to filter the data against incoming traffic. We are an educational organization, so there is no gambling allowed. We don't want to allow students… more »

Pros and Cons

"Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization."

"There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products."

What other advice do I have?

In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem. I would rate Cisco ASA NGFW an 8 out of 10.

See Entire Cisco ASA Firewall Review (1219 Words) »

See 73 more Cisco ASA Firewall Reviews

Read archived reviews (2+ years old)

Product Categories

Firewalls