We just raised a $30M Series A: Read our story
EL
Technical Specialist, consultant at a computer software company with 10,001+ employees
Real User
Top 5
Good configuration and integration capabilities, secure, reliable, and scalable

Pros and Cons

  • "The configuration capabilities and the integration with other tools are the most valuable features. I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure."
  • "It can probably provide a holistic view of different appliances because many customers do not have only one brand, besides the traditional SNMP protocols, to cover all their devices. There are some specific requirements in terms of configurations or actions that sometimes have to be done in a very manual way because of the different versions or brands in a customer's infrastructure. It could also have some additional analytics capabilities. It has some very interesting ways to monitor the traffic and identify false positives from the architecture and the environment. It would be good if there is a way to patch with some other industry-specific solutions and synchronize some of the information, such as what other customers experience in their operations and probably share some additional information that could be leveraged or shared among the industry. Such information would be something interesting to see. It could have AI capabilities related to how the appliances could benefit from learning the current environment and different exposures."

What is our primary use case?

We are an IT integrator. We include parts of the infrastructure as part of our services, which includes firewalls, routers, switches, and even some end-user devices. We are deploying Cisco, Palo Alto, and Aruba. We are a very big company, and we have probably about 300,000 employees all over the world.

We use this solution for security and for enabling site-to-site VPN. We have on-premises and cloud deployments, and we are using the latest version of this solution. It is 5500 or something like that. 

What is most valuable?

The configuration capabilities and the integration with other tools are the most valuable features. 

I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.

What needs improvement?

It can probably provide a holistic view of different appliances because many customers do not have only one brand, besides the traditional SNMP protocols, to cover all their devices. There are some specific requirements in terms of configurations or actions that sometimes have to be done in a very manual way because of the different versions or brands in a customer's infrastructure.

It could also have some additional analytics capabilities. It has some very interesting ways to monitor the traffic and identify false positives from the architecture and the environment. It would be good if there is a way to patch with some other industry-specific solutions and synchronize some of the information, such as what other customers experience in their operations and probably share some additional information that could be leveraged or shared among the industry. Such information would be something interesting to see. It could have AI capabilities related to how the appliances could benefit from learning the current environment and different exposures.

For how long have I used the solution?

I have been using this solution since the beginning of this company, which would be more than 20 years.

What do I think about the stability of the solution?

It is stable and reliable.

What do I think about the scalability of the solution?

There is no real limit to the way they can scale. It is very easy to integrate additional firewalls or even nodes on appliances. Whenever needed, they are stackable. They are very flexible in that sense. Our clients are large businesses.

How are customer service and technical support?

The service that we have received from Cisco has been reliable, fast, and efficient. They are very good. As long as you have a contract, you can rely on them. You should also have a technical team certified or at least trained on the infrastructure to provide in-depth first-level help. 

Which solution did I use previously and why did I switch?

I have also used other solutions like Palo Alto. The capabilities are pretty much the same. It is just a matter of how they integrate with the overall landscape of the customers. Palo Alto seems to be the top end firewall these days, but the customers might have purchased Cisco in the past or have a DNA subscription using which they could probably take advantage of the security landscape that Cisco offers. It is more about what is the overall benefit rather than just the appliance.

What's my experience with pricing, setup cost, and licensing?

They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range.

What other advice do I have?

I would suggest to be sure that it smoothly integrates with the infrastructure that you have. Try to take advantage of the DNA subscription and the new monitoring features that it has. Be informed about what's new with this product.

I would rate Cisco ASA Firewall a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Hernan Trinco
Presales Engineer at a comms service provider with 51-200 employees
Real User
Top 20
Good remote access and clusters but the firewall is a bit dated

Pros and Cons

  • "The clusters in data centers are great."
  • "Some individuals find the setup and configuration challenging."

What is our primary use case?

In general, we support more public fiscal entities. Most of them are quite sizeable at 5,000-6,000 employees. We use it mostly for remote access.

What is most valuable?

The clusters in data centers are great.

We enjoy the use of the remote access VPN. We have a mechanical firewall with IPS and we have no more than these. In general, ASA is for remote access and the mechanical firewall right now is more used for data centers. 

We work to combine customers and we have a lot of customers that use networking from Cisco. They buy Cisco firewalls due to the fact that all of their networks are working with Cisco features.

What needs improvement?

It would be ideal if the solution offered a web application firewall.

We've had some issues with stability.

The solution has some scalability limitations.

The firewall itself has become a bit dated.

The pricing on the solution is a bit high.

Some individuals find the setup and configuration challenging.

For how long have I used the solution?

I've been using the solution for ten years or more. It's been at least a decade at this point.

What do I think about the stability of the solution?

Normally, we don't have any problems with stability. That said, when we have problems, it may be difficult to resolve quickly. The tech from Cisco is really good. However, we have some problems that take more time. Issues haven't come up very often. We've only had two or three problems over ten years that took a while to resolve. Largely, it's quite stable. 

What do I think about the scalability of the solution?

We typically work with large public organizations. Our customers are quite big. Some are even up to 8,000 employees.

My view is that the ASA is for data centers. When you need more performance or something like that, this may be a problem. This is due to the fact that we don't have the ability to add more performance - more CPU or more equipment - in our cluster when we deploy the solution in a perimeter. It's complicated to expand the performance with ASA on the perimeter.

How are customer service and technical support?

We have a good relationship with technical support. They're very helpful. Sometimes we get a solution and sometimes we don't, however, they are always available to help us deal with issues.

How was the initial setup?

I have been working with this equipment for years, so for me, the initial setup is pretty easy. For customers who use the Cisco solutions for the first time, maybe it's complicated. They probably feel it would be easier to configure if there was a simpler graphical view or something like that. Often a complaint is that it's difficult to configure. However, I don't have that issue.

To deploy one solution, how long it takes depends on the customer or the size of the enterprise. For a large enterprise or large public entity, we need more time or more resources to deploy the solution. That said, it's not too difficult for us as we work a lot of time with ASA. We can go fairly quickly.

What other advice do I have?

We support ASA 5508, 5585, and 5525 - all the versions of the firewall. Again, we built a HTAB machine too.

We've worked with Cisco for many years and I love working with them.

Right now, ASA is getting older. A better recommendation may be to use Firepower, a Next-Generation Firewall, no ASA. In cases for some remote VPN access, we recommend ASA, however, for all of the deployments, the recommendation now is to use a Next-Generation Firewall from Cisco Firepower. 

Overall, I would rate the solution at a seven out of ten. That said, for remote access alone, I'd rate the product at a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,148 professionals have used our research since 2012.
Ramish Ali
Assistant Director IT at Punjab Education Foundation
Real User
Top 20
Scalable and fast but the initial setup could be easier

Pros and Cons

  • "The product is quite robust and durable."
  • "The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."

What is our primary use case?

We primarily use the solution as a firewall for our data centers. We have a medium-sized data center right now. It's about six or seven servers. We actually store the data for students and schools and need to protect it.

What is most valuable?

Overall, the solution works very well.

The solution is quite fast. We found that the speed was good and the throughput was good.

The stability has been very good.

The solution can scale as necessary.

The product is quite robust and durable. 

What needs improvement?

The solution lacks the abilities of an FTD type which are the abilities we need, and they are not in the firewall. We're looking for a next-generation firewall instead.

The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI.

The solution needs to be easier to use. Right now, it's overly complicated. 

The initial setup is a bit complex. 

The cost of the solution is very high.

The product should add free URL filtering. It's another product, or part of another product, however, it should be available as part of this offering as well.

For how long have I used the solution?

I've been using this solution for about seven or eight years at this point. It's been a while. 

What do I think about the stability of the solution?

The stability is excellent and the performance is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

The product can scale nicely. If a company would like to expand it, it can do so. 

We have about 10,000 schools use the solution in general, and 1,000 to 2,000 that use it simultaneously daily. 

How are customer service and technical support?

I don't directly deal with technical support. Typically, that's something that others on the team deal with. We have our own team within the company that, if I run into issues, I would reach out to first. I can't speak to how helpful or responsive they are. I've never had a chance to contact them. 

Which solution did I use previously and why did I switch?

I have not used other firewalls.

How was the initial setup?

The initial setup is not easy or straightforward. It's a bit complex and a little difficult.

We have three engineers on staff. They are capable of handling any maintenance.  

What's my experience with pricing, setup cost, and licensing?

The solution is quite expensive. Fortinet and other competitors are about half the price. Cisco is very expensive in comparison. They need to work to be more competitive.

Which other solutions did I evaluate?

We're currently looking into a new firewall - something that is Next Generation. We don't know what it will be yet, however, we are considering Cisco, Fortinet, or Palo Alto.

It's my understanding that Fortinet is better in graphics and has a better user experience than Cisco, however, I haven't had a chance to test anything out.

What other advice do I have?

We're just a customer and an end-user. 

We no longer have an SLA for this solution. We're potentially looking for something new.

I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey.

In general, I would rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Manuel Briones
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
Top 5Leaderboard
Stable with great management of dynamic routing and good technical support

Pros and Cons

  • "The initial setup was not complex."
  • "Cisco is not cheap, however, it is worth investing in these technologies."

What is our primary use case?

One of the things that we have solved the most with this solution is the P2P connection that we have with different clients. It gives us greater connection security with good management of the configured rules. 

Likewise, it has made it easier for us to have this type of equipment under monitoring, and, since we have implemented them, we have not been presented with any performance problems in the equipment as they have not presented CPU or RAM saturation or that for some reason it fails without any cause. We all have them managed and monitored. We always receive an email notifying us if there's something that the equipment has detected as well.

How has it helped my organization?

The ASA firewalls have undoubtedly helped us to improve our infrastructure throughout the corporation and currently we have just over 50 firewalls - all of them in different parts of Mexico. 

This infrastructure has been improved since, in our corporation, we handle the dynamic EIGRP protocol, which Cisco owns, and this solution has given us a geo-redundancy in our company. In case of presenting a problem with a firewall or a link, it performs an immediate convergence where end-users do not detect a failure, helping us to maintain a 99.99% operational level at all times.

What is most valuable?

I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.

What needs improvement?

Today, ASA firewalls are leaving the market and are being replaced by firepower equipment - a technology with which I am not very familiar. However, in the training or research, I have done on this new product, I see that it has many additional tools such as centralization of the administration through a single team (in the case the firepower management). It is something that we do not have, yet we are already considering it since this type of technology will help us to have better management and better administration of the equipment through a single platform. The management of additional services with this new module will certainly help us to have the internet network much more secure with connections to the outside.

For how long have I used the solution?

I've used the solution for more than seven years.

What do I think about the stability of the solution?

The solution is great in terms of stability.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and support?

Technical support is great.

Which solution did I use previously and why did I switch?

We previously used Fortigate.

How was the initial setup?

The initial setup was not complex.

What about the implementation team?

We handled the implementation in-house. 

What was our ROI?

We've seen an 80% ROI.

What's my experience with pricing, setup cost, and licensing?

Cisco is not cheap, however, it is worth investing in these technologies.

Which other solutions did I evaluate?

We always evaluate various other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
KS
CEO & Co-Founder at a tech services company with 51-200 employees
Real User
Good configuration support but needs a few features and better pricing

Pros and Cons

  • "The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good."
  • "You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."

What is most valuable?

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

What needs improvement?

You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch.

In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future.

For how long have I used the solution?

I have been using this solution for the last one and a half years.

What do I think about the stability of the solution?

Stability-wise, it is pretty stable. It is probably not very feature-rich, but whatever features we are using, they are pretty stable.

What do I think about the scalability of the solution?

Scalability-wise, we did not have much problem because we have a single site. If we have two or more sites, and if we want to have a site-to-site VPN and more number of users, we are not sure about the scalability. We will have to go for an updated version of the new product line. 

We have close to 80 plus users. We anticipate a huge increase in the number of users and plan to increase the usage of Cisco ASA Firewall. We may have to open a new center in a different city, which will lead to more sites, users, and usage.

How are customer service and technical support?

Their support is good, but the cost of support is very high. Next year onwards, we may not go for technical support because most of the time, they only do the configuration, and the configuration-related information is pretty much available on the internet.

Which solution did I use previously and why did I switch?

Initially, we started with some open-source alternatives, like Opium, but eventually, we thought of moving towards a proven solution. We just did a study. We didn't put the open-source solution into production. One of our customers was basically suggesting us to go with this one, and we went for it. We did not get time to go through, study, and explore different options because we didn't have the bandwidth for testing the complete features of the open-source alternatives. Therefore, we thought of going for a commercial solution. A lot of alternatives are available right now for this solution.

How was the initial setup?

The initial setup was not too complicated. It was good. 

What about the implementation team?

We took the help of a reseller for the initial configuration. 

What's my experience with pricing, setup cost, and licensing?

The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.

What other advice do I have?

I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
DS
Network Consulting Engineer at a comms service provider with 201-500 employees
Real User
Top 20
Easy to configure, good VPN capabilities, and the antimalware features provide extra security

Pros and Cons

  • "The most important feature is the VPN connection."
  • "I would like to see the inclusion of a protocol that can be used to protect databases."

What is our primary use case?

We are a solution provider and the Cisco ASA Firewall is one of the security products that we implement for our customers. My clients use it for security, and also to establish VPN connections.

How has it helped my organization?

My client is in the financial sector and all of the connections are doing using the VPN. This type of access makes the connections more secure.

What is most valuable?

The most important feature is the VPN connection.

My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.

Cisco ASA is easy to configure.

The integration with the security features is something that I like.

What needs improvement?

The SecureX ASA administration platform should be improved.

The orchestration of modules should be improved.

I would like to see the inclusion of a protocol that can be used to protect databases. This would be a good feature to have added.

For how long have I used the solution?

We have been working with the Cisco ASA Firewall for approximately three years.

What do I think about the stability of the solution?

I have not had problems with stability, although I have had some small issues with bugs. In general, I can operate without a problem. 

What do I think about the scalability of the solution?

It is very easy to scale this product. With SMC, you can control all levels of ASA in a central console. You can simply add a new ASA firewall to protect your network, and you will be able to control it.

We have approximately 300 users.

My clients for this solution are medium-sized organizations.

How are customer service and technical support?

I have not been in contact with technical support but I use the implementation guide. I have also used the community support and I think that it's okay. The information that I received about the configuration was good.

Which solution did I use previously and why did I switch?

Prior to Cisco ASA, my client was using Fortinet FortiGate. They switched because there were complaints about the connection being slow.

How was the initial setup?

The complexity of the setup depends on the needs and requirements of the client.

When a client does not know exactly what is needed, the complexity increases because the configuration is not clear. You really have to have a good understanding of what the client needs before configuring it.

If the model does not have SMC then it is complex to configure.

The length of time for deployment also depends on the requirements, but it will usually take between three days and one week.

What's my experience with pricing, setup cost, and licensing?

This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment.

Which other solutions did I evaluate?

My clients did evaluate other options but ultimately chose this product. Other than the VPN connection, I don't know the reasons for this decision.

What other advice do I have?

I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Imad Awwad
Group IT Manager at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Behind in technology with lots of hidden costs

Pros and Cons

  • "Unfortunately in Cisco, only the hardware was good."
  • "In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline."

What is our primary use case?

The primary use case is to have full visibility over our Web & Application behavior on the local network and over the internet. On the other hand, reporting is one of the main needs so that we can monitor and evaluate our consumption and according to that, build up our policies and security.

How has it helped my organization?

Cisco NGFW had the needs that were required by us but unfortunately, was very primitive.

There was no added value and every feature requires license thus extra HIDDEN cost despite a large number of renewals. Paying that much compared to what other vendors can give is out of the negotiation. For this reason we dropped it.

What is most valuable?

Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints.

What needs improvement?

In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline. Nowadays IoT, Big Data, AI, Robotics, etc. are all evolving and shifting from automatic to intelligent. All brands that do not follow will be extinct.

For how long have I used the solution?

I have been using this solution for three years.

How are customer service and technical support?

good

Which solution did I use previously and why did I switch?

I was using a different solution prior to this one. I shifted because I found that it can heal my pain at least partially. By the end, it did the job and more.

How was the initial setup?

Not that simple, but anyone who have the knowledge can configure it.

What about the implementation team?

Through a vendor and they have good tech

What's my experience with pricing, setup cost, and licensing?

Always look for the history of the products and their evolution, as this will reflect their prices. As for the licenses, be smart and choose the ones you are going to use AS PER YOUR NEED.

More features=More Licenses=More work time=Increase in Cost.

Always consider what you might need to reduce your wasted time and invest it in other solutions (i.e. "If it takes you three hours to do an analysis report and the solution you are getting has this feature to reduce your time to five minutes then you can consider this license. But, if there is a feature where you can have access to the machine from the cloud and you are always connected to the company by VPN, there is no need to buy this license").

Which other solutions did I evaluate?

Whenever I go for a new solution, I test many leaders "NOT RELYING ON GARTNER", yet going for sites that are related to technical evaluations and real case studies. The vendors were Sophos Cyberoam, Barracuda, FortiGate, Websense, & Check Point.

What other advice do I have?

Think before you buy, as this solution can be your success or failure. Always work with professionals and not promoters.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Phosika Sithisane
Executive Director at ict training and development center
Real User
Top 20
Good at blocking threats and pretty reliable but needs a better user interface such as web interface for easier create policy

Pros and Cons

  • "It's pretty reliable and allows for isolation capabilities within the network."
  • "The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use."

What is our primary use case?

We primarily use the solution for basic firewall configurations such as NAT, FORWARD PORT and Block TCP-UDP Port.

   

How has it helped my organization?

My company is very small just built last year, i now am using cisco asa 5510 for NAT and Port Forward and limit users access directly from internet only via Remote-VPN.

What is most valuable?

The ability to block threats is its most valuable aspect.

Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.

It's pretty reliable and allows for isolation capabilities within the network.

The ADSM is very good.

I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.

What needs improvement?

The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use.

Cisco does not have a lot of web management. We have to use ASTM server management to make up for it.

For how long have I used the solution?

I've been using the solution, give or take, for around five years at this point.

What do I think about the scalability of the solution?


How are customer service and technical support?

When we need assistance from technical support, we typically deal with the team in China. They've been very good. Whenever I have a problem, they can resolve it. They are knowledgeable and responsive. We're satisfied with the level of support we get.

Which solution did I use previously and why did I switch?

We typically offer clients a few different solutions. For example, we may recommend Fortinet.

How was the initial setup?

For a new user, the initial setup may be a bit difficult. For me, since I am comfortable with Cisco, it's pretty straightforward. A new connection has its own complexities. It may be a different thing on Java SDK. There may be some programs that may not be able to access it.

What's my experience with pricing, setup cost, and licensing?

In Laos, clients don't have much wiggle room when it comes to cost. The economy right now isn't very good. Most just choose the basic solution in order to avoid pricey licensing fees.

Which other solutions did I evaluate?

subscription payment  

What other advice do I have?

We're just customers. We use it in our office and suggest it to clients. However, we don't have a business relationship with Cisco.

We try to adhere to our client's needs, and therefore, if they specify hardware they want to use, like Fortinet, we tend to accommodate them.

That said, if they ask my opinion, I usually recommend Cisco ASA.

I know a lot about the product and I'm good at controlling everything. I have a lot of knowledge and understanding after working with it so closely. That's why I tend to favor it when my customers ask for advice.

Overall, I would rate the solution seven out of ten. If the user interface were a bit better, I'd rate it higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.