Cisco ASA Firewall Valuable Features

MohammadRauf
Security Officer at a government
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos. We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point. View full review »
reviewer1357989
Cisco Security Specialist at a tech services company with 10,001+ employees
All the features are very valuable. Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users. The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago. Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA. Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center. View full review »
JoelStech
Senior Network Engineer at Orvis Company, Inc
The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment. I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be. We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols. One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades. View full review »
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,041 professionals have used our research since 2012.
Othniel Atseh
Network Security Consultant at a consultancy with 1-10 employees
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering. Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple. When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected. Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial. When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good. View full review »
NSA0898776
Network & Security Administrator at Diamond Bank Plc
I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience. * All my change requests are for Cisco ASA to work more on ease of management. * All of the features of Cisco ASA are used by all of the other vendors on the market. * The firewall solutions are all based on the same network equipment. The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features. View full review »
Jonathan Muwanga
Head of Information Communication Technology at National Building Society
Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed. View full review »
EricHart
CEO at NPI Technology Management
Cisco's support is great. For experienced users, they are pretty much able do anything they want in the interface with few restrictions. The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made." We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever. Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility. View full review »
Beka Gurushidze
System Administrator at ISET
For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections. View full review »
Ashraf-Sadek
CSD Manager at BTC
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control. The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products. Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco. It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat. One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic. In addition, Talos is an enhancement to Cisco firewalls, and provides a better view. The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes. View full review »
reviewer1084986
Network Engineer at a comms service provider with 1,001-5,000 employees
It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability. It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device. View full review »
Amit Gumber
Senior Manager at HCL Technologies
One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies. The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos. View full review »
reviewer1010625
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one. It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market. View full review »
Vikram Arsid
Cyber Security Software Engineer at FireEye
It is a comprehensive suite and complete package. We have the following with the product: * Interest point detection * Firewall stuff * VPN * It's configurable. * It guards with its own threat intelligence. We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it. View full review »
Mustafa Ahmed
Network Security Engineer at qicard
The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature. View full review »
Mantechni677
Technical Manager at a comms service provider with 501-1,000 employees
One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination) A security level will define how trusted is an interface in relation to another interface on the Cisco ASA. The Higher is the security level, is the more trusted is the interface. The highest security level is , “ Security Level 100” . Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful: - Firepower services - Security context - Firepower management View full review »
KUMAR SAIN
Sr. Network and Security Engineer at Eli Research
Cisco provides the most solutions. We use some of our Cisco firewalls offsite. They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy. View full review »
Lwazi Xashimba
Network Specialist at a financial services firm with 501-1,000 employees
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed. It's not so difficult to pull out reports for what we need. It comes with IPS, the Intrusion Prevention System, and we're also using that. View full review »
Engineinfo677
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
The solution is part of a suite. If you pay for it, it has basically a view that's called Firepower, and it's really good at being able to analyze exact bits of a pack, at the packet level, and has the ability to allow you to examine that traffic. It is really good. That's probably my favorite part of the suite. View full review »
Jonathan LELOU
Ingénieur technico-commercial at Inter-Continental Business Machines (ICBM)
We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us. View full review »
SherifNour
IT Manager, Infrastructure, Solution Architecture at ADCI Group
The Cisco security rules are very strict and very strong. I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall. View full review »
Ahmed Nagm
IT Solution Consultant at PCS
The feature that I found the most valuable is the overall stability of the product. View full review »
Heritier Daya
Network Administrator at a financial services firm with 1,001-5,000 employees
The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats. The IPS is a must for a firewall. View full review »
Seniorntwrk56
Senior Network Administrator at a construction company with 1,001-5,000 employees
The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well. The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice. View full review »
Nadika Perera
CEO at Synergy IT
I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward. View full review »
Imad Awwad
Group IT Manager For ME Region at Malia Group
Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints. View full review »
Solution7499
Solutions Architect at a manufacturing company with 10,001+ employees
This solution is easy to use if you know how to set it up. The most valuable features are on the routing side, with the control between the two networks and the rules that are in there. View full review »
DonCheney
Senior Network Administrator at Washington Trust Bank
The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage. Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security. View full review »
George Karani
IT Manager
The feature I find most valuable is the Cisco VPN Interconnection. The file features are useful as well. They're good at packet tracing. They are very straightforward. I would say that the Cisco ASA ASDM makes it very easy to manage the firewall. View full review »
reviewer818484
Information Security Officer at a government with 501-1,000 employees
Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well. View full review »
Farhad Foladi
Cloud Services Operation Engineer at Informatic Services Company (ISC)
We are using the Cisco AnyConnect for our end-user VPN with the ASA. If a user wants to connect to our network, they access it via the Cisco intranet and connect to the firewall at the edge. View full review »
Mbaunguraije Tjikuzu
Information Security Administrator at Bank of Namibia
The most valuable features are the firewall capabilities, filtering, and intrusion prevention. I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features. View full review »
Seang Haing
Team Leader Network Egnieer at deam
There are two main ways that using Cisco ASA & Firepower has improved our organization: * Technical features * Our Sales team View full review »
Farooq Bashir
Sr Network Administrator at Orient Petroleum Inc
The security the solution offers is very good. Security-wise, it's the top in the world. The product has excellent technical support. The user interface is easy to navigate. Everything is user friendly. View full review »
Michael Collin
Senior System Engineer at a tech services company with 11-50 employees
The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor. View full review »
Ahmad Alkoragaty
IT Consultant at MOD
The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. View full review »
Olivier Ntumba
Network & Systems Administrator at T-Systems
It's an almost perfect solution. The configuration is very easy. The management aspect of the product is very straightforward. The solution offers very good protection. The user interface itself is very nice and quite intuitive. View full review »
Donald Fitzai
LAN admin at Cluj County Council
The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure. View full review »
Nasser Abd EL Rahman
IT Infrastructure Manager at Beltone financial
The features I found most valuable in this solution are the overall security features. View full review »
Munish Gupta
Partner - Consulting & Advisory at Wipro Technologies
The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it. View full review »
Ray-Ost
CEO at Smart Secure Solutions N.V.
The most valuable feature is that the encryption is solid. View full review »
Aimee White
Info Sec Consultant at Size 41 Digital
Top features: * Easy to deploy for staff to use VPNs * Ease of setup * Integrated threat defence * Great flow-based inspection device * Easy ACLs * Failover support * Each virtual appliance is separate so you get great granular control * Has own memory allocation * Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps * License control * SSH or RESTful API View full review »
Nelda Hojas
Chief Information Officer at Finance Corporation Limited
Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection. View full review »
Shrijendra Shakya
C.T.O at Sastra Network Solution
It is very stable compared to other firewall products. It has good security features. The firewall features make it easy for the users to work on it. View full review »
Ntwrksec457
Network Security/Network Management at a K-12 educational company or school with 201-500 employees
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management. View full review »
Cristian Serban
Network Engineer at a financial services firm with 5,001-10,000 employees
We use ASA as a simple, scalable firewall. Its main advantages are the stability. We use it as an active standby and as a failover solution. We depend on this solution, we've used it for several years. View full review »
Bashir Bashir
IT Administrator at Vodafone
The VPN and monitoring are the most valuable features. View full review »
NGFW677
IT Specialist at a government with 1,001-5,000 employees
The most valuable features are the flexibility and level of security that this solution provides. View full review »
FranciscoLopez
Integration / Wireless Engineer at J.B. Hunt Transport Services, Inc.
The most valuable feature of this solution is its ability to integrate vertically. View full review »
SecSolArch32291
Security Solution Architect at a financial services firm with 5,001-10,000 employees
The most important feature is its categorization because on the site and social media you are unified in the way they are there. View full review »
Johnsey Kivoto
IT Manager at a manufacturing company with 51-200 employees
I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. View full review »
reviewer1416024
Sr. Network Engineer at a construction company with 10,001+ employees
The best features are stability and scalability. View full review »
Mahmoud Ashoub
Team Leader, Information Risk Engineer at National Bank of Egypt
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good. View full review »
Tech432SrvcMn
Technical Services Manager at a comms service provider with 10,001+ employees
The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful. View full review »
Net823Eng2
Network Engineer at a media company with 51-200 employees
The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility. View full review »
reviewer994896
Center for Creative Leadership at a professional training and coaching company with 501-1,000 employees
Its security is the most valuable feature. View full review »
Fadil Kadrat
Network Engineer at Banque des Mascareignes
* Its VPN and ASN features are very stable. * It is easy to configure. View full review »
NetworkO9ae4
Network Operations Center Team Leader at a financial services firm with 10,001+ employees
At this point, we find that this product has high productivity and high availability and there is no need for improvement. View full review »
Moraima Matilda
Coordinator Network Support at a manufacturing company with 501-1,000 employees
The most valuable feature is the security that it provides our company and users. Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge. View full review »
Tracey Jackson
Senior Network Engineer at Johnson & Wales University
The VDB updates run on schedule, so less hands-on configuration is needed. View full review »
Samuel May
Information Security Manager at Tactical Air Support
The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights. View full review »
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,041 professionals have used our research since 2012.