We just raised a $30M Series A: Read our story

Cisco ASA Firewall OverviewUNIXBusinessApplication

Cisco ASA Firewall is the #5 ranked solution in our list of best firewalls. It is most often compared to Fortinet FortiGate: Cisco ASA Firewall vs Fortinet FortiGate

What is Cisco ASA Firewall?

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Cisco ASA Firewall is also known as Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv.

Cisco ASA Firewall Buyer's Guide

Download the Cisco ASA Firewall Buyer's Guide including reviews and more. Updated: October 2021

Cisco ASA Firewall Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.

Cisco ASA Firewall Video

Archived Cisco ASA Firewall Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
TJ
Senior Network Engineer at Johnson & Wales University
Real User
Very buggy, and was released before it was ready for market

What is our primary use case?

We had legacy Sourcefire Sensors and ASA state full firewalls. Cisco offered the FTD NGFW solution, but the implementation of the two systems was not successful.

How has it helped my organization?

The firepower sensors have been great; they do a good job of dropping unwanted traffic.

What is most valuable?

The VDB updates run on schedule, so less hands-on configuration is needed.

What needs improvement?

The software was very buggy, to the point it had to be removed. We are moving completely away from Cisco NGFW.  The product was pushed out before it was ready.

For how long have I used the solution?

We have been using this solution for twelve years.

What is our primary use case?

We had legacy Sourcefire Sensors and ASA state full firewalls.

Cisco offered the FTD NGFW solution, but the implementation of the two systems was not successful.

How has it helped my organization?

The firepower sensors have been great; they do a good job of dropping unwanted traffic.

What is most valuable?

The VDB updates run on schedule, so less hands-on configuration is needed.

What needs improvement?

The software was very buggy, to the point it had to be removed.

We are moving completely away from Cisco NGFW.  The product was pushed out before it was ready.

For how long have I used the solution?

We have been using this solution for twelve years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Amit Gumber
Senior Manager at HCL Technologies
Real User
Top 10
Dashboard gives us a complete analytical view of traffic behavior and anomalies

Pros and Cons

  • "The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos."
  • "Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products."

What is our primary use case?

The primary use case is to protect our departments. We have sub-departments or sites categorized by the number of users and types of applications. We categorize the latter in terms of small, medium, or large. Based on that, we select a firewall in terms of throughput and the number of concurrent sessions it can handle. We then deploy the firewall with a predefined set of rules which we require for inbound and outbound traffic.

We are in operations delivery and we need to support multiple clients. We have different departments where our primary responsibility is to protect our organization's assets and data and to store them in a centralized data center. Apart from that, we have responsibility to support our clients in terms of infrastructure.

All the devices are on-premise. Nothing is on the cloud or is virtualized.

What is most valuable?

One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies. 

The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.

What needs improvement?

Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.

For how long have I used the solution?

We've been using ASAs for the last ten years in our organization.

What do I think about the stability of the solution?

The product's stability is perfect. From my observation, the mean time to failure is once in seven years or eight years. All the hardware in the device is quite stable. I haven't seen any crashing of the operating system.

What do I think about the scalability of the solution?

Scaling is quite easy. 

How are customer service and technical support?

On a scale of one to ten, I would evaluate Cisco support as a ten. I get support in a fraction of time. There is no problem in getting support.

Which solution did I use previously and why did I switch?

Since I have worked in this organization, Cisco has been the primary product that has been deployed.

How was the initial setup?

The initial setup is quite straightforward. It's quite simple, without any complexities. Whenever we find any issue during the primary phase, we reach out to the Cisco technical support team for assistance and within a short period of time we get support from them.

The most recent deployment we did took about three weeks.

In terms of deployment plan, we go with a pre-production consultation. We create a virtual model, taking into account all the rules, all the cabling, and how it should work in the environment. Once everything on the checklist and the prerequisites are in place, then we migrate the existing devices into production.

What about the implementation team?

As consultants, most of the time we deploy ASA by ourselves. If there is any complexity or issue, we get in touch with a system integrator or we open a ticket with the technical support team.

What was our ROI?

There would definitely be return on investment by going with Cisco products. They are stable.

What other advice do I have?

For any organization looking for a secure solution that can be deployed in their domain or infrastructure, my advice is to go with Cisco Next-Generation Firewalls because they have a complete bundle of security features. There is a single pane of glass with complete management capabilities and analytic features to understand and gather information about the traffic.

The lessons that most of our clients have learned is that in deployment it is easy to configure and it is easy to manage. It's quite stable and they do not get into difficulties in terms of day-to-day operations. 

We haven't faced any problems with this product.

Compared to other OEMs, such as Juniper and Fortinet, Cisco's product is excellent. There are no bugs and I don't see any lack in terms of backend and technical support. In my opinion, at the moment, there is no room for product enhancement.

Most of the users are system administrators working on their own domains. The minimum number of users among our clients is a team of 15 to 20 we have clients with up to 700 users at the largest site.

The product is quite extensively used in each department, to protect assets and data centers. We are using the attack prevention engine and URL filtering is also used at most of our sites. We are also using it for data center connectivity and for offloading transactions.

I would rate Cisco at ten out of ten for the functionality and the features they provide.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
Heritier Daya
Network Administrator at a financial services firm with 1,001-5,000 employees
Real User
Advanced Malware Protection works well to protect against cyber threats

Pros and Cons

  • "The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats."
  • "I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved."

What is our primary use case?

Our primary use case for this solution is to protect data from unauthorized access.

What is most valuable?

The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.

The IPS is a must for a firewall.

What needs improvement?

The firewall throughput is limited to something like 1.2 Gbps, but sometimes we require more. Cisco makes another product, Firepower Threat Defence (FTD), which is a dedicated appliance that can achieve more than ten or twenty gigabits per second in terms of throughput.

I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.

For how long have I used the solution?

We have been using this solution for three years.

What do I think about the stability of the solution?

This is a reliable solution.

We started with version 5.4, but there were many releases available on the website and we were obliged to aggregate, step by step, to reach the current version.

What do I think about the scalability of the solution?

This solution is really scalable and reliable. In my opinion, Cisco products are always scalable.

How are customer service and technical support?

Cisco has a very good team for support. They are always available, and they give you a flexible solution. It is not just about getting a solution. We are learning, as well, when we request assistance. They also have a knowledge base that we can access in order to find resolutions for problems.

Which solution did I use previously and why did I switch?

We were using the SonicWall solution prior to this one, but it reached end-of-life because we had updated our architecture. This is why we migrated to a next-generation firewall. We had also been using Fortinet FortiGate.

How was the initial setup?

The initial setup of this solution was a bit complex because it was a new technology for us. We did find documentation on the vendor's website, and it also helped that we found some videos on how to do the configuration.

Our initial deployment took approximately three months because we were learning from scratch. We still had some service requests open because we could not fine-tune the solution, and ultimately it took a full year to fully deploy.

This solution is managed by the qualified people in our network engineering team. 

What about the implementation team?

We tried to deploy this solution by ourselves, but our team was not quite qualified to implement this solution. It was a good opportunity for us to learn about it. 

What's my experience with pricing, setup cost, and licensing?

We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months. In terms of licensing, this product costs a lot, but this cost can save my assets that could be millions for my company. There is no choice.

Which other solutions did I evaluate?

We did have knowledge of other products, but we chose this solution because it facilitates the sharing of information with their knowledge base. It helps you learn from scratch.

What other advice do I have?

My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets.

This is a very good solution but it is not perfection.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SN
IT Manager, Infrastructure, Solution Architecture at ADCI Group
Real User
A trusted and reliable solution with a good interface and good technical support

Pros and Cons

  • "I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall."
  • "The Sandbox and the Web Censoring in this solution need to be improved."

What is our primary use case?

This solution is running behind the infrastructure and behind the hypervisor itself. We have two firewalls and two nodes in the cluster environment.

This solution is suitable for both cloud and hybrid-cloud deployments. I have implemented a cloud project, and one hybrid as well. The hybrid was between a public and a local cloud.

What is most valuable?

The Cisco security rules are very strict and very strong.

I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.

What needs improvement?

When comparing this solution to other products, the Fortinet UTM bundle has some better features in their most receive product. For example, there are better configuration features, the Sandbox is better, and so is the web censoring. These are currently in the Cisco solution, but they are better in Fortinet. The Sandbox and the Web Censoring in this solution need to be improved.

This solution has to be more secure from the cloud. The current trend is moving towards private cloud and hybrid cloud, so it is very important to consider the cloud security aspects when the solution is installed. This includes things such as IoT and the existence of user connectivity on the cloud.

For how long have I used the solution?

I have been using this solution for two years, but Cisco technology, generally, for more than eight years.

What do I think about the stability of the solution?

The stability of this solution is great. The Cisco name and hardware are enough. The product is used in tier four data centers, so it is very trusted and very dependable. If you compare Cisco to others, the high industry and high workload have gone to Cisco. Stability is very, very high.

What do I think about the scalability of the solution?

This is a scalable solution.

In terms of the number of users, it depends on the customer. A small customer may have less than twenty users. A larger customer can be complicated by having different branches with different users and different security rules. This means that you can reach up to the hundreds. 

How are customer service and technical support?

Technical support for this solution is good. Most of the technicians are technical people that have certifications such as CCNA, CCNP, CCIE, and CCISP. I think that they are well knowledged and well educated about the Cisco culture, industry, and products.

The Cisco distributors are everywhere, even if I'm speaking about the Middle East. I can find distributors everywhere in Dubai. Here in Dubai, the support is great, including for firmware updates, and even replacing the hardware when the firewalls crash.

How was the initial setup?

The initial setup of this solution is straightforward.

The deployment does not take much time. It is just a matter of installing the firewall and configuring the basic system to get it up and running. That's it.

There are, of course, different models of deployment, like deploying customers, that have to be considered. However, for the most part, deployment time is not an issue at all.

What's my experience with pricing, setup cost, and licensing?

The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology. If we compare Huawei or FortiGate or others then the prices are lower, but the higher Cisco price is acceptable because of the stability, trust, and reliability.

Which other solutions did I evaluate?

This is my first recommendation for firewalls, and my second recommendation is Fortinet FortiGate.

What other advice do I have?

This is the number one firewall product that I recommend.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PC
Network Security/Network Management at a educational organization with 201-500 employees
Real User
Offers great technical support and good security from the firewalls

Pros and Cons

  • "The technical team is always available when we have problems."

    What is our primary use case?

    Our primary use case of this program is network protection.

    How has it helped my organization?

    Up until now we haven't been down due to issues with the internet connection or denial of service, so the program does what it claims to do.

    What is most valuable?

    The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.

    What needs improvement?

    The program is very expensive.

    For how long have I used the solution?

    We've been using Cisco Sourcefile Firewalls for three years.

    What do I think about the stability of the solution?

    We haven't had any problems with the stability so far.

    What do I think about the scalability of the solution?

    We have 500 users working on the solution and I believe it may increase, so I believe the program is scalable.

    How are customer service and technical support?

    The technical support from the company is very good. They are always available when we have problems.

    Which solution did I use previously and why did I switch?

    We did use another UTM solution before for firewall, URL and band management. We didn't switch, we just have two layers now. If we want to use Cisco for band management or URL safety, we have to pay a license fee and it is very expensive.

    How was the initial setup?

    The initial setup was straightforward and it took the company about a day to deploy the firewalls.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is very expensive.

    What other advice do I have?

    In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MG
    Senior Network Administrator at a construction company with 1,001-5,000 employees
    Real User
    Good signature detection, intrusion detection, IDS, and IPS

    Pros and Cons

    • "The stability of the solution is very good. We can see that it gets even better with every release."
    • "It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice."

    What is our primary use case?

    We primarily use the solution for internet access firewalls.

    How has it helped my organization?

    The solution allows you to be more agile and react faster.

    What is most valuable?

    The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well.  The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice.

    What needs improvement?

    The FMC could be a little bit faster.

    It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.

    For how long have I used the solution?

    I've been using the solution for 1.5 years.

    What do I think about the stability of the solution?

    The stability of the solution is very good. We can see that it gets even better with every release.

    What do I think about the scalability of the solution?

    For us, the scalability is good, because we sized everything right, right from the beginning. If you size it right, it's very good. We don't plan on adding more firewalls, unless we suddenly grow exponentially, which we're not expecting to do at this point.

    How are customer service and technical support?

    We only contacted technical support during initial implementation and that was all handled by the consultant. I have a lot of other Cisco related tickets open, so we're used to the process.

    I would say, however, that we're also using Meraki, and the Meraki support is way better, in my opinion. 

    Cisco support tends to take longer, and I mean really long given the fact that subject matter is sometimes also more complicated, so it really depends. When you compare that directly to Meraki, Meraki answers the same day, and I cannot say that about the legacy Cisco support items. I can understand that the market for the legacy service is so much bigger for Cisco, so I can see why it takes longer.

    How was the initial setup?

    The initial setup was complex because we had to migrate old ASA firewalls. The ACLs, or rather the policies, are very different now, and way more elaborate, so that that took some tweaking, and some consulting and some time. 

    Deployment took two months. We had to make sure that our old ACL base settings from the ASAs were correctly translated and implemented into the new FTD setups.

    What about the implementation team?

    We used a consultant to assist with implementation.

    Which other solutions did I evaluate?

    We've looked at a few options, but we have an internal policy that says, unless noted otherwise, network equipment has to be Cisco based. We had to go with a Cisco product.

    What other advice do I have?

    We are using the on-premises deployment model.

    My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product.

    I would rate the solution nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Ahmad Alkoragaty
    IT Consultant at MOD
    Consultant
    Protects our network from external threats and has good stability

    Pros and Cons

    • "The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ."
    • "I would like for the user interface to be easier for the admin and network admin. I would also like to be able to access everything from the GUI interface. The way it is now, it needs somebody experience in iOS to be able to operate it. I would like to have a GUI interface."

    What is our primary use case?

    Our primary use case is to protect our network from external threats. We need to keep our portal safe. 

    We use the public cloud model of this solution. 

    What is most valuable?

    The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. 

    What needs improvement?

    I would like for the user interface to be easier for the admin and network admin. I would also like to be able to access everything from the GUI interface. The way it is now, it needs somebody experience in iOS to be able to operate it. I would like to have a GUI interface. 

    It should have integrated licenses with our other products. There should be a license bundle, like for firewalls and iOS. It would be better if it was a bundled license. 

    For how long have I used the solution?

    We have been using this solution for ten years.

    What do I think about the stability of the solution?

    It's very stable.

    What do I think about the scalability of the solution?

    The scalability is good. We have around 1,500 users. The users are regular end-users, network admins, technicians, etc. 

    We require three admins for this solution. We require five staff members for the deployment and maintenance. 

    It is used weekly. We do plan to increase the users.

    How are customer service and technical support?

    Their technical support is good. We have a maintenance contract with them for two years and we plan to renew the contract. 

    How was the initial setup?

    The initial setup was straightforward. It took around two to three days to implement. 

    What about the implementation team?

    We used a Cisco partner for the implementation. They were knowledgable and did a good job. 

    What's my experience with pricing, setup cost, and licensing?

    There are no additional costs to the standard licensing fees. 

    Which other solutions did I evaluate?

    We don't evaluate different solutions because our infrastructure is Cisco-based. We wanted it to be homogeneous with our infrastructure. 

    What other advice do I have?

    I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product.

    You should have a good technician and admin support for all this product in order to maximize the value and benefits. 

    I would rate it an eight out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Mustafa Ahmed
    Network Security Engineer at qicard
    Real User
    Valuable firewall solution for enterprise organizations who need reliable flexible security

    Pros and Cons

    • "A powerful enterprise security solution that is dependible."
    • "The GUI interface could be improved when compared to other solutions."

    What is our primary use case?

    Our primary use for the solution is as a firewall. We implemented it as an IT tech solution for our accesses through Sourcefire. It provides security.

    How has it helped my organization?

    The main product in our company is dependent on Cisco as a security solution. Cisco has a great reputation in the market. We are using Cisco as our main firewall in the company because it provides the best security.

    What is most valuable?

    The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature.

    What needs improvement?

    I'm not really sure that much has to be improved. Compared to other firewall solutions probably the thing that could be improved is the interface — the GUI. Other than that I don't think there is anything else that could be better. I think it is a great product.

    For how long have I used the solution?

    I have been using the product for two years.

    What do I think about the stability of the solution?

    I believe that Cisco is one of the most stable firewall solutions. Compared to other solutions, Cisco has a better stability record than others. That's why we like it a lot.

    What do I think about the scalability of the solution?

    I don't know that we have plans to scale the business on this site. But Cisco products are expandable. If we want to expand the functionality with new feature sets we can add modules. So in that way, it is a flexible and scalable solution. 

    We currently have 200 to 500 users who are using this solution at any time.

    How are customer service and technical support?

    We have used technical support quite a bit and always contact them if we have an issue. They will always respond as soon as possible. So I think the support is great. We don't have any issue with them being unresponsive or providing bad solutions. I like to check with them on solutions sometimes and they respond as soon as possible. It saves time and helps me to be sure I am doing the right thing before I go in the wrong direction.

    Which solution did I use previously and why did I switch?

    I don't know the exact product they were using before but I think it was just proxy. When I came to the company, the Cisco solution had already been installed, so I don't know the exact product from before.

    I think the main reason why they would have switched is the stability and possibilities are better than just proxy. Cisco is very different and more powerful than the other simple products. It's very stable.

    How was the initial setup?

    I wasn't part of the company at the time of the initial setup, and I am just performing additional tasks. We have a staff of a maximum of three or four persons so once the deployment is live it doesn't need much effort.

    I'm not sure if the company has plans to increase usage and grow our responsibilities. It's not not for me to decide. I think the company is growing and traffic is increasing. But my superior is the person responsible for determining when it is time to scale.

    What about the implementation team?

    We used a consultant for the implementation. They actually continue to help a lot when we need them for something.

    Which other solutions did I evaluate?

    I don't know if the company evaluated other solutions before choosing Cisco. When I came to the company, it was already there. Cisco is a very popular enterprise solution so they may have just chosen it without other evaluations.

    What other advice do I have?

    On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface.

    As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). 

    I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    DS
    IT Specialist at a government with 1,001-5,000 employees
    Real User
    A flexible and easy to manage solution for segregating our servers from the rest of the environment

    Pros and Cons

    • "The most valuable features are the flexibility and level of security that this solution provides."
    • "There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue."

    What is our primary use case?

    We use this solution as a firewall and for the segregation of our servers from the rest of the environment.

    How has it helped my organization?

    Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.

    What is most valuable?

    The most valuable features are the flexibility and level of security that this solution provides. 

    What needs improvement?

    There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.

    Some of the features should be baked-in by default.

    What do I think about the stability of the solution?

    Stability has been pretty good, so far.

    What do I think about the scalability of the solution?

    This solution is very scalable.

    How are customer service and technical support?

    We have contacted technical support about an issue that we were having, and it took a very long time for them to figure it out. We were on the phone for six or seven hours with them.

    Which solution did I use previously and why did I switch?

    We previously used an ASA 5500, and it was simply time to upgrade it. We used this solution as a direct replacement.

    How was the initial setup?

    The initial setup of this solution is pretty straightforward.

    Which other solutions did I evaluate?

    We are not restricted to any one vendor, but this solution worked well as a direct replacement for our previous one. We considered both Juniper and FortiGate.

    What other advice do I have?

    This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into.

    I would rate this solution a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user861456
    Senior Information Security Engineer at a financial services firm with 501-1,000 employees
    Real User
    Enables admins to be able to troubleshoot easily and has good traffic analytics features

    Pros and Cons

    • "For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily."
    • "I'm working on a slightly older version, but what it needs is a better alert management. It's pretty standard, but there's no real advanced features involved around it."

    What is our primary use case?

    We use it as a network firewall.

    How has it helped my organization?

    For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily.

    What is most valuable?

    The solution is part of a suite. If you pay for it, it has basically a view that's called Firepower, and it's really good at being able to analyze exact bits of a pack, at the packet level, and has the ability to allow you to examine that traffic. It is really good. That's probably my favorite part of the suite.

    What needs improvement?

    I would definitely say the pricing could be improved. If you're going to get the latest and greatest of this solution, it's very expensive and it's actually the reason my organization is moving away from it.

    I'm working on a slightly older version, but what it needs is better alert management. It's pretty standard, but there are no real advanced features involved around it.

    For how long have I used the solution?

    I've been using the solution for around one year.

    What do I think about the stability of the solution?

    We haven't had any major issues in regards to stability. In general, there are best practices in the industry to use. It's never really mattered because generally, with firewalls, you have two in any given location or service. They seem to be redundant of each other. So there's never been a problem where we lost functionality because of the firewall.

    What do I think about the scalability of the solution?

    It's pretty scalable. Cisco is a large enterprise solution and it's designed to be able to serve large enterprise, so, it's fairly scalable. We're using the solution minimally at this point, and we're decreasing usage because it's too expensive to upgrade.

    How are customer service and technical support?

    They have pretty good customer support. The solution's technical support is great.

    Which solution did I use previously and why did I switch?

    I had not previously used another solution.

    How was the initial setup?

    I was not with the organization when they originally rolled it out, so I can't speak to how straightforward or complex the initial setup was. There are about six people who manage the solution. We have security engineers and network engineers. If someone is trying to get an idea of how many people are required, it varies because a lot of organizations will have multiple firewalls in different locations. Six for one organization may be way more than somebody needs or way fewer than somebody needs.

    What about the implementation team?

    We didn't use any other group for the deployment. We did all the work in-house.

    What's my experience with pricing, setup cost, and licensing?

    My company is moving away from the solution because it is quite expensive.

    Which other solutions did I evaluate?

    We've looked at the Fortinet solution. The Fortinet FortiGate.

    What other advice do I have?

    I would just say that it's expensive. The product is fine on its own, it's high end. It's got a high brand name attached to it. I would recommend the product, however. The product works great. It does everything it's supposed to do. There's no issues with it, no real concerns. It's just expensive.

    I would rate it an eight out of 10 because it does everything it's designed to do, but it is not any better than other industry-leading solution, and it's far more expensive.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    WB
    Network Engineer at a comms service provider with 1,001-5,000 employees
    Real User
    Top 10
    Protects from external threats to our network as a firewall and VPN solution

    Pros and Cons

    • "A stable and solid solution for protection from external threats and for VPN connections."
    • "It is not the newest, cutting-edge technology"

    What is our primary use case?

    The primary use of Cisco ASA (Adaptive Security Appliances) for us it to protect from external threats to our network as a firewall and VPN solution.

    How has it helped my organization?

    Cisco ASA serves a purpose more than it improves us. It is good at what it does. We are using other vendors and splitting the traffic to different devices based on what they do best. Even though we use other products the trend at our company is that we will increase the traffic through Cisco ASA.

    What is most valuable?

    It's difficult to say what features are most valuable because ASA is not a cutting-edge device. It's rather more stable and proven than modern. It's difficult to suggest adding features because with new features we are adding something new, and that means it could be less stable and. New features are not the reason we use the solution — it is almost the opposite. The most valuable part of the solution is dependability.

    It's already a mature and stable product. I prefer to not to use the newest software — even if Cisco suggests using the newest — because this is a critical security device.

    What needs improvement?

    My opinion is that the new direction Cisco is taking to improve its product is not correct. They want to make the old ASA firewall into a next-generation firewall. FirePower is a next-generation firewall and they want to combine the two solutions into one device. I think that this combination — and I know that even my colleagues who work with ASA and have more experience than me agree — everybody says that it's not a good combination. 

    They shouldn't try to upgrade the older ASA solution from the older type Layer 4 firewall. It was not designed to be a next-generation firewall. As it is, it is good for simple purposes and it has a place in the market. If Cisco wants to offer a more sophisticated Layer 7 next-generation firewall, they should build it from scratch and not try to extend the capabilities of ASA.

    Several versions ago they added support for BGP (Border Gateway Protocol). Many engineers' thought that their networks needed to have BGP on ASA. It was a very good move from Cisco to add support for that option because it was desired on the market. Right now, I don't think there are other features needed and desired for ASA.

    I would prefer that they do not add new features but just continue to make stable software for this equipment. For me, and for this solution, it's enough. 

    For how long have I used the solution?

    We have been using the solution for about five years.

    What do I think about the stability of the solution?

    It is a stable solution. It is predictable when using different protocol and mechanics.

    What do I think about the scalability of the solution?

    We've used several models of the product, from the smallest to the biggest. I think that this family of the ASAs is scalable enough for everything up to an enterprise environment. I think the family of products is able to handle small and large company needs.

    How are customer service and technical support?

    Cisco is a well-known vendor and its support is good. In my previous company, we sometimes used a vendor rather than direct Cisco support, but sometimes we used Cisco. For ASA in my current company, we have additional support from the local vendor. If we have a problem we can also initiate a ticket directly on the Cisco support site.

    Which solution did I use previously and why did I switch?

    About one-and-a-half years ago we implemented a different solution to handle certain situations like BGP. But when we upgraded our Cisco devices just few months ago, we could have BGP on ASA. Now our devices from Cisco have enhanced capability, not just something new and maybe less dependable. Implementing BGP on ASA was a late addition. It had been tested, the bugs were worked out and engineers wanted the solution. The stability of ASA as an older solution is what is important.

    How was the initial setup?

    I think it is not the simplest solution to set up because it is sophisticated equipment. For engineers to work with vendors and incorporate totally different solutions, it could be difficult. It is also different from the other Cisco devices like Cisco Router IOS. It differs in a strange way, I would say, because the syntax or CRI differs. If you are used to other OSs, it is not easy to switch to ASA because you have to learn the syntax differences. 

    It's common for there to be differences in syntax between vendors. But, I would say that this is more complex. The learning curve for start-up and configuration of ASA is at mid-level when it comes to the difficulty of implementation.

    What about the implementation team?

    I did the implementation myself. ASA is not the newest solution for Cisco or the newest equipment. You can use the vendor and ask for help if you need it during the installation and for support. Because it was an older solution, it was already somewhat familiar to me.

    Which other solutions did I evaluate?

    My current company has been using ASA for quite a long time, so I was not involved in the choices.

    I have been participating in choosing a new vendor and new equipment for some specific purposes as we go forward. For a next-generation firewall, Cisco's product — a combination of ASA and Firepower — is not the best solution. We are choosing a different vendor and going with Palo Alto for next-generation solutions because we feel it is better.

    What other advice do I have?

    I think I can rate this product as an eight out of ten. A strong eight. The newest version of software and solutions often have bugs and functional problems because they have not been rigorously tested in a production environment. It is not the modern, next-generation firewall, but it solidly serves simple purposes. For simple purposes, it's the best in my opinion. I am used to its CRI (Container Runtime Interface) and its environment, so for me, familiarity and stability are the most important advantages.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Jonathan LELOU
    Ingénieur technico-commercial at Inter-Continental Business Machines (ICBM)
    Reseller
    Good for building a solid security solution for a company

    Pros and Cons

    • "The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is."
    • "The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."

    What is most valuable?

    We haven't deployed all the possible services from Cisco yet, but I started to research more of the ones that are available and I think Firepower will end up being the best, most valuable solution for us.

    What needs improvement?

    I think the visibility of the network can be improved, at least from our current setup. I do not know everything about the solution and exactly how it can be modified.

    Another way they can improve is their pricing. One thing I notice is about the price is that it would be good if they could adapt the price to the area where a company is. West Africa is not the same as in India or in the USA and it is much more difficult to afford. If Cisco can manage this for our people it would help us implement better solutions.

    To upgrade to some Cisco solutions or features you have to invest resources to create the solution or pay the difference for that functionality to upgrade services or license. It is not really an all-in-one solution. So if Cisco could manage to build an all-in-one solution with most or all of the features we would be looking for in one solution, it would be better for us.

    For example, if you want faithful service from the company and equipment, you have to pay more just to get the solutions. If it's included it would be easier for us to deploy.

    For how long have I used the solution?

    I've been using the solution with my newest employer for over three years.

    What do I think about the stability of the solution?

    For me it is stable. It is amongst the best products in that way.

    What do I think about the scalability of the solution?

    It is a scalable solution. It may cost money and resources to scale.

    How are customer service and technical support?

    I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.

    Which solution did I use previously and why did I switch?

    Before I used Fortinet FortiGate. But when I moved from the previous company to this company they had a different solution. That is why I switched.

    How was the initial setup?

    The initial setup was a little complex for me because I had been using a different solution. But how complex something is will depend on the mind of that person. For me, it was a little complex for me. However, it really only took one day to set it up.

    Step by step, when I work with the product for a longer period of time and gain experience, it will be very easy for me.

    What about the implementation team?

    I did the implementation by myself.

    What other advice do I have?

    If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. 

    I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    FL
    Integration / Wireless Engineer at J.B. Hunt Transport Services, Inc.
    Real User
    Provides security and visibility for our network, and it is easy to integrate

    Pros and Cons

    • "The most valuable feature of this solution is its ability to integrate vertically."
    • "There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there."

    What is our primary use case?

    We primarily use this solution for network security.

    How has it helped my organization?

    This product has increased the visibility in our network.

    What is most valuable?

    The most valuable feature of this solution is its ability to integrate vertically.

    What needs improvement?

    There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there. In order to accomplish the same thing you now have to wade through lots of information in the Syslogs.

    What do I think about the stability of the solution?

    This is a highly stable solution.

    What do I think about the scalability of the solution?

    This solution is very scalable.

    How are customer service and technical support?

    Technical support for this solution is good. The response times meet our expectations and we have not had any issues.

    Which solution did I use previously and why did I switch?

    We have always been using this same solution, but previous versions. We update them in trying to keep up with the amount of data coming through, such as more streaming.

    How was the initial setup?

    The initial setup of this solution was straightforward. We had the proper documentation to reference.

    What about the implementation team?

    We deployed this solution in-house.

    What was our ROI?

    I don't work with the numbers, but I can say that it's great for security and has improved our effectiveness at the office.

    What's my experience with pricing, setup cost, and licensing?

    The cost of this solution is high.

    Which other solutions did I evaluate?

    We did evaluate another option, but we stayed with the Cisco solution because it's trustworthy.

    What other advice do I have?

    This is a good product from a trustworthy vendor, but it is not perfect.

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Bashir Bashir
    IT Administrator at Vodafone
    Real User
    A stable solution with good monitoring and VPN capabilities

    Pros and Cons

    • "The stability is good. Very simple. Upgrades are great."
    • "They really need support for deployment."

    What is most valuable?

    The VPN and monitoring are the most valuable features.

    What needs improvement?

    I tried to buy licenses, but I had trouble. Their licensing is too expensive.

    If they can get the reporting to go into deeper detail, it would really be helpful because in order to get the reports in Cisco you have to go to look at the information that you don't necessarily need. 

    Also, the pricing is quite high. 

    For how long have I used the solution?

    I've been using the solution for six years.

    What do I think about the stability of the solution?

    The stability is good. Very simple. Upgrades are great. But when we upgrade it, things break. You have to upgrade about three things before you get something stable.

    What do I think about the scalability of the solution?

    I haven't had to scale, so I can't speak to this aspect of the solution.

    How are customer service and technical support?

    I haven't had to deal with technical support, so I don't have much to say.

    Which solution did I use previously and why did I switch?

    We didn't previously use a different solution.

    How was the initial setup?

    The initial setup was straightforward.

    What about the implementation team?

    I did the setup myself. The budget I had didn't allow me to get support. I would use Google a lot. The first implementation took me about three weeks because I did not know what I was doing. So it took me a while. It took me about three weeks, but everything else took about two days, maybe three days and I was done. 

    Which other solutions did I evaluate?

    We did look at Barracuda.

    What other advice do I have?

    They really need support for deployment.

    I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    DC
    Senior Network Administrator at Washington Trust Bank
    Real User
    The granularity keeps users seeing what they are supposed to and enables the security not to become compromised

    Pros and Cons

    • "An efficient, easy to deploy and dependable firewall solution."
    • "The interface for monitoring could be improved to allow better views to make troubleshooting easier."

    What is our primary use case?

    Our primary use for the solution is for checking on and verifying the security of our customer data.

    How has it helped my organization?

    Our organization has been improved by the solution because we can be assured that the firewall is secure. It gives us more flexibility to monitor other things. Because we have safe firewalls, we don't have to worry about that and can direct resources elsewhere. If our internet goes down in one location we can bring it back up pretty easily.

    What is most valuable?

    The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage.

    Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security.

    What needs improvement?

    One way the product could be improved is if you could monitor more than one rule at a time. We only have the option to have one monitor window up at a time if you're trying to troubleshoot something you end up switching back-and-forth and don't get the bigger picture all at once.

    It's reliable and it does its job. It gives you the freedom to do other things while you get indications of any issues. The multi-monitor would be a huge improvement.

    I'd definitely recommend the product. Even when you set it up for the first night, it definitely will tell you the status of the network. The important part in the setup is following the instructions to get it going.

    What do I think about the stability of the solution?

    The solution itself is good as far as stability.

    How are customer service and technical support?

    The technical support is good and the response time quick. We had some firewalls down and gave them a call. They helped resolve the issue and it was all positive.

    Which solution did I use previously and why did I switch?

    Previous to this we had just a normal firewall that I didn't like. It didn't provide enough.

    How was the initial setup?

    The setup was straightforward, even without initially having all the information we needed. It was very intuitive. When I went in to get help, help was there.

    What about the implementation team?

    We got the product from a reseller and we did the installation ourselves.

    What was our ROI?

    We certainly have seen a return on investment at the very least from being able to reallocate human resources.

    Which other solutions did I evaluate?

    Before selecting this as a solution we really didn't evaluate other options at all.

    What other advice do I have?

    As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    BD
    Solutions Architect at a manufacturing company with 10,001+ employees
    Real User
    Increases efficiency of servicing our customers by joining our networks

    Pros and Cons

    • "This solution is easy to use if you know how to set it up."
    • "The inclusion of an autofill feature would improve the ease of commands."

    What is our primary use case?

    We use this solution to join our private network to the customer's network.

    In our business, we don't have to be on the customer's network, so a lot of people will install cheap equipment. We're trying to push it to where we can standardize the equipment, although the cost of Cisco products would have to come down a little bit in order for us to be more competitive.

    How has it helped my organization?

    Firewalls are difficult, and this solution gives us outside access to connect with the customer's network and service them better. It makes us more efficient.

    What is most valuable?

    This solution is easy to use if you know how to set it up.

    The most valuable features are on the routing side, with the control between the two networks and the rules that are in there.

    What needs improvement?

    The inclusion of an autofill feature would improve the ease of commands.

    This solution would benefit from being more cost-effective.

    What do I think about the stability of the solution?

    This solution is very stable, and I haven't seen any issues with it.

    What do I think about the scalability of the solution?

    Scalability doesn't really apply to us, as it is just a firewall client.

    How are customer service and technical support?

    Technical support for this solution is really good. We had an issue with a firewall and it was a good turnaround that was quick.

    Which solution did I use previously and why did I switch?

    Our implementation of this solution was driven by the customer.

    How was the initial setup?

    The initial setup of this solution is pretty straightforward. We did have some rules that somebody had put on it that didn't match up, but we got it all worked out.

    What about the implementation team?

    We implemented this solution in-house.

    What's my experience with pricing, setup cost, and licensing?

    With respect to the routers and switches, or the core stacks that we get, they seem to be pretty comparable so I don't have any issues with the licensing.

    Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.

    Which other solutions did I evaluate?

    While we have a partnership with Cisco, there are other products that have been used within the company. After evaluating other products such as those by Barracuda, it just happened that this solution worked out better for us. I like the Cisco reputation.

    What other advice do I have?

    With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward.

    My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco.

    I don't have any issues with this solution, so I would rate it a ten out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    George Karani
    IT Manager
    Real User
    Simplified VPN Interconnection, easy to manage, and scales well for SMB

    Pros and Cons

    • "The feature I find most valuable is the Cisco VPN Interconnection."
    • "They should allow customers to talk to them directly instead of having to go through the reseller."

    What is most valuable?

    The feature I find most valuable is the Cisco VPN Interconnection.

    The file features are useful as well. They're good at packet tracing. They are very straightforward. I would say that the Cisco ASA ASDM makes it very easy to manage the firewall.

    What needs improvement?

    I would say the pricing could be improved. It's quite expensive, especially for the economy.

    I'd like to see them more integration so that I don't need other parties for protecting my network. If I could just have ASA firewalls for perimeter protection and LAN protection, then I'm good. I don't need so many devices.

    I would like to see improvements for client protection.

    For how long have I used the solution?

    I've been using the solution for four years.

    What do I think about the stability of the solution?

    My impression is it's a stable solution. I could sound biased, but if you have a device working for four years and it's still working and people are using it, then it's stable.

    What do I think about the scalability of the solution?

    Scalability depends on which device you have.

    It's quite scalable if you have either the ASA, even if you had the new ASA firewall services, even if you had the one with the capacity of about 500 MDP. It isn't scalable for three hundred people connecting to it. I would say it is good for medium branch offices.

    I'm not sure if we have plans to extend the service.

    How are customer service and technical support?

    Technical support is good. The only thing is that Cisco cannot support you unless you have a contract with them. You have to go through the reseller in Africa. I don't see why Cisco cannot communicate directly with the customer, especially when I can prove that I have the device. They should allow customers to talk to them directly instead of having to go through the reseller.

    Which solution did I use previously and why did I switch?

    I previously used SonicWall. I'm not the one who decided to switch, I just know that previously we used SonicWall.

    How was the initial setup?

    The initial setup was straightforward. Within in an hour you're done, including with your basic training. For implementation, you need one to two people. You should have one senior network administrator. Two people can maintain it if they have the skill.

    What about the implementation team?

    I did the implementation by myself. If you decide to do it by yourself, you need basic knowledge. If you don't have that you would need a contractor.

    What's my experience with pricing, setup cost, and licensing?

    This solution might be expensive, but it is economical in the long run.

    What other advice do I have?

    The functionality is fine.

    When they prove to me they cannot be hacked then I can give them a ten.

    I would rate this solution as eight out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    EM
    Technical Manager at a comms service provider with 501-1,000 employees
    Vendor
    Offers good security and stability

    Pros and Cons

    • "What I like about Cisco is the security zone. By default when you configure it, it gives you a security zone, which other firewalls don't have."
    • "I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv."

    What is most valuable?

    One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination)

    A security level will define how trusted is an interface in relation to another interface on the Cisco ASA.

    The Higher is the security level, is the more trusted is the interface.

    The highest security level is , “ Security Level 100” .

    Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful:

    - Firepower services

    - Security context

    - Firepower management



    What needs improvement?

    Normally in terms of design, the user prefers to use Cisco ASAv as a border router or a border firewall, because you have two different kinds of firewalls. You have a firewall when the data communication enters the network, and then you have a firewall, for when you've been inside the network. So, for the inside network firewall, Check Point is better because it can make a better notation of your network infrastructure. But, for the incoming data, or border firewall, ASAv is better. In terms of improving the interface, if you compared to the Check Point file, then I think that ASAv should be better. They should improve the interface so that it's similar to the Check Point firewall.

    For how long have I used the solution?

    I've been using the solution for the past three years.

    What do I think about the stability of the solution?

    The Cisco ASAv is really stable, especially if you compare it to Check Point. Not long ago Check Point did release one virtual firewall, and the virtual firewall of Check Point is not stable.

    The hardware version of the firewall is more stable than the virtual one. In terms of the data center, many companies have a virtual data center in a group environment. Many companies want to have a virtual firewall, but the one from Check Point, in comparison to Cisco, is not stable at the moment. 

    What do I think about the scalability of the solution?

    The solution is really scalable.

    How are customer service and technical support?

    I haven't dealt with technical support. We just check online, and if we have to contact Cisco about major issues, it's an internal department dealing with that. I don't know how technical support is, because our technical support team is located in Sofia, and I am in the Netherlands, so I don't have any view on that.

    How was the initial setup?

    The setup is always different. If you have a small company, the setup is quite easy, but if you have a bigger company the setups are quite complex. Cisco is pretty good in routing. So in bigger situations, configuring the ASAv file is pretty straightforward.

    The deployment also depends on the customer's site. So, the time changes because most of the time we have to do a migration. For example, some customers have an old firewall, and you have to migrate things to a new one. And sometimes, it's just copy/paste, but in some situations, we cannot migrate all firewall configurations to a new one.

    In terms of how many people you need for deployment and maintenance, again, it's dependent on the company strategy around the help desk. You should have a maintenance engineer who should be part of a team. The deployment will be done in a team. You can have one person to do the deployment but usually, you always have a backup, so it would be two. And then, for the maintenance, it can be one person or two. The maintenance can be done on the site desk, operating after office hours, so it depends.

    What other advice do I have?

    It's difficult to give specific advice on the solution because it always depends on the design solution and the strategy. So what I would recommend is to use different firewalls and to use Cisco ASAv as a border firewall.

    I would rate this solution as 7.5 out of 10. I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than on ASAv, so that's why I say this. If you want to make things easier for an engineer, you always have to work on the interface. But the product, in and of itself, there's nothing wrong with it.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user1073460
    Security Solution Architect at a financial services firm with 5,001-10,000 employees
    Real User
    Good documentation for the configuration

    Pros and Cons

    • "The most important feature is its categorization because on the site and social media you are unified in the way they are there."
    • "I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it."

    What is our primary use case?

    I worked for a Telecom provider, and we gave this solution to our customers.

    What is most valuable?

    The most important feature is its categorization because on the site and social media you are unified in the way they are there.

    What needs improvement?

    I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it.

    Apart from the cost, I think Cisco is quite well-positioned in the market. Also, in terms of site capabilities, other companies are still in the lead. 

    The price, integration, and licensing models are quite odd.

    For how long have I used the solution?

    I have been using Sourcefire for two or three years.

    What do I think about the stability of the solution?

    We didn't have any problem with its stability.

    What do I think about the scalability of the solution?

    Scalability depends on the requirements of the license. The licensing scheme is complicated and not straightforward. I think there were around 200 users, sometimes more.

    Which solution did I use previously and why did I switch?

    We used to use Fortinet, but we switched because of the lack of integration.

    How was the initial setup?

    The initial setup was of a medium complexity. This was especially true when it came to integration of the data servers.

    What about the implementation team?

    We used a consultant. They were very helpful. The documentation was quite easy to find for configuring the devices. We thought the boxes would be more parceled or more completely behind, but it was not a problem. The data was there.

    What other advice do I have?

    I would recommend this solution. I would rate this solution as eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Farhad Foladi
    Cloud Services Operation Engineer at Informatic Services Company (ISC)
    Real User
    The end-user VPN with ASA allows us to connect the firewall to edge servers for security

    Pros and Cons

    • "We are using the Cisco AnyConnect for our end-user VPN with the ASA."
    • "I would like to see them release a patch for ASAv with cross-platform FirePower integration."

    What is our primary use case?

    We are using both Cisco ASAv and FTD (Firepower Threat Defense). FTD has a better interface, but we have both of them running.

    We are using Cisco ASAv for the FirePower service. We use a custom interface for our firewall.

    How has it helped my organization?

    Cisco ASAv is part of our central solution. You can use the ASA family or go on the portal for normal ASAv. We use FirePower at the edge of the network. 

    If you are working with cloud services, it's better to use the ASAv family or other Cisco solutions.

    What is most valuable?

    We are using the Cisco AnyConnect for our end-user VPN with the ASA. 

    If a user wants to connect to our network, they access it via the Cisco intranet and connect to the firewall at the edge.

    What needs improvement?

    I don't have any experience with the price, but ASA is a comprehensive solution.

    In the next update of the Cisco ASAv, I would like to see them release a patch for ASAv, i.e. to put the FirePower solution into the cross-platform integration.

    For how long have I used the solution?

    We are using the Cisco ASAv security solution in our company for three or four years.

    What do I think about the stability of the solution?

    Normally, in ASA, we have good stability.

    What do I think about the scalability of the solution?

    The scalability of ASAv we can easily manage. We can have good scalability in different times but we don't have HA in ASAv. Some features are removed in ASAv. 

    If it's a normal ASA, i.e. a physical device, you have many more ways to scalability.

    How are customer service and technical support?

    For technical support, I have little experience with Cisco, unless they patch some issues. I raised a ticket and got the response immediately. They are very supportive.

    How was the initial setup?

    For me, ASA is easy. The deployment of ASAv is done in 20 minutes.

    What about the implementation team?

    We used both an integrator and reseller for the deployment. For the initialization, it was me for our company. If we have an issue, we can raise a ticket or call for a Cisco patch. 

    For the Cisco ASAv installation, I did it myself.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for Cisco ASAv depends on your license. With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect.

    Our license is for one year only, renewable at variable pricing.

    What other advice do I have?

    On a scale from one to ten, I would rate this product at nine. Cisco ASAv is good in many advanced networking features.

    I'm working with Cisco. They have competition with many vendors.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    TP
    Systems Administrator at a manufacturing company with 501-1,000 employees
    Real User
    Fine scalability and stability, but not well suited for a small business

    Pros and Cons

    • "The basic setup is fine. We're just one person. It's only when you want to do some more sophisticated setup like channeling and stuff like that that it's more complicated."
    • "The user interface is old fashioned."

    What is our primary use case?

    Our primary use case of this solution is for a firewall.

    What needs improvement?

    The user interface is old fashioned.

    For how long have I used the solution?

    I've been using the solutions for approximately 10 years.

    What do I think about the stability of the solution?

    The stability is fine. There's nothing wrong with Cisco.

    What do I think about the scalability of the solution?

    The scalability of the solution is fine. 

    How are customer service and technical support?

    We bought it from a supplier and they supplied the support, as well, and that's been fine.

    Which solution did I use previously and why did I switch?

    We previously use a Cisco solution but it was a different version.

    How was the initial setup?

    The basic setup is fine. We're just one person. It's only when you want to do some more sophisticated setup like channeling and stuff like that that it's more complicated. Deployment takes about 4 hours.

    What's my experience with pricing, setup cost, and licensing?

    The product was expensive. Also, a lot of features weren't there even though they can be implemented. There are so many additional subscriptions that are needed to get the full features.

    What other advice do I have?

    I liked that it had a full feature set from the beginning instead of having to buy features along the way. It's not like it's a cheap device. So, when you pay a lot of money for a device and then have to pay extra for facilities, that's a bit annoying. 

    I would rate the solution 7 out of 10. If you are a large business with a lot of Cisco devices or Cisco knowledge in the house already, then the Cisco firewall is the way to go. You might also have some better agreements with Cisco if you have a lot of stuff already. If you're a small company, I don't think I'd choose Cisco.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Michael Collin
    Senior System Engineer at a tech services company with 11-50 employees
    MSP
    Easy to use and easy to understand how to open a port, how to manage and how to route a device

    Pros and Cons

    • "The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor."
    • "The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco."

    What is our primary use case?

    I primarily use it for my small company to protect 5-10 users.

    What is most valuable?

    The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.

    What needs improvement?

    The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco. I think in Cisco it's more complicated to do that, in my opinion. 

    It could also use a better web interface because sometimes it's complicated. The interface sometimes is not easy to understand, so maybe a better interface and better documentation.

    For how long have I used the solution?

    I've been using this solution for 8 years.

    What do I think about the stability of the solution?

    My impression of the stability of the solution is that it's very good.

    What do I think about the scalability of the solution?

    I don't have a sense of the scalability. I never extend the processes or usage.

    How are customer service and technical support?

    My experience with customer service is very good in general. When I have a good person on the phone, or on the email, it's in general very fast and the reply is good. It's a good solution in general.

    Which solution did I use previously and why did I switch?

    I previously used Juniper before Cisco, but only for one year. I switched because my company only used Cisco.

    How was the initial setup?

    The initial setup was not complex, it's just difficult to find out how to do it. The FAQ is not clear. In terms of deployment, it depends on the client, but deployment takes about an average of six hours.

    What about the implementation team?

    In general, I implement the solution myself.

    What other advice do I have?

    I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. 

    I would rate the solution 8 out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    NA
    IT Infrastructure Manager at Beltone financial
    Real User
    Secure, stable, and their technical support has excellent service

    Pros and Cons

    • "The features I found most valuable in this solution, are the overall security features."
    • "It could also use a reporting dashboard."

    What is our primary use case?

    We have around 250 users and security is extremely important for us. 

    What is most valuable?

    The features I found most valuable in this solution are the overall security features. 

    What needs improvement?

    The overall application security features can be improved. 
    It could also use a reporting dashboard. 

    For how long have I used the solution?

    Our company, Beltone Financial, has been using Cisco ASAv for about three years now.

    What do I think about the stability of the solution?

    I found that Cisco ASAv is a really stable solution. 

    What do I think about the scalability of the solution?

    I haven't tested scalability yet, but I believe it is a very scalable solution. We currently have 250 employees working on it without any issues.

    How are customer service and technical support?

    The few times I've had to call in technical support, the service was excellent. I've had no issues.

    Which solution did I use previously and why did I switch?

    Our company has used various other solutions in the past. We've decided to also install Cisco ASAv to add extra features to our system.

    How was the initial setup?

    The initial setup was straightforward and it took me about two days to do the installation. The fine tuning took about a week. I am the IT Infrastructure Manager of our company, but I don't believe that individuals without IT knowledge would struggle to do the installation themselves.

    What about the implementation team?

    We didn't use any consultant for the deployment - we installed and implemented Cisco ASAv ourselves and we didn't experience any problems.

    What's my experience with pricing, setup cost, and licensing?

    We pay an annual fee.

    Which other solutions did I evaluate?

    We have used many other solutions in the past and we constantly look out for other options. So we didn't switch to Cisco ASAv, we simply started using it together with another solution. We now use two products in the same time.

    What other advice do I have?

    I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Donald Fitzai
    LAN admin at Cluj County Council
    Real User
    Powerful firewall that is easy to manage and easy to configure

    Pros and Cons

    • "The firewall power that comes with Cisco ASAv is the most valuable asset. They are are very easy to manage."
    • "We found it difficult to publish an antennae sidewalk with the ASDM. I think Cisco should improve this by creating a simpler interface for the firewall."

    What is our primary use case?

    We need a good and generic firewall which is why I bought Cisco ASAv. I also needed a secure VPN. The real reason I bought it though, was for the firewall. 

    What is most valuable?

    The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure. 

    What needs improvement?

    There definitely is room for improvement. We found it difficult to publish an antenna plug with the ASDM. Cisco should make the interface for the firewall more simple. 

    For how long have I used the solution?

    My company has been using Cisco ASAv for three years now.

    What do I think about the stability of the solution?

    This product is very stable. Before installing Cisco ASAv, I had two or three viruses in my network. Since installing ASA, I have not had any problems with viruses. There is a huge difference with and without ASA.

    How are customer service and technical support?

    I am satisfied with the customer service because the assistance I got from the Cisco engineer was very good.

    Which solution did I use previously and why did I switch?

    I used a different solution before. I used Meraki and it was a little simpler to use. However, currently, I only have Cisco routers.

    How was the initial setup?

    The initial setup for Cisco ASAv was fairly simple. It wasn't very complicated, it would be okay for an intermediate professional. It can be made easier. I believe almost anybody could set up an ASA in a few hours. It took about two to three weeks for the platform to work properly.

    What about the implementation team?

    The installation wasn't complicated at all and I got help from a Cisco engineer. 

    What's my experience with pricing, setup cost, and licensing?

    I bought a license for three years and it was really affordable. 

    Which other solutions did I evaluate?

    I did consider other options as I have experience with Meraki and other devices. Meraki is simpler to use, but I decided on Cisco ASAv. 

    What other advice do I have?

    I am really satisfied with the product and I rate this an 8.5 out of ten. The reason why I wouldn't rate it a ten, is because I find it a little more complicated to set up a firewall for publishing than when using Meraki. I therefore believe there is room for improvement.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    CS
    Information Security Officer at a government with 501-1,000 employees
    Real User
    Lots of bug fixes are required and it did not pass our in-house evaluation

    Pros and Cons

    • "Integration with all the other Cisco tools is valuable."
    • "With regards to stability, we had a critical bug come out during our evaluation... not good."

    What is our primary use case?

    We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.

    How has it helped my organization?

    Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.

    What is most valuable?

    Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.

    What needs improvement?

    The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.

    For how long have I used the solution?

    Trial/evaluation only.

    What do I think about the stability of the solution?

    With regards to stability, we had a critical bug come out during our evaluation.

    What do I think about the scalability of the solution?

    It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.

    How are customer service and technical support?

    Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.

    Which solution did I use previously and why did I switch?

    We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.

    How was the initial setup?

    We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.

    What about the implementation team?

    Our in-house team tested and evaluated the solution.

    What's my experience with pricing, setup cost, and licensing?

    Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.

    Which other solutions did I evaluate?

    Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.

    What other advice do I have?

    Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?

    We chose a different solution after performing in-house testing.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    SM
    Information Security Manager at Tactical Air Support
    Real User
    Easy to use and has helped to secure our Internet Edge

    What is our primary use case?

    Our primary use case for this solution is to protect the Internet Edge, and our VPN (Virtual Private Network).

    How has it helped my organization?

    We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.

    What is most valuable?

    The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

    What needs improvement?

    The product would be improved if the GUI could be brought into the 21st Century.

    For how long have I used the solution?

    One to three years.

    What is our primary use case?

    Our primary use case for this solution is to protect the Internet Edge, and our VPN (Virtual Private Network).

    How has it helped my organization?

    We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.

    What is most valuable?

    The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

    What needs improvement?

    The product would be improved if the GUI could be brought into the 21st Century.

    For how long have I used the solution?

    One to three years.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Mbaunguraije Tjikuzu
    Information Security Administrator at Bank of Namibia
    Real User
    Valuable Firewall Capabilities Recommended for Filtering and Intrusion Prevention

    Pros and Cons

    • "Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside."
    • "Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer."

    What is our primary use case?

    We are using the Cisco ASA NGFW as a next-generation firewall. We are using the 5516-X version. Our primary use case of this is as an X firewall for external connections.

    How has it helped my organization?

    Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.

    What is most valuable?

    The most valuable features are the firewall capabilities, filtering, and intrusion prevention. 

    I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features.

    What needs improvement?

    Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    Stability is excellent.

    What do I think about the scalability of the solution?

    It can easily scale. If you want, you can scale it to a lot of traffic. It's an X file, so all of our users are going through it.

    We only require one administrator for the solution. For deployment and maintenance, it depends on how many developers you have. We require two dedicated staff at a minimum. 

    Naturally, we employ both security technicians and administrators. Cisco ASA NGFW is being used at all our branches, and we'll continue using it in the future.

    How are customer service and technical support?

    The technical support from Cisco is excellent.

    Which solution did I use previously and why did I switch?

    We have only been using Cisco solutions.

    How was the initial setup?

    The initial setup of the Cisco ASA NGFW is not easy, but at the same time also it is not complex. It's somewhere in the middle. It took about 4 weeks, then it was activated.

    What about the implementation team?

    We used a reseller consultant for the deployment.

    What's my experience with pricing, setup cost, and licensing?

    Our licensing costs for this solution is on a yearly basis. Just for the firewall, it's about $1.5 million USD.

    Which other solutions did I evaluate?

    We evaluated Palo Alto Networks, Fortinet FortiGate, and Checkpoint products.

    What other advice do I have?

    For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them.

    I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Beka  Gurushidze
    System Administrator at ISET
    Real User
    Robust cyber-security features protects server infrastructure

    Pros and Cons

    • "Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization."
    • "There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products."

    What is our primary use case?

    I have been using the Cisco ASA NGFW for about four months. Everything works fine right now. We have only been using this device for a very short period of time. 

    • We have about 500 registered users and about 400-600 static users. 
    • For 400 to 600 users with wireless devices, we use Cisco ASA NGFW to control device traffic. We're using the new web filters. 
    • We use Cisco ASA NGFW as the bit application.

    Thus far, we are using it as a web filter to filter the data against incoming traffic. We are an educational organization, so there is no gambling allowed. We don't want to allow students access to gambling sites or adult sites, etc. We use lots of web filters. That's the primary reason I installed the Cisco firewall. 

    We are also happy with the Cisco ASA NGFW router firewall. It protects your small server infrastructure, but it's not complete. We purchased the Cisco ASA NGFW for the web filter. That's why we moved to the firewall.

    How has it helped my organization?

    Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization. 

    We have an opportunity to grow now. The Cisco ASA NGFW firewall can be upgraded to another version, so it's better for us long term. It is much better because we can control the traffic that students are accessing and downloading. There are still a lot of improvements that can be done. 

    What is most valuable?

    For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections.

    What needs improvement?

    We installed a Cisco path a month ago. There was a new update for the Cisco firewall and there were security issues.

    We like Cisco filtering as a firewall, but in the current market, Cisco's passive firewall is not unique. We don't have any warranty problems with Cisco. 

    I asked our carrier several times to provide the exact gap code for me, but there is no Cisco dealer in our region. There is also no software accessibility with Cisco ASA NGFW. You can't always access the product that way. I also tried pfSense.

    There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products. 

    Cisco products are more supported by lots of companies who are producing technical services for cloud platforms. The certification is very easy in Georgia now. There are lots of people using Cisco in Georgia because their accessibility is better than the other products on the market. I also talked to several guys about the Barracuda firewall.

    The Barracuda firewall is very expensive. You need to pay three or four thousand dollars every three months, so it's very expensive for us. We are not a big company.

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    For our users, there are rules for the students and staff have another RF for authorization. There are small file servers also within the domain controller. 

    There is no special restriction for the students. They can print. They can visit outside websites online, but there is no gambling allowed at other sites.The students can access whatever they want over email or HTTP. Only the gambling and the betting sites, they cannot install the software. There are restrictions. 

    The students can use their own mobile phones or wireless devices, whatever they want. They are using the shared public key authorization. Our institution doesn't have any restrictions about accessing legal data. Except in Georgia, we have a very big problem with gambling websites. There are a lot of gambling websites, so we are trying to restrict all of the gambling sites at our company. We have a contract for the next year. 

    What do I think about the scalability of the solution?

    We are growing. In the next two years, we will have an additional 600 users, so we will double the capacity. We will see even more in the next three years. 

    It will be like very tough. In about five-year cycles, you need to update the firewall and add other new Cisco devices for the next generation of innovation.

    In five years, we will be ready for a complete upgrade cycle for everything. The stability and scalability of the Cisco ASA NGFW are good for when we need to grow. 

    For the next five years, everything is fine. After that, we will see because there will be a lot of changes.

    How are customer service and technical support?

    Technical support with Cisco is very good. We feel the company is very reliable and very competent. I have very good feelings about the future for project operations.

    Which solution did I use previously and why did I switch?

    We had the old version of the Kerio firewall, but because in our country, there is no official dealer for Kerio, we moved to the Cisco ASA NGFW. This is the main reason why we moved to the Cisco firewall.

    How was the initial setup?

    We announced the tender and bought this product with the installation plus setup included in the price. I was not involved in the installation or in the setup. 

    The company just asked a consultant to do it. The whole process, after we announced the tender, took about one to two weeks. The consultant company installed the software. They also helped us to optimize other parts of the network such as the routers and switches.

    The setup of the Cisco ASA NGFW was complex, not only for us as a firewall. We have now submitted another tender for a device router with two-node switchless support. We updated almost everything on the Cisco ASA NGFW with the core and distribution level software upgrades.

    What's my experience with pricing, setup cost, and licensing?

    We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.

    The Cisco license was not yearly. It was a yearly license for the firewall. For the router and switch, it was a lifetime license.

    Which other solutions did I evaluate?

    The other option we considered was Kerio. I tried to contact their office in Russia, but it is in the UK. I wanted to communicate with them because we cannot buy things without a warranty.

    We considered buying Kerio products with the warranty, but they said we needed to send the device to them to repair it. This meant it would take too much time to replace it. In Georgia, we need a local distributor, i.e. a local representative here who we can work with, so that's the problem.

    What other advice do I have?

    In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem.

    I would rate Cisco ASA NGFW an 8 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Ahmed Nagm
    IT Solution Consultant at PCS
    Reseller
    Top 5
    Offers Excellent Stability and Endpoint Protection

    Pros and Cons

    • "The feature that I found most valuable is the overall stability of the product."
    • "One of my main concerns, an area that could use improvement is in adjusting the need to buy a license to enable features."

    What is our primary use case?

    The primary use case for this solution is on the client side. PCS stands for
    Perfect Computer Systems. We are an integration company, we specialize in solution integration, bringing together component subsystems into a whole and ensuring that those subsystems function together.

    How has it helped my organization?

    Cisco ASA NGFW has improved our organization by providing more internet protection. Also, for the end user, it provides easy access from outside for users accessing the site.

    What is most valuable?

    The feature that I found the most valuable is the overall stability of the product. 

    What needs improvement?

    The two areas that need improvement are the URL filtering and content filtering features.

    These features are both very crucial to the end user environment. One of my main concerns and an area that could use some major improvement is the need to pay for licensing in order to enable necessary additional features. Included in the next release, I would like to see these features integrated into the products' functionality without having to pay for them on an individual basis.  

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    My impression of the stability of this solution is that it's great, excellent! 

    What do I think about the scalability of the solution?

    As far as scalability, I haven't had any performance issues so far. There really isn't high utilization coming from the operations environment, so I don't need to upgrade the tier at the moment.

    How are customer service and technical support?

    I don't have much experience with technical support since contacting tech support incurs additional costs. I have been relying on my technical knowledge and experience so far.

    How was the initial setup?

    The initial setup was straightforward, though I find as we proceed we need an extra feature or two to enable all the functionalities and protection of the tool. It's an ongoing process. We have to be quick and agile to provide client support.

    What about the implementation team?

    We implemented through an in-house team. 

    What was our ROI?

    The stability is the greatest ROI for this solution. 

    What's my experience with pricing, setup cost, and licensing?

    My advice, since I have to pay for licensing each feature that I need to enable, like URL filtering, is to look at a pfSense. That is what we are doing because you have to pay for greater protection, a total solution can be very costly. We are looking at a pfSense, to bring down the total cost. The correct price point, in comparison to other platforms, is the main factor here.

    Which other solutions did I evaluate?

    During our initial decision-making process, we evaluated other options but the distinctions between all the options were quite minimal.

    What other advice do I have?

    I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me.

    I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution.

    Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution.

    I would give this product a rating of 9 out of 10!

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Seang Haing
    Team Leader Network Egnieer at deam
    Real User
    Efficient at improving client operations and has excellent stability

    Pros and Cons

    • "The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA."
    • "Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility."

    What is our primary use case?

    We use Cisco ASA with Firepower. Currently, we have been implementing the solution for around four years. Our company has been around for a long time, more than ten years. We cover the solutions for Network Direct Turbo ATM at the moment, it's a lot of the security work.

    How has it helped my organization?

    Cisco ASA is best at the technical part of the business, related to our selling and management services. We have to improve the technical functionality of the product as part of making an efficient service for the customer. We need to improve the customer's technical experience with Cisco ASA & Firepower.

    What is most valuable?

    There are two main ways that using Cisco ASA & Firepower has improved our organization:

    1. Technical features
    2. Our Sales team

    What needs improvement?

    With Cisco ASA, we used the SMB of the model. The customers are usually satisfied, but I am going to recommend that all clients upgrade to Firepower management.

    For Cisco ASA Firepower, I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    The stability of Cisco ASA is excellent compared to other products on the market. The performance is good. Compared to Fortinet on the watchband firewall, it is indispensable. Because of our customer experience as an integration company, our clients never report any performance problems. We have good performance from Cisco ASA.

    What do I think about the scalability of the solution?

    ASA is limited in terms of its scalability because of our customer environments. They are in the banking and microfinance sector. Our clients always want to move to the next generation firewall so they like FirePOWER. When we move clients to Firepower, they need to integrate with Sourcefire and move into more complicated management.

    We have the staff perform the migrations to Firepower. We redirected traffic with Sourcefire and also require the use of FMC by our management center with Firepower.

    How are customer service and technical support?

    I've been exploring the technical support for Cisco ASA. I haven't had any problems with it.

    How was the initial setup?

    The initial setup is straightforward. 

    What other advice do I have?

    I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300.

    I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MD
    Network & Security Administrator at Diamond Bank Plc
    Real User
    Enables us to to track traffic in inbound and outbound patterns so we can set expectations for network traffic

    Pros and Cons

    • "I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference."
    • "The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used."

    What is our primary use case?

    I am a banker. I'm working in the bank and our equipment is mostly based on Cisco for the moment. We have some incoming projects to deploy from Fortigate to firewalls.

    Cisco ASA is that something I used when I was preparing for my CCNP exams. I've been using it on the incoming project that we want to do right now. 

    It is easy to deploy Cisco ISP solution in the bank I'm working in, i.e. Cisco Identity Services Engine. We're already used Cisco ISSO. 

    I have three Cisco ASA modules:

    1. Security for perimeters
    2. Security for data centers
    3. Data center recovery

    I have been using Cisco ASA since I've been at the bank for more than two years now. The model is 5515X. I have two modules of 5515X and the third one is the old 55105. 

    My primary use of Cisco ASA is to take advantage of all the features. I use it to enforce security policy and also to take advantage of the Firepower module.

    I have a firewall module on my two instances of 5515X. On the Firepower side, I use all features on Firepower modules that are included in the AMP.

    How has it helped my organization?

    The biggest improvement has been in the internet features. We have been asked to prohibit internet access for all users except the bank services division and that is improved. 

    For AMP features, we use Cisco ASA to track traffic in inbound and outbound patterns, so we can set expectations for network traffic. I also used the exception for encrypted traffic. 

    One problem: Before installing encrypted traffic, I had to decrypt it first. Before setting it back, I encrypt it again. That's just the way Cisco ASA functions.

    What is most valuable?

    I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. 

    Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience.

    • All my change requests are for Cisco ASA to work more on ease of management. 
    • All of the features of Cisco ASA are used by all of the other vendors on the market. 
    • The firewall solutions are all based on the same network equipment. 

    The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features.

    What needs improvement?

    The installation and integration of Cisco ASA with Firepower can be improved. I used Fortigate as well and I can say that Fortigate's features are more usable. 

    The management with Fortigate is easier than Cisco ASA on Firepower. The management side of Cisco ASA can be improved so it can be more easily configured and used.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    The stability of the Cisco ASA platform is okay. I know that Palo Alto is the first rated one, followed by Fortinet.

    What do I think about the scalability of the solution?

    The scalability is based on module support. We have a stand-alone version. It is not 100% applicable to talk about scalability at this point. 

    There is another Cisco ASA module available that is more scalable than ours. For the module I have, the stand-alone, the scalability is not as good as on the higher model. 

    The 5585 model, allocated for data center security, can be facilitated into the switching spot or the working spot in our data center. We can recommend the scalability there. 

    For the module I have, I'm using it as a stand-alone. I don't think it is scalable too much at this point. 

    I'm using Cisco ASA in my organization to support about 150 staff. For maintenance, I do all of the work myself.

    How are customer service and technical support?

    I do everything if you need a Cisco ASA solution to be deployed for an infrastructure requirement. We are just a team of three. There is just me and my colleagues. 

    I'm in charge of all the infrastructure system, including the network and security infrastructure. On all tasks related to the system security and network infrastructure, I'm in charge of it.

    I had to work with Cisco customer support two or three times, a long time ago. I had to work with them based on a problem with my call manager. We had a good ability to work together with Cisco customer support. It was normal. 

    They asked about the information on the installation. I had to upload it to them. They took that and came back to my problem with the results. I had a good experience with them.

    Which solution did I use previously and why did I switch?

    I didn't use a different solution in my bank, but on some other enterprise jobs, I used some unique firewall solutions. 

    Since I have been at the bank, only Cisco ASA has been deployed. We just added two new modules. In the bank, we only use Cisco ASA solutions.

    How was the initial setup?

    I will say Cisco ASA has a complex setup just based on the security policy we have to enforce (asked by the chief, the CIO). For me, it's not complex. 

    Cisco ASA is not difficult because I am in it for a year so it's easy for me to understand. I have no problem on the technical side. I always manage to do what I'm asked to do on security-side enforcement. I have no problem with that. It's normal for me. 

    It was 2 years ago that we were trying to deploy our facility equipment. We took advantage to deploy the Cisco ASA firewall (model 5515X). 

    For now, it's the only one. Since then, we're using it in an upcoming project. I will have to deploy some Fortigate and Cisco ISL as well.

    What about the implementation team?

    I don't have a technical problem implementing Cisco ASA. I am a double CCNNP and I'm preparing for my CCIE. On the technical side, I don't need help.

    I had to work with external partners because they provide us with uptake equipment. They're available to follow up on the project with us. 

    We just had to make some tests to deploy some labs. However, when it comes to configuring Cisco ASA for production, I was alone. 

    On a security basis, we couldn't let the partner know the details of our address space. This is prohibited within our organization by security policies. 

    I had to re-do everything from scratch. For this implementation of Cisco ASA & Firepowe, I was alone.

    What's my experience with pricing, setup cost, and licensing?

    The licensing for Cisco ASA is on a yearly basis. We have to renew the Firepower module license. We are in the process of renewing this one. 

    I just made the demand. They have the management who is charge asking about the price and payment terms on different offers. 

    Which other solutions did I evaluate?

    We are just a branch bank. The decision is not made here and the branches just have to follow the central policy.

    What other advice do I have?

    Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency.

    I would rate Cisco ASA with an 8 out of 10 points.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    HJ
    Senior Executive Technical Support at AITSL
    Real User
    The product has saved us a lot of time, and once we deployed the solution, it worked

    Pros and Cons

    • "We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area."
    • "The initial setup was completely straightforward."
    • "Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems."
    • "We have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly."

    What is our primary use case?

    Primarily, we are just using it as a firewall, mostly to protect our internal SQL network (our primary network). At the moment, we are not using Cisco Firepower for our services. We just use it as a firewall.

    How has it helped my organization?

    We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area, where they cannot directly connect onto the Internet.

    What needs improvement?

    It does not have a web access interface. We have to use Cisco ASDM and dial up network for console access, mostly. This needs a bit of improvement.

    Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems.

    It should have multiple features available in single product, e.g., URL filtering and a replication firewall.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is very stable. We have routers entirely from Cisco, which are still working after ten years of deployment. I would rate the stability as a nine out of ten.

    We have two people maintaining it. It does not require intensive work. We have an expert in switching technology, and another person who is knowledgeable in routing and network security.

    What do I think about the scalability of the solution?

    The scalability is good.

    How are customer service and technical support?

    The technical support of Cisco is very good. Nowadays, you can get anything over the Internet. They provide help over the Internet. There is a very full forum, which is manually supported.

    How was the initial setup?

    The initial setup was completely straightforward. 

    However, we have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly.

    Deployment takes two or three days. We are continuously deploying the solution to our plants over time.

    What about the implementation team?

    We do the deployment in-house.

    What was our ROI?

    ROI is part of the infrastructure costs. The product has saved us a lot of time, and once we deployed the solution, it worked.

    What's my experience with pricing, setup cost, and licensing?

    The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.

    I would rate the cost as a six or seven out of ten.

    Which other solutions did I evaluate?

    Nine or ten years ago, there were few options at the time.

    Currently, we are using Barracuda for our more general Internet access. We use Cisco for our more protected environment.

    What other advice do I have?

    I would recommend the product, but cost is a big factor. Some companies cannot afford expensive products, like Cisco and Palo Alto.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    NP
    CEO at Synergy IT
    Real User
    We can create a profile and can give access depending on the access level they need to be on

    Pros and Cons

    • "I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward."
    • "If I need to download AnyConnect in a rush, it will prompt me for my Cisco login account. Nobody wants to download a client to a firewall that they don't own."

    What is our primary use case?

    We use remote desktop services from our data center. We can clean the client and the remote desktop server and from there we can establish a VPN channel. 

    How has it helped my organization?

    We can create a profile and we can give them access depending on the access level they need to be on. All the way from level one to level 16. I just create the user and from the dropdown, I select what access level they need to be on and that's it. I don't need to go individually to each and every account and do the configuration.

    What is most valuable?

    I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward.

    What needs improvement?

    If I need to download AnyConnect in a rush, it will prompt me for my Cisco login account. Nobody wants to download a client to a firewall that they don't own. 

    I would definitely love to have a much nicer web interface compared to the systems interface that it has now. I also would like to download utilities without having to login into the system. Nobody would want to download a client unless they're going to use it with a physical firewall. I don't understand the logic. If I was a hacker, I could get someone to download it for me and then I can use the client. There's no logic behind it.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    I would rate their stability a nine out of ten. It's pretty stable. I never come across a situation where the firewall hangs and then I need to reboot it.

    What do I think about the scalability of the solution?

    Cisco is expensive and when you want to grow, it means you're going to need to spend some money but you can justify it.

    We have closer to 50 users on the firewall at the moment and do have plans to increase usage.

    Which solution did I use previously and why did I switch?

    We were previously using Sophos firewall but it had a lot of issues. 

    How was the initial setup?

    The initial setup is a little difficult compared to other firewalls but once you get it right, especially the assistant control list, it's fine. It's a little difficult compared to other firewalls. 

    The deployment took us about three days because we did some testing and we also did certain attacks and checked some hackers which is why it took some time. We wanted to make sure that it was at least 99.99% protected.

    What about the implementation team?

    We implemented through a UK company called Rackspace. 

    What's my experience with pricing, setup cost, and licensing?

    Licensing is expensive compared to other solutions. Especially in other regions because people are very careful when it comes to spending on IT infrastructure. My suggestion is, first test it, once you see how good it is you will definitely want to renew it. 

    What other advice do I have?

    I would advise someone considering this solution to just go for it. It's expensive but it's a robust solution. The only thing is that you have to convince your finance guy to go for it.

    I would rate it a nine out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Network Engineer at a media company with 51-200 employees
    Real User
    It creates a secure tunnel for our network. It is very scalable.

    What is our primary use case?

    It helps the firewall in our network and the VPN (Virtual Private Network). It creates a secure tunnel for our network.

    What is most valuable?

    The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility.

    What needs improvement?

    At times the product is sluggish and slow.  Sometimes when deploying a new configuration or role, it is painstakingly slow. It should be a little faster than it is. 

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    It is a very stable solution. 

    What do I think about the scalability of the solution?

    It is a scalable product. We have a lot of demand.…

    What is our primary use case?

    It helps the firewall in our network and the VPN (Virtual Private Network). It creates a secure tunnel for our network.

    What is most valuable?

    The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility.

    What needs improvement?

    At times the product is sluggish and slow.  Sometimes when deploying a new configuration or role, it is painstakingly slow. It should be a little faster than it is. 

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    It is a very stable solution. 

    What do I think about the scalability of the solution?

    It is a scalable product. We have a lot of demand.  But, it supports any additional network that we add. It expands easily. 

    How are customer service and technical support?

    Normally the Cisco tech support team are good. But, we have had some problems with tech support with this product. Some of the tech support team are really not familiar with how the IPS works. And, there is some disconnect between the tech support. Maybe they're not trained well. They're helpful, but not knowledgeable.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Cristian Serban
    Network Engineer at a financial services firm with 5,001-10,000 employees
    Real User
    Helps us to manage the security policies in different areas of our network

    Pros and Cons

    • "I haven't had any major problems so I haven't had to open a ticket with technical support."
    • "In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down."

    What is our primary use case?

    We use it on several layers of our network like in the border, internet edge, DMZ, some extranet parts of our network, and in the data center.

    How has it helped my organization?

    It's a reliable solution and a stable firewall. It helps us to manage the security policies in different areas of our network. 

    What is most valuable?

    We use ASA as a simple, scalable firewall. Its main advantages are the stability. We use it as an active standby and as a failover solution. We depend on this solution, we've used it for several years.

    What needs improvement?

    • Interaction with the equipment
    • Different interface with the product 
    • A more simple procedure in delivering policies to the equipment  
    • Simplified upgrade procedure
    • Tracking flows
    • Monitoring and logs should be easier.

    What do I think about the stability of the solution?

    It's quite stable. In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down. 

    What do I think about the scalability of the solution?

    It's not so scalable.

    How are customer service and technical support?

    I haven't had any major problems so I haven't had to open a ticket with technical support. 

    How was the initial setup?

    The initial setup was not so complex. Most of it was straightforward. We just needed to discuss different scenarios that we had to consider regarding the deployment scenario, what could go wrong and what could happen in the future. 

    What about the implementation team?

    We used Telekom Romania for the deployment. We did most of the job internally but they helped us to clarify some aspects regarding the architecture design.

    Which other solutions did I evaluate?

    We also considered Check Point. We chose Cisco because of its capabilities. We didn't need something so complex for this solution, just a straightforward firewall. It met our requirements. 

    What other advice do I have?

    I would rate it a nine out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Mahmoud Ashoub
    Team Leader, Information Risk Engineer at National Bank of Egypt
    Real User
    Data protection is a big benefit we see but some of their features need to be improved

    Pros and Cons

    • "Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good."
    • "Some of the features, like the stability, need to be improved."

    What is our primary use case?

    Our primary use case is for security. We are a bank in India and the data is very important for us. We use ASA for our security and protection.

    How has it helped my organization?

    Data protection is a big benefit we see from this solution. It protects our customers, our customer's accounts, and money, as we are one of the biggest banks in Egypt and the Middle East.

    What is most valuable?

    Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.

    What needs improvement?

    Some of the features, like the stability, need to be improved. 

    For how long have I used the solution?

    More than five years.

    What do I think about the scalability of the solution?

    The scalability is good. 

    How are customer service and technical support?

    Their support is good and helpful but sometimes it takes them a while to respond. We have been stuck in critical situations so we opened a critical ticket but it took them a while to respond. 

    How was the initial setup?

    The initial setup is easy. If we have an issue we contact their support. 

    What about the implementation team?

    We implemented ourselves. 

    What other advice do I have?

    I would rate it a seven out of ten. I would recommend this solution to a colleague. No product will give you 100% of what you're looking for but this solution is close. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    NH
    Chief Information Officer at Finance Corporation Limited
    Real User
    We're assured that all updates, all patches, and all fixes are done instantaneously

    Pros and Cons

    • "The greatest benefit for the organization is the confidence that we are secured."
    • "There may have been one or two incidences of malicious threats."

    What is our primary use case?

    We mainly use this solution for our firewall and it's one layer of our security. From the time that we've used it, the organization as a whole got a sense of security because Cisco is a known product. When we do need support locally or online, we get it instantaneously. We use this solution for a couple of things: for security, for their technical support, and in terms of the knowledge and skills of the team here that gave us a good grip and confidence in the use of the product.

    How has it helped my organization?

    It gives the organization a higher vote of confidence. When I joined the organization more than six years ago, we were using the old Cisco, and some of the products already reached their end of life. Some of the products were not in its latest state, in terms of security or license. We've learned a very good lesson there. Since then, when we upgraded we made sure that all the licenses and all the security facets are in place. It gives the organization a higher vote of confidence. There may have been one or two incidences of malicious threats, but it did not really bring down the organization to a level that we would all be sorry for. The greatest benefit for the organization is the confidence that we are secured.

    What is most valuable?

    Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection.

    What other advice do I have?

    I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    GS
    Center for Creative Leadership at a training & coaching company with 501-1,000 employees
    Real User
    Good scalability and good security features

    What is most valuable?

    Its security is the most valuable feature. 

    What needs improvement?

    The phishing emails could be improved. 

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is stable. 

    What do I think about the scalability of the solution?

    The scalability is good. I'm happy with the service. We are around twenty users. Some are in finance, some are in a mid-user roles, and some are in other official roles.

    Which solution did I use previously and why did I switch?

    We did not previously use a different solution. 

    How was the initial setup?

    The initial setup was straightforward. Implementation took two days. We needed two people for the deployment. 

    What's my experience with pricing, setup

    What is most valuable?

    Its security is the most valuable feature. 

    What needs improvement?

    The phishing emails could be improved. 

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is stable. 

    What do I think about the scalability of the solution?

    The scalability is good. I'm happy with the service. We are around twenty users. Some are in finance, some are in a mid-user roles, and some are in other official roles.

    Which solution did I use previously and why did I switch?

    We did not previously use a different solution. 

    How was the initial setup?

    The initial setup was straightforward. Implementation took two days. We needed two people for the deployment. 

    What's my experience with pricing, setup cost, and licensing?

    Pricing is high, but it is corporate's decision.

    Which other solutions did I evaluate?

    We didn't look at any other solutions. All of our campuses use Cisco products. This is why we chose this solution. 

    What other advice do I have?

    This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good.

    I would rate this solution an eight out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Fadil Kadrat
    Network Engineer at Banque des Mascareignes
    Real User
    Top 20
    Its VPN and ASN features are very stable. They are behind the market leaders for next-generation capabilities.

    What is our primary use case?

    I have deployed Cisco ASA as a terminator firewall. Normally, I would have preferred to have a sandwich configuration for firewalls: One possible firewall that would make an internal firewall and another for an external firewall. 

    How has it helped my organization?

    Cisco ASA is best suited for our external firewall protection.

    What is most valuable?

    Its VPN and ASN features are very stable.  It is easy to configure. 

    What needs improvement?

    In terms of next-generation capabilities, Cisco is a little behind. It is way behind leaders like Palo Alto, Check Point and Fortinet. While Cisco is headed in the right direction, it will take several years for it to get there.

    For how long have I used the solution?

    More than five years.

    How is customer

    What is our primary use case?

    I have deployed Cisco ASA as a terminator firewall. Normally, I would have preferred to have a sandwich configuration for firewalls: One possible firewall that would make an internal firewall and another for an external firewall. 

    How has it helped my organization?

    Cisco ASA is best suited for our external firewall protection.

    What is most valuable?

    • Its VPN and ASN features are very stable. 
    • It is easy to configure. 

    What needs improvement?

    In terms of next-generation capabilities, Cisco is a little behind. It is way behind leaders like Palo Alto, Check Point and Fortinet. While Cisco is headed in the right direction, it will take several years for it to get there.

    For how long have I used the solution?

    More than five years.

    How is customer service and technical support?

    When I need support, Cisco has provided quality support. I like working with them because of their support system.

    How was the initial setup?

    The setup was straightforward. I was happy with the configuration and deployment of the solution, as it was quick.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Aimee White
    Info Sec Consultant at Size 41 Digital
    Real User
    Top 5Leaderboard
    Keeps costs low and provides granular control using appliances familiar to the team

    Pros and Cons

    • "Among the top features are integrated threat defence and the fact that each virtual appliance is separate so you get great granular control."
    • "There are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates."

    What is our primary use case?

    Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.

    How has it helped my organization?

    Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.

    It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.

    What is most valuable?

    Top features:

    • Easy to deploy for staff to use VPNs
    • Ease of setup
    • Integrated threat defence
    • Great flow-based inspection device
    • Easy ACLs
    • Failover support
    • Each virtual appliance is separate so you get great granular control
    • Has own memory allocation
    • Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
    • License control
    • SSH or RESTful API

    What needs improvement?

    We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.

    Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.

    How was the initial setup?

    We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.

    What other advice do I have?

    Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.

    This solution gets an eight out of ten because it is easy, has the features we need, keeps costs low, and provides granular control using appliances that are already familiar to the team.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MM
    Coordinator Network Support at a manufacturing company with 501-1,000 employees
    Real User
    It provides security for our company and users

    What is our primary use case?

    It is our firewall solution. We connect to other locations, as well as use programs in-house.

    What is most valuable?

    The most valuable feature is the security that it provides our company and users. Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.

    What needs improvement?

    It needs improvement as a "Next-Generation" firewall solution. In addition, it needs to be more user-friendly. 

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    There is no downtime, and it is working great. 

    What do I think about the scalability of the solution?

    It is scalable. We have had no issues. 

    What's my experience

    What is our primary use case?

    It is our firewall solution. We connect to other locations, as well as use programs in-house.

    What is most valuable?

    The most valuable feature is the security that it provides our company and users.

    Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.

    What needs improvement?

    It needs improvement as a "Next-Generation" firewall solution. In addition, it needs to be more user-friendly. 

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    There is no downtime, and it is working great. 

    What do I think about the scalability of the solution?

    It is scalable. We have had no issues. 

    What's my experience with pricing, setup cost, and licensing?

    The initial setup was complex. But, after that, to maintain and keep creating rules it was easy.

    Which other solutions did I evaluate?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Munish Gupta
    Partner - Consulting & Advisory at Wipro Technologies
    Real User
    It provides the transparency of a single UI to ensure security

    Pros and Cons

    • "The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it."
    • "The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."

    What is our primary use case?

    Our primary use case is security.

    How has it helped my organization?

    From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.

    What is most valuable?

    The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.

    What needs improvement?

    The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    The stability is alright.

    What do I think about the scalability of the solution?

    Scalability is not an issue.

    How is customer service and technical support?

    Its technical support is the main reason why we selected the product.

    How was the initial setup?

    The integration and configuration are transparent and easy.

    What's my experience with pricing, setup cost, and licensing?

    We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.

    Which other solutions did I evaluate?

    We evaluated VMware Virtual Networking and Check Point.

    We chose Cisco because of the support and their roadmap for the changing technology landscape is good. Therefore, it is always better to be partnered with them.

    What other advice do I have?

    When you are going to select a product, don't look at the cost, but at the functionality. Also, look at the stability. These days, the startups will show a new function or functionality, but when looking for a partner, make sure the company is sustainability for the new four years? Do they have the funding?

    We have a large ecosystem system: Symantec, McAfee, Splunk, Check Point firewalls, Cisco firewalls and IPS IDS from Cisco. They integrate and work well together. Cisco has been security leader for the last 20 years, so the products are quite stable working in sync.

    We are using every version of the product: On-premise, Azure, and AWS, which is a new offering.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    Ryan Partington
    Systems Administrator at Universal Audio
    Real User
    We need the product to have HA pairs, so we can failover. It is relatively stable.

    Pros and Cons

    • "The integration and configuration were pretty straightforward."
    • "Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version."

    What is our primary use case?

    It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.

    I have been using the product for two years, but it has been installed in my company for four years.

    What needs improvement?

    Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It has been relatively stable, in the sense that it stays up. It doesn't die on us.

    What do I think about the scalability of the solution?

    Scalability has been a pain point for us. 

    It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.

    How is customer service and technical support?

    We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.

    How was the initial setup?

    The integration and configuration were pretty straightforward.

    What's my experience with pricing, setup cost, and licensing?

    We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.

    The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.

    With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.

    Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.

    Which other solutions did I evaluate?

    Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.

    We are now looking into Cisco Meraki, the CSR stuff, and the SD-WAN technology.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Vikram Arsid
    Cyber Security Software Engineer at FireEye
    MSP
    Performance-wise, it is top-notch. However, it is a bit tough to navigate and see what is going on.

    Pros and Cons

    • "It is a comprehensive suite and complete package."
    • "Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on."

    What is our primary use case?

    For the AWS version, Cisco is our primary use. We have our own appliances and products, which are indicated as Cisco ASA. So, we test these product against Cisco ASA using different types of rules for new cases. During the test process, we make sure the integration works. 

    We have been using the solution for two years.

    How has it helped my organization?

    Right now, it serves a purpose and has everything that we need. Performance-wise, it is top-notch.

    What is most valuable?

    It is a comprehensive suite and complete package. We have the following with the product:

    • Interest point detection
    • Firewall stuff
    • VPN
    • It's configurable.
    • It guards with its own threat intelligence. 

    We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.

    What needs improvement?

    Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on. While I like the UI and dashboards of Cisco ASA, if you compare them to Palo Alto or Fortinet, they have much richer UIs. An analyst (or anyone) can see them, and say, "I have got all these important pointers on my dashboard." However, with Cisco ASA, we need to dig into many things and go to many views to see what is actually there.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is stable. We put a good amount of stress on it.

    What do I think about the scalability of the solution?

    Especially for the AWS version, we can spin up multiple instances and do load-balancing. 

    We have 15 to 20 Cisco ASA switches with a couple of physical appliances and twelve machines. Our team is using four to five machines.

    How is customer service and technical support?

    It is all self-guided, and we were already using the physical appliances. Therefore, we knew how to use the product.

    What was our ROI?

    Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase. 

    For example, if you are working with a physical appliance, then you need to have a dedicated lab administrator to work with it, even to test a simple use case. This takes time because we would need to frequently reset that appliance and load all the data. It is no longer like that.

    What's my experience with pricing, setup cost, and licensing?

    Purchasing from the AWS Marketplace was easy. It was just point and click.

    It is pay-as-you-go, so it much cheaper than buying in the plants.

    Which other solutions did I evaluate?

    We also checked Fortinet and Palo Alto, their AWS versions. 

    When compared products, Cisco ASA is easy on AWS. We received a trial version. It is easy to setup and evaluate.

    We also already had Cisco products. This provided a tighter integration with what we already had. Since most of our traffic stays in AWS, it made sense to use AWS Cisco ASAv.

    What other advice do I have?

    Once you deploy a virtual database or virtual machine for any product, like Cisco. The first thing to do with your data is test it. So, you need to be prepared with the test that you want to test before you deploy the instances. Because after deploying instances, you wait and see what the data come back with, how to configure it, and review what doesn't work. Therefore, you need to do some background homework before starting, such as what type of data you need to put into it, how to test it, and will the system process it.

    We have used both the on-premise and AWS version. We started using AWS in the past six to seven months. Prior to that, we used the on-premise version. The AWS version is better as it is quick to spin up and configure. Also, with AWS, everything is preset, and it is more flexible.

    We have it integrated with many other products, like threat intelligence and analytics. For example, all our logs go into Splunk, then we receive our analytics from there. We also have Splunk on AWS. Thus, all the data stays on the cloud, so there is no latency, etc.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    KS
    Technical Services Manager at a comms service provider with 10,001+ employees
    Real User
    They have the integrated ITS/IPS source powered modules. This is a new screen for us, and it is also very useful.

    What is our primary use case?

    I have been using this product for over ten years. Most of the features fulfill my requirements. It protects our network.

    What is most valuable?

    The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    The stability of the product is good.

    What do I think about the scalability of the solution?

    The scalability of the solution is OK for me. It basically fulfills my requirement.

    How are customer service and technical support?

    I would rate…

    What is our primary use case?

    I have been using this product for over ten years. Most of the features fulfill my requirements. It protects our network.

    What is most valuable?

    The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    The stability of the product is good.

    What do I think about the scalability of the solution?

    The scalability of the solution is OK for me. It basically fulfills my requirement.

    How are customer service and technical support?

    I would rate the technical support a rating of seven out of ten.

    What about the implementation team?

    I always consider the stability and scalability of a product when choosing a vendor.

    What's my experience with pricing, setup cost, and licensing?

    The cost is a bit high compared to other solutions in the market.

    Which other solutions did I evaluate?

    We have looked at Juniper, Palo Alto and other brands.

    What other advice do I have?

    We like that Cisco has a lot of experience on the market trends.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user588258
    Network Administrator at a healthcare company with 501-1,000 employees
    Vendor
    It is a strong solution.

    Pros and Cons

    • "Cisco ASA is very strong."
    • "Migration with other appliances is not easy. It has to be done manually, and this takes a long time."

    What is our primary use case?

    It is primarily used as a firewall. I think that all firewalls basically work the same, but some have different configurations of the switches. Cisco ASA is very strong. 

    What needs improvement?

    I think that there should be better security of other firewall appliances. Migration is another main issue. If you migrate from the ASA to the new Fire Power Threat Defense appliance, it is not an easy migration. You have to do some of the migration manually, and if you are relacing those firewalls it will take a long time. It should be a smoother migration process. Some of the new engineers are still not familiar with it, and I think that Cisco should rehire some of the engineers coming from Sourcefire to do so.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    There is not much to say about the stability of the product. Migration is the painful aspect of the solution.

    How is customer service and technical support?

    During the mitigation process, I used tech support. But, I still have not had a completely clean migration process.

    What about the implementation team?

    I do not like to have too many vendors it becomes difficult to diagnose and deal with. If all the switches also ran the same, I would be OK. But, this does not usually happen. Often there are many configurations of switches and we end up switching on the switches.

    What's my experience with pricing, setup cost, and licensing?

    Cisco has recently become very expensive. Other solutions on the market are cheaper than this solution.

    Which other solutions did I evaluate?

    We have also evaluated Fortinet and Sophos UTM as possible solutions.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Johnsey Kivoto
    IT Manager at a manufacturing company with 51-200 employees
    Real User
    It is a very secure product. But, it has limitations.

    Pros and Cons

    • "It is a secure product."
    • "It is not easy to configure."
    • "The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting."

    What is our primary use case?

    Our primary use case is to use it as a firewall.

    What is most valuable?

    I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. 

    What needs improvement?

    It is a secure product. But, it is not very easy to configure. You need to be knowledgeable to be able to manage it. 

    In addition, due to changes in management, we found Cisco slightly behind some of the competitors in the market. Furthermore, the internet protection system seems to be lacking, in comparison to some of the competitors. This is why we are currently looking at other possible solutions.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    It is a stable solution.

    What do I think about the scalability of the solution?

    The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting.

    How is customer service and technical support?

    I have not used the technical support for Cisco ASA.

    How was the initial setup?

    It was a bit complex to setup this solution. When we used the command line, it was not easy to implement. We needed Cisco technical knowledge to be able to manage the implementation.

    What's my experience with pricing, setup cost, and licensing?

    The cost is a bit higher than other competitive solutions on the market.

    What other advice do I have?

    Yes, it's a good provider when it comes to firewall solution, but maybe limiting when you are looking at the wall UTM management. It's delayed behind some of the competitors.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    BS
    Information Security Officer at a non-tech company with 10,001+ employees
    Real User
    We find this product scalable and stable.

    What is our primary use case?

    We primarily use this product for networking. We are a Cisco shop, as far as networking goes.

    What needs improvement?

    I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    We have not encountered issues with stability of the solution.

    What do I think about the scalability of the solution?

    The scalability is fine. We have no problems with the solution. We have two of them in a…

    What is our primary use case?

    We primarily use this product for networking. We are a Cisco shop, as far as networking goes.

    What needs improvement?

    I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    We have not encountered issues with stability of the solution.

    What do I think about the scalability of the solution?

    The scalability is fine. We have no problems with the solution. We have two of them in a standby configuration.

    How is customer service and technical support?

    If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.

    What's my experience with pricing, setup cost, and licensing?

    I would consider this solution on the "high end" of the pricing spectrum.

    Which other solutions did I evaluate?

    I have considered Check Point and Juniper in the past.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    AA
    Network Operations Center Team Leader at a financial services firm with 10,001+ employees
    Real User
    It speaks well to high productive platforms and it has good capabilities.

    What is our primary use case?

    Generally, it has highly productive platforms and it has good capabilities.

    How has it helped my organization?

    It just works like an internal firewall. It's an ordinary role of this platform, nothing special.

    What is most valuable?

    At this point, we find that this product has high productivity and high availability and there is no need for improvement. 

    What needs improvement?

    If there is old hardware, or old appliances, it does not necessarily work with the new Cisco generation firewalls.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    It is a highly stable product. We rarely receive any serious outdates, so it works quite well. 

    How is customer service and technical

    What is our primary use case?

    Generally, it has highly productive platforms and it has good capabilities.

    How has it helped my organization?

    It just works like an internal firewall. It's an ordinary role of this platform, nothing special.

    What is most valuable?

    At this point, we find that this product has high productivity and high availability and there is no need for improvement. 

    What needs improvement?

    If there is old hardware, or old appliances, it does not necessarily work with the new Cisco generation firewalls.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    It is a highly stable product. We rarely receive any serious outdates, so it works quite well. 

    How is customer service and technical support?

    Yes, we use the technical support maybe twice a year. We received a very fast response time.

    How was the initial setup?

    It was very straightforward. It was not complex at all.

    What was our ROI?

    When evaluating a possible solution, I always consider:

    • Availability
    • Productivity
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    JM
    Manager at BSB Cadmin Ltd
    User
    Works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly.

    What is our primary use case?

    It was used for a remote office deployment connect back via VPN to the corporate office and services.

    How has it helped my organization?

    Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users.

    What is most valuable?

    The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.

    What needs improvement?

    More intuitive support for SIP services are needed. This took a long time to configure properly for the user.

    For how long have I used the solution?

    Less than one year.

    What is our primary use case?

    It was used for a remote office deployment connect back via VPN to the corporate office and services.

    How has it helped my organization?

    Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users.

    What is most valuable?

    The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.

    What needs improvement?

    More intuitive support for SIP services are needed. This took a long time to configure properly for the user.

    For how long have I used the solution?

    Less than one year.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    CM
    IT Manager at Citizens Bank
    Real User
    Top 5
    Streamlines lockdown and the management of that aspect of security

    Pros and Cons

      • "The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all."

      What is our primary use case?

      The primary use is that it manages all of our incoming and outgoing VOIP transmissions as well as data transmissions between our branches and our third-party bank processor. It has performed well.

      How has it helped my organization?

      The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

      What is most valuable?

      I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

      What needs improvement?

      The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all. 

      For how long have I used the solution?

      Three to five years.

      What do I think about the scalability of the solution?

      The scalability is very good. We use the 5600 models and the lower 5000s. We were able to upgrade as needed. We added a ton of VPN tunnels to them and they handled all that traffic quite well.

      How are customer service and technical support?

      Support has been very good, very professional, got right to the point. My third-party administrator got stuck on setting up some tunnels. We called ASA support and they walked him right through how to do it. That was good.

      How was the initial setup?

      The third-party did all of the setup. I told him what I wanted and he set everything up and got the tunnels for us as well.

      What's my experience with pricing, setup cost, and licensing?

      The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

      What other advice do I have?

      Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface.

      We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product.

      When selecting a vendor the most important factors are

      • Security - obviously that is number one because we are a financial institution
      • stability of the vendor
      • how the product is ranked in the market.

      In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier.

      I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      BURAK YESILDERYA
      IT System Administrator at PFW HAVACILIK
      Real User
      Creates a unified strategy for event logging and correlation

      Pros and Cons

      • "Beats sophisticated cyber attacks with a superior security appliance."
      • "The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network."

      What is our primary use case?

      IT landscape is dynamic, requiring security policy, controls, and visibility to be better than ever. 

      • 1Gbps
      • Multi-service
      • Beats sophisticated cyber attacks with a superior security appliance.
      • IT landscape is dynamic.
      • Requires security policy, controls, and visibility to be better than ever. 

      This applies to all ASA-related Management/to-the-box traffic, like SNMP, SSH, etc., with Firepower services combined with our proven network firewall along with the industry’s most effective next-generation IPS and advanced malware protection. Therefore, you can get more visibility, be more flexible, save more, and protect better.

      How has it helped my organization?

      Historic events related to security incidents. My organization must have a unified strategy for event logging and correlation.

      What is most valuable?

      The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.

      What needs improvement?

      The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network. The operational procedures in use on the network contribute as much to security as the configuration on devices.

      For how long have I used the solution?

      Still implementing.

      How are customer service and technical support?

      There is 24/7 support anytime, anywhere.

      Which solution did I use previously and why did I switch?

      Before, I did not manage my private network well (or professionally). For this reason, I have been updating products.

      What's my experience with pricing, setup cost, and licensing?

      Commercial leasing is the best option.         

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      GS
      Solutions Architect at a tech services company with 10,001+ employees
      Consultant
      Allowed us to consolidating multiple security devices into a single appliance

      Pros and Cons

      • "It allowed us to consolidating multiple security devices into a single appliance."
      • "We are looking for software taxi capabilities."

      What is our primary use case?

      • High-performance intrusion prevention
      • Malware protection
      • Multiple firewalls to control departments on a business by business level (security policies per department).
      • Allowed us to consolidating multiple security devices into a single appliance.

      How has it helped my organization?

      • Intrusion protection
      • We were able to determine when we are being attacked.
      • We determine that our inspections were causing latency.

      We needed a way to monitor threat protection and not cause latency.

      What is most valuable?

      It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.

      What needs improvement?

      We are looking for software taxi capabilities.   

      For how long have I used the solution?

      One to three years.

      Which other solutions did I evaluate?

      Going forward, we are evaluating Anomali. The founder of ArcSight founded Anomali. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PD
      IT Manager at a construction company with 11-50 employees
      Real User
      User-based firewall rules are helpful but the solution needs to be more reliable

      Pros and Cons

        • "The product crashes. We have a cluster of firewalls and we regularly get failovers."

        What is our primary use case?

        Firewall and VPN.

        How has it helped my organization?

        I can't really say how it has improved our organization, but the benefits are that we have a necessary firewall with which we can create VPNs.

        What is most valuable?

        Pro user-based firewall rules.

        What needs improvement?

        The solution that we have right now doesn't do what I want it to do. We don't have a ratified solution for all the things that I wanted to right across our business. We're doing similar functions using different technology and I want ratification. I want to be able to do more than what we are currently able to do with the existing service, all under the umbrella of improving security.

        What do I think about the stability of the solution?

        The product crashes. We have a cluster of firewalls and we regularly get failovers.

        How are customer service and technical support?

        I have used technical support once, and they were superb.

        Which solution did I use previously and why did I switch?

        When selecting a vendor, the most important criteria include:

        • Security - the ability of the technology from a security perspective.
        • The ability of the company to support the technology - knowledge of the product by the company. It may sound really silly to say that, but you'd be surprised how poor some companies' technical support is.
        • The financial stability of the company.

        How was the initial setup?

        I was involved in the initial setup. It was complex. 

        What other advice do I have?

        Do your research, know what you want to achieve.

        Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PP
        User at IDF technology
        User
        Valuable features include AnyConnect, double translations, and an independent IPS module

        What is our primary use case?

        This solution is involved in the protection of the network perimeter and the VPN gateway.

        How has it helped my organization?

        It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

        What is most valuable?

        AnyConnect Double translations Independent IPS module High performance Various methods of organizing a VPN

        What needs improvement?

        Simplify licensing Do not combine the IPS module with the main operating system. In new products, leave the CLI.

        For how long have I used the solution?

        More than five years.

        What is our primary use case?

        This solution is involved in the protection of the network perimeter and the VPN gateway.

        How has it helped my organization?

        It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.

        What is most valuable?

        • AnyConnect
        • Double translations
        • Independent IPS module
        • High performance
        • Various methods of organizing a VPN

        What needs improvement?

        • Simplify licensing
        • Do not combine the IPS module with the main operating system.
        • In new products, leave the CLI.

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        MM
        student at MC
        User
        Manual deep bracket inspection is required to use web filtering. ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security

        What is our primary use case?

        We offer publishing services. It depends on our business, but we use this solution for security.

        What is most valuable?

        ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

        What needs improvement?

        Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

        For how long have I used the solution?

        Three to five years.

        What is our primary use case?

        We offer publishing services. It depends on our business, but we use this solution for security.

        What is most valuable?

        ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

        What needs improvement?

        Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

        For how long have I used the solution?

        Three to five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Information Technologies Consultant at a tech services company
        Consultant
        Everything is based on high securities standards

        What is our primary use case?

        Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

        How has it helped my organization?

        It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

        What is most valuable?

        Reliability Robustness Security features High encryption, hashing, and integrity support Support High performance

        What needs improvement?

        Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

        For how long have I used the solution?

        Three to five years.

        What is our primary use case?

        Some branches are joint through Cisco ASA 5500-X VPNs. Executives or employees are connected via AnyConnect.

        How has it helped my organization?

        It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance).

        What is most valuable?

        • Reliability
        • Robustness
        • Security features
        • High encryption, hashing, and integrity support
        • Support
        • High performance

        What needs improvement?

        Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc.

        For how long have I used the solution?

        Three to five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        SS
        IT Manager with 51-200 employees
        User
        Once configured to suit your needs, these firewalls are rock solid appliances
        These firewalls are used in enterprise level environments, which require granular control and customization to meet security and compliance guidelines for an organization. Once configured to suit your needs, they are rock solid appliances.  These firewalls are not for beginners. 

        These firewalls are used in enterprise level environments, which require granular control and customization to meet security and compliance guidelines for an organization. Once configured to suit your needs, they are rock solid appliances. 

        These firewalls are not for beginners. 

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user806910
        Manager at SAP
        Real User
        A nice GUI, but poor performance
        Cisco ASA has an okay CLI with a nice GUI, but has poor performance.

        Cisco ASA has an okay CLI with a nice GUI, but has poor performance.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Sikander Ali
        IT Infrastructure Engineer at Atlas Group
        Real User
        Top 10
        My confidence continues to build upon using Cisco firewalls

        How has it helped my organization?

        My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others. 

        What needs improvement?

        Antivirus features must be integrated for end user security. They must be increased in the next version along with audit and restriction for the incoming user. Security must be increased when a new user connects over the LAN and an alarm must be generated.

        For how long have I used the solution?

        Three to five years.

        How has it helped my organization?

        My confidence continues to build upon using Cisco firewalls. I prefer to use Cisco firewalls to any others. 

        What needs improvement?

        Antivirus features must be integrated for end user security. They must be increased in the next version along with audit and restriction for the incoming user. Security must be increased when a new user connects over the LAN and an alarm must be generated.

        For how long have I used the solution?

        Three to five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        NM
        Supervisor of Computer Operations at Neil McFadyen
        User
        Setting up rules for HTTPS and SSH access to the management interface are straightforward

        Pros and Cons

        • "I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful."
        • "I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type."
        • "10Gb interfaces should be available on more models."
        • "It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it."
        • "It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center."

        What is our primary use case?

        We use it for our university department firewall. It replaced our 12-year-old Cisco ASA 5520, which used to protect web servers, mail servers, SVN repositories, office computers, research computers, and computer labs. It was used for blocking the internet for exams. It was not used for IPS, so we did not buy the new threat protection or malware license. We connected it to a Layer 3 switch for faster Inter-VLAN routing.

        How has it helped my organization?

        It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.  

        What is most valuable?

        • Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. 
        • I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
        • Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
        • I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
        • I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
        • I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
        • It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
        • The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
        • While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.

        What needs improvement?

        • It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center. It would be nice to have a Windows program instead of a virtual appliance for the Firepower Management Center.  The ASA and Firepower module seem redundant, not sure which one to set the rules in, but maybe that was for backward compatibility. I am not sure that is very useful.
        • It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it.
        • 10Gb interfaces should be available on more models. 

        For how long have I used the solution?

        Still implementing.

        What's my experience with pricing, setup cost, and licensing?

        ASA pricing seems high compared to other firewalls, such as the Sophos XG models. 

        The licensing features are getting more complicated. These should be simplified. 

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Sales Manager at Entiresoft Technologies Pvt Ltd
        Real User
        Top 20
        VPN load balancing has been essential for my connections to integrate via multiple time zones

        What is our primary use case?

        I am using Cisco ASA as the firewall for my business to guard the boundary of my business. It has been very helpful in my sector of media with my clients, essentially focusing on how secure their data is, especially when we are working on a few projects which involve multiple citations across Europe.  Our content, which is the main asset for our firm, is pretty elusive behind the firewall of Cisco ASA.

        How has it helped my organization?

        It has improved my client's trust. 

        What is most valuable?

        VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

        What needs improvement?

        I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info…

        What is our primary use case?

        I am using Cisco ASA as the firewall for my business to guard the boundary of my business. It has been very helpful in my sector of media with my clients, essentially focusing on how secure their data is, especially when we are working on a few projects which involve multiple citations across Europe. 

        Our content, which is the main asset for our firm, is pretty elusive behind the firewall of Cisco ASA.

        How has it helped my organization?

        It has improved my client's trust. 

        What is most valuable?

        VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

        What needs improvement?

        I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info and wasted some operational costs. I would like to advise others to please be wary from the start.

        For how long have I used the solution?

        Less than one year.

        What was our ROI?

        It was initially heavy on my pocket, but it soon actualised its worth.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user874149
        Tehcnician at Belize Telemedia Limited
        User
        ASDM has made configuring ASA easy. No need to memorize CLI commands.

        What is our primary use case?

        Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

        How has it helped my organization?

        Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

        What is most valuable?

        ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

        What needs improvement?

        UTM features would be nice or some NextGen features.  The ASA has become a bit old and needs updating.

        For how long have I used the solution?

        One to three years.

        What is our primary use case?

        Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

        How has it helped my organization?

        Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

        What is most valuable?

        ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

        What needs improvement?

        • UTM features would be nice or some NextGen features. 
        • The ASA has become a bit old and needs updating.

        For how long have I used the solution?

        One to three years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Network Administrator at Modern Woodmen of America
        Real User
        Sourcefires' visibility and control have been a great addition to the product

        Pros and Cons

        • "Sourcefire has been a great addition. The visibility and control have been nice."
        • "If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great."

        What is our primary use case?

        The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.  

        How has it helped my organization?

        Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had. 

        What is most valuable?

        Sourcefire has been a great addition. The visibility and control have been nice. 

        I also like the active/standby HA. 

        What needs improvement?

        The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great. 

        Also, AnyConnect is very difficult to manage and use. 

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        TP
        Business Development Executive at CBI
        Reseller
        Though not NextGen, it is a good firewall

        What is our primary use case?

        The gateway firewall is where we use it the most.  

        How has it helped my organization?

        The firewall and policy side are easy to use. 

        What is most valuable?

        IDS.

        What needs improvement?

        Make the IPS baked-in. It is a good firewall, though not NextGen.

        For how long have I used the solution?

        One to three years.

        What is our primary use case?

        The gateway firewall is where we use it the most.  

        How has it helped my organization?

        The firewall and policy side are easy to use. 

        What is most valuable?

        IDS.

        What needs improvement?

        Make the IPS baked-in. It is a good firewall, though not NextGen.

        For how long have I used the solution?

        One to three years.
        Disclosure: My company has a business relationship with this vendor other than being a customer: CBI is a VAR for these products.
        it_user857937
        ICT Manager with 1-10 employees
        Real User
        A stable, reliable solution used to protect the network's perimeter

        What is our primary use case?

        We use it to protect the perimeter of the network.

        How has it helped my organization?

        It is reliable, and does the job that it is supposed to be doing.

        What is most valuable?

        IPS Antivirus IP filtering

        What needs improvement?

        it is not very user-friendly for the administration.

        What do I think about the stability of the solution?

        The Cisco solution that we have now is very stable. That is why we are interested in continuing with the Cisco solution and upgrading to the next generation.

        What do I think about the scalability of the solution?

        It can be used by multiple users.

        How are customer service and technical support?

        We use the technical support of Cisco through a partner, so I do not have direct access to the Cisco IT technical…

        What is our primary use case?

        We use it to protect the perimeter of the network.

        How has it helped my organization?

        It is reliable, and does the job that it is supposed to be doing.

        What is most valuable?

        • IPS
        • Antivirus
        • IP filtering

        What needs improvement?

        it is not very user-friendly for the administration.

        What do I think about the stability of the solution?

        The Cisco solution that we have now is very stable. That is why we are interested in continuing with the Cisco solution and upgrading to the next generation.

        What do I think about the scalability of the solution?

        It can be used by multiple users.

        How are customer service and technical support?

        We use the technical support of Cisco through a partner, so I do not have direct access to the Cisco IT technical support.

        Which solution did I use previously and why did I switch?

        We just shortlisted Cisco and Fortinet.

        What about the implementation team?

        We needed a Cisco technician to do the initial setup. We had to outsource the implementation.

        What other advice do I have?

        We need to upgrade our security requirements due to the new security requirement applicable in Europe (from GDPR) and the cyber security guidelines for our vessel (we are a US shipping company). 

        Most important criteria when selecting a vendor: familiarity, reliability, and price.

        Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        LG
        Information Technology at Giumarra
        User
        ​It is worth every penny that we have invested in it

        What is our primary use case?

        I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

        How has it helped my organization?

        It is much better than most of the other firewalls that I have worked with.

        What needs improvement?

        It needs more tunneling capabilities. 

        For how long have I used the solution?

        More than five years.

        What was our ROI?

        It is worth every penny that we have invested in it.

        What is our primary use case?

        I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

        How has it helped my organization?

        It is much better than most of the other firewalls that I have worked with.

        What needs improvement?

        It needs more tunneling capabilities. 

        For how long have I used the solution?

        More than five years.

        What was our ROI?

        It is worth every penny that we have invested in it.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user862920
        ‎Enterprise Manager at One Advanced
        User
        Provides perimeter and internal firewall services, but needs an MSSP oriented interface

        What is our primary use case?

        VPN services IDS/IPS services using Firepower Provides perimeter and internal firewall services.

        How has it helped my organization?

        We provide managed services based on the Cisco ASA product. The brand is reassuring to customers when procuring our services.

        What is most valuable?

        VPN Firewall IDS/IPS These features allow us to deliver services to meet client needs across various industry verticals.

        What needs improvement?

        MSSP oriented interface: I would like a single console which would allow me to manage settings creating consistency across all customers.

        For how long have I used the solution?

        Less than one year.

        What is our primary use case?

        • VPN services
        • IDS/IPS services using Firepower
        • Provides perimeter and internal firewall services.

        How has it helped my organization?

        We provide managed services based on the Cisco ASA product. The brand is reassuring to customers when procuring our services.

        What is most valuable?

        • VPN
        • Firewall
        • IDS/IPS

        These features allow us to deliver services to meet client needs across various industry verticals.

        What needs improvement?

        MSSP oriented interface: I would like a single console which would allow me to manage settings creating consistency across all customers.

        For how long have I used the solution?

        Less than one year.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user850275
        Pre-sales engineer with 51-200 employees
        Reseller
        Provides visibility as well as management and administration capabilities

        What is our primary use case?

        We use it as a perimiter firewall and do VPNs and filtering.

        How has it helped my organization?

        As a reseller, because Cisco includes different companies like Sourcefire, Meraki, and Talos, I think Cisco has a good portfolio for the security business, with their own devices too. For example, we have our firewall, we have a Web security appliance, things like OpenDNS with Umbrella. I think Cisco can cover with all the platforms.

        What is most valuable?

        All the visibility the device gives us as well as management and administration facilities.

        What needs improvement?

        It needs better documentation for when we present solutions to non-technical people. They need to bring together all the information, across the various firewalls, so that we can more clearly explain them.

        Also, pricing could be better.

        What do I think about the stability of the solution?

        It's very stable. 

        What do I think about the scalability of the solution?

        When we implement a firewall we need to be aware of whether it is growing over a short time period or a long time period. I think the scalability, from our implementation, is good because you can use the same configuration for another platform. If you implement on a small platform, it It is easy to implement the same configuration to another, bigger device.

        How are customer service and technical support?

        I think tech support is a large part of Cisco. It's good, it provides support around the clock, answers problems. I would rate it nine out of 10.

        Which solution did I use previously and why did I switch?

        SonicWall.

        How was the initial setup?

        For some things it is very easy, but configuring other things is a little complex. It depends on the use case.

        What's my experience with pricing, setup cost, and licensing?

        Cisco may be a little expensive but it has everything, and they support very well.

        Which other solutions did I evaluate?

        Juniper, Fortinet.

        What other advice do I have?

        I think Cisco has all the solutions: switching, routing, security, they have wireless. You can cover all the devices with Cisco. They have all the network and engineered tools to help resolve the issues that we have. They are really very good devices.

        In terms of advice, I would say Cisco is the best company. They're very stable, there aren't too many issues. And when there is an issue they have many engineers who can solve the problem.

        Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
        reviewer847167
        Network and Securirty Engineer at a tech vendor with 501-1,000 employees
        User
        Filtering is the best feature

        Pros and Cons

        • "Filtering is the best feature."
        • "The IPS and GUI are outdated."
        • "It is slowly not supported and other vendors are a few years ahead of Cisco in development."

        What is our primary use case?

        We use it for security of branch offices and data centers. 

        How has it helped my organization?

        It works like a firewall for security reasons. 

        What is most valuable?

        Filtering is the best feature, as I have gotten used to using it.                               .

        What needs improvement?

        The IPS and GUI are outdated. It is finally getting IPS inside, which will be a big improvement. The GUI is outdated, and they are slowly improving it. We will see if they go in the correct direction. Unfortunately, they usually just follow other vendors.

        It is slowly not supported and other vendors are a few years ahead of Cisco in development.  

        For how long have I used the solution?

        More than five years.

        What other advice do I have?

        Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user821520
        Information Systems Manager at a manufacturing company with 201-500 employees
        Real User
        Its most valuable feature is its ability to work with the traffic

        What is our primary use case?

        Business use. It has performed well.

        What is most valuable?

        Its ability to work with the traffic.

        What needs improvement?

        I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface.

        What do I think about the stability of the solution?

        Stability has been fine.

        What do I think about the scalability of the solution?

        It is good.

        How are customer service and technical support?

        I have not used technical support.

        Which solution did I use previously and why did I switch?

        We have always been with Cisco.

        How was the initial setup?

        Initial setup was fairly complex. Just having to know the command prompt rather than having a better user interface. …

        What is our primary use case?

        Business use. It has performed well.

        What is most valuable?

        Its ability to work with the traffic.

        What needs improvement?

        I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface.

        What do I think about the stability of the solution?

        Stability has been fine.

        What do I think about the scalability of the solution?

        It is good.

        How are customer service and technical support?

        I have not used technical support.

        Which solution did I use previously and why did I switch?

        We have always been with Cisco.

        How was the initial setup?

        Initial setup was fairly complex. Just having to know the command prompt rather than having a better user interface.

        What's my experience with pricing, setup cost, and licensing?

        We looking for a possible new solution because of the licensing and VPN.

        Which other solutions did I evaluate?

        We evaluated Cisco and Meraki.

        What other advice do I have?

        Look through what your needs are.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Network Consulting Engineer at a energy/utilities company with 10,001+ employees
        Real User
        It is very stable. Setting it up is not as intuitive as other more modern NGFWs.

        What is our primary use case?

        Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

        How has it helped my organization?

        Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this. Do not do cluster to add more bandwidth.

        What is most valuable?

        Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

        What needs improvement?

        The needed features are already being done on Firepower, but this software is still in flux. 

        For how long have I used the solution?

        Three to five years.

        What do I think about the stability of the solution?

        It is…

        What is our primary use case?

        Solid datacenter firewall, but the ASA software is old with no application recognition. If only a Layer 4 FW is needed, this is a good solution.

        How has it helped my organization?

        Do not use it in cluster mode. It is not worth it. These firewalls can do 10G, so just design the rest of the network around this.

        Do not do cluster to add more bandwidth.

        What is most valuable?

        Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols.

        What needs improvement?

        The needed features are already being done on Firepower, but this software is still in flux. 

        For how long have I used the solution?

        Three to five years.

        What do I think about the stability of the solution?

        It is very stable.

        How was the initial setup?

        Setting it up is not as intuitive as other more modern NGFWs.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user824748
        User at a comms service provider with 1,001-5,000 employees
        User
        Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%

        What is our primary use case?

        Service Provider Operations manipulating thousands of firewall rules deploying Network Access Translations (NAT) for various multiservice networks.

        How has it helped my organization?

        Easy and fast to deploy. User-friendly GUI REST API offering with rich capabilities which makes the product very robust.

        What is most valuable?

        Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.

        What needs improvement?

        ASDM needs to be able to customize applets.

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        REST API stability needs improvement in…

        What is our primary use case?

        Service Provider Operations manipulating thousands of firewall rules deploying Network Access Translations (NAT) for various multiservice networks.

        How has it helped my organization?

        • Easy and fast to deploy.
        • User-friendly GUI
        • REST API offering with rich capabilities which makes the product very robust.

        What is most valuable?

        Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.

        What needs improvement?

        ASDM needs to be able to customize applets.

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        REST API stability needs improvement in order for customizing resource allocation available to the user rather than just being there transparently. This way users can customize REST API and tailor it to their needs.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user814596
        Senior Network Manager with 51-200 employees
        Vendor
        Easy to deploy in a working environment between servers and users

        What is our primary use case?

        Datacenter and edge firewalls Used in central and remote sites. Used in datacenter production sites.

        How has it helped my organization?

        Deployed between users and servers transparently. Easy to deploy in a working environment between servers and users. Improved security and visibility.

        What is most valuable?

        Failover Transparent firewall Multi-context Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.

        What needs improvement?

        HTTPs inspection and higher throughput/spec would be good. Now, it has been replace by Firepower, which is a lot faster. 

        For how long have I used the solution?

        More than five years.

        What is our primary use case?

        • Datacenter and edge firewalls
        • Used in central and remote sites.
        • Used in datacenter production sites.

        How has it helped my organization?

        • Deployed between users and servers transparently.
        • Easy to deploy in a working environment between servers and users.
        • Improved security and visibility.

        What is most valuable?

        • Failover
        • Transparent firewall
        • Multi-context
        • Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic.

        What needs improvement?

        HTTPs inspection and higher throughput/spec would be good. Now, it has been replace by Firepower, which is a lot faster. 

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Security Governance at a comms service provider with 1,001-5,000 employees
        Real User
        It brought our network down several times due to a memory leakage bug. Protects 3G/4G Internet customers and the Private APN.

        Pros and Cons

        • "We have been using a 5520 for seven years in our datacenter and we are satisfied by this version."
        • "The solution is used for the protection of the mobile data network. It is protecting 3G/4G Internet customers and the Private APN."
        • "The throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput."
        • "A memory leakage issue which literally freeze the nodes (we have an HA environment). The issue is still not solved and the only recommendation from Cisco is to reboot the node."

        What is our primary use case?

        ASA5585-SSP-60 was deployed after a migration from Juniper SRX5600. The solution is used for the protection of the mobile data network. It is protecting 3G/4G Internet customers and the Private APN.

        How has it helped my organization?

        So far, we are not satisfied by the move. The precedent solution is much more adapted to the Telco environment, although Cisco recommended this platform. Cisco ASA also brought our network down several times due to a memory leakage bug, which is still not resolved.

        What is most valuable?

        All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers

        What needs improvement?

        • VPN creation with Cisco is quite difficult: Some DH groups are not supported (compared to Juniper).
        • Expected to see the enablement of virtual routing, which is key in a Telco environment. We need to provide this in LAN to LAN services with shared platforms (DNS, proxies, etc.).
        • Application visibility 

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        Yes, a memory leakage issue which literally freeze the nodes (we have an HA environment). The issue is still not solved and the only recommendation from Cisco is to reboot the node.

        What do I think about the scalability of the solution?

        Yes, the throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput.

        How are customer service and technical support?

        Experience with technical support was mitigated. 

        Technically, they denied any issues on the node and call the memory leak issue, "A cosmetic issue." They were stating that memory disappearance reported by SNMP was an error and will have no impact on the traffic. They have reviewed this since we have recorded several blackouts during the year.

        Which solution did I use previously and why did I switch?

        We were using Juniper SRX5600. The switch was more a strategic decision than a technical one.

        We are also using a 5520 for seven years in our datacenter and we are satisfied by this version.

        How was the initial setup?

        The initial setup was very complex. Migration from Juniper (with wide usage of VR) to Cisco is complex and you should make sure to master all the flows on the node. Also, Juniper is more permissive on asymmetric traffic, which Cisco will deny by default. 

        What about the implementation team?

        Implementation was performed by a Cisco recommended local partner. 

        We were not satisfied at all (from the pre to post implementation). Their level of expertise was zero.

        What was our ROI?

        I do not know.

        What's my experience with pricing, setup cost, and licensing?

        Nothing to highlight at this level. 

        Which other solutions did I evaluate?

        We did an evaluation with Check Point.

        What other advice do I have?

        It is definitely not for Telco.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user698436
        ESS Security with 201-500 employees
        MSP
        Allows us to implement active/backup HA with ASAv (Adaptive Security Virtual Appliance)

        Pros and Cons

        • "In v9.8 you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure."
        • "The relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA."

        What is most valuable?

        Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.

        What needs improvement?

        There is always room for improvement in virtually anything. However, the relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA. Moreover, with FMC (Firepower Management Console) you can complement it with even more admin and reporting capabilities for the entire platform.

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        No stability issues.

        What do I think about the scalability of the solution?

        No scalability issues.

        How is customer service and technical support?

        Excellent.

        How was the initial setup?

        New version comes with initial setup tutorial, with very nice security policies baseline, set up by default.

        What's my experience with pricing, setup cost, and licensing?

        Be sure of what features you are going to utilize to add/remove some from new bundles.

        What other advice do I have?

        Best value will always be delivered by adding FMC (Firepower Management Console); at least their virtual edition.

        Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor.
        it_user413292
        Regional Manager - Pre Sales at a tech services company with 51-200 employees
        Consultant
        Helps us to identify key, persistent threats so we can set policies accordingly

        How has it helped my organization?

        It helps us to identify key, persistent threats so we can set policies accordingly.

        What is most valuable?

        In-depth monitoring and analysis. It helps us to make better decisions and policies.

        What needs improvement?

        Integration aspects Traffic shaping

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        Initially there were some stability issues, but in the long-run no.

        What do I think about the scalability of the solution?

        It requires additional licensing to enable 10G ports.

        How is customer service and technical support?

        Technical support is very good.

        How was the initial setup?

        It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes…

        How has it helped my organization?

        It helps us to identify key, persistent threats so we can set policies accordingly.

        What is most valuable?

        In-depth monitoring and analysis. It helps us to make better decisions and policies.

        What needs improvement?

        • Integration aspects
        • Traffic shaping

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        Initially there were some stability issues, but in the long-run no.

        What do I think about the scalability of the solution?

        It requires additional licensing to enable 10G ports.

        How is customer service and technical support?

        Technical support is very good.

        How was the initial setup?

        It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes requires extensive troubleshooting, even for smaller issues.

        Which other solutions did I evaluate?

        We evaluated Huawei, briefly.

        What other advice do I have?

        It is a good datacenter firewall, as they have now overcome integration issues with latest versions.

        Disclosure: My company has a business relationship with this vendor other than being a customer: Cisco Premier Partner.
        it_user793611
        Account Manager
        Real User
        Blocks malicious URLs, but bandwidth allocation and detection of new bugs need work

        Pros and Cons

        • "Malicious URLs are being blocked."
        • "Bandwidth allocation needs improvement."
        • "Critical bugs need to be addressed before releasing the version."
        • "Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues."

        How has it helped my organization?

        Malicious URLs are being blocked.

        What is most valuable?

        Advanced malware protection, it blocks malicious attacks.

        What needs improvement?

        • Bandwidth allocation.
        • SSL decryption (avoid installing the intermediate device certificate in the client) should happen from Firepower itself.
        • Critical bugs need to be addressed before releasing the version.
        • Need to reduce the time to for detection of new threats.
        • Enable a feature for importing/exporting logs when required for analysis.
        • Dynamic IP address in client systems mapping with respect to OS change or device change should be updated periodically in FireSIGHT management.
        • Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues.

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        Yes, there were stability issues due to memory issues in the cluster environment and Firepower misbehaved due to non-responding of service/process.

        What do I think about the scalability of the solution?

        No scalability issues.

        How are customer service and technical support?

        Good support.

        Which solution did I use previously and why did I switch?

        We switched from our previous solution because of scalability issues.

        How was the initial setup?

        It was straightforward, even though we migrated from a third-party to Cisco.

        What's my experience with pricing, setup cost, and licensing?

        Price should be judged based on the above answers, among the most capable vendors.

        Which other solutions did I evaluate?

        FortiGate.

        What other advice do I have?

        We are using ASA5585-X with Firepower SSP-20 (ASA version 9.6(1)3, Firepower version 6.1.0.5).

        When looking at different solutions, take a deep look at the features.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Solutions Architect at a tech services company with 51-200 employees
        Consultant
        A multitude of valuable features but a little pricey

        Pros and Cons

        • "Signature-based detection; user-defined signatures with regular expressions; integrated URL and content filtering; custom URL categories filtering."

          How has it helped my organization?

          Secured our network from outside and inside intruders.

          What is most valuable?

          • Network attack detection
          • DoS and DDoS attack prevention
          • Signature-based detection
          • User-defined signatures with regular expressions
          • Integrated URL and content filtering
          • Custom URL categories filtering
          • Integarted antrivirus
          • Protocols scanning

          What needs improvement?

          License capacity needs to be extended and the vendor needs to work on the pricing.

          For how long have I used the solution?

          Three to five years.

          What do I think about the stability of the solution?

          No stability issues.

          What do I think about the scalability of the solution?

          No scalability issues.

          How are customer service and technical support?

          10 out of 10.

          Which solution did I use previously and why did I switch?

          No, Cisco was part of our solution from the start.

          How was the initial setup?

          Straightforward.

          What's my experience with pricing, setup cost, and licensing?

          Value for your money, but bit a costly.

          What other advice do I have?

          Good product, give it a chance.

          Disclosure: My company has a business relationship with this vendor other than being a customer: Solution Partner.
          it_user346116
          I.T Security Consultant
          Vendor
          Once set up properly, it can run for a whole year without any major issues

          Pros and Cons

          • "The most stable firewall I’ve ever worked with. Once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration."
          • "The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses."

          What is most valuable?

          This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.

          What needs improvement?

          The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses.

          For how long have I used the solution?

          Three to five years.

          What do I think about the stability of the solution?

          No stability issues at all, the most stable firewall I’ve ever worked with.

          What do I think about the scalability of the solution?

          No scalability issues.

          How are customer service and technical support?

          Quite good.

          Which solution did I use previously and why did I switch?

          We’ve always used ASA from the get go. We added the UTM is to compliment it.

          How was the initial setup?

          Straightforward.

          What's my experience with pricing, setup cost, and licensing?

          Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM).

          Which other solutions did I evaluate?

          Juniper, Check Point, Astaro

          What other advice do I have?

          Go for it. I really like how, once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          ITCS user
          Technical Administrator at a tech services company
          Real User
          Since deployment, we have not encountered the attacks we had before

          Pros and Cons

          • "Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security."

            What is our primary use case?

            We have been using this model for three years, to place a firewall between ISPs and our corporate network. As of now, we have configured some SSL VPNs on our end for our convenience.

            How has it helped my organization?

            Three years ago we encountered malicious attacks from the internet, most of which were Chinese attackers, so we deployed Cisco ASA to strengthen our network. Since the deployment, we haven't seen the risk we encountered before.

            What is most valuable?

            Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security.

            What needs improvement?

            There are more powerful firewalls, other than the Cisco NGFW, like Fortinet, Palo Alto and so on. I can't say Cisco is the leading firewall brand as of now, as the technology innovates. 

            What do I think about the stability of the solution?

            No stability issues yet.

            What do I think about the scalability of the solution?

            No scalability issues yet.

            How is customer service and technical support?

            Awesome.

            What other advice do I have?

            I rate it an eight out of 10. 

            I am only handling or supporting the ASA 5520 model in our company.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Security Engineer at a tech services company with 201-500 employees
            Real User
            Syslog generation and forwarding are good but it lacks many UTM features

            Pros and Cons

            • "One thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog."
            • "It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line."
            • "It should have packets, deep level inspections and controls, like the features which other IPS solutions used to have."
            • "Other firewalls, upgrading is a very easy task; from the graphical user interface, you just need to import the firmware versions into it and install it. In this firewall, you need to have a third-party solution in both. It's a process. It's a procedure, a hard procedure, actually, so there is no straightforward procedure for upgrading."

            What is most valuable?

            If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. 

            The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the only feature, I feel, that is good. I have worked with other firewall products, so I know it very well. The logs are pretty good. Then it forwards. When it forwards the logs to a third-party syslog server, it then writes the Syslog very well. That is the only feature I like about it.

            What needs improvement?

            It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line.

            Its a sort of legacy product nowadays. The firewalls which are the next generation have loads of features added to them, and they are all in one box.

            It should have packets, deep level inspections and controls, like the features which other IPS solutions have. It just doesn't have any. It's just a box which does firewalling. 

            Threat management features also should be added into it. 

            So, the first thing is that the GUI has to be improved. The second thing is that the UTM features have to be added to it in a much broader way; not by relating to other third-party solutions which is how it is done right now. It should have built-in UTM features like other firewalls have now. Plus it should have the ability to analyze any packets which have malicious behaviors. Currently it doesn't have anything like that. It's just a layer-3 firewall.

            Regarding the GUI, it's a very childish sort of attempt. It hasn't been improved since I started working with it. Yes, it shows the logs as they are but it doesn't have any option to do proper reporting.

            For how long have I used the solution?

            Three to five years.

            What do I think about the stability of the solution?

            Stability is really good, actually.

            What do I think about the scalability of the solution?

            Scalability is not that good, I think. Other firewalls, upgrading is a very easy task; from the graphical user interface, you just need to import the firmware versions into it and install it. In this firewall, you need to have a third-party solution in both. It's a process. It's a procedure, a hard procedure, actually, so there is no straightforward procedure for upgrading.

            How are customer service and technical support?

            I have never called the tech support, apart from a hardware issue, but that is done through the vendor, a third-party support team.

            Which solution did I use previously and why did I switch?

            I was actually using ASA and I switched to another one.

            How was the initial setup?

            I actually have lots of experience working on multiple firewalls and technical solutions, so for me I don't have any problem doing things by the command line. But for others, for a person who has two years of experience or one year of experience in general, they will definitely face issues working in the command line. You have to remember all of the commands, to search for the commands. If you're in a graphical user interface, you can go search somewhere and find some options. So I would say in that way it is complex.

            What other advice do I have?

            If I were to advise others who are looking into implementing this product I would say I don't think they will like it. They would be able to meet business requirements better with other products, other vendors' firewalls. That's what I think, that's what I know from my own experience, from dealing with customers.

            If those features, which I mentioned above in the first few questions, if they can add those features into the firewall as a standalone box, it can definitely become a player on the stage. They already have a good platform, even if it's a legacy product, it has that bit of maturity. So if, on top of that very good platform, they can add those features - security, threat intelligence features - they can get back into the market.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user789333
            President and CTO with 51-200 employees
            User
            Very good as a stateful inspection firewall, but weak in all other areas

            Pros and Cons

            • "Strong in NAT and access-lists."
            • "Very good as a stateful inspection firewall."
            • "VPNs are weak as this product still does not support route-based VPNs."

            What is our primary use case?

            Firewall only - no advanced services. 

            How has it helped my organization?

            In the early days, before UTM and NGFW, this product was awesome. Cisco tried to add Firepower, but it requires a different management interface and is still too expensive.

            What is most valuable?

            • Strong in NAT and access-lists 
            • Very good as a stateful inspection firewall, but weak in all other areas. 

            What needs improvement?

            • Integrated threat management
            • Route-based VPNs: VPNs are weak as this product still does not support route-based VPNs. 
            • Single management interface
            • Better throughput for price point 

            For how long have I used the solution?

            More than five years.

            What's my experience with pricing, setup cost, and licensing?

            Price point is too high for features and throughput available.

            What other advice do I have?

            Overall, this is a legacy product. 

            Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
            davidstrom
            Owner at David Strom Inc.
            Writer
            ExpertTop 20
            Using Cisco ASA CX Firewall To Protect Your Network
            Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.

            Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Senior Consultant at Unify Square
            Real User
            An excellent firewall, and one of the best available choices for big size companies. As usual excellence requires money.

            Pros and Cons

            • "ASA is stable and with a low level of work required on the maintenance side."
            • "You have to know the ASA command line very well because not all operations are available in the graphical interface"

            What is our primary use case?

            Cisco ASA is born as an hardware firewall. The user case is security check on company's external connections (Internet and VPN access).

            Most recent versions include antivirus and intrusion prevention to add security layers (including the above scenarios and the internal network) 

            How has it helped my organization?

            Cisco ASA have been the main security device for many years, slowly replaced with Check Point on the main datacentre.

            What is most valuable?

            ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web sites filtering and so on.The routing part is high level as usual with Cisco products.  

            What needs improvement?

            You have to know the ASA command line very well because not all operations are available in the graphical interface (or let's say that sometimes it is better to operate with the ASA CLI).If you are searching for an "all in one product" it is not for you

            What do I think about the stability of the solution?

            No, stability is a really strong point with ASA.

            What do I think about the scalability of the solution?

            No, an assessment about the workload is important to select the right device.

            How are customer service and technical support?

            Over many year, the only kind of support we needed directly from Cisco was (really seldom) for parts replacement

            Which solution did I use previously and why did I switch?

            The previous solution was based on software firewalls that where not able to perform as the Cisco ASA

            How was the initial setup?

            Setup of a firewall, on a medium / large deployment is always a complex work.

            Cisco ASA (more than other vendors' solutions) require a lot of know-how and real world expertise to be configured properly.

            What about the implementation team?

            More than one external team (Cisco partners) has been involved over time.

            All of them were outstanding in their work.

            What was our ROI?

            Positive. The devices serves thousands of users for many years, outliving other vendors solutions.

            What's my experience with pricing, setup cost, and licensing?

            Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution. 

            Which other solutions did I evaluate?

            When the choice was made, some comparison was made with other market leaders but integration with the existing Cisco network was a really important positive side in the final decision.

            What other advice do I have?

            ASA is one of the the state-of-the-art firewall devices for security.
            It is affordable and not too complicated to use if you are doing standard operations (modifying ACLs, natting and so on) on an existing deployment.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            davidstrom
            Owner at David Strom Inc.
            Writer
            ExpertTop 20
            Cisco has done a superior job at its next generation of firewall technology.

            What is most valuable?

            The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.

            How has it helped my organization?

            Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.

            What needs improvement?

            Prime manager is just for the CX line for now. CX features also add about a 30% overhead on throughput.

            What is most valuable?

            The user interface of the Prime Security Manager is, well, prime and one of the best pieces of software I have seen from them, and the features are on par if not better than what their competitors offer.

            How has it helped my organization?

            Cisco has done a nice job of integrating global IP reputation management into the firewall with its Security Intelligence and Operations module for insights and malware collection.

            What needs improvement?

            Prime manager is just for the CX line for now. CX features also add about a 30% overhead on throughput.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user682167
            Network and System Engineer at a non-tech company with 201-500 employees
            Vendor
            IPS features can be accessed from a separate interface

            What is most valuable?

            I enjoy the interface of Cisco products, especially the CLI version. I think the IPS feature in the product is best compared to products of other vendors. All the IPS features can be accessed from a separate interface, e.g., Cisco IDM.

            How has it helped my organization?

            We are an educational institute, and we are required to block many websites that are not suitable for students and teachers. Most of the sites, like YouTube uses an https version, thus blocking with IP address was becoming problematic. Moreover, certificate domains for Gmail and YouTube are the same. But the IPS feature in this product helps us to overcome this limitation.

            What needs improvement?

            Pricing of this product needs improvement.

            For how long have I used the solution?

            I have used this solution for two years.

            What do I think about the stability of the solution?

            I did not encounter any issues with stability.

            What do I think about the scalability of the solution?

            I did not encounter any issues with scalability.

            How are customer service and technical support?

            I would give technical support a rating of a nine out of 10.

            Which solution did I use previously and why did I switch?

            I worked with Cyberoam and Fortinet UTM at my previous job. When I joined my present company, they were already using the Cisco ASA solution. But my present company may switch to other vendors, especially Fortinet, because of the license renewal price.

            How was the initial setup?

            As I enjoy working on CLI, I would say that the initial setup was not complex.

            What's my experience with pricing, setup cost, and licensing?

            License and appliance costs are more expensive as compared to other vendors on the market.

            What other advice do I have?

            If your company is small or mid-range, it is better to go with other vendors, because of the pricing.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Frank Theilen
            IT Adviser/Manager with 51-200 employees
            Real User
            Top 10
            The Cisco ASDM management tool was helpful. I would like to see good reporting options.

            Pros and Cons

            • "The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes."
            • "Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options."

            How has it helped my organization?

            The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes.

            If you ask how a firewall can improve our business: It can’t. It is securing our business IT network.

            But if you want to know what the ASA5520 can do to secure our network:
            Not much more than any firewall. It is a solid port firewall, nothing more, nothing less.

            What is most valuable?

            The Cisco ASDM management tool was helpful.

            What needs improvement?

            Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options.

            For example, to update or add a feature, you end up buying new support and licenses. The process is complex and changes so rapidly that you won't find a salesperson who will offer you the right products.

            New generation firewalls are cloud managed or provide a good interface. They integrate into the environment. They are application aware and come with security features that are especially designed for the purpose.

            What do I think about the stability of the solution?

            There were no stability issues.

            What do I think about the scalability of the solution?

            You need to buy a new product if you want to scale. I once tried to put in another network card and ended up in a support nightmare. I had to buy more support, licenses, and it was more expensive than buying a new one.

            How are customer service and technical support?

            Customer Service:

            Customer service is non-existent. You need to go through a very complex and annoying approval system before you can get any help. The support then gets asked a question and you get one word answers. It takes you hours to find out what version of an update you need to install, and then another day to find out how to install it.

            Technical Support:

            I would give technical support a rating of zero out of 10. It is clear that Cisco is not for the end-customer, but rather for resellers and providers. They might have better contracts and get more technical support.

            Which solution did I use previously and why did I switch?

            I usually have to take what is there. If I had a choice, I would now take something newer.

            How was the initial setup?

            You can start very easy and set up the network cards, but it also has many traps to find out the right setting for your environment.

            For example, you need fixed network settings on your switch to connect with full duplex 100Mb/s. There is no autonegotiation nor other settings. This is the same problem with the WAN connection. You need to know exactly what to configure to match the WAN, or it will not work.

            What about the implementation team?

            I once had support from a reseller and once from a provider. Both depended on the level of the person you speak with. Most have some knowledge.

            What was our ROI?

            Once installed, they last a long time. I would recommend replacing them after some years to get better security features.

            What's my experience with pricing, setup cost, and licensing?

            If you look for user internet access, many new products can help with filtering and rules or procedures, like Meraki. This replaces the purpose of proxy servers.

            If you have to secure web servers from the internet, you need a decent firewall with web features to process the requests and redirect traffic to web servers.

            Cisco is no longer the only vendor offering these features. With Microsoft TMG out of the race, others have to push in. But firewalls are also no longer the first frontier of security. Cloud services are in there as well.

            Which other solutions did I evaluate?

            I had no choice.

            What other advice do I have?

            Get someone to help you plan and set up the firewall concept, as well as the initial setup and testing. Waiting for later is not the time to test or change anything without an outage.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Presales Consultant at a tech services company with 51-200 employees
            Consultant
            One of the most valuable features is the correlation of events -- including the path that a file is taking in the network and its integration with the endpoint protection.

            What is most valuable?

            Classic ASA features such as NAT, Stateful Firewall, and VPN are basic functions for average organizations, but next generation features such as the granular control of port hopping applications, IPs, and malware protection are mandatory, considering current advanced security threats.

            One of the most valuable features is the correlation of events, including the path that a file takes in the network and its integration with the endpoint protection. This gives you the chance to take some actions in the case a breach happens.

            How has it helped my organization?

            Visibility in the network traffic.

            What needs improvement?

            Management console – Firesight Management Center.

            When deploying Cisco FMC versions 6.0 and 6.1, some issues may appear when trying to register ASA sensors. The problem needs Cisco TAC involvement, adding more effort and time. I guess this will be fixed in version 6.2.

            For how long have I used the solution?

            I've used this solution for three to five years.

            What do I think about the stability of the solution?

            Some releases of the unified image (FTD – Firepower Threat Defense – Cisco ASA + Sourcefire IPS) are not very stable, but things are getting improved.

            What do I think about the scalability of the solution?

            Some clustering functions are not available in the unified image.

            How are customer service and technical support?

            Excellent.

            Which solution did I use previously and why did I switch?

            Old ASA 5500. Natural upgrade to next generation functions.

            How was the initial setup?

            Initial setup is pretty straightforward.

            What's my experience with pricing, setup cost, and licensing?

            The licensing model has been simplified and is easy to understand. The price is higher compared to UTM solutions, such as Fortinet, but in the same range as Checkpoint and Palo Alto.

            Which other solutions did I evaluate?

            We also work with Palo Alto Networks, Fortinet, FireEye, and some other vendors.

            What other advice do I have?

            Take a look at the features included in the unified image. Some classic ASA functionality has not been integrated yet, go for non-unified image if the deployment requires something that is not available – classic ASA iOS plus Sourcefire code.

            Disclosure: My company has a business relationship with this vendor other than being a customer:
            Sergei Chernooki
            IT SecOps Manager at a computer software company with 1,001-5,000 employees
            Vendor
            The best features are NAT, transport-layer inspections, and VPN

            What is most valuable?

            Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.

            How has it helped my organization?

            With ASAs, we can keep operational expenses as low as possible. Disaster risks should be observed as usual, but this is definitely not the weak point.

            What needs improvement?

            I would like to see new SW versions being more stable and HW performance increase. However, the new 2000 series has high performance, but it is not shipped widely so far.

            For how long have I used the solution?

            I started using Cisco firewalls when old PIX models were produced. I then observed all model changes. This makes about 10 years of continuous experience.

            What do I think about the stability of the solution?

            There are no real stability issues, if upgrades are done carefully.

            What do I think about the scalability of the solution?

            I believe scalability issues are caused by poor design.

            How are customer service and technical support?

            Cisco technical support makes a good impression most of the time.

            Which solution did I use previously and why did I switch?

            Some of my customers switched from ZyXel to Cisco and this is an obvious decision for me. It will be much harder to imagine a customer replacing Check Point or Fortinet with Cisco.

            How was the initial setup?

            The initial setup should not be left to the customer. The best way to do this is to make a basic setup and integration along with cabling and power-up, then verifying requirements and adjusting the configuration.

            What's my experience with pricing, setup cost, and licensing?

            Basic features and IPs can work without subscriptions. All next-generation features require per-year payments. Enterprise customers usually agree with price and license fees, so I don't see any painful issues with pricing and licensing.

            Which other solutions did I evaluate?

            I compared Cisco with Fortinet, Checkpoint, and DIY solutions.

            What other advice do I have?

            All you need to succeed is careful design, professional setup, and a support contract.

            Disclosure: My company has a business relationship with this vendor other than being a customer: We have been Cisco channel partners for over 15 years.
            ramesh1923
            Technical Specialist with 5,001-10,000 employees
            Real User
            The throughput and reliability of the product improve the network stability of our organization.

            What is most valuable?

            VPN (site to site VPN and remote access ), NAT policies, modular policy framework, detailed troubleshooting methods.

            How has it helped my organization?

            The throughput and reliability of the product improve the network stability of our organization.

            What needs improvement?

            Area : URL filtering and content filtering.

            When Cisco ASA is presented as an enterprise firewall, that should be capable doing IPS/IDS, firewalling, VPN concentrator, application filtering, URL filtering and content filtering.

            Of course, the last three technologies can do by a proxy. But nowadays, all next generation firewalls like Fortinet, Check Point, and Palo Alto are each bundling the UTM features into a single box with multiple separate content processors (hardware) to do these jobs.

            This would enable single pane glass for management. No need to look at different devices for change management and troubleshooting.

            I would say Cisco ASA is the best except for its URL and content filtering module. And these modules in ASA are not straightforward, rather complex in managing the device.

            What was my experience with deployment of the solution?

            I've been using this solution since 2007.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            All product-based firewalls will encounter scalability issues. The firewall sizing is important during the sizing.

            How are customer service and technical support?

            Good.

            Which solution did I use previously and why did I switch?

            I used to work with most of the hardware firewalls, Cisco ASA is reliable and few technologies are good enough to compete for the market (VPN, Modular policy framework, NAT, etc.).

            How was the initial setup?

            Straightforward -- console or via the interface.

            What's my experience with pricing, setup cost, and licensing?

            Expensive when compared to other products.

            Which other solutions did I evaluate?

            Yes, all.

            What other advice do I have?

            If you are looking into implementing VPN or advanced features, I recommend using this product. URL or content filtering is not good as much as the NGFWs are.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            DA
            Computer Networking Consultant and Contractor
            Consultant
            Initial setup was very straightforward because the training and certification provided by the vendor helped us to solve rapidly any configuration issues.​

            Pros and Cons

            • "Stability, high availability of services, and very high MTBU were the most valuable features for me."
            • "The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc."

            How has it helped my organization?

            I have 15 years’ experience with Cisco products and I've had very, very little problems with them. Also, for resolving appeared issues Cisco was a good partner.

            Crescendo (www.crescendo.ro) is an IT&C integrator and this product (based on Cisco Partnership) helped us to grow our business, and Cisco ASA was one of most sold product in our solutions portfolio.

            What is most valuable?

            Stability, high availability of services, and very high MTBU were the most valuable features for me -- because in my work as network and security consultant, it is very important to guarantee to my customer the security of his business.

            What needs improvement?

            The ability to integrate (as options) all-in-one features -- like anti-spam, anti-virus, etc.

            What do I think about the stability of the solution?

            With Cisco ASA firewall, no.

            What do I think about the scalability of the solution?

            No. Based on their recent acquisition of Firepower, Cisco added "multi 10Gbps" NGFW performance in their solutions portfolio, which can be used by us, as a Gold Partner with Advance Security Architecture Specialization, in our network architecture proposals.

            How are customer service and technical support?

            Very satisfied.

            Which solution did I use previously and why did I switch?

            I haven' t used another solution.

            How was the initial setup?

            Initial setup was very straightforward because the training and certification provided by the vendor helped us to solve rapidly any configuration issues.

            What's my experience with pricing, setup cost, and licensing?

            To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive.

            Which other solutions did I evaluate?

            We evaluated other solutions, like Fortinet, HPE, Juniper, Check Point, but Cisco ASA was what we need.

            What other advice do I have?

            To test the product in their network and to evaluate other products. I am sure that the Cisco ASA Firewall will be the winner.

            Our complete relationship is based on the following partner competencies:
            Certifications:

            • Gold Certified Partner
            Specializations:
            • Advanced Collaboration Architecture Specialization
            • Advanced Data Center Architecture Specialization
            • Advanced Enterprise Networks Architecture Specialization
            • Advanced Security Architecture Specialization


            Cloud Partners:
            • Storage: EMC
            • Virtualization: VMware
            • Cloud Management: VMware
            • Cloud Professional Services
            • SaaS Simple Resale


            Other Authorizations:
            • Registered Partner
            • Cisco Certified Refurbished Equipment
            • Cisco Developer Network Cisco Products Marketplace
            • Cisco Meeting Server formerly Acano
            • PSPP Defense
            • Smart Care Registered Partner
            • ATP - Unified Contact Center Enterprise

            Partner since:

            • More than 10 years

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            SS
            Network Engineer with 201-500 employees
            Real User
            Before anything, you need to know your infrastructure really well

            Pros and Cons

            • "IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
            • "ASDM can be improved."

            How has it helped my organization?

            The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.

            What is most valuable?

            IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.

            The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.

            Also, the IP access list counter is a good feature while troubleshooting.

            What needs improvement?

            ASDM can be improved.

            Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.

            What do I think about the stability of the solution?

            Yep, more than once, but only on one box out of the three we purchased. Suppose we got a lemon, because once replaced, everything was fine.

            What do I think about the scalability of the solution?

            We never had an infrastructure that required scalability.

            How is customer service and technical support?

            An eight out of 10. TAC was very good but some engineers were quite slow and I ended up figuring out the issue myself.

            But overall, I like Cisco TAC a 1000 times more than Juniper TAC. Arista is the best TAC so far in my experience, they have the best talent pool.

            How was the initial setup?

            Quite straightforward for the most part, since I had TAC on call while setting it up.

            What's my experience with pricing, setup cost, and licensing?

            Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now.

            Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All other TACs do not come close, except Arista, but they do not make firewalls.

            Which other solutions did I evaluate?

            None. My old company was a complete Cisco shop.

            What other advice do I have?

            Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well.

            For example, we brought a PAN firewall for east-west traffic control so we could implement a zero trust network. But our business traffic is a bidding traffic which has extremely small packet size and huge connection size per seconds happening, which sent the PAN firewall into a tailspin. Since we bought the device without a POC, we had to eat the cost. So make sure to do a PoC with all the vendor equipment before you purchase it.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user700158
            Senior Network Security Engineer at a university
            Vendor
            Spec the right hardware model and choose the right license for your needs.

            Pros and Cons

            • "The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users."
            • "The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment."

            How has it helped my organization?

            The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users.

            What is most valuable?

            It all depends on the deployment scenario, as I have used ASA for specific purposes. In general, the stateful firewall feature, site to site VPN, and AnyConnect remote access VPN are always useful.

            What needs improvement?

            It's not perfect, and does have room for improvement with certain features.

            The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment.

            Certain documentation on the newer models of ASA (specifically, ASA 5500-X with FirePower services) is a little out of date and in some cases incorrect, although this may have been corrected since my last deployment.

            What do I think about the stability of the solution?

            I've never seen a firewall that didn't need an RMA at some point! And that is true of the ASA, however, the failure rate (in my experience) has always been very low with ASA's (and Cisco equipment in general).

            What do I think about the scalability of the solution?

            Nope.

            How are customer service and technical support?

            With Cisco TAC, you can always get an answer to technical issues, and with the thriving Cisco support forum, you can always get answers to questions even if you don't have TAC.

            Which solution did I use previously and why did I switch?

            Not in my current organization.

            How was the initial setup?

            I would say it's only complex if you're not familiar with either the CLI or ASDM.

            So for me, it was easy, for those without Cisco CLI (or ASDM) experience, deployment can be a little daunting.

            That being said, there are plenty of configuration documents available on the Cisco website that will "hold your hand" through any deployment.

            What's my experience with pricing, setup cost, and licensing?

            Hardware and licensing can be expensive, and licensing can be a complicated affair. I would strongly recommend you speak with your distributor to ensure you choose the right license for your needs, and read the hardware comparison guide to make sure you spec the correct hardware for your specific needs.

            Which other solutions did I evaluate?

            It's great buying the latest and greatest equipment, but no so great if your engineers don't know how to operate it!

            From experience, hardware purchasing is normally dependent on the technical expertise of engineers, so if all your engineers are Cisco trained, it makes no sense to buy another vendor firewall.

            What other advice do I have?

            Spec the right hardware model and choose the right license for your needs.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Alexander Kostov
            Senior IT Networking and Security Manager at a tech services company with 10,001+ employees
            Real User
            It is supported on many platforms and helps us gain access to the network.

            What is most valuable?

            There are a lot of features which are good and can be implemented, especially in the latest IOS version of the product.

            They saved me a lot of time thinking how to solve different scenarios with other solutions.

            Cisco AnyConnect for remote access is one of them. It is supported on most of the platforms, which business users use. They can gain access to the network, via functions like PBR, Security groups, contexts, and DNS doctoring. This gives a lot of flexibility to the product.

            How has it helped my organization?

            It gave us a more secure environment and a lot of flexibility to the business.

            What needs improvement?

            The next generations part of these products need a better approach. A lot of vendors are definitely a step or two in front of them.

            For how long have I used the solution?

            I have worked with these types of firewalls for more than 10 years.

            What do I think about the stability of the solution?

            I can say that this product is one of the most stable products I have ever worked with.

            What do I think about the scalability of the solution?

            In terms of scalability, this always depends on how the product was chosen and what purpose it will work for. I haven't experienced any issues with the scalability of the product.

            How are customer service and technical support?

            In terms of technical support, it depends on the different cases. I would surely give Cisco technical support a rating of 9/10.

            Which solution did I use previously and why did I switch?

            I used to work with open source solutions, but the support and complication behind them was definitely not OK. If you want to have flexibility and stability, you have to move on to something that receives more development in that specific area.

            How was the initial setup?

            The initial setup was straightforward and there was a lot of documentation that can help out with specific cases.

            What's my experience with pricing, setup cost, and licensing?

            This is definitely not a cheap solution, but I think it is worth the investment.

            Which other solutions did I evaluate?

            We evaluated other solutions like Juniper, but we chose Cisco, since our network was becoming more and more Cisco oriented.

            What other advice do I have?

            I would recommend that you understand the needs of the business case before choosing the product and start implementing it. It is very important to choose the right licenses from the beginning.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Georges Samaha
            Security Consultant at a tech services company with 501-1,000 employees
            Reseller
            Top 5Leaderboard
            Detection engine and historical file analysis ease threat investigations

            Pros and Cons

            • "The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot."
            • "I would like to see more integration with third-party devices in general. There is great integration with Cisco devices, but there's not much integration with third-party devices."

            What is our primary use case?

            Cisco next-generation firewalls are mainly used either for data center protection - north-south traffic - or internet traffic.

            How has it helped my organization?

            The application and user-visibility and control, along with very powerful IPS and malware protection, enables our clients to secure their data centers and internet perimeter in a much better way. It provides them with traffic visibility and reporting as well.

            The main advantage is when you put it between users and servers internally or between different VLANs in the network. You have full visibility over the traffic, over all the internal applications. Usually, there's a lot of traffic that is not very clear and no one knows what is on their network. So, once deploy it internally, you have full visibility over the internal traffic, who's accessing what, which protocol. It can directly detect all kinds of malicious traffic, traffic that abuses bandwidth. 

            It makes different kinds of internal behavior that is useful to a network admin. And for security of course: Any kind of file infection, any kind of internal scanning, internal attacks; it gives you full visibility.

            Finally, you have communication of VLANs, internally, in the network, of course. So you have a granular access control based on user and application, instead of IP and port as you would have with a traditional firewall.

            What is most valuable?

            During the first phase of use, it was an extra module on standard Cisco ASA firewalls. It then became a standalone solution known as FTD, Firepower Threat Defense.

            The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot.

            I value the integration with other products (Cisco ISE, Cisco Endpoint AMP) which increases the protection intelligence within the enterprise by sharing security info between different products, which function on different layers. It furnishes fully connected security.

            It also provides detection of the client operating system, which gives very good reporting and correlation with the signatures. It can relay the signature IP to the client operating system, to give a better correlation decision.

            What needs improvement?

            Some ASA known features are still missing, but are being added bit by bit in each new version release, such as:

            • Remote Access VPN (the last release only supported the 2100 series): The next firewall model version is expected to support Remote Access VPN in the next software release in July 2017.
            • Virtualization of the appliance (multiple contexts) is still missing.
            • You always need an external management system, the onboard one is not very good. You have to use FMC, FirePOWER Management Center, as external software. There's always an add-on, whereas all the competition has an onboard management interface.

            I would like to see more integration with third-party devices in general. There is great integration with Cisco devices, but there's not much integration with third-party devices.

            For how long have I used the solution?

            One to three years.

            What do I think about the stability of the solution?

            We did not encounter any issues with stability. Cisco Firepower FW is very stable in all of the deployments we have made.

            What do I think about the scalability of the solution?

            The scalability is very good. They have a clustering mechanism, so you can start with an appliance and then cluster, adding more bandwidth and nodes into your cluster. If you don't have a big budget you can start with a medium appliance and then cluster appliances. Or if you want to buy it all in one shot, there is a big range.

            Although it allows scaling by adding multiple firewalls together (clustering), we have never used that, as all new hardware supports high-performance throughput and connections at a reasonable price.

            How are customer service and technical support?

            Technical support is perfect. Cisco is always known for its good technical support. We have never had any issues with them.

            Which solution did I use previously and why did I switch?

            As a Cisco Gold Partner, we always proposed Cisco firewalls for our clients.

            How was the initial setup?

            The setup was straightforward. A new Cisco FTD can be set up and running in a couple of hours. If you're used to firewalls you can quickly get along with it. There is nothing complicated.

            The time deploy is short. But the time to tune and create the policies involves a learning phase. Traffic changes over time, so the tuning for firewall rules has to be as granular as possible takes a bit of time. But to deploy you can go live is fast.

            The strategy is to start with high-level security policies and then monitor the traffic and the applications affected. Then on the detection logs, create more granular rules.

            What's my experience with pricing, setup cost, and licensing?

            It has a great performance-to-price value, compared to competitive solutions. Subscriptions are annual. The licensing fee and standard support are the only costs we pay for.

            Which other solutions did I evaluate?

            We did not evaluate any alternative solutions.

            What other advice do I have?

            Make sure you tune your rules very well, as some clients just leave the firewall as it is and don't maintain the access rules or tighten them to be more granular and efficient.

            In terms of maintenance, you need one person for security analysis and one to create rules and for daily support.

            Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Cisco Gold Partner.
            it_user654645
            Senior Network Specialist
            Vendor
            It has an important role as a firewall and it improves our access control.

            What is most valuable?

            The security features are valuable because it is easy to use and it has an important role as a firewall.

            How has it helped my organization?

            It has improved our access control.

            What needs improvement?

            It would be useful to gather all security features in one box. For example, certain features like URL filtering and application control licenses need to be purchased separately and it depends on the hardware spec, as not all models are supporting these two features. This causes the user to be highly dependent on the pre-sales person.

            For how long have I used the solution?

            We have been using the solution for six years.

            What do I think about the stability of the solution?

            We did not encounter any issues with stability.

            What do I think about the scalability of the solution?

            We had a scalability issue, as each feature is based on license or hardware support.

            How are customer service and technical support?

            I would rate the technical support at 8/10.

            Which solution did I use previously and why did I switch?

            We did not use a previous solution.

            How was the initial setup?

            The setup was straightforward with two layers of firewall.

            What's my experience with pricing, setup cost, and licensing?

            It is too pricey if you want to activate more features in a box, which necessitates you to purchase a license.

            Which other solutions did I evaluate?

            We evaluated Palo Alto and CheckPoint.

            What other advice do I have?

            Know what features are needed, and then purchase the necessary hardware and license.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user430797
            Network Engineer at a mining and metals company with 1,001-5,000 employees
            Vendor
            The simple access rule, Internet NAT and routing are valuable features.

            What is most valuable?

            The simple access rule, Internet NAT and routing are valuable features. It is very simple and the most reliable perimeter firewall.

            How has it helped my organization?

            We were using Cisco Security Manager (CSM) to control and configure all of our Cisco products. ASA worked very well on the CSM.

            What needs improvement?

            The next-generation firewall could improve. Still, they have NGFW 5525 but I haven’t tried it yet.

            For how long have I used the solution?

            We have been using this solution for seven years.

            What do I think about the stability of the solution?

            We have never faced any stability issues.

            What do I think about the scalability of the solution?

            Sometimes, the throughput and CPU counter issues were faced, maybe because we started to use it a long time ago.

            How are customer service and technical support?

            Technical support is great. They are very responsible, know the bugs and workaround.

            Which solution did I use previously and why did I switch?

            We have used it from the beginning.

            How was the initial setup?

            The initial setup is not simple and straightforward, because it is Cisco and you need to configure it by CLI.

            What's my experience with pricing, setup cost, and licensing?

            Obviously, Cisco products are not cheap.

            What other advice do I have?

            If you are looking for a stable run and it is easy to find someone to configure the service, then better go for Cisco; their support is very professional.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user674844
            Executive Manager with 11-50 employees
            Vendor
            The solution's reliability, performance, and security are most valuable.

            What is most valuable?

            The solution's reliability, performance, and security are most valuable.

            What needs improvement?

            The price and compatibility with other vendors' products can be improved.

            For how long have I used the solution?

            I have used this solution for three years.

            What do I think about the stability of the solution?

            I have not encountered any issue with stability.

            What do I think about the scalability of the solution?

            I have not encountered any issues with scalability.

            How are customer service and technical support?

            I would give technical support a rating of 9/10.

            Which solution did I use previously and why did I switch?

            I used Juniper Networks and I switched due to the lack of technical and sales support in Romania.

            How was the initial setup?

            The…

            What is most valuable?

            The solution's reliability, performance, and security are most valuable.

            What needs improvement?

            The price and compatibility with other vendors' products can be improved.

            For how long have I used the solution?

            I have used this solution for three years.

            What do I think about the stability of the solution?

            I have not encountered any issue with stability.

            What do I think about the scalability of the solution?

            I have not encountered any issues with scalability.

            How are customer service and technical support?

            I would give technical support a rating of 9/10.

            Which solution did I use previously and why did I switch?

            I used Juniper Networks and I switched due to the lack of technical and sales support in Romania.

            How was the initial setup?

            The initial setup was complex because of its outdoor position. We had to solve this problem with outdoor protection.

            What's my experience with pricing, setup cost, and licensing?

            Negotiate the quote.

            Which other solutions did I evaluate?

            Before choosing, I evaluated Juniper Networks SRX.

            What other advice do I have?

            Be careful with temperature control in the rack area, since Cisco ASA 5585-X with SSP-10 heats up a lot.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            AM
            IT Operation Manager
            Real User
            Provides software updates for known bugs and vulnerabilities.

            What is most valuable?

            • Hardware reliability
            • Software stability
            • Quick software updates for known bugs/vulnerabilities

            These are very important in an enterprise environment.

            How has it helped my organization?

            It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

            What needs improvement?

            • License politics
            • License price
            • Precise vendor roadmap for this product

            For how long have I used the solution?

            I have used Cisco ASA for five years.

            What do I think about the stability of the solution?

            We have not had stability issues.

            How are customer service and technical support?

            I would give them a high rating.

            Which solution did I use previously and why did I switch?

            We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
            Cisco has good documentation and it is easy for Cisco certified engineers.

            How was the initial setup?

            The initial setup was straightforward.

            What's my experience with pricing, setup cost, and licensing?

            Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.

            Which other solutions did I evaluate?

            We did not evaluate any alternatives.

            What other advice do I have?

            The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user477366
            Security Technical Architect at a tech services company with 10,001+ employees
            Consultant
            It provides detection of zero day infections. The feature sets are great when there are no software bugs.

            What is most valuable?

            The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

            How has it helped my organization?

            It provides detection of zero day infections through FirePOWER AMP.

            What needs improvement?

            Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.

            For how long have I used the solution?

            I have used the ASA portion for over eight years and the FirePOWER portion for about three years.

            What do I think about the stability of the solution?

            We did have stability issues with the FirePOWER software.

            What do I think about the scalability of the solution?

            We did not have scalability issues with the high end devices.

            How are customer service and technical support?

            I give technical support a rating of 5/10.

            Which solution did I use previously and why did I switch?

            We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

            How was the initial setup?

            The setup was reasonably straightforward.

            What's my experience with pricing, setup cost, and licensing?

            Get a clear understanding of what the licensing entails before committing.

            Which other solutions did I evaluate?

            We checked out Check Point and FortiGate.

            What other advice do I have?

            Plan very well in order to have a seamless project implementation and transition.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Security Consultant at Accenture
            Real User
            Cisco doesn't have many features but only basic firewalls. Technical support and documentation is great.

            What is most valuable?

            Cisco doesn't have many features but only basic firewalls.

            How has it helped my organization?

            No improvement. My clients have been using this product and moving to other products.

            What needs improvement?

            This product should have moved towards making UTMs.

            For how long have I used the solution?

            Eight years.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            No.

            How are customer service and technical support?

            Technical support and documentation is great.

            Which solution did I use previously and why did I switch?

            No, I worked with this product by working for a client.

            How was the initial setup?

            It is easy to set up and implement.

            What's my experience with pricing, setup

            What is most valuable?

            Cisco doesn't have many features but only basic firewalls.

            How has it helped my organization?

            No improvement. My clients have been using this product and moving to other products.

            What needs improvement?

            This product should have moved towards making UTMs.

            For how long have I used the solution?

            Eight years.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            No.

            How are customer service and technical support?

            Technical support and documentation is great.

            Which solution did I use previously and why did I switch?

            No, I worked with this product by working for a client.

            How was the initial setup?

            It is easy to set up and implement.

            What's my experience with pricing, setup cost, and licensing?

            Never worked on pricing and licensing.

            Which other solutions did I evaluate?

            I would always prefer to evaluate other products when I have been asked for advice on firewall solutions.

            What other advice do I have?

            Evaluate other product before using this product.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user470943
            ICT Manager - Network Operations at a healthcare company
            Vendor
            ​Pricing is competitive and licensing cost is on the higher side for non-profit organizations​.

            What is most valuable?

            Firewall, VPN and Single Sign On.

            How has it helped my organization?

            Remote Access and SSO Authentication.

            For how long have I used the solution?

            One year.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            Not yet.

            How are customer service and technical support?

            Good.

            Which solution did I use previously and why did I switch?

            Watchguard Firewall. Switched due to license cost.

            How was the initial setup?

            A bit complex compared to Watchguard Firewall.

            What's my experience with pricing, setup cost, and licensing?

            Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

            Which other solutions did I evaluate?

            If so, which ones? Yes,…

            What is most valuable?

            Firewall, VPN and Single Sign On.

            How has it helped my organization?

            Remote Access and SSO Authentication.

            For how long have I used the solution?

            One year.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            Not yet.

            How are customer service and technical support?

            Good.

            Which solution did I use previously and why did I switch?

            Watchguard Firewall. Switched due to license cost.

            How was the initial setup?

            A bit complex compared to Watchguard Firewall.

            What's my experience with pricing, setup cost, and licensing?

            Pricing is competitive but licensing cost is on the higher side for non-profit organizations.

            Which other solutions did I evaluate?

            If so, which ones? Yes, Checkpoint, Juniper, Cyberoam.

            What other advice do I have?

            Cisco is good. Look at your requirements and create a matrix to figure out the best option.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Sr Network Engineer at a tech services company with 501-1,000 employees
            Consultant
            Valuable features are its ​VPNs and reliability.

            What is most valuable?

            VPNs, reliability.

            How has it helped my organization?

            Connectivity with client Telcos works perfectly way and administration is simple.

            What needs improvement?

            I think it's the perfect Firewall for SME.

            For how long have I used the solution?

            Five years.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            No.

            How are customer service and technical support?

            10 out of 10.

            Which solution did I use previously and why did I switch?

            Version 5515 is better than 5510 or 5505.

            How was the initial setup?

            If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way of configuring it with ease.

            What's my experience with pricing, setup cost, and licensing?

            Go for the…

            What is most valuable?

            VPNs, reliability.

            How has it helped my organization?

            Connectivity with client Telcos works perfectly way and administration is simple.

            What needs improvement?

            I think it's the perfect Firewall for SME.

            For how long have I used the solution?

            Five years.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            No.

            How are customer service and technical support?

            10 out of 10.

            Which solution did I use previously and why did I switch?

            Version 5515 is better than 5510 or 5505.

            How was the initial setup?

            If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way
            of configuring it with ease.

            What's my experience with pricing, setup cost, and licensing?

            Go for the complete bundle, it's a one time investment only. Otherwise, in the future you will have to buy other tools as licenses for some add-on services.

            Which other solutions did I evaluate?

            FortiGate 100D.

            What other advice do I have?

            I would go for bundle licenses and hire a Cisco engineer for implementation.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            IT Manager at a manufacturing company
            Vendor
            Valuable features are Cisco IPSec VPn , VPN Client, Port Restrictions .​

            What is most valuable?

            • Cisco IPSec VPn
            • VPN Client
            • Port Restrictions

            How has it helped my organization?

            We could connect data securely from outside the company.

            What needs improvement?

            I need application user-IP blocking, Intrusion Prevention, QoS; I can't do these with Cisco and have to change it.

            For how long have I used the solution?

            Five years.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            No.

            How are customer service and technical support?

            I have never needed support from Cisco.

            Which solution did I use previously and why did I switch?

            I couldn’t meet all my needs with the Cisco 5505 so I changed it with a next-generation firewall.

            How was the initial setup?

            Actually it was simple, making port based policies more simple than PA.

            What's my experience with pricing, setup cost, and licensing?

            Cisco price-performance is very successful.

            Which other solutions did I evaluate?

            I evaluated Sophos UTM, Checkpoint, Cisco and PA. PA is the best fit for my company because Sophos acquired Cyberoam and their software wasn’t successful for domain user restrictions. Checkpoint was very slow for me and too many licences and it was complicated. Cisco acquired Sourcefire and they need to improve next-gen features. So I chose PA.

            What other advice do I have?

            I know that Cisco acquired Sourcefire and they re-introduced next-generation firewall features and I think they’ll improve NX features.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user400626
            Senior Network & Data Communication Engineer at a tech services company with 201-500 employees
            Consultant
            ​Most valuable features are Security, Routing and NAT.

            What is most valuable?

            Security, Routing and NAT.

            How has it helped my organization?

            Gives flexibility and several deployment options.

            What needs improvement?

            Some default inspection rules need better tuning. Focus development on CLI version.

            For how long have I used the solution?

            11 years.

            What do I think about the stability of the solution?

            Rarely.

            What do I think about the scalability of the solution?

            Yes, before Clustering was introduced.

            How are customer service and technical support?

            Nine out of 10.

            Which solution did I use previously and why did I switch?

            Yes. We changed for no special reason, just to mix things up.

            How was the initial setup?

            Yes, but you need to read and understand how the device functions before deployment.

            What's my experience with pricing, setup cost, and licensing?

            Like with all vendors, know what options you require and request the proper license accordingly. Prices are on the same level as competitors.

            Which other solutions did I evaluate?

            Not really, as all firewalls do most of what enterprises look for. What matters most is the after sales support.

            What other advice do I have?

            Read, read, read and understand your requirements beforehand.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Manager Network Security at a financial services firm with 5,001-10,000 employees
            Vendor
            I love its CLI mode of working, it gives plenty of information with single line of command.

            What is most valuable?

            I love its CLI mode of working, it gives plenty of information with a single line of command.

            This feature allows its administrator to perform advanced level tasks with much ease.

            How has it helped my organization?

            These products provide much stability which, in return, any organization demands to run its functions properly and smoothly.

            What needs improvement?

            This product lacks in GUI format; that needs to be more mature and composed.

            For how long have I used the solution?

            10 years +

            What was my experience with deployment of the solution?

            No issues.

            What do I think about the stability of the solution?

            Rarely, due to software issues.

            What do I think about the scalability of the solution?

            As of now, no.

            How are customer service and technical support?

            Excellent but if non-Indian engineer is assigned.

            Which solution did I use previously and why did I switch?

            We have almost 99% Cisco based infrastructure.

            How was the initial setup?

            Pretty straightforward.

            Which other solutions did I evaluate?

            Usually yes. We did like Huawei and Juniper.

            What other advice do I have?

            Cisco has done great job in introducing new features in their security product by acquiring specialized companies in the past. However, they still need to improve their unique feature products as they are in a challenger position, but not on top, at various product review portals.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Network Security Administrator at a tech company with 5,001-10,000 employees
            Vendor
            It helped us and our customers to implement more granular and flexible connections to and from our/their environments.

            Pros and Cons

            • "The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging."
            • "It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes."

            How has it helped my organization?

            It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.

            What is most valuable?

            The most valuables feature of this product are given by the comprehensive VPN solutions it offers and its tools for troubleshooting and debugging. You can provide complex and flexible way to securely access private environments. And its troubleshooting and debugging tools allow you to identify, in the fastest time possible, where some potential issues could have been occurred.

            What needs improvement?

            It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes.

            In addition, a "testing" feature should be performed to let you know what would be the consequences of applying these new changes. Only after you would see the tests’ results (if they do not create any unwanted effect) would you go and commit them.

            What do I think about the stability of the solution?

            There were some issues with stability prior to code version 9.2.x, more related to Clientless SSL and Client RA VPN solutions. Some bugs affected the integrity of these type of features.

            What do I think about the scalability of the solution?

            There were no problems in terms of scaling an existing solution, though very expensive.

            How are customer service and technical support?

            I would give a rating of eight out of 10, compared to others vendors. The technical support is much better than most vendors, but let's say not as good as F5 Networks technical support.

            Which solution did I use previously and why did I switch?

            I've only worked for integrator or ISP organizations. Over the years I’ve worked with multiple solutions offered by different vendors due to my customers’ budgets or preferences. What makes it the best of all the solutions I’ve worked on is the stability and its hardware.

            How was the initial setup?

            The initial setup configurations differ from customer to customer, from very simple to highly complex solutions. Depends on the customer’s needs.

            What's my experience with pricing, setup cost, and licensing?

            I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you.

            What other advice do I have?

            Choose it if you aim to have a stable environment.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user614874
            Gerente de Telecomunicaciones at a financial services firm with 1,001-5,000 employees
            Vendor
            The front page of device manager is the most valuable feature. We suffered an attack and the firewall was down repeatedly.

            What is most valuable?

            The front page of device manager is the most valuable feature because it makes it easy to know the system status.

            How has it helped my organization?

            It’s hard to say because our equipment was EoS.

            For how long have I used the solution?

            I have used Cisco ASA for three years.

            What do I think about the stability of the solution?

            We suffered an attack and the firewall was down repeatedly.

            What do I think about the scalability of the solution?

            We have to buy more licenses to get more VPN connections.

            How are customer service and technical support?

            I rate support 7/10.

            Which solution did I use previously and why did I switch?

            We didn’t have a previous solution. I actually searched after another solution.

            How was the initial setup?

            Setup was…

            What is most valuable?

            The front page of device manager is the most valuable feature because it makes it easy to know the system status.

            How has it helped my organization?

            It’s hard to say because our equipment was EoS.

            For how long have I used the solution?

            I have used Cisco ASA for three years.

            What do I think about the stability of the solution?

            We suffered an attack and the firewall was down repeatedly.

            What do I think about the scalability of the solution?

            We have to buy more licenses to get more VPN connections.

            How are customer service and technical support?

            I rate support 7/10.

            Which solution did I use previously and why did I switch?

            We didn’t have a previous solution. I actually searched after another solution.

            How was the initial setup?

            Setup was complex because we had not taken a course previously.

            What's my experience with pricing, setup cost, and licensing?

            Sincerely, I prefer other products with no limit on licensing of VPNs, for example.

            What other advice do I have?

            You have to find more confidentiality, integrity and availability.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user398799
            Sr. Security Analyst with 1,001-5,000 employees
            Real User
            Centralized policy creation simplifies matters more than previously. URL, Malware and IPS built-in has been a great help.

            What is most valuable?

            Centralized policy creation for URL, application, IPS, etc. It simplifies matters more than previously.

            How has it helped my organization?

            It provides centralized management. I would also add that URL, Malware and IPS built-in has been a great help as well. Where we used to need several products for all these features, we now only need the ASAs with the additional licensing. So now, it is more a matter of license management over hardware and licensing management.

            What needs improvement?

            More centralization and simplification of product lines would help most engineers, but I think licensing is the key here. Most organizations won’t pay the money to have ELA licensing, so all the individual licenses for these products can be overwhelming. Plus, they never really synch for expiration time.

            This is mainly due to reliance on other Cisco products and licensing. For example, Palo Alto includes several features in one whereas Cisco requires multiples. However, I still think Cisco offers great products but to get a "10" they might consolidate devices or simplify licensing.

            For how long have I used the solution?

            I have used this for two years, but company has used Cisco solutions for many years.

            What do I think about the stability of the solution?

            We did somewhat have stability problems. Upgrading the ASA, ASDM, and SFR can be a pain if you have as many firewalls as we do (21). Once you can get them to fall under FPMC management it can be a little easier, but it is a battle to get to that point.

            What do I think about the scalability of the solution?

            There have been no scalability issues from my point of view. I was handed the solution, so some of the initial work was done.

            How are customer service and technical support?

            I rate support 10/10. TAC has always done a great job with answering my questions and providing remote support when needed.

            Which solution did I use previously and why did I switch?

            Previously, I used ASAs without FirePower; and unsure what my company used prior to that.

            How was the initial setup?

            For me, setup was half-and-half. In one update run I missed the step that discusses how the ASA and ASDM need to be on a specific patch prior to upgrading the SFR. FPMC attempted to push the new update to the devices regardless of this mismatch that caused FPMC to loose communication. I had to downgrade the SFR all the way back to v5.4.1 before I could install the latest version. You also have to step through several updates before you are done, so that can be tedious as well.

            What's my experience with pricing, setup cost, and licensing?

            Read everything and track all your licenses. Research all options and maybe pick a few to PoC. It doesn’t hurt to trial others. Maybe they are a better fit for your environment.

            Which other solutions did I evaluate?

            We are moving forward with ELA 5.0 for all Cisco security devices. Prior to that decision, we did a PoC with Palo Alto 3020 and 220 firewalls and Panorama. Those are some great products, but we are so Cisco centric that the cost of ELA isn’t much more than we are spending now.

            What other advice do I have?

            Do research. FPMC is great for us but it requires a lot of time and attention.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user511224
            IT Support Engineer
            Vendor
            Its security features are the most valuable aspect. The equipment is too expensive.

            What is most valuable?

            Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.

            How has it helped my organization?

            The product has helped organizations secure their infrastructure and data. Most organizations are happy to adopt the technology.

            What needs improvement?

            The equipment is too expensive compared with other firewall products.

            For how long have I used the solution?

            I have used ASA for about three months. I just bought and configured it for a client.

            What do I think about the stability of the solution?

            Since I installed and configured it, the client has never called with complaints.

            What do I think about the scalability of the solution?

            I have not had scalability issues at all. Maybe it is because I have not used it quite extensively.

            How are customer service and technical support?

            I haven't had a chance to interact with the support team.

            Which solution did I use previously and why did I switch?

            The previous product was limited in throughput and security.

            How was the initial setup?

            The initial setup was quite complex.

            What's my experience with pricing, setup cost, and licensing?

            As much as there is value for money, there is a need to make it affordable.

            Which other solutions did I evaluate?

            I tried Sophos.

            What other advice do I have?

            It is a very good device to use for those who value their network security.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Member of the Board of Directors at a tech services company with 1,001-5,000 employees
            Consultant
            Class-based policing is the most important part of the ASA, and was its differentiator.

            What is most valuable?

            Class-based policing is the most important part of the ASA, and was its differentiator.

            How has it helped my organization?

            It gave us more organized DMZs and logical segments.

            What needs improvement?

            I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a case-by-case basis. This makes it difficult for people who want to study and trial new technologies and features.

            For how long have I used the solution?

            I’ve been using ASA technology since it was PIX, so since 1999.

            What do I think about the stability of the solution?

            We have not had stability issues.

            What do I think about the scalability of the solution?

            We have not had scalability issues.

            How are customer service and technical support?

            Support with Cisco TAC, or with VARs like WWT and Trace3 is usually pretty good.

            Which solution did I use previously and why did I switch?

            I have used both ASA and PAN. Different strokes for different folks.

            How was the initial setup?

            Initial setup is straightforward. You can get as granular and complex as you want, but out of the box, ASAs provide a secure FW solution.

            Which other solutions did I evaluate?

            We evaluate all other options.

            What other advice do I have?

            ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution. Documentation and use cases alone tend to make me a fan of Cisco's way of engineering, and they have come a long way over the last few years when it comes to integrating their solutions into comprehensive security communications platforms using tools like PRIME and ISE. FirePOWER and AMP make Cisco an even better overall contender for top FW status.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user579180
            Networking Specialist at a insurance company with 1,001-5,000 employees
            Vendor
            Provides management with the adaptive security device manager.

            What is most valuable?

            It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.

            It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.

            Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.

            The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.

            How has it helped my organization?

            It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.

            What needs improvement?

            • The SSL VPN portal could be better.
            • The ASAs support both IPSEC as an SSL VPN.
            • For IPSEC you need a Cisco VPN client.
            • You can only have two SSL VPN sessions.
            • For more SSL sessions you have to pay (750 IPSEC sessions are included with an ASA).
            • With SSL, you connect through a browser, so it is clientless. The SSL portal offers a few functionalities which you can offer a user. Configuring this portal is not an easy task.

            For how long have I used the solution?

            We have been using the solution for almost five years.

            What do I think about the stability of the solution?

            We didn't encounter any issues with stability.

            What do I think about the scalability of the solution?

            Scalability is limited depending on the chosen model.

            How are customer service and technical support?

            I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.

            Which solution did I use previously and why did I switch?

            We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.

            How was the initial setup?

            The setup was easy with lots of documentation and configuration examples provided.

            What's my experience with pricing, setup cost, and licensing?

            You have to negotiate well.

            Which other solutions did I evaluate?

            We did not evaluate any alternative options for stateful firewalling.

            What other advice do I have?

            You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user456837
            Project Manager with 11-50 employees
            Vendor
            It is very robust, trustworthy and highly customizable.

            What is most valuable?

            It is very robust, trustworthy and highly customizable.

            How has it helped my organization?

            Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.

            What needs improvement?

            It could have more functions for load balance on the internet.

            For how long have I used the solution?

            We have been using the solution for two years.

            What do I think about the stability of the solution?

            We never had any stability issues. It is the most stable platform that I have used, and I have used several including Fortinet, Sophos, Hillstone, Cisco and D-Link.

            What do I think about the scalability of the solution?

            We did not encounter any issues with scalability.

            How are customer service and technical support?

            I would rate the technical support at 10/10. It is the best.

            Which solution did I use previously and why did I switch?

            I implement solutions on several clients, Redneet is a technology integration company and I prefer Cisco ASA for my security solutions.

            How was the initial setup?

            The setup is a little more complex than other solutions.

            What's my experience with pricing, setup cost, and licensing?

            It is a bit more expensive than other solutions, but offers more customization and security than other solutions.

            Which other solutions did I evaluate?

            We evaluated Fortinet, Sophos, Palo Alto.

            What other advice do I have?

            Use the best practice guides and online documentation. Cisco has more information online free that any other brand, so use it!!!

            Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Cisco Partner.
            KB
            Senior Network Designer at ODI
            Real User
            You can extend your visibility in network infrastructure for monitoring.

            What is most valuable?

            The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in Cisco devices and services.

            How has it helped my organization?

            You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication:

            • Users login just one time
            • You can control all user access to the internet, data center resources, and across the network.

            What needs improvement?

            After Firepower V6.1, Cisco added bandwidth shaping on the FTD product. This feature is a little bit weak. You cannot have customized shaping in different projects.

            For how long have I used the solution?

            I have used this product, as well as Cisco Firepower Threat Defense, for about two years.

            What do I think about the stability of the solution?

            I have heard about some bugs, but I have never encountered any.

            What do I think about the scalability of the solution?

            This product is very scalable in our experience.

            How was the initial setup?

            It is easy to initialize. For advanced configurations, it is sometimes complicated.

            What's my experience with pricing, setup cost, and licensing?

            The base license is delivered with the device. This license includes IPS and user authentication. You should buy a license for an IPS update. You should also buy another license for AMP and URL filtering.

            These are the important licenses: BASE, IPS, AMP, and URL filtering. Apart from the base license, the other licenses are subscription based for one, three, or five years.

            Which other solutions did I evaluate?

            I evaluated many products, such as CheckPoint, Palo Alto, Fortinet Firewall, Sophos, and Cyberoam Firewall.

            What other advice do I have?

            This product is very usable when you need integrity in your network. This product is very functional when you use a Cisco Identity Services engine.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user349320
            Corporate Information Security Officer
            Vendor
            A standard rule based firewall that has solved many remote access problems.

            What is most valuable?

            It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

            How has it helped my organization?

            It has secured our DMZ.

            What needs improvement?

            I would like to see the following made easier:

            • Objects
            • Removing objects
            • Correlating access rules and AnyConnect ACLs

            Sometimes we suffer from older versions, such as objects, object groups, and aliases (name).

            For how long have I used the solution?

            We have been using the solution for nine years.

            What do I think about the stability of the solution?

            We did not encounter any stability issues.

            What do I think about the scalability of the solution?

            We did not encounter any scalability issues.

            How are customer service and technical support?

            The technical support is good.

            Which solution did I use previously and why did I switch?

            We used Cisco PIX.

            How was the initial setup?

            I can't really remember the setup. It was too long ago.

            What's my experience with pricing, setup cost, and licensing?

            We bought the solution, so there were no real recurring costs at that time.

            Which other solutions did I evaluate?

            We didn't evaluate any alternative products.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Rizwan Siddiqi
            Network Security Consultant at a tech services company with 51-200 employees
            Real User
            Top 20
            It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN.

            What is most valuable?

            Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

            How has it helped my organization?

            It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.

            What needs improvement?

            Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

            For how long have I used the solution?

            I am using it more than five years.

            What was my experience with deployment of the solution?

            No issues, very easy to deploy.

            What do I think about the stability of the solution?

            No.

            What do I think about the scalability of the solution?

            Migration to new version is very easy, therefore no issue.

            How are customer service and technical support?

            Customer Service:

            9/10.

            Technical Support:

            9/10.

            Which solution did I use previously and why did I switch?

            Cisco ASA firewall is most reliable to protect the network, therefore I switched.

            How was the initial setup?

            Yes, straightforward and simple.

            What about the implementation team?

            I am also vendor.

            What was our ROI?

            100%.

            What's my experience with pricing, setup cost, and licensing?

            Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

            Which other solutions did I evaluate?

            Yes, Fortinet and Palo Alto.

            What other advice do I have?

            No.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
            Ed Dallal
            Founder, CEO, & President at Krystal Sekurity
            Consultant
            Simplified the complexity of our security architecture.

            What is most valuable?

            Provides advanced malware capabilities.

            How has it helped my organization?

            Simplified the complexity of our security architecture.

            What needs improvement?

            Integration of advanced malware services with the firewall through Firepower services.

            For how long have I used the solution?

            We have been using this solution for six months.

            What was my experience with deployment of the solution?

            There were no issues with deployment.

            What do I think about the stability of the solution?

            There were no issues with stability.

            What do I think about the scalability of the solution?

            There were no issues with scalability.

            How are customer service and technical support?

            Customer Service: I would give customer service a rating of 10/10. Technical Support: I…

            What is most valuable?

            Provides advanced malware capabilities.

            How has it helped my organization?

            Simplified the complexity of our security architecture.

            What needs improvement?

            Integration of advanced malware services with the firewall through Firepower services.

            For how long have I used the solution?

            We have been using this solution for six months.

            What was my experience with deployment of the solution?

            There were no issues with deployment.

            What do I think about the stability of the solution?

            There were no issues with stability.

            What do I think about the scalability of the solution?

            There were no issues with scalability.

            How are customer service and technical support?

            Customer Service:

            I would give customer service a rating of 10/10.

            Technical Support:

            I would give technical support a rating of 10/10.

            Which solution did I use previously and why did I switch?

            We were looking to upgrade to a comprehensive firewall solution that integrated Next Generation Prevention System (NGIPS).

            How was the initial setup?

            There were no issues with setup.

            What about the implementation team?

            We implemented in-house.

            What was our ROI?

            We calculated for the entire year, but the ROI seemed very decent from the first six months.

            What's my experience with pricing, setup cost, and licensing?

            Pricing: Negotiate

            Licensing: Buy the advanced Malware Protection license subscription for one year. It is worth the investment.

            Which other solutions did I evaluate?

            We evaluated Juniper, Fortinet, and Huawei.

            Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CISCO Security Business partner
            ITCS user
            Principal Network Engineer at a tech services company with 51-200 employees
            Consultant
            Provides the capability of the higher end firewall products to handle most network tasks without issues.

            Pros and Cons

            • "It makes it very easy to have delineated roles and responsibilities between network engineering and network security."
            • "In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."

            How has it helped my organization?

            It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

            What is most valuable?

            I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

            What needs improvement?

            People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.

            In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.

            I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.

            Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.

            What do I think about the stability of the solution?

            Stability issues did not occur in my experience, as long as we stayed with the correct image builds.

            What do I think about the scalability of the solution?

            There were no scalability issues.

            How is customer service and technical support?

            Customer Service:

            Generally, we do not need customer support, so it is hard to rate.

            Technical Support:

            Generally we do not need technical support, so it is hard to rate.

            How was the initial setup?

            The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.

            What about the implementation team?

            We implemented the solution in-house.

            What was our ROI?

            We cannot determine ROI just yet.

            What's my experience with pricing, setup cost, and licensing?

            Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.

            Which other solutions did I evaluate?

            In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.

            What other advice do I have?

            I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Alberto E. Luna Rodriguez
            Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
            Real User
            We decided to go with Cisco because stability and reliability were major concerns for us.

            What is most valuable?

            Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.

            How has it helped my organization?

            We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.

            What needs improvement?

            Only problem in my opinion is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part you'll need to stick to the CLI which is a bit difficult specially if you don't have a lot of experience around Cisco equipment.

            For how long have I used the solution?

            We've operated this firewalls for around 2 years now.

            What was my experience with deployment of the solution?

            ASAs are as complex as they are powerful. Configuration and administration are not as straightforward as other solutions and will take some time and studying to get used to them.

            What do I think about the stability of the solution?

            In my experience with various Firewall solutions, the stability and reliability of Cisco ASAs is unparalleled.

            What do I think about the scalability of the solution?

            No

            How are customer service and technical support?

            Customer Service:

            Cisco offers great customer service.

            Technical Support:

            The best I have worked with.

            Which solution did I use previously and why did I switch?

            We used to have a SonicWall and an older ASA 5510 platform. Both were replaced by a Cisco ASA cluster using a pair of 5525x.

            What's my experience with pricing, setup cost, and licensing?

            ASAs are expensive. The initial cost is high compared to other similar solutions, and chances are the personnel that will operate them will require some training. But if you're aiming for stability and reliability, this is the best solution you will find.

            Which other solutions did I evaluate?

            We evaluated Fortinet and SonicWall, both great UTM vendors. Although those platforms are cheaper, we decided to go with Cisco because stability and reliability were mayor concerns for us, also the support is much better in my experience.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user560229
            Security Engineer at a healthcare company with 1,001-5,000 employees
            Vendor
            I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations - PCI and HIPAA.

            What is most valuable?

            I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).

            How has it helped my organization?

            This product has made visible some areas that were previously hidden.

            What needs improvement?

            There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those issues are based on our environment.

            For how long have I used the solution?

            I have used the product for 1.5 years with nearly a year for this version.

            What do I think about the stability of the solution?

            We did not have any problem with the previous (v7) version but when we upgraded to (v8) the new version, we were well aware that there would be some bugs and issues that would require resolution.

            What do I think about the scalability of the solution?

            We have had no scalability issues.

            How are customer service and technical support?

            Tech Support is awesome. I never get someone who has no clue what they are doing. These guys are well trained and know their stuff.

            Which solution did I use previously and why did I switch?

            We did not use a previous solution. FireMon was implemented as part of a security mandate and we chose this product over its competitors.

            How was the initial setup?

            Setup was pretty simple, because we implemented the single server model.

            What's my experience with pricing, setup cost, and licensing?

            We purchased licenses for our High Availability (HA) devices as well but they were not really needed.

            Which other solutions did I evaluate?

            I was not the researcher and decision maker. I inherited the tool.

            What other advice do I have?

            To make sure they have the cooperation of the networking team that supports the firewalls. It has been difficult for us to get the tool working to its full potential because our network team is resistant to some of the things we want to monitor.

            Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
            ITCS user
            Manager of Engineering with 1,001-5,000 employees
            Vendor
            The FirePower IPS, AMP and URL filtering add value to the firewall.

            What is most valuable?

            Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a breeze. Failovers between units are flawless. FirePower add-ons deepen security with intrusion prevention (IPS), anti-malware protection (AMP), and URL filtering. These particular services can run as a hardware or software module within the ASA. Unlike ASA with CSM, these modules are managed by FireSight, a single pane for all of your FirePower nodes. It’s intuitive and easy to use, but still lacks some automation capabilities (e.g., bulk edits, etc.).

            How has it helped my organization?

            Cisco is a huge name in the networking world. Having a solution that includes their firewall technology adds value from an operability and support perspective. Cisco, although sometimes considered to be "behind the times" with firewall technology, continues to prove it has momentum in the industry through acquisitions such as Sourcefire and OpenDNS, with rapid integration into their systems. Additionally, ASA is synergistic with other security offerings from Cisco, such as ISE, remote tele-office workers, etc.

            What needs improvement?

            When running multiple firewalls in your network, you need someone to manage them from a central point. Cisco’s answer is Cisco Security Manager (CSM). Unfortunately, this is a suite of applications that is in much need of an overhaul. It is riddled with bugs and lacks the intuitive experience found in competing vendor offerings. The counter-intuitive interface makes configuration management cumbersome and prone to mistakes. There are software defects within certain modules of the application, resulting in a frustrating experience. Reporting is almost useless. The best part about it is the logging component, but it still is lacking, compared to what you get from other competing vendors.

            Aside from management, I think Cisco needs to become more application-focused, something that a few of their competitors shine in.

            For how long have I used the solution?

            I've deployed and managed Cisco ASA's for over a decade. I've used the X-series models for about three years now.

            What do I think about the stability of the solution?

            I have not encountered any stability issues; this is a solid firewall platform. Stability is where it shines.

            What do I think about the scalability of the solution?

            The newer clustering capabilities have introduced some solid scalability design options. From a cost perspective, scalability is quite intimidating.

            How are customer service and technical support?

            Cisco's TAC engineers are competent, responsive and typically resolve issues in a timely fashion. Do not use them for "best practice"; this is what channel partners are for.

            Which solution did I use previously and why did I switch?

            I previously used Check Point. Check Point relied on a thick, Windows-based client and, at the time, did not support transparent contexts. However, Check Point has a solid management platform, which is something Cisco should take some pointers from.

            How was the initial setup?

            Initial setup is complex for a new user, straightforward for a seasoned user. Tons of documentation is available, but you can easily get lost for days if you've never touched one. Cisco offers ASDM, a GUI wizard that can help set up the firewalls. This is nice for newer folks.

            What's my experience with pricing, setup cost, and licensing?

            Work very closely with your channel partners to verify you have all the licensing you need (VPN, Firepower, etc.). Pricing is always a challenge. Buy closer to Cisco's EOY and you might save a few bucks.

            Which other solutions did I evaluate?

            Before choosing this product, I also evaluated Palo Alto. I really liked their firewall platform, their Panorama management platform, and wildfire technology. Their SSL VPN was seriously lacking. This is a decent option to consider as well.

            What other advice do I have?

            Read the Cisco Validated Designs (CVDs) regarding ASAs. Find some decent blogs, discuss topologies and scenarios with a seasoned engineer, and get your final design validated by Cisco. Your Cisco SE should be able to assist with this. If you need assistance implementing, work with your channel partner.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Marcelo Zamorano
            Middle-Tier Admin Integrator at a tech services company with 51-200 employees
            Real User
            Cisco firewalls can be difficult at first but once learned it's fine.

            What is most valuable?

            Robustness

            How has it helped my organization?

            Reliability

            What needs improvement?

            No idea -- I learn a lot from them

            For how long have I used the solution?

            From 2000 until 2014

            What was my experience with deployment of the solution?

            Learning at the beginning

            What do I think about the stability of the solution?

            Nope -- If well planed you should be alright

            What do I think about the scalability of the solution?

            Price maybe...

            How are customer service and technical support?

            Customer Service: Excellent Technical Support: Excellent

            Which solution did I use previously and why did I switch?

            Not reliable for long term -- seem inferior quality

            How was the initial setup?

            Depends on the product and the knowledge. Cisco firewalls can be…

            What is most valuable?

            Robustness

            How has it helped my organization?

            Reliability

            What needs improvement?

            No idea -- I learn a lot from them

            For how long have I used the solution?

            From 2000 until 2014

            What was my experience with deployment of the solution?

            Learning at the beginning

            What do I think about the stability of the solution?

            Nope -- If well planed you should be alright

            What do I think about the scalability of the solution?

            Price maybe...

            How are customer service and technical support?

            Customer Service:

            Excellent

            Technical Support:

            Excellent

            Which solution did I use previously and why did I switch?

            Not reliable for long term -- seem inferior quality

            How was the initial setup?

            Depends on the product and the knowledge. Cisco firewalls can be difficult at first but once learned it's fine.

            What about the implementation team?

            Me, I implemented the firewalls, Cisco switches and routers.

            What was our ROI?

            100% in some installations it exceeded the time predicted to keep up with the work load.

            Which other solutions did I evaluate?

            Netscreen, Netgear, Checkpoint, others..

            What other advice do I have?

            Plan well the hardware requirements for future growth and heavy usage.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user387540
            I.T. Security/Projects Specialist at a tech services company with 501-1,000 employees
            Consultant
            We wanted a back-end/internal firewall solution, and this provided it for us.

            What is most valuable?

            Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.

            How has it helped my organization?

            It has taken the pressure off of the IS engineer.

            What needs improvement?

            URL AVC Advanced malware protection

            For how long have I used the solution?

            We've used it for two years.

            What was my experience with deployment of the solution?

            There was an issue, but it was rectified promptly after troubleshooting the device's configuration.

            What do I think about the stability of the solution?

            There were no issues with the scalability.

            What do I think about the scalability of the solution?

            We've not had any issues scaling yet.

            How are customer service and technical support?

            Customer…

            What is most valuable?

            Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.

            How has it helped my organization?

            It has taken the pressure off of the IS engineer.

            What needs improvement?

            • URL
            • AVC
            • Advanced malware protection

            For how long have I used the solution?

            We've used it for two years.

            What was my experience with deployment of the solution?

            There was an issue, but it was rectified promptly after troubleshooting the device's configuration.

            What do I think about the stability of the solution?

            There were no issues with the scalability.

            What do I think about the scalability of the solution?

            We've not had any issues scaling yet.

            How are customer service and technical support?

            Customer Service:

            I think it is great but did not use them for this deployment.

            Technical Support:

            I've not had to use them yet for this deployment.

            Which solution did I use previously and why did I switch?

            There was no other solution in place.

            How was the initial setup?

            It was straightforward.

            What about the implementation team?

            I did the implementation with my colleagues.

            What was our ROI?

            It's not really quantified, but we have not experienced downtime due to attacks.

            Which other solutions did I evaluate?

            There were no other solutions looked at.

            Disclosure: My company has a business relationship with this vendor other than being a customer: We're a systems integrator and a gold partner.
            ITCS user
            Senior Technical Consultant - Network and Security at a tech services company with 51-200 employees
            Consultant
            It provides our company with security and protection on all our devices, but we had some issues during deployment.

            Valuable Features

            It provides our company with security and protection on all our devices. It's highly available.

            Improvements to My Organization

            We're able to implement best security practices to secure our company data.

            Use of Solution

            We've used it for over seven years.

            Deployment Issues

            We had some issues during deployment.

            Stability Issues

            No issues encountered.

            Scalability Issues

            No issues encountered.

            Customer Service and Technical Support

            Customer Service: Customer service is excellent. Technical Support: Technical support is excellent.

            Initial Setup

            It was a little complex, but not so much that we couldn't figure it out.

            Implementation Team

            I was the implementor for a client.

            ROI

            It's excellent.

            Other Solutions Considered

            Depends on the…

            Valuable Features

            • It provides our company with security and protection on all our devices.
            • It's highly available.

            Improvements to My Organization

            We're able to implement best security practices to secure our company data.

            Use of Solution

            We've used it for over seven years.

            Deployment Issues

            We had some issues during deployment.

            Stability Issues

            No issues encountered.

            Scalability Issues

            No issues encountered.

            Customer Service and Technical Support

            Customer Service:

            Customer service is excellent.

            Technical Support:

            Technical support is excellent.

            Initial Setup

            It was a little complex, but not so much that we couldn't figure it out.

            Implementation Team

            I was the implementor for a client.

            ROI

            It's excellent.

            Other Solutions Considered

            Depends on the customer's budget, but we evaluate all vendors that meet the them. It's a mission-critical product.

            Other Advice

            I give it a thumbs up.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user341043
            System and Network Administrator at a hospitality company with 501-1,000 employees
            Vendor
            It gives us the ability to do Lan-to-Lan VPN, but it needs support for automation tools, such as Puppet.

            What is most valuable?

            It gives us the ability to do lan-to-lan VPN.

            How has it helped my organization?

            So far it has proven to be rock solid and relatively easy to maintain.

            What needs improvement?

            • Support for automation tools (Puppet)
            • More granular logging

            For how long have I used the solution?

            I've used ASA for four years.

            What was my experience with deployment of the solution?

            No issues encountered.

            What do I think about the stability of the solution?

            No issues encountered.

            What do I think about the scalability of the solution?

            No issues encountered.

            How are customer service and technical support?

            Customer Service:

            8/10

            Technical Support:

            8/10

            Which solution did I use previously and why did I switch?

            We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing and VPN termination.

            How was the initial setup?

            The most complex part was figuring out the failover and what NAT mode to implement.

            What about the implementation team?

            We did it in-house.

            What's my experience with pricing, setup cost, and licensing?

            Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

            Which other solutions did I evaluate?

            No options were evaluated. We heavily rely on Cisco hardware for our infrastructure

            What other advice do I have?

            I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good knowledge of procedures and best practices. Being a CCIE R&S I know the value of those certifications, and I wish I had a CCNP Security to better handle the task.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            IT Security Engineer at a financial services firm with 501-1,000 employees
            Real User
            The packet tracer function provides a packet flow through the firewall and shows which rule or policy can cause a drop.

            Valuable Features:

            Cisco ASA's CLI is very effective and fast to configure the firewall and make changes, but monitoring logs and connections can be eye bothering by reading all the line outputs. ASDM, however, have improved the overall ASA configuration from an GUI standpoint. I really enjoy the log monitor where I can see live logs in a more user friendly interface. The down side of ASDM is that it is build with JAVA and that means a lot vulnerabilities and it does not always work with the latest JAVA version and/or patches.

            Improvements to My Organization:

            The packet tracer function, which I use the most, have provided me a packet flow through the firewall and see which rule or policy can cause a drop. Also, I can see if my NAT statement is working properly. This has allowed me to quickly troubleshoot potential firewall related issues for my organization.

            Room for Improvement:

            L7 firewall is a key for the ASA to be competitive in the current and future market place. By integrating with SourceFire, now call FirePower, on the ASA has helped it to get into the next-generation firewall segment.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            Rizwan Siddiqi
            Network Security Consultant at a tech services company with 51-200 employees
            Real User
            Top 20
            Reliable product which I'd like to see include a web filtering functionality.

            Valuable Features

            It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest way.

            Improvements to My Organization

            It blocked all kinds of internet attacks from outside like DOS or DDOS and avoided any down time. We created a remote tunnel from head office to data center network for easy access of servers that make working fast and they are easily manageable.

            Room for Improvement

            It would be great if they would add web filtering functionality to this product.

            Use of Solution

            5 years

            Deployment Issues

            No

            Stability Issues

            No

            Scalability Issues

            No

            Customer Service and Technical Support

            Customer Service:

            Excellent

            Technical Support:

            Good

            Initial Setup

            It is a little difficult in newer IOS versions where the use of the NAT command is different. Otherwise its straightforward to configure.

            Implementation Team

            I deployed it in-house with my team.

            ROI

            This solution reduces any downtime therefore business continuity is not disturbed - that is ultimately ROI.

            Pricing, Setup Cost and Licensing

            It is one time cost of about $10,000 and there is no day to day cost.

            Other Solutions Considered

            Yes, I evaluated Fortigate, SonicWall and Juniper but found Cisco ASA to be the best solution for us above all of the others.

            Other Advice

            Cisco ASA is a reliable product and it benefits you a lot in your network.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user293883
            System/Network administrator at a computer software company with 501-1,000 employees
            Vendor
            We have issues with some versions of Java, but it does amalgamate the firewall and VPN.

            What is most valuable?

            It's a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM.

            How has it helped my organization?

            Easy to setup VPNs Firewall ACL Easy to modify Easy to perform maintenance

            What needs improvement?

            The ADSM is incompatible with different versions of Java.

            For how long have I used the solution?

            I've used it for six years.

            What do I think about the stability of the solution?

            I have issues with some versions of Java and ASDM.

            How are customer service and technical support?

            Customer Service: It's high. Technical Support: It's high.

            Which solution did I use previously and why did I switch?

            I used a Cisco 881 router as a firewall and VPN solution. ASA allows conformity and various amounts of…

            What is most valuable?

            It's a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM.

            How has it helped my organization?

            • Easy to setup VPNs
            • Firewall ACL
            • Easy to modify
            • Easy to perform maintenance

            What needs improvement?

            The ADSM is incompatible with different versions of Java.

            For how long have I used the solution?

            I've used it for six years.

            What do I think about the stability of the solution?

            I have issues with some versions of Java and ASDM.

            How are customer service and technical support?

            Customer Service:

            It's high.

            Technical Support:

            It's high.

            Which solution did I use previously and why did I switch?

            I used a Cisco 881 router as a firewall and VPN solution. ASA allows conformity and various amounts of functionality in work.

            How was the initial setup?

            It can be complex, since a lot of CLI commands are different with respect to the CLI of IOS routers.

            What about the implementation team?

            We implemented ASA without vendor support. For first time implementation, it is good to have someone with ASA experience involved.

            What's my experience with pricing, setup cost, and licensing?

            Prices could be a little bit lower to make the product more accessible.

            Disclosure: My company has a business relationship with this vendor other than being a customer: We're a Cisco Partner.
            ITCS user
            Senior Presales Engineer at a tech services company with 501-1,000 employees
            Consultant
            The various NGFW and NGIPS features are valuable, but the option to use ASA to decrypt SSL would be an improvement.

            What is most valuable?

            NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

            NGIPS: Application visibility, file policies (store files), network discovery, correlation features

            What needs improvement?

            SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL.

            Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be integrated that would be nice.

            For how long have I used the solution?

            5 years+

            What was my experience with deployment of the solution?

            Basic setup is easy, but if you need to do some advanced stuff, it can be intuitive, but some things require some kind of tutorial to understand how it can be done. Good thing is that this device is becoming popular and there are many 3rd party free tutorials and guides that can help.

            What do I think about the stability of the solution?

            I heard about defect that were encountered by my colleagues, but not something that cannot be fixed using an upgrade.

            What do I think about the scalability of the solution?

            Clustering is available for ASA with firepower services.

            Also for firepower appliances, there is stacking available for some models.

            How are customer service and technical support?

            Customer Service:

            Great support. The engineers know what they are doing.

            Technical Support:

            10/10

            Which solution did I use previously and why did I switch?

            No

            How was the initial setup?

            Well, it is straight forward as long as you understand the components available.

            ASA can be configured using the CLI or ASDM.

            For the Firepower you will need to use a FireSIGHT as a management solution.

            Since you will be using two GUIs, I wouldn't call it straight forward.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
            ITCS user
            Business Development Director with 51-200 employees
            Vendor
            UTM features need to be improved, but it's a full inspection firewall.

            What is most valuable?

            The fact that it's a full inspection firewall.

            How has it helped my organization?

            In fact there is no relevant improvement, but this is the kind of device that every company must have.

            What needs improvement?

            Recognition of appliances UTM features

            For how long have I used the solution?

            I've used it for five years.

            What was my experience with deployment of the solution?

            It was mainly issues regarding the management and VPN setup.

            What do I think about the stability of the solution?

            No issues encountered.

            What do I think about the scalability of the solution?

            No issues encountered.

            How are customer service and technical support?

            Customer Service: 8/10. Technical Support: 8/10.

            Which solution did I use previously and why did I switch?

            What is most valuable?

            The fact that it's a full inspection firewall.

            How has it helped my organization?

            In fact there is no relevant improvement, but this is the kind of device that every company must have.

            What needs improvement?

            • Recognition of appliances
            • UTM features

            For how long have I used the solution?

            I've used it for five years.

            What was my experience with deployment of the solution?

            It was mainly issues regarding the management and VPN setup.

            What do I think about the stability of the solution?

            No issues encountered.

            What do I think about the scalability of the solution?

            No issues encountered.

            How are customer service and technical support?

            Customer Service:

            8/10.

            Technical Support:

            8/10.

            Which solution did I use previously and why did I switch?

            We previously used IPtables, and switched because there was a lack of technical support, RMA, etc.

            How was the initial setup?

            It was an easy initial set-up.

            What about the implementation team?

            We did it in-house.

            Which other solutions did I evaluate?

            No other options were looked at.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user264462
            Technolgy Analyst/Lead at a tech services company with 10,001+ employees
            Real User
            It currently does not support VPN, but I like the documentation, reliability, and support.

            What is most valuable?

            • Site-to-site IPsec VPN
            • Remote IPsec VPN
            • Reverse route injection

            How has it helped my organization?

            Cisco Context gave us the feature of creating a virtual firewall, which is good. It provides us with maximum network isolation. Also impressive is the ISP redundancy.

            What needs improvement?

            WCCP, and URLs, in the Cisco ASA Context both need work. When changing from single mode to multiple mode or back, the commands must be done from the command line (CLI) and cannot be done via the ASDM GUI interface. ASA context should be able to support site-to-site VPN, but the current Cisco Context does not support VPN

            For how long have I used the solution?

            I've used them for six years.

            What was my experience with deployment of the solution?

            During the deployment of WCCP, we noted some loopholes like it only supports ports 80 & 443. Application which is running on multiple ports doesn't work with WCCP and to make it work we need to allow respective traffic outside the firewall.

            What do I think about the stability of the solution?

            Sometimes there is an issue with the site-to-site VPN.

            What do I think about the scalability of the solution?

            In certain cases, like an any access-list, if we add a URL the Cisco ASA access-list does not resolve that URL while this can be done in Juniper, and Fortinet.

            How are customer service and technical support?

            Customer Service:

            9/10.

            Technical Support:

            9/10,

            Which solution did I use previously and why did I switch?

            I have migrated some set-ups from Cisco to Juniper, but not from Juniper to Cisco.

            How was the initial setup?

            We have multiple ASA firewalls for different clients now we migrated to Cisco Context.

            What about the implementation team?

            It was done in-house.

            What was our ROI?

            It's 8/10.

            What other advice do I have?

            If it is for a banking domain, your organisation should use Cisco which can assure better security than any other vendors' products. Also, they have the best documentation, reliability and support.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Channel partner
            it_user246819
            Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer with 1,001-5,000 employees
            Vendor
            The solution has worked very well for us, but the configuration/management interface is complex.

            What is most valuable?

            • Firewall mode
            • AnyConnect gateway
            • Client-less SSL VPN

            How has it helped my organization?

            The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single management mechanism, and by having a single platform solution, it has allowed for simpler training.

            What needs improvement?

            The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations.

            For how long have I used the solution?

            I've used Cisco PIX and ASA firewalls since 2003.

            What was my experience with deployment of the solution?

            Not with the ASAs, with some early version PIX products.

            What do I think about the stability of the solution?

            Not with the ASAs, with some early version PIX products.

            What do I think about the scalability of the solution?

            The ASAs offer several different technologies for HA and we have used all of them successfully.

            How are customer service and technical support?

            Customer Service:

            It's excellent.

            Technical Support:

            Excellent, we have always been able to get the specific expertise needed to solve our challenges with the products.

            Which solution did I use previously and why did I switch?

            Checkpoint Firewalls - the primary reason we switched was cost and limited support options.

            How was the initial setup?

            It's pretty straightforward. I came at these products already having considerable firewall experience.

            What about the implementation team?

            It was all in-house, as we all had 10 years plus experience when we moved to PIX firewalls and then a few years later we brought in the ASAs.

            Which other solutions did I evaluate?

            • Watchguard
            • Sonicwall
            • Checkpoint

            What other advice do I have?

            The product line offers tremendous capability. Please look into all of the solutions it can provide for you to maximize your investment.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            ITCS user
            Constructor of the computer systems at a security firm with 51-200 employees
            Vendor
            It can be controlled through different methods but the online regional support needs improving.

            What is most valuable?

            • Reliability
            • Security
            • Flexibility
            • Functionality
            • Availability - controllability anywhere and with different methods

            How has it helped my organization?

            I can tell that when we have started using the Cisco AnyConnect for remote access to business apps it makes the work for remote staff much simpler. It's also easier to provide remote IT support. Aside from this, the security officers can sleep better now.

            What needs improvement?

            The ASA is an almost perfect device.

            For how long have I used the solution?

            I've used it for two years.

            What was my experience with deployment of the solution?

            I have had no problems deploying it.

            What do I think about the stability of the solution?

            Occasionally, the packet rate falls unexpectedly.

            What do I think about the scalability of the solution?

            I currently do not need to scale on my network.

            How are customer service and technical support?

            Customer Service:

            9/10 - the regional online support could be better.

            Technical Support:

            10/10.

            Which solution did I use previously and why did I switch?

            We use MySQL and Nagios devices alongside the ASA as our network infrastructure needs expanding and required more serious hardware solutions.

            How was the initial setup?

            When Cisco was installed, it did not go as expected.

            What was our ROI?

            It is not simple to calculate for IT hardware. To calculate the ROI for using the ASA, I would need to have a lot of statistics on the quality of services, both before and after.

            What's my experience with pricing, setup cost, and licensing?

            Cisco ASA 5512-X was bought for $3,000, and a further $1,000 was needed for installation and pre-configuration.

            Which other solutions did I evaluate?

            • Fortinet
            • Juniper

            What other advice do I have?

            As a rule, any device upon delivery is obsolete. Pick up the solution for your business, based on your specific needs.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user243897
            Cisco Systems Engineer at a tech services company with 1,001-5,000 employees
            Consultant
            Review about Cisco ASA

            What is most valuable?

            • Network firewall
            • FirePOWER services (URL filtering, IPS)

            How has it helped my organization?

            With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never had before, now we can see all the applications that our users are using the most and we can see if there is malware on our network.

            What needs improvement?

            The FirePOWER defense system has no integration with the firewall management of the ASA, I mean you can’t create ACLS, rules, VPNS NAT, and so on. All of this has to be done with the ASDM which, from my point of view, is very complex if you are not used to it, you should be able to manage the entire solution from one central software like Defense system, but right now you can’t. This is one of the biggest problems I see right now

            For how long have I used the solution?

            I've used it for two years.

            What was my experience with deployment of the solution?

            The FirePOWER deployment has to be done from the management port of the ASA. This port has to be dedicated because all the communication from the defense system to the appliance goes by that port, so you need to have different networks (inside and management port) to be able to implement this feature. It would be nice again if you can just configure this from one single point and not two (defense system and ASDM).

            What do I think about the stability of the solution?

            No, I have never had any problems with Cisco equipment regarding stability.

            What do I think about the scalability of the solution?

            No issues encountered.

            How are customer service and technical support?

            Customer Service:

            8/10.

            Technical Support:

            6/10 - I mean you need luck when you open a case with Cisco to have someone with expertise on the product. I’ve had great TAC experiences and the worst ones too, if you have a loss of service they put you with people that know what they are doing, but if you want to configure something extra and you just ask the TAC how to do it, sometimes you get someone that appears to be learning the solution. Many times, I´ve been able to solve it by myself sooner than the TAC.

            Which solution did I use previously and why did I switch?

            We previously used Microsoft ISA and switched because it's no longer supported.

            How was the initial setup?

            In our case straightforward, because we do not have many rules on our firewall, but I’ve seen cases where the migration from one firewall to another can be very tedious.

            What about the implementation team?

            We did it in-house.

            What other advice do I have?

            If you are using Cisco, then you will be very familiar with the product, and maybe you won't encounter any problems at all. However, if Cisco is a new solution, you should ask for a demo to see the interface of the ASDM and the defense system in action, and then decide if this is the kind of insight you need of your network.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Premier partner.
            it_user243879
            Network Security Engineer at a tech services company with 1,001-5,000 employees
            Consultant
            There are some stability issues due to software bugs, but in the long run the devices are very stable.

            What is most valuable?

            VPN - Both site to site (IPsec) and remote access (IPsec and SSL).

            How has it helped my organization?

            Through the use of VPNs, we were able to connect our branches together through the internet without the any additional cost.

            What needs improvement?

            • Throughput
            • Price

            For how long have I used the solution?

            Since 2008, so seven years, and I have been a heavy/daily user, and all of my jobs were related to network security.

            What was my experience with deployment of the solution?

            No issues encountered.

            What do I think about the stability of the solution?

            Sometimes, due to software bugs, but in the long run the ASA is a very stable product when compared to other vendors firewall solutions.

            What do I think about the scalability of the solution?

            One of the major disadvantages with the ASAs is the throughput, while the network evolves, the ASA was usually causing the bottle neck.

            How are customer service and technical support?

            Customer Service:

            It's very good when compared to other vendors.

            Technical Support:

            It's very good when compared to other vendors.

            Which solution did I use previously and why did I switch?

            Mainly switching from the old Cisco PIX to a new Cisco ASA. The reason for switching is to get a higher throughput, and due to the fact the that the Cisco PIX went EoL.

            How was the initial setup?

            It requires training, but after that it is straight forward.

            What about the implementation team?

            I work for a vendor, and we implement the solution for multiple customers.

            Which other solutions did I evaluate?

            Yes, and we chose Cisco ASA mainly due to the fact that they have a very good, reliable and very responsive technical customer support.

            What other advice do I have?

            I have worked on the best firewalls in the market, and Cisco ASA is one of the best.

            The below screenshots are taken from a demo of ASDM.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Golden Cisco Partner
            it_user242529
            Network Consultant at a tech services company with 51-200 employees
            Consultant
            SourceFIRE has improved the IPS functionality, however, it could use better troubleshooting capabilities.

            What is most valuable?

            With the ASA there are multiple products depending on your needs based on the two generations of the ASA. Roughly split-up there are 4 products.

            1. 5500 Series basic/standard firewall - This I would rate as 7/10 due to the fact that it's easy to use, manage and deploy. Its scalable SSL, and IPSec VPN options, and is lacking throughput
            2. 5500-X Series basic/standard firewall - This I would rate as 8/10 due to the fact that it's easy to use, manage and deploy. Its scalable SSL, and IPSec VPN options, and it has high throughput
            3. ASA5500 Series with firewall and CX - This I would rate as 5/10 due to fact that even though the firewall and VPN part is easy to manage and deploy, the CX is lacking in stability, and features. Also, it is rather complex to deploy. Add to this the CX lowers the throughput even further
            4. 5500-X Series with firewall and Sourcefire - This I would rate as 9/10 because it's easy to use, manage and deploy the firewall, VPN, and also the SourceFIRE. SourceFIRE works rather well and is by far the most advanced IPS system available. But it decreases the throughput more than you´d like

            In general, I like both the SSL VPN and SourceFIRE. Firstly, for the VPN, both the client and client-less versions are very scalable, flexible, and dynamic in configuration and probably the best SSL VPN solution available in the marked. Secondly, SourceFIRE has improved the IPS functionality and stability of the ASA to a point where you can begin to enjoy the fruits of your solution and root out the bad seed in you network.

            How has it helped my organization?

            For many of my customers, the SourceFIRE solution has been an eye opener of exactly what their users are generating of traffic. Some customers, after reviewing the traffic application usage reports are astounded by the amount of traffic used, for example by Facebook and YouTube. My customers like the visibility into their network usage, and not necessarily wanting to block it, but just to know that they can control the network traffic and utilization if needed.

            What needs improvement?

            Definitely the throughput could use an upgrade when running the SourceFIRE/AMP with the ASA. Also, it could use better troubleshooting capabilities. You are, most of the time, bound to have access to TAC for troubleshooting advanced problems.

            For how long have I used the solution?

            Customers where I have deployed these solutions have had them for three plus years, and most of them have, at the present moment have first generation solutions, or are planning an upgrade to the second generation ones (NGFW or NGIPS),

            What was my experience with deployment of the solution?

            There are always issues when implementing key equipment like firewalls, especially if you are converting from an unfamiliar platform, activating SourceFIRE, or doing a general maintenance rule clear-up. If you don’t follow best practice, you can seriously impact network performance or unintentionally shut-down services.

            What do I think about the stability of the solution?

            In general the ASA has a great software stability reputation, and even though SourceFIRE for ASA is still young, the stability seems to be rather good. Of course you can’t avoid all issues, and you might have to reinstall the SourceFIRE software on the modules. If you're upgrading the ASA from pre code 8.3, you will need to redo the NAT and access rules of the ASA.

            What do I think about the scalability of the solution?

            License scalability for SourceFIRE is really not good if you have an ASA in HA as you need two licenses of everything, which is really bad as you wont get double SourceFIRE other than that you need to remember to buy your ASA based on the SourceFIRE's throughput and not the inspection throughput.

            How are customer service and technical support?

            Customer Service:

            If you have a service contract with Cisco you can have TAC assistance, software upgrades and next-business-day RMA (or faster) otherwise you are left to yourself or your Cisco partner. Basically without a Cisco service contract, you can't get any help or software from Cisco.

            Technical Support:

            Should you have a Cisco service contract, you get access to TAC that will provide you technical assistance towards solving your issue. The TAC experience can vary a lot. In general I would rate it as very good, 4/5.

            Which solution did I use previously and why did I switch?

            Mainly customers switch from other vendor because of VPN features, ease-of-management, and good consultant/partner relationship.

            How was the initial setup?

            The initial setup is fairly easy and there are wizards for almost all the basic needs, including the initial setup and all types of VPN technologies that the ASA supports.

            What about the implementation team?

            I am the vendor, and I am an expert with ASA.

            What other advice do I have?

            Make sure you get the right product/license to do the job you need done. If you are in doubt ask a consultant or a Cisco Partner. I have seen cases where a firewall wasn't the right hardware for the job and you can't just switch off the firewall/inspector for some interfaces or networks.

            Disclosure: My company has a business relationship with this vendor other than being a customer: Cisco Gold Partner
            ITCS user
            Network Security Administrator at a tech company with 5,001-10,000 employees
            Vendor
            There were some issues with the ASDM client during deployment but high availability is a valuable feature.

            What is most valuable?

            • Modular scalability
            • High availability
            • VPN services

            How has it helped my organization?

            It provided more secure access to the resources of my organization and created a more stable environment for the business activities between us and our partners.

            What needs improvement?

            Security through integrated cloud and software based services.

            For how long have I used the solution?

            I've used it for two years.

            What was my experience with deployment of the solution?

            There were a few problems with the interaction between the ASDM client and ASA device.

            What do I think about the stability of the solution?

            No issues encountered.

            What do I think about the scalability of the solution?

            No issues encountered.

            How are customer service and technical support?

            Customer Service:

            10/10.

            Technical Support:

            9/10.

            Which solution did I use previously and why did I switch?

            I previously used a Fortinet solution. I switched to Cisco because Fortinet lacked
            stability and robust troubleshooting features.

            How was the initial setup?

            It was complex because I had to put the ASA directly into the production environment.

            What about the implementation team?

            I implemented the solution in-house.

            Which other solutions did I evaluate?

            I also evaluated Juniper and CheckPoint solutions.

            What other advice do I have?

            You should try it without restraints, and it is worth every penny.

            Disclosure: I am a real user, and this review is based on my own experience and opinions.
            it_user241755
            Senior Network and Security Engineer at a tech services company with 51-200 employees
            Real User