Cisco ASA NGFW Other Advice

Security Officer at a government
The biggest lesson I've learned so far from using the next-gen firewall is that it has visibility up to Layer 7. Traditionally, it was IP or port, TCP or any protocol we were looking for. But now we can go all the way up to Layer 7, and make sure STTP traffic is not a bit torn. That was something that we did not have before on the up-to-Layer-3 firewall. Do your research, do your homework, so you know what you're looking for, what you're trying to protect, and how much you can manage. Use that to narrow down the devices out there. So far, in our environment, we haven't had any issues with the ASA firewalls. From the first-gen, we have seen that they are pretty good. We are pretty content and happy with them. The solution can help with the application visibility and control but that is one portion we have really not dived into. That's one of the things we are looking forward to. As a small utility, a small organization, with our number of employees available, we can only stretch things so far. It has helped us to identify and highlight things to management. Hopefully, as our staff grows, we'll be able to devote more towards application visibility and all the stuff we really want to do with it. Similarly, when it comes to automated policy application and enforcement, we don't use it as much as we would like to. We're a small enough environment that we can do most of that manually. I'm still a little hesitant about it, because I've talked to people where an incident has happened and quite a bit of their devices were locked out. That is something we try to avoid. But as we grow, and there are more IoT things and more devices get on the network, that is something we'll definitely have to do. As DevNet gets going and we get more involved with it, I'm pretty sure more automation on the ASA, on the network side and security side, will take place on our end. We do find most of the features we are looking on the ASA. Between the ASA firewall and the Sourcefire management console, we have pretty much all the features that we need in this environment. In terms of how the solution future-proofs our organization, that depends. I'm waiting to find out from Cisco what their roadmap is. They're still saying they're going to stick with ASA 55 series. We're also looking at the Sourcefire FireSIGHT product that they have for the firewalls. It depends. Are they going to continue to stick with the 55s or are they going to migrate all that into one product? Based on that, we'll have to adjust our needs and strategize. If I include some of the hiccups we had with the 5506 models, which was a sad event, I would give the ASAs a nine out of ten. View full review »
Senior Network Engineer at Orvis Company, Inc
The biggest lesson I've learned from using the ASAs is the fact that they can do a lot. It's just figuring out how to do it. We don't do a lot, although once in a while we will do something a little interesting. These things can do more than what we're using them for. It's just a matter of our trying to figure it out or getting with our Cisco rep to figure it out. My advice would be to have a good handle on your rules and, if you can, take the upgrades easily. We have desktop security, application security, and then we have Umbrella. We use five or six different tools for security, at least. It would be nicer to have fewer but as far as I know there isn't one tool that does it all. We do application firewall rules where it does deep packet inspection and looks at certain things. We don't use it as much as we should, but we do application inspection and have rules that are based on just an application. We usually have two people on a call when we do maintenance, and we usually have Cisco involved. It's usually me and a colleague who is also a network/security engineer. I would rate the ASA overall at eight out of ten. The thing that comes to mind with that rating is the code. As I said, we just upgraded to 6.4.04 and we ran into a handful of bugs. We've done upgrades before and we've run into a bug as well. Just last week, we finished upgrading, and I still have one final service request, a TAC case, open. I had four open at one point. That's at the forefront of my thoughts right now. View full review »
Network & Security Administrator at Diamond Bank Plc
Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency. I would rate Cisco ASA with an 8 out of 10 points. View full review »
Find out what your peers are saying about Cisco, Fortinet, Juniper and others in Firewalls. Updated: March 2020.
406,860 professionals have used our research since 2012.
Beka Gurushidze
System Administrator at ISET
In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem. I would rate Cisco ASA NGFW an 8 out of 10. View full review »
Amit Gumber
Senior Manager at HCL Technologies
For any organization looking for a secure solution that can be deployed in their domain or infrastructure, my advice is to go with Cisco Next-Generation Firewalls because they have a complete bundle of security features. There is a single pane of glass with complete management capabilities and analytic features to understand and gather information about the traffic. The lessons that most of our clients have learned is that in deployment it is easy to configure and it is easy to manage. It's quite stable and they do not get into difficulties in terms of day-to-day operations. We haven't faced any problems with this product. Compared to other OEMs, such as Juniper and Fortinet, Cisco's product is excellent. There are no bugs and I don't see any lack in terms of backend and technical support. In my opinion, at the moment, there is no room for product enhancement. Most of the users are system administrators working on their own domains. The minimum number of users among our clients is a team of 15 to 20 we have clients with up to 700 users at the largest site. The product is quite extensively used in each department, to protect assets and data centers. We are using the attack prevention engine and URL filtering is also used at most of our sites. We are also using it for data center connectivity and for offloading transactions. I would rate Cisco at ten out of ten for the functionality and the features they provide. View full review »
Mustafa Ahmed
Network Security Engineer at qicard
On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface. As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability. View full review »
IT Manager, Infrastructure, Solution Architecture at ADCI Group
This is the number one firewall product that I recommend. I would rate this solution an eight out of ten. View full review »
Ahmed Nagm
I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me. I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution. Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution. I would give this product a rating of 9 out of 10! View full review »
Heritier Daya
Network Administrator at a financial services firm with 1,001-5,000 employees
My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets. This is a very good solution but it is not perfection. I would rate this solution a nine out of ten. View full review »
Senior Network Administrator at a construction company with 1,001-5,000 employees
We are using the on-premises deployment model. My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product. I would rate the solution nine out of ten. View full review »
Nadika Perera
CEO at Synergy IT
I would advise someone considering this solution to just go for it. It's expensive but it's a robust solution. The only thing is that you have to convince your finance guy to go for it. I would rate it a nine out of ten. View full review »
Information Technology Manager at a financial services firm with 10,001+ employees
Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface. We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product. When selecting a vendor the most important factors are * Security - obviously that is number one because we are a financial institution * stability of the vendor * how the product is ranked in the market. In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier. I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us. View full review »
Imad Awwad
Group IT Manager at Malia Group
Think before you buy, as this solution can be your success or failure. Always work with professionals and not promoters. View full review »
Hassan Javaid
Senior Executive Technical Support at AITSL
I would recommend the product, but cost is a big factor. Some companies cannot afford expensive products, like Cisco and Palo Alto. View full review »
Solutions Architect at a manufacturing company with 10,001+ employees
With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward. My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco. I don't have any issues with this solution, so I would rate it a ten out of ten. View full review »
Senior Network Administrator at Washington Trust Bank
As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it. View full review »
Information Security Officer at a government with 501-1,000 employees
Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively? We chose a different solution after performing in-house testing. View full review »
Mbaunguraije Tjikuzu
Information Security Administrator at Bank of Namibia
For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them. I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight. View full review »
Seang Haing
Team Leader Network Egnieer at deam
I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300. I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions. View full review »
Michael Collin
Senior System Engineer at a tech services company with 11-50 employees
I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. I would rate the solution 8 out of 10. View full review »
Ahmad Alkoragaty
IT Consultant at MOD
I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product. You should have a good technician and admin support for all this product in order to maximize the value and benefits. I would rate it an eight out of ten. View full review »
Pre-sales engineer with 51-200 employees
I think Cisco has all the solutions: switching, routing, security, they have wireless. You can cover all the devices with Cisco. They have all the network and engineered tools to help resolve the issues that we have. They are really very good devices. In terms of advice, I would say Cisco is the best company. They're very stable, there aren't too many issues. And when there is an issue they have many engineers who can solve the problem. View full review »
Nelda Hojas
Chief Information Officer at Finance Corporation Limited
I would rate this solution a nine out of ten. Not a ten because I'm reserving the one point for whatever new surprises they are going to provide. View full review »
Network Security/Network Management at a K-12 educational company or school with 201-500 employees
In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten. View full review »
IT Specialist at a government with 1,001-5,000 employees
This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into. I would rate this solution a nine out of ten. View full review »
Integration / Wireless Engineer at J.B. Hunt Transport Services, Inc.
This is a good product from a trustworthy vendor, but it is not perfect. I would rate this solution an eight out of ten. View full review »
Security Solution Architect at a financial services firm with 5,001-10,000 employees
I would recommend this solution. I would rate this solution as eight out of ten. View full review »
Johnsey Kivoto
IT Manager at a manufacturing company with 51-200 employees
Yes, it's a good provider when it comes to firewall solution, but maybe limiting when you are looking at the wall UTM management. It's delayed behind some of the competitors. View full review »
IT Manager at a construction company with 11-50 employees
Do your research, know what you want to achieve. Cisco ASA needs to be more reliable. Because of the nature of the product, it has to be rock solid and, unfortunately, it's not. View full review »
Mahmoud Ashoub
Team Leader, Information Risk Engineer at National Bank of Egypt
I would rate it a seven out of ten. I would recommend this solution to a colleague. No product will give you 100% of what you're looking for but this solution is close. View full review »
Technical Services Manager at a comms service provider with 10,001+ employees
We like that Cisco has a lot of experience on the market trends. View full review »
ICT Manager with 1-10 employees
We need to upgrade our security requirements due to the new security requirement applicable in Europe (from GDPR) and the cyber security guidelines for our vessel (we are a US shipping company). Most important criteria when selecting a vendor: familiarity, reliability, and price. View full review »
Center for Creative Leadership at a professional training and coaching company with 501-1,000 employees
This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good. I would rate this solution an eight out of ten. View full review »
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
Configuration on Firepower is currently madness as you have to redeploy it again with all its configurations if you use it as a module. View full review »
Find out what your peers are saying about Cisco, Fortinet, Juniper and others in Firewalls. Updated: March 2020.
406,860 professionals have used our research since 2012.