Cisco ASA NGFW Valuable Features

MohammadRauf
Security Officer at a government
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos. We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point. View full review »
JoelStech
Senior Network Engineer at Orvis Company, Inc
The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment. I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be. We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols. One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades. View full review »
NSA0898776
Network & Security Administrator at Diamond Bank Plc
I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience. * All my change requests are for Cisco ASA to work more on ease of management. * All of the features of Cisco ASA are used by all of the other vendors on the market. * The firewall solutions are all based on the same network equipment. The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features. View full review »
Find out what your peers are saying about Cisco, Fortinet, Juniper and others in Firewalls. Updated: January 2020.
391,122 professionals have used our research since 2012.
Beka Gurushidze
System Administrator at ISET
For organization security, Cisco ASA NGFW has robust cyber-security features. We are planning to increase the number of firewalls installed, especially for wireless connections. View full review »
Amit Gumber
Senior Manager at HCL Technologies
One of the most valuable features in the current version is the dashboard where we have a complete analytical view of the traffic behavior. We can immediately find anomalies. The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos. View full review »
Mustafa Ahmed
Network Security Engineer at qicard
The most valuable feature is for IT security management. It is extremely valuable to protection so that is the most valuable feature. View full review »
SherifNour
IT Manager, Infrastructure, Solution Architecture at ADCI Group
The Cisco security rules are very strict and very strong. I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall. View full review »
Ahmed Nagm
CEO at PCS
The feature that I found the most valuable is the overall stability of the product. View full review »
Heritier Daya
Network Administrator at a financial services firm with 1,001-5,000 employees
The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats. The IPS is a must for a firewall. View full review »
Seniorntwrk56
Senior Network Administrator at a construction company with 1,001-5,000 employees
The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well. The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice. View full review »
Nadika Perera
CEO at Synergy IT
I like the user interface because the navigation is very easy and straightforward. On the left side pane, you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward. View full review »
In432TchMn89
Information Technology Manager at a financial services firm with 10,001+ employees
I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. View full review »
Neil McFadyen
Supervisor of Computer Operations at a university
* Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. * I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall. * Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events. * I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed. * I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS. * I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type. * It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated. * The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI. * While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings. View full review »
Imad Awwad
Group IT Manager at Malia Group
Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints. View full review »
ipmplspr538920
Security Governance at a comms service provider with 1,001-5,000 employees
All features provided by the platform are quite the same for all other platforms. We rather missed some features we were used to, such as virtual routers View full review »
Solution7499
Solutions Architect at a manufacturing company with 10,001+ employees
This solution is easy to use if you know how to set it up. The most valuable features are on the routing side, with the control between the two networks and the rules that are in there. View full review »
DonCheney
Senior Network Administrator at Washington Trust Bank
The thing we've found most valuable is the efficiency. The firewalls are easy to configure and deploy. Overall it is an easy system to manage. Another valuable feature is just how granular we can get with it so we can keep users seeing what they are supposed to and don't compromise security. View full review »
reviewer818484
Information Security Officer at a government with 501-1,000 employees
Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well. View full review »
Mbaunguraije Tjikuzu
Information Security Administrator at Bank of Namibia
The most valuable features are the firewall capabilities, filtering, and intrusion prevention. I respect the capability of the Cisco firewall. We fully use it all as a complete firewall solution. Cisco also has excellent anti-malware detection and other similar features. View full review »
Seang Haing
Team Leader Network Egnieer at deam
There are two main ways that using Cisco ASA & Firepower has improved our organization: * Technical features * Our Sales team View full review »
Michael Collin
Senior System Engineer at a tech services company with 11-50 employees
The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor. View full review »
Ahmad Alkoragaty
IT Consultant at MOD
The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ. View full review »
SalesEng9a3
Pre-sales engineer with 51-200 employees
All the visibility the device gives us as well as management and administration facilities. View full review »
Nelda Hojas
Chief Information Officer at Finance Corporation Limited
Cisco is known as a popular and trusted product. Because of its constant RND, we're assured that all updates, all patches, all fixes are done instantaneously. As far as the feature is concerned, it gives us a certain layer of protection. As a CIO, my vote of confidence is in the product itself. After making sure that we always have all the updates on the licenses we're assured that we're getting all the necessary security protection. View full review »
Ntwrksec457
Network Security/Network Management at a K-12 educational company or school with 201-500 employees
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management. View full review »
NGFW677
IT Specialist at a government with 1,001-5,000 employees
The most valuable features are the flexibility and level of security that this solution provides. View full review »
FranciscoLopez
Integration / Wireless Engineer at J.B. Hunt Transport Services, Inc.
The most valuable feature of this solution is its ability to integrate vertically. View full review »
SecSolArch32291
Security Solution Architect at a financial services firm with 5,001-10,000 employees
The most important feature is its categorization because on the site and social media you are unified in the way they are there. View full review »
Johnsey Kivoto
IT Manager at a manufacturing company with 51-200 employees
I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution. View full review »
ITmgr302604
IT Manager at a construction company with 11-50 employees
Pro user-based firewall rules. View full review »
Mahmoud Ashoub
Team Leader, Information Risk Engineer at National Bank of Egypt
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good. View full review »
BURAK YESILDERYA
IT System Administrator at a transportation company with 201-500 employees
The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA. View full review »
Tech432SrvcMn
Technical Services Manager at a comms service provider with 10,001+ employees
The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated ITS/IPS source powered modules. This is a new screen for us, and it is also very useful. View full review »
ICTmanager564855
ICT Manager with 1-10 employees
* IPS * Antivirus * IP filtering View full review »
Net823Eng2
Network Engineer at a media company with 51-200 employees
The IPS (In-plane switching) is the most valuable feature. This enables visibility to our networks and to outside attacks. It is a solution to maintain the visibility. View full review »
Aaron Solis
ESS Security with 201-500 employees
Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure. View full review »
reviewer994896
Center for Creative Leadership at a professional training and coaching company with 501-1,000 employees
Its security is the most valuable feature. View full review »
Alondra Tyler
Sales Manager at a tech services company with 11-50 employees
VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones. View full review »
Fadil Kadrat
Network Engineer at Banque des Mascareignes
* Its VPN and ASN features are very stable. * It is easy to configure. View full review »
Deanna Acre
Information Systems Manager at a manufacturing company with 201-500 employees
Its ability to work with the traffic. View full review »
NetworkO9ae4
Network Operations Center Team Leader at a financial services firm with 10,001+ employees
At this point, we find that this product has high productivity and high availability and there is no need for improvement. View full review »
Moraima Matilda
Coordinator Network Support at a manufacturing company with 501-1,000 employees
The most valuable feature is the security that it provides our company and users. Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge. View full review »
reviewer916539
Solutions Architect at a tech services company with 10,001+ employees
It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method. View full review »
JuanMartinez1
Network Consulting Engineer at a energy/utilities company with 10,001+ employees
Nothing fancy about ASA capabilities, it does its job and does it well as long as you only care about filtering ports and protocols. View full review »
Reviewer83902
Network Administrator at a financial services firm with 1,001-5,000 employees
Sourcefire has been a great addition. The visibility and control have been nice. I also like the active/standby HA. View full review »
reviewer847167
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
Filtering is the best feature, as I have gotten used to using it. . View full review »
reviewer824748
User at a comms service provider with 1,001-5,000 employees
Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks. View full review »
Tracey Jackson
Senior Network Engineer at a university with 1,001-5,000 employees
The VDB updates run on schedule, so less hands-on configuration is needed. View full review »
JohnMorris
Manager with 11-50 employees
The ability to have a protected home network on the unit and a separate secured office network linked back to corporate. View full review »
Anthony Hassiotis
Senior Network Manager with 51-200 employees
* Failover * Transparent firewall * Multi-context * Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic. View full review »
Gareth Munday
‎Enterprise Manager at a tech vendor with 1,001-5,000 employees
* VPN * Firewall * IDS/IPS These features allow us to deliver services to meet client needs across various industry verticals. View full review »
Samuel May
Information Security Manager with 51-200 employees
The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights. View full review »
Luke Guild
Tehcnician with 201-500 employees
ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands. View full review »
PetrPetrov
User
* AnyConnect * Double translations * Independent IPS module * High performance * Various methods of organizing a VPN View full review »
Hector Carmenates
Information Technologies Consultant at a tech services company
* Reliability * Robustness * Security features * High encryption, hashing, and integrity support * Support * High performance View full review »
MohamedMostafa2
student
ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security. View full review »
Tony Petcou
Business Development Executive with 51-200 employees
Find out what your peers are saying about Cisco, Fortinet, Juniper and others in Firewalls. Updated: January 2020.
391,122 professionals have used our research since 2012.