Most Helpful Review
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Unfortunately in Cisco, only the hardware was good.
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.
The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.
The firepower sensors have been great; they do a good job of dropping unwanted traffic.
The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.
The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.
I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.
The technical team is always available when we have problems.
For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily.
A stable and solid solution for protection from external threats and for VPN connections.
The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is.
The stability is good. Very simple. Upgrades are great.
The feature I find most valuable is the Cisco VPN Interconnection.
What I like about Cisco is the security zone. By default when you configure it, it gives you a security zone, which other firewalls don't have.
We are using the Cisco AnyConnect for our end-user VPN with the ASA.
The basic setup is fine. We're just one person. It's only when you want to do some more sophisticated setup like channeling and stuff like that that it's more complicated.
They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.
With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful.
We can easily track unauthorized users and see where traffic is going.
The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites
The IPS, as well as the malware features, are the two things that we use the most and they're very valuable.
The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.
Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.
The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly.
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.
Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.
The software was very buggy, to the point it had to be removed.
Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.
I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.
The Sandbox and the Web Censoring in this solution need to be improved.
It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.
I'm working on a slightly older version, but what it needs is a better alert management. It's pretty standard, but there's no real advanced features involved around it.
It is not the newest, cutting-edge technology
The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use.
They really need support for deployment.
They should allow customers to talk to them directly instead of having to go through the reseller.
I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv.
I would like to see them release a patch for ASAv with cross-platform FirePower integration.
The user interface is old fashioned.
I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.
We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it.
We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.
The user interface for the FirePOWER management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For FirePOWER, the user interface is not very user-friendly. It's a little bit confusing sometimes.
For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.
The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.
In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.
I would like to see the inclusion of more advanced antivirus features in the next release of this solution.
Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.
We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.
We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months.
The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology.
The program is very expensive.
The cost of this solution is high.
Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.
It would be nice if pricing could do more to reflect the economy of the country where the product is being implemented.
This solution might be expensive, but it is economical in the long run.
With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect.
I bought a license for three years and it was really affordable.
We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.
With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy.
Purchasing from the AWS Marketplace was easy. It was just point and click.
It is pay-as-you-go, so it much cheaper than buying in the plants.
We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.
The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high.
Cisco's pricing is high, at times, for what they provide.
Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.
The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...
The price of this solution is not good or bad.
The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription.
It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.
Compared 38% of the time.
Compared 11% of the time.
Compared 9% of the time.
Compared 28% of the time.
Compared 27% of the time.
Compared 15% of the time.
Compared 23% of the time.
Compared 19% of the time.
Compared 16% of the time.
Also Known As
|Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls||Adaptive Security Virtual Appliance||Cisco Firepower Next-Generation Firewall, FirePOWER|
Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.
Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.
Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.
The Cisco Firepower Next Generation Firewall (NGFW) prevents breaches, and can quickly detect and mitigate stealthy attacks using deep visibility and the most advanced security capabilities of any firewall available today - all while maintaining optimal network performance and uptime. With Cisco NGFW you can automate operations to save time, reduce complexity, and work smarter.
Learn more about Cisco ASA NGFW
Learn more about Cisco ASAv
Learn more about Cisco Firepower NGFW
|There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.||Bluelock||Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield|
Financial Services Firm19%
Comms Service Provider9%
Software R&D Company6%
Software R&D Company28%
Comms Service Provider18%
Financial Services Firm29%
Comms Service Provider21%
Software R&D Company36%
Comms Service Provider18%
Financial Services Firm42%
Comms Service Provider17%
Software R&D Company26%
Comms Service Provider24%