Most Helpful Review
Find out what your peers are saying about Cisco ASAv vs. Zscaler Internet Access and other solutions. Updated: July 2019.
377,828 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.
The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.
The firepower sensors have been great; they do a good job of dropping unwanted traffic.
Unfortunately in Cisco, only the hardware was good.
The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.
The most valuable features are the flexibility and level of security that this solution provides.
Integration with all the other Cisco tools is valuable.
We moved from a legacy firewall to the ASA with FirePOWER, increasing our Internet Edge defense dramatically.
For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily.
A stable and solid solution for protection from external threats and for VPN connections.
The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is.
The stability is good. Very simple. Upgrades are great.
The feature I find most valuable is the Cisco VPN Interconnection.
What I like about Cisco is the security zone. By default when you configure it, it gives you a security zone, which other firewalls don't have.
We are using the Cisco AnyConnect for our end-user VPN with the ASA.
The basic setup is fine. We're just one person. It's only when you want to do some more sophisticated setup like channeling and stuff like that that it's more complicated.
Zscaler Web Security protects our users in remote locations from internet threats - even if they are not connected to our network.
The most valuable feature is bandwidth control.
The solution offers a distributed organization to master and to control all of the endpoints.
The best thing about Zscaler Internet Access is the website filtering. In the UAE it's quite an important feature because most of the malware comes through the SQL injection and through downloads from websites. Zscaler helps protect against that.
The initial setup was straightforward. The biggest thing for us was to build our own policies. The deployment itself was only a few hours.
The scanning feature is impressive, because they do not introduce a big latency to the traffic.
All internet access flows through the Zscaler proxy, regardless of whether people are in office or remote. I have greater control site access and I minimize the number of compromises that we experience to almost none.
Whether you are in a hotel somewhere, or in Africa, it does not matter. You will get the Zscaler protection presence anywhere.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.
Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.
The software was very buggy, to the point it had to be removed.
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.
Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.
There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.
With regards to stability, we had a critical bug come out during our evaluation... not good.
The product would be improved if the GUI could be brought into the 21st Century.
I'm working on a slightly older version, but what it needs is a better alert management. It's pretty standard, but there's no real advanced features involved around it.
It is not the newest, cutting-edge technology
The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use.
They really need support for deployment.
They should allow customers to talk to them directly instead of having to go through the reseller.
I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv.
I would like to see them release a patch for ASAv with cross-platform FirePower integration.
The user interface is old fashioned.
Another thing that I would like to see is if Zscaler could have a separate product for direct access. I looked at a private access solution, but I understand there's a separate product that isn't integrated with this.
It also needs better integration with other applications as well. There are some restrictions.
Zscaler should provide adjacent services, which would be complementary to their current offering that could to be more pragmatic for a customer. For example, if you take Akamai, you get multiple sets of services, all depending on the customer and the strategy and the complexity and the problems. In some areas, they are more varied in terms of coverage.
In terms of usage, here in the GCC, it's still growing a growing market, so the combination of DLP, data leak prevention, to a certain extent is fine. But what it requires is user-based access or role-based access. The solution needs to grow into that, which definitely takes time. There's not an easy way to integrate it, when you have a cloud-based solution.
In every cloud service in the world, you have multiple upstream internet providers to create diversity so that if one of your providers fails, your network just continues. In South Africa, there is only one upstream provider, and that's not right. That that's a problem.
I would like to see the ability to choose a pool of IPs for my company, set up rules based on them, and know that those IPs are not used by other companies.
It needs better integration with other applications. It takes a fair amount of regular activity to apply the by-passes because it is very strict in its restrictions and frequently you have to go in and open things up to allow the workforce to work.
The pricing is an issue. It is expensive if you have all of your users in the same location. It is expensive compared to other firewalls on the market.
Pricing and Cost Advice
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.
We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.
Always consider what you might need to reduce your wasted time and invest it in other solutions.
Watch out for hidden licensing and incredibly high annual maintenance costs.
We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.
The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.
Licensing is expensive compared to other solutions.
Pricing is high, but it is essentially a corporate decision.
It would be nice if pricing could do more to reflect the economy of the country where the product is being implemented.
This solution might be expensive, but it is economical in the long run.
With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect.
I bought a license for three years and it was really affordable.
We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.
With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy.
Purchasing from the AWS Marketplace was easy. It was just point and click.
It is pay-as-you-go, so it much cheaper than buying in the plants.
Our monthly fee is around R3000.
Roughly, we might spend $70,000 a month on the solution. We don't pay for anything beyond the standard licensing fee.
The pricing is an issue. It is expensive compared to other firewalls on the market.
Be aware that you will need to invest some time and money to adapt your environment for Zscaler (traffic redirection, software deployment, authentication, etc).
Compared 39% of the time.
Compared 11% of the time.
Compared 9% of the time.
Compared 32% of the time.
Compared 30% of the time.
Compared 9% of the time.
Compared 27% of the time.
Compared 13% of the time.
Compared 8% of the time.
Also Known As
|Cisco ASA, Adaptive Security Appliance, ASA||Adaptive Security Virtual Appliance||ZIA|
Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.
Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.
Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.
Zscaler Web Security provides unmatched security, visibility and control, going beyond the basics of web content filtering. Delivered in the cloud, Zscaler includes award-winning web security integrated with our robust network security platform that features advanced threat protection, real-time analytics and forensics. You'll get protection across every user, location and device, including laptops, smartphones, tablets and Internet of Things devices.
For more details:
Learn more about Cisco ASA NGFW
Learn more about Cisco ASAv
Learn more about Zscaler Internet Access
|There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.||Bluelock||Ulster-Greene ARC, BanRegio, HDFC, Ralcorp Holdings Inc., British American Tobacco, Med America Billing Services Inc., Lanco Group, Aquafil, Telefonica, Swisscom, Brigade Group|
Financial Services Firm17%
Comms Service Provider11%
Software R&D Company29%
Comms Service Provider16%
Financial Services Firm27%
Comms Service Provider20%
Software R&D Company27%
Comms Service Provider13%
Financial Services Firm6%