Most Helpful Review
Researched SonicWall NSA but chose Cisco ASA NGFW: Advanced Malware Protection works well to protect against cyber threats
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Unfortunately in Cisco, only the hardware was good.
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.
It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.
The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks.
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.
If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning.
They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.
Juniper is one of the most powerful network security solutions while remaining simple to use, set up, and scale.
The most valuable feature is the licensing scheme for security functions.
Performance is a strong point.
The EEE security controls allow us to make policy restrictions, so I can customize port numbers to allow or limit control.
It helped us with its routing capabilities which eased the cost, because otherwise I would have had to take a router and firewall, and then integrate it. With this, however, it was an integration of firewall and routing services all together in a single product. That was one thing that I loved about it.
I like the routing and firewall features.
The solution's stability is very good.
I've found the security features, such as IDS and the VPN most valuable.
The most valuable features are the VPN, SSL VPN, and IPSec VPN.
We have utilized all the features. The most valuable are the URL filtering by category, DMZ zoning, load balancing and site-to-site VPN.
The basic firewall rules of the solution are great.
The most valuable feature is the Global Management System.
The most valuable features are that it is reasonably-priced and works well.
It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone.
Support has improved dramatically since their separation from Dell.
Setup is easy. Anyone with basic firewall experience can do it.
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.
Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.
One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection.
If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges.
Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough.
Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.
It is expensive.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.
It could have features that other products support like blade options and stand-alone endpoint security.
In the next release, I would like to see the remote access client improved as well as improvements made to the administration GUI.
There are a lot of features that customers do not know about and I think that better documentation would help when it comes to learning how to use the product.
It should be easier to escalate support tickets.
IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated.
The workplace management console needs improvement. It should be a little bit more developed. Also, the interface needs a bit more improvement.
The big thing is performance. With all the features turned on it slows down.
In terms of other features, I'd like to see a web filter, 10 point control, application control and a DNA filter in the next release.
SonicWall does not support DynDNS, yet this is an important feature for smaller companies that do not have a static IP address.
We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease.
The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly.
Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.
I would like U.S.-based technical support.
The anti-spam requires a specific Java version on the server side (do not update it, otherwise it will break).
They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy).
Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.
Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.
There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.
When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active.
It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up.
Cisco is expensive, but you do get benefits for the price.
In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.
We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.
Compared to other vendors, the pricing of this solution is good.
There was no additional licensing cost because there were no IPS services. It was just a firewall IP circuit router so they have the default licensing. We just need to renew the support yearly.
The price of this solution is more than other products, but it's stable, and the technical support is better than I have seen with others.
While the price of support is expensive, the price of the solution, itself, is not.
The pricing is perhaps half, probably forty percent, of Cisco.
The direct support with Juniper is expensive. When you stop using the solution and miss one year of payments, if you want the support back on a specific node, they ask you to pay for the year that you haven't used the node.
In terms of pricing, Juniper is in the middle. The most expensive firewall is Palo Alto. If a customer wants the cheapest price they should go for FortiGate. Juniper is in between these products.
If you want to connect more than five concurrent users by VPN then you have to pay an additional fee.
Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.
The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product.
A firewall doing anti-spam might be a low cost solution, but it is not your best strategy.
You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end.
In our evaluation, we found that the costs of deploying the solution, and also purchasing the hardware and licenses, were very attractive.
Considering the market, I believe that the price of this solution is great.
Compared 36% of the time.
Compared 13% of the time.
Compared 9% of the time.
Compared 6% of the time.
Compared 2% of the time.
Compared 34% of the time.
Compared 13% of the time.
Compared 7% of the time.
Compared 4% of the time.
Compared 2% of the time.
Compared 19% of the time.
Compared 18% of the time.
Compared 14% of the time.
Compared 10% of the time.
Compared 2% of the time.
Also Known As
|Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls||SRX||NSA 250M, NSA 2600, NSA 3600, NSA 4600, NSA 5600, Dell SonicWALL NSA|
Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.
Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.
Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.
|High-performance security with advanced, integrated threat intelligence, delivered on the industry's most scalable and resilient platform. SRX Series gateways set new benchmarks with 100GbE interfaces and feature Express Path technology, which enables up to 1 Tbps performance for the data center.||Achieve a deeper level of security with the SonicWALL Network Security Appliance (NSA) Series of next-generation firewalls. NSA Series appliances integrate automated and dynamic security capabilities into a single platform, combining the patented, SonicWALL Reassembly Free Deep Packet Inspection (RFDPI) firewall engine with a powerful, massively scalable, multi-core architecture. Now you can block even the most sophisticated threats with an intrusion prevention system (IPS) featuring advanced anti-evasion capabilities, SSL decryption and inspection, and network-based malware protection that leverages the power of the cloud.|
Learn more about Cisco ASA NGFW
Learn more about Juniper SRX
Learn more about SonicWall NSA
|There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.||7-Eleven, AARNet Pty Ltd, Allegro Networks, alltours GmbH, Apollo Hotel Papendrecht, Armstrong Atlantic State University, Atlantech Online, Availity, Bajaj Capital, Baloise Insurance, BancABC, BAS Group, Black Lotus, Blue Box, Borealis, Carilion Clinic, Catholic Health System, CATV, Champlain College, Chinas Ministry of Railways, China University of Mining and Technology (CUMT), Cloud Dynamics, CloudSeeds, Cloudwatt, CODONiS, Colt Technology Services, Cork Internet Exchange, CSS Versicherung AG, CyrusOne, Danish Crown, Deloitte Belgium, Department of Energy, Divona Telecom, DQE Communications, DreamHost, European Government Agency, Expedient, Financial Market Information Services Provider, Fluidata, Fonality, Fox Sports, Global Financial Institution, Global Investment Bank, Global Investment Company, Energy Sciences Network (ESnet), Goethe University, HEAnet, High Performance Networks Inc., Hillenbrand||Orange County Rescue Mission, First Source, Michaels & Taylor, Green Clinic Health System, Aspire Chiltern Skills and Enterprise Centre, UnitedStack, Faith Lutheran College Redlands, Celtic Manor Resort, Star Kay White, Air Works, Unimat Life, NHS Yorkshire and Humber Commissioning Support (YHCS), Hutt City Council, Mato Grosso do Sul, Nspyre|
Financial Services Firm20%
Comms Service Provider9%
Computer Software Company28%
Comms Service Provider21%
Comms Service Provider56%
Financial Services Firm17%
Computer Software Company32%
Comms Service Provider31%
K 12 Educational Company Or School4%
K 12 Educational Company Or School22%
Computer Software Company22%
Comms Service Provider15%
See our list of best Firewalls vendors.