What is our primary use case?
We mainly use it for site-to-site VPNs, connecting to other businesses. I work in manufacturing and hospitals.
We connect to remote networks: manufacturing-to-businesses and hospital-to-hospital.
It was deployed in our data center across multiple sites. At the hospital where I last worked, it was deployed at 18 sites, then we did VPNs between our hospital and clinics.
How has it helped my organization?
We don't have to worry about when something goes down. Instead of saying, "Oh my gosh, this went down and now we have a gap here," it has automatic failovers and built-in redundancy. So, it says, "I don't have a gap anymore." This is one less thing to worry about, which was a big benefit for me. If our security group comes back, and says, "Hey, this is down." Then, it is like, "Yeah, we got it covered."
Our security groups are always very adamant that things stay up. If something went down, they say, "Why did it go down? How do we prevent it?" Since resiliency is already built-in on its initial design, we don't have to go back in every time, and say, "Here, this is what we did. This is why it was done like this." Instead, it is just, "Yes, they blessed it, and it's approved," and we don't have to go back and keep reinventing the wheel every time.
What is most valuable?
I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words.
What needs improvement?
Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it.
For how long have I used the solution?
I have been using this solution for more than 20 years.
What do I think about the stability of the solution?
I have never had any problems with stability. In the 20-plus years that I have used them, I don't think I have ever had a failure on them. They have always been rock-solid.
What do I think about the scalability of the solution?
We haven't done much with scalability. We have always just done active standby. However, it scales once you figure out how to do it. If there are site-to-site VPNs within your own location, it is easier because there is a template, where it is, "Here, change this IP address. Change this IP address. There, it's done."
Third-parties weren't bad. Once my side was done, then we could easily cut and paste it, and say, "Okay, here's what my side's configured for. If you have something that is not working, then you can tell me what it is and I will help you." However, we never really had anything that we couldn't fix. It was also possible to scale on the other side.
How are customer service and support?
I haven't called tech support very often. When I did call them, they could tell me what the problem was. That is where I started learning, "Here are the commands that you should be using to debug this." They have been very helpful. I would rate them as nine out of 10.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have used Palo Alto and Fortinet. We switched mainly because we were trying to unify all our products. Instead of using multiple systems, everything with the Cisco solution is end-to-end with different views of security. Some of them wanted to be diverse, keeping things separate. For others, it was easier if everything was just with one vendor. Also, if you are Cisco-centric, it is also easier.
Since I have been using this solution, I have seen it grow. When they first started doing it, it was more like, "Here's the command line. Here's what you got to do." Now, it's easier for a new engineer to come on, and say, "Okay. Here, you are going to start supporting this, and here is how you do it," which has made life easier. Since it is a repeatable thing, no matter which company you go to, it is the same. If you get somebody who is doing it on the other side of the VPN, it is a lot easier. So, I like the Cisco product. I have used several different ones, and it's like, "Well, this is the easiest one." It might be just the easiest one because I have used it long enough, but it is also a good product. It just helps us be consistent.
How was the initial setup?
We did a lot of site-to-site VPNs. We also did a third-party, which is Palo Alto or something. Though, some of them were SonicWall. It is like, "Okay, I don't know how the site is configured, then I spend hours trying to troubleshoot a VPN." The more you use it, the easier it gets. It used to take days to do it. Whereas, the last one that I built took about 30 minutes. The more we use it, the better the outcome is and the faster we can do it. Now, I am not spending days building a VPN, which should only take 10 to 15 minutes.
What was our ROI?
There is ROI when you use it more.
What's my experience with pricing, setup cost, and licensing?
Once you know what the product is, it is not that bad. Yes, it is expensive. When you try to get a license, it is like, "Well, I don't know which one of these I need. And, if I don't buy it now, then I will probably be back later. Now, I have to justify the money." Typically, you end up just buying everything that you don't use most of the time. It is one of those solutions where you get what you pay for. If you don't know what you need, just buy everything. We have additional licenses that we don't use.
What other advice do I have?
Take your time with it. Actually, read the documentation. Don't just assume you know what stuff means since that will sometimes come back and bite you. I have done that too many times. If you go from version to version, it changes a little bit, and so it is like, "Well I don't know why it doesn't work." Then, you go read the notes, "Oh, yeah. This changed and it is done over here now."
Building more resiliency should be a priority, and it's going to take money to do that. So, you need to actually believe and invest in it. Otherwise, it's an idea. It's great, because we all want redundancy, but nobody typically wants to spend the money to do it. Or, they want to do it as cheaply as possible. It's like, "Okay, I can do that," but you're going to have more gaps. Then, it is not really worth it. Therefore, invest the money the first time and do it right.
I would rate it as nine out of 10.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.