Cisco Secure Firewall Reviews

We are using Cisco ASA Firewall 5525 for network security. We needed a network security solution that can take care of the network security and URL filtering. We also wanted to create site-to-site VPNs and have remote VPNs. For all these use cases, we got Cisco ASA, and we are pretty happy with it.

The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.

Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.

There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues.

It is very reliable.

It is scalable. Cisco is pretty popular with organizations, and many customers are using it. It is suitable for all kinds of customers. It can cater to small, medium, and large organizations.

I have interacted with them many times. I have been on a call with their technical support continuously for 48 hours. They were very prompt. In terms of technical support and documentation for switching, firewall, and routing solutions, no one can match Cisco.

Its initial setup was very straightforward. Its documentation is very easily available on the web, which is very useful.

Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis.

I would recommend this solution to others if they are not specifically looking for URL filtering and want to use it for their infrastructure. It is a perfect and very reliable solution, but it lacks when it comes to URL filtering. 

I would rate Cisco ASA Firewall a nine out of ten.

We use the platform to provide secure perimeter internet access for customers and also to provide secure networks or secure SANs for customers. We have a global partnership with Cisco and I'm a re-sales and security manager of IT services.

The top features for me are the filtering, the intrusion prevention system, and the AMP on small operations. 

To configure the FirePower it is required an external console. It would be nice to have the console embedded in the Firewall so you don't require an extra device. I'd like to see some kind of SD-WAN included as a feature. 

I've been using this solution for six years. 

The solution is very stable and we feel very secure with it. 

The scalability is no problem. 

The technical support is excellent. 

The initial setup is quite straightforward. I think someone who knows the iOS platform and knows about firewalls can setup the device. If you don't have experience, it will be somewhat complicated. If you know the platform, implementation is very quick. We've installed over 1,000 firewalls for different customers.

This is a very stable platform, and you can adjust the engine for malware protection. It is one of the best and a very reliable solution.

I would rate this solution a 10 out of 10. 

We are primarily using the solution to protect our network.

The security the solution offers is very good. Security-wise, it's the top in the world.

The product has excellent technical support.

The user interface is easy to navigate.

Everything is user friendly.

The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already very cheap and have less annual maintenance costs compared to Cisco.

I've been using the solution for a few years now.

The solution is reliable. We have been using it for more than a couple of years and we haven't had any problems. There's been no downtime and no hardware failures. It's pretty stable.

We've never tried to scale. We have a pretty small set up in our country. It's unlikely we will have to scale.

Currently, we have between 200 and 300 people on the solution.

The technical support has been very good. They are helpful and knowledgeable. We're quite satisfied with their level of service.

This is the first product of this nature that we have implemented. We didn't previously use a different solution.

Initially, the preliminary set up took us some time. However, we did have some local expertise in Pakistan. Once, when we were stuck on something, we could manage to get help from Cisco online. It wasn't that tricky or complex. In the end, it was straightforward.

We had some assistance with a local expert as well as Cisco.

There's an annual subscription. It's not cheap. It's quite pricey if you compare it to other competitors in Pakistan. There aren't any extra costs beyond the yearly licensing.

We pay about $200 yearly and we have two firewalls.

We are the customer. We are in the oil and gas business. We don't have a business relationship with Cisco.

I'd recommend the solution to others straight away. It's more or less a very standard option here in Pakistan.

Overall, on a scale from one to ten, I'd rate the solution at an eight.

We use this solution as a firewall and for the segregation of our servers from the rest of the environment.

Instead of using multiple firewalls, we only need to rely on this solution. It has a small footprint.

The most valuable features are the flexibility and level of security that this solution provides. 

There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.

Some of the features should be baked-in by default.

Stability has been pretty good, so far.

This solution is very scalable.

We have contacted technical support about an issue that we were having, and it took a very long time for them to figure it out. We were on the phone for six or seven hours with them.

We previously used an ASA 5500, and it was simply time to upgrade it. We used this solution as a direct replacement.

The initial setup of this solution is pretty straightforward.

We are not restricted to any one vendor, but this solution worked well as a direct replacement for our previous one. We considered both Juniper and FortiGate.

This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into.

I would rate this solution a nine out of ten.

The VPN and monitoring are the most valuable features.

I tried to buy licenses, but I had trouble. Their licensing is too expensive.

If they can get the reporting to go into deeper detail, it would really be helpful because in order to get the reports in Cisco you have to go to look at the information that you don't necessarily need. 

Also, the pricing is quite high. 

The stability is good. Very simple. Upgrades are great. But when we upgrade it, things break. You have to upgrade about three things before you get something stable.

I haven't had to scale, so I can't speak to this aspect of the solution.

I haven't had to deal with technical support, so I don't have much to say.

We didn't previously use a different solution.

The initial setup was straightforward.

I did the setup myself. The budget I had didn't allow me to get support. I would use Google a lot. The first implementation took me about three weeks because I did not know what I was doing. So it took me a while. It took me about three weeks, but everything else took about two days, maybe three days and I was done. 

We did look at Barracuda.

They really need support for deployment.

I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.

We have around 250 users and security is extremely important for us. 

The features I found most valuable in this solution are the overall security features. 

The overall application security features can be improved. 
It could also use a reporting dashboard. 

I found that Cisco ASAv is a really stable solution. 

I haven't tested scalability yet, but I believe it is a very scalable solution. We currently have 250 employees working on it without any issues.

The few times I've had to call in technical support, the service was excellent. I've had no issues.

Our company has used various other solutions in the past. We've decided to also install Cisco ASAv to add extra features to our system.

The initial setup was straightforward and it took me about two days to do the installation. The fine tuning took about a week. I am the IT Infrastructure Manager of our company, but I don't believe that individuals without IT knowledge would struggle to do the installation themselves.

We didn't use any consultant for the deployment - we installed and implemented Cisco ASAv ourselves and we didn't experience any problems.

We pay an annual fee.

We have used many other solutions in the past and we constantly look out for other options. So we didn't switch to Cisco ASAv, we simply started using it together with another solution. We now use two products in the same time.

I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.

My primary use case for this solution is for Internet access for the enterprise or for users, publishing, email, and to protect our network.

Before Firepower, we didn't have any visibility about what attack was happening or what's going on from the inside to outside or the outside to inside. After Firepower and the reporting that Firepower generates, I can see what's going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what's going on. It enables me to solve any problem.

They give me more visibility of what's going on when traffic comes in and goes out from the company or comes in from the outside. I can see what's going on with this traffic, which is a nice feature. I also like the malware inspection and management of the dashboard features. The management of the dashboard is different from the old Cisco Firewall. This management brings everything together into one management platform. 

I would like for them to develop better integration with other security platforms. I would also like for them to make the Cloud configuration easier. 

One to three years.

Stability is perfect. I haven't had any problems. 

Scalability is great. We have around 1,500 users. 

Their technical support is good. I opened a ticket when we did the installation. We didn't have any issues with them.

We were previously using Cisco ASA without Firepower. We switched to Cisco Firepower because Firepower has more features, like malware inspection, and more possibilities with identity management.

The initial setup was a little complex. We required three staff members for deployment and maintenance.

We implemented ourselves. Deployment took around six months. 

It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.

We also evaluated Fortinet and Juniper.

I would advise someone considering this solution to subscribe to the URL filtering and to use malware inspection.

I would rate this solution a nine out of ten.

Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.

Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.

It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.

Top features:

• Easy to deploy for staff to use VPNs
• Ease of setup
• Integrated threat defence
• Great flow-based inspection device
• Easy ACLs
• Failover support
• Each virtual appliance is separate so you get great granular control
• Has own memory allocation
• Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
• License control
• SSH or RESTful API

We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.

Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.

We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.

Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.

This solution gets an eight out of ten because it is easy, has the features we need, keeps costs low, and provides granular control using appliances that are already familiar to the team.