It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.
It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.
Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.
The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.
It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.
We have been using the solution for almost five years.
We didn't encounter any issues with stability.
Scalability is limited depending on the chosen model.
I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.
We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.
The setup was easy with lots of documentation and configuration examples provided.
You have to negotiate well.
We did not evaluate any alternative options for stateful firewalling.
You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.
Mostly Enterprise firms they're using both, would be Palo Alto using in core and gateway traffic.