Cisco Secure Firewall Reviews

I primarily use the solution for the IPsec only. 

The user interface, the UI, is excellent on the solution. Let's say you want to check the real-time locker - you can create it by the UI using ADSM.

The VPN portion of the solution isn't the greatest.

The stability is not the best.

The solution is far too expensive.

I've been working with the solution for about six months, or maybe a little bit less than that.

I haven't found the stability to be very good. The IPsec stability leaves a lot to be desired. They really need to work on the solution's stability capabilities.

In ASA, I built the IPsec between ASA and Fortigate due to the fact that most of the time I have to restart the timer to flow the data.

We only have two to three users who directly deal with the solution within our company. Overall, we have between 100-200 employees. We haven't really scaled it.

I personally would prefer not to use ASA going forward. However, I don't know if the company itself has any plans to increase usage or not.

While I've dealt with Cisco technical support in the past on other solutions, I have not contacted them in regards to this specific product.

That said, my past experience with Cisco technical support has been very positive and I found them to be very helpful in general. I just can't speak to this specific product.

I was pretty junior when the solution was initially implemented in the organization. For that reason, I did not take an active role in implementing the solution. I wouldn't be able to really discuss the setup specifics or the level of difficulty.

I'm not exactly sure who handles maintenance, if any, within our organization.

The licensing is quite expensive. I don't have the exact amount, however, it's my understanding that it's a very pricey solution. There's a lot of competition out there, including from Fortigate, which offers just as good, if not better products.

I'm not overly familiar with ASA. I only work with it on an administration level.

I work with the latest version and I use the ASDM version server.

I wouldn't recommend that an organization choose ASA as a solution. They should look into other options.

Overall, I would rate the solution at a six out of ten. We haven't had the greatest experience.

We are using this product to filter network traffic.

It's a flexible solution and is well-known in the community. Most professionals are familiar with Cisco products and we prefer to work with products that we know. That is why we chose to work with Cisco firewalls, and also for the quality.

In the next year, we are planning to migrate to the Cisco Firepower. Our planned product would be Cisco Firepower 20 or the 40 series.

In the next release, I would like to see the VPN and UTM features included.

I have been using the Cisco ASA Firewall for the past ten years.

We have a few different versions that we are using. Some are 5505, 5510, and 5515.

It's stable. We have not had any issues with stability.

It's a scalable solution. We have five or six users in our organization.

We have not contacted technical support because we have not had any issues.

Previously, we did not use any other solutions. Our company is almost 11 years old and have been using this solution for ten years. We have been using this solution from the beginning.

I have not been present for most of the deployments, but from my experience, the deployment is not complex for organizations like ours because we have less equipment and infrastructure. 

In Ethiopia, most of the deployments, especially in government organizations, are on-premises because of government policy.

Our policies are limited and not complex.

Overall, I would say that it's pretty straightforward. While I was not a part of the deployment and had to guess, I would say it may have taken a week to deploy.

We require a team of four or five to maintain this solution.

In summary, this is a good product and I recommend it.

I would rate this solution a nine out of ten.

It's very stable and mature.

The content filtering on an application level is not as good as other solutions such as Palo Alto.

While the price is fair with all of the features that it has, it should be cheaper.

I have been using the Cisco ASA Firewall for seven years.

It's a stable solution.

We have plans to continue using this solution in the future.

It's a scalable product. We have 200,000 users in our organization.

Cisco technical support is good.

Previously, we used other products. We used Fortinet and CheckPoint.

We have a team of 50 or 60 Network Engineers to maintain this solution.

The price is fair. It's not the cheapest, but it's not bad.

Cisco ASA Firewall is a good product. I would recommend it to others who are interested in using it.

I would rate it a seven out of ten.

Our primary use case is for perimeter security.

We are using the enterprise version. Cisco has many versions. Maybe we are using the old version of ASA because it needs to be the freeware. In each freeware, there are different types of things. Maybe it is the standard version because the other version cost a lot. I need to combine it with another solution like an open source standard solution of the ASA firewall from Cisco.

Firewalls are about blocking. ASA is for blocking, but it does not have the intelligence like Fortinet to detect attacks. If I could use ASA to detect attacks, maybe we could buy another service from Cisco although it's very expensive. I would choose Fortinet, but my clients like ASA support. I prefer Fortinet because Fortinet has a UTM and it's a good firewall.

In terms of what could be improved, the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all.

I would like to see all the features like Fortinet has. If I buy ASA, I would like to see a Fortinet-like interface.

It would be good if Cisco could improve their web interface to configure the equipment. Cisco is very reliable and very secure, but has to compete with Fortinet which is very hard.

On a scale of one to ten, I would give Cisco ASA Firewall a nine.

I have been using Cisco ASA Firewall for about 15 years.

We have maybe 100 - 200 end users using the solution.

I would give their technical support an eight out of ten because of their response time.

Let me give an example. When I have a problem, and I contact support, maybe there is a guy from India or from another country answering me. This is very slow. The people look at the ticket and increase the time for response.

The initial setup is easy. Firewalls are like programming. If you know programming, you know every language. Firewalls are the same. If you know the security and blocking the perimeter, it's the same for all the firewalls. The difference with the different firewalls are the functionalities. Learn the functionalities in every brand.

My advice to anyone considering Cisco ASA Firewall is that you need a lot of money to implement the Cisco solution. But it's a good solution. If you want to go to Cisco, you need a lot of money.

The primary use case is to have full visibility over our Web & Application behavior on the local network and over the internet. On the other hand, reporting is one of the main needs so that we can monitor and evaluate our consumption and according to that, build up our policies and security.

Cisco NGFW had the needs that were required by us but unfortunately, was very primitive.

There was no added value and every feature requires license thus extra HIDDEN cost despite a large number of renewals. Paying that much compared to what other vendors can give is out of the negotiation. For this reason we dropped it.

Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints.

In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline. Nowadays IoT, Big Data, AI, Robotics, etc. are all evolving and shifting from automatic to intelligent. All brands that do not follow will be extinct.

I have been using this solution for three years.

good

I was using a different solution prior to this one. I shifted because I found that it can heal my pain at least partially. By the end, it did the job and more.

Not that simple, but anyone who have the knowledge can configure it.

Through a vendor and they have good tech

Always look for the history of the products and their evolution, as this will reflect their prices. As for the licenses, be smart and choose the ones you are going to use AS PER YOUR NEED.

More features=More Licenses=More work time=Increase in Cost.

Always consider what you might need to reduce your wasted time and invest it in other solutions (i.e. "If it takes you three hours to do an analysis report and the solution you are getting has this feature to reduce your time to five minutes then you can consider this license. But, if there is a feature where you can have access to the machine from the cloud and you are always connected to the company by VPN, there is no need to buy this license").

Whenever I go for a new solution, I test many leaders "NOT RELYING ON GARTNER", yet going for sites that are related to technical evaluations and real case studies. The vendors were Sophos Cyberoam, Barracuda, FortiGate, Websense, & Check Point.

Think before you buy, as this solution can be your success or failure. Always work with professionals and not promoters.

My primary use case is to have as VPN hardware. I have 2,000 providers. I am a reseller and as such, I am connected to telcos. I use ASA because our providers use Cisco in their core network as well. 

We had a situation where our network was down and the telecom providers at Cisco support helped us to resolve those issues. The downtime was brought down to a minimum.

The most valuable feature is that the encryption is solid. 

I have been using Cisco ASA for thirteen years. 

What I use now is sufficient based on the traffic that we are generating. We won't have to expand.  

We have two providers for ASA. There is only one administrator. We have about 1.2 million connections going through one ASA per month.

Their technical support is very good. 

I didn't previously use a different solution. We used Cisco and then we upgraded to ASA. 

The initial setup was straightforward. To set up the VPN we are able to set up the feature key networks that are going to talk to each other. We can set up what access is going to be used. The connection was set up in one or two days. 

We set it up twice. The first time it took four hours and the second time took ten hours spread out over two days. 

I have seen ROI. We use ASA because our provider uses it and they have support. The provider initiates the support with Cisco. The support is good. The license for the support is expensive. 

It is expensive. 

I would recommend this solution. If you have the money, it's a very stable product. Make sure to keep critical spare parts. You might have for instance some modules that will need acceleration cards and those types of things.

I would rate it a nine out of ten. 

We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.

Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.

Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.

The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.

With regards to stability, we had a critical bug come out during our evaluation.

It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.

Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.

We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.

We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.

Our in-house team tested and evaluated the solution.

Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.

Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.

Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?

We chose a different solution after performing in-house testing.

We use it on several layers of our network like in the border, internet edge, DMZ, some extranet parts of our network, and in the data center.

It's a reliable solution and a stable firewall. It helps us to manage the security policies in different areas of our network. 

We use ASA as a simple, scalable firewall. Its main advantages are the stability. We use it as an active standby and as a failover solution. We depend on this solution, we've used it for several years.

• Interaction with the equipment
• Different interface with the product 
• A more simple procedure in delivering policies to the equipment  
• Simplified upgrade procedure
  
• Tracking flows
• Monitoring and logs should be easier.

It's quite stable. In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down. 

It's not so scalable.

I haven't had any major problems so I haven't had to open a ticket with technical support. 

The initial setup was not so complex. Most of it was straightforward. We just needed to discuss different scenarios that we had to consider regarding the deployment scenario, what could go wrong and what could happen in the future. 

We used Telekom Romania for the deployment. We did most of the job internally but they helped us to clarify some aspects regarding the architecture design.

We also considered Check Point. We chose Cisco because of its capabilities. We didn't need something so complex for this solution, just a straightforward firewall. It met our requirements. 

I would rate it a nine out of ten.