Our primary use case is for security. We are a bank in India and the data is very important for us. We use ASA for our security and protection.
Team Leader, Information Risk Engineer at National Bank of Egypt
Data protection is a big benefit we see but some of their features need to be improved
Pros and Cons
- "Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good."
- "Some of the features, like the stability, need to be improved."
What is our primary use case?
How has it helped my organization?
Data protection is a big benefit we see from this solution. It protects our customers, our customer's accounts, and money, as we are one of the biggest banks in Egypt and the Middle East.
What is most valuable?
Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.
What needs improvement?
Some of the features, like the stability, need to be improved.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
For how long have I used the solution?
More than five years.
What do I think about the scalability of the solution?
The scalability is good.
How are customer service and support?
Their support is good and helpful but sometimes it takes them a while to respond. We have been stuck in critical situations so we opened a critical ticket but it took them a while to respond.
How was the initial setup?
The initial setup is easy. If we have an issue we contact their support.
What about the implementation team?
We implemented ourselves.
What other advice do I have?
I would rate it a seven out of ten. I would recommend this solution to a colleague. No product will give you 100% of what you're looking for but this solution is close.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Data Center Architect at Fronius International
Has the full package that we're looking for but the features aren't stable enough for us to use
Pros and Cons
- "We chose Cisco because it had the full package that we were looking for."
- "The stability and the product features have to really be worked on."
What is our primary use case?
Our primary use case of this solution is for firewalling.
How has it helped my organization?
We have been using Cisco for a long time, and we use Firepower to replace other systems. It hasn't really been an improvement, but there are many features we want to use in the future. We haven't seen much improvement because we only installed it a short while ago.
What is most valuable?
It has many features but not all of them work. The features aren't stable enough for us to use them. The most valuable features are the firewalling and the deep inspection.
What needs improvement?
The stability and the product features have to really be worked on.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is getting better but we had some firmware issues.
What do I think about the scalability of the solution?
The scalability is good. We have scaled it but at a normal gross so it's not very high. We have designed it for our use case and we have the option to scale but we don't use it at the moment.
Which solution did I use previously and why did I switch?
We chose Cisco because it had the full package that we were looking for.
How was the initial setup?
The initial setup was of normal complexity. It's not straightforward, and because we started so early, the migration tools were not so good at the beginning.
What about the implementation team?
We implemented through our partner and had a good experience with them.
What other advice do I have?
Customers should take note that the migrations steps are not easy. The tools cannot solve all configurations and handle all configurations directly so you will have to do some coding by yourself. The solution is not complete at the moment but it will get better.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
Technical Services Manager at a comms service provider with 10,001+ employees
They have the integrated ITS/IPS source powered modules. This is a new screen for us, and it is also very useful.
Pros and Cons
- "It protects our network."
- "The stability of the product is good."
- "The pricing is a bit high."
What is our primary use case?
I have been using this product for over ten years. Most of the features fulfill my requirements. It protects our network.
What is most valuable?
The most valuable feature is the section payover. But, I think that kind of function may also come from similar products. In addition, they have the integrated IDS/IPS source powered modules. This is a new screen for us, and it is also very useful.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
The stability of the product is good.
What do I think about the scalability of the solution?
The scalability of the solution is OK for me. It basically fulfills my requirement.
How are customer service and technical support?
I would rate the technical support a rating of seven out of ten.
What about the implementation team?
I always consider the stability and scalability of a product when choosing a vendor.
What's my experience with pricing, setup cost, and licensing?
The cost is a bit high compared to other solutions in the market.
Which other solutions did I evaluate?
We have looked at Juniper, Palo Alto and other brands.
What other advice do I have?
We like that Cisco has a lot of experience on the market trends.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a manufacturing company with 51-200 employees
It is a very secure product. But, it has limitations.
Pros and Cons
- "It is a secure product."
- "It is not easy to configure."
- "The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting."
What is our primary use case?
Our primary use case is to use it as a firewall.
What is most valuable?
I find that the product is a very good, and secure firewall. The benefits of this product is that it is a strong firewall solution.
What needs improvement?
It is a secure product. But, it is not very easy to configure. You need to be knowledgeable to be able to manage it.
In addition, due to changes in management, we found Cisco slightly behind some of the competitors in the market. Furthermore, the internet protection system seems to be lacking, in comparison to some of the competitors. This is why we are currently looking at other possible solutions.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting.
How is customer service and technical support?
I have not used the technical support for Cisco ASA.
How was the initial setup?
It was a bit complex to setup this solution. When we used the command line, it was not easy to implement. We needed Cisco technical knowledge to be able to manage the implementation.
What's my experience with pricing, setup cost, and licensing?
The cost is a bit higher than other competitive solutions on the market.
What other advice do I have?
Yes, it's a good provider when it comes to firewall solution, but maybe limiting when you are looking at the wall UTM management. It's delayed behind some of the competitors.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT System Administrator at PFW HAVACILIK
Creates a unified strategy for event logging and correlation
Pros and Cons
- "Beats sophisticated cyber attacks with a superior security appliance."
- "The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network."
What is our primary use case?
IT landscape is dynamic, requiring security policy, controls, and visibility to be better than ever.
- 1Gbps
- Multi-service
- Beats sophisticated cyber attacks with a superior security appliance.
- IT landscape is dynamic.
- Requires security policy, controls, and visibility to be better than ever.
This applies to all ASA-related Management/to-the-box traffic, like SNMP, SSH, etc., with Firepower services combined with our proven network firewall along with the industry’s most effective next-generation IPS and advanced malware protection. Therefore, you can get more visibility, be more flexible, save more, and protect better.
How has it helped my organization?
Historic events related to security incidents. My organization must have a unified strategy for event logging and correlation.
What is most valuable?
The Cisco Product Security Incident Response creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco ASA.
What needs improvement?
The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network. The operational procedures in use on the network contribute as much to security as the configuration on devices.
For how long have I used the solution?
Still implementing.
How are customer service and technical support?
There is 24/7 support anytime, anywhere.
Which solution did I use previously and why did I switch?
Before, I did not manage my private network well (or professionally). For this reason, I have been updating products.
What's my experience with pricing, setup cost, and licensing?
Commercial leasing is the best option.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT SecOps Manager at a computer software company with 1,001-5,000 employees
The best features are NAT, transport-layer inspections, and VPN
What is most valuable?
Cisco ASAs are great network firewalls and they can work for years after being configured. The best features are NAT, transport-layer inspections, and VPN.
How has it helped my organization?
With ASAs, we can keep operational expenses as low as possible. Disaster risks should be observed as usual, but this is definitely not the weak point.
What needs improvement?
I would like to see new SW versions being more stable and HW performance increase. However, the new 2000 series has high performance, but it is not shipped widely so far.
For how long have I used the solution?
I started using Cisco firewalls when old PIX models were produced. I then observed all model changes. This makes about 10 years of continuous experience.
What do I think about the stability of the solution?
There are no real stability issues, if upgrades are done carefully.
What do I think about the scalability of the solution?
I believe scalability issues are caused by poor design.
How are customer service and technical support?
Cisco technical support makes a good impression most of the time.
Which solution did I use previously and why did I switch?
Some of my customers switched from ZyXel to Cisco and this is an obvious decision for me. It will be much harder to imagine a customer replacing Check Point or Fortinet with Cisco.
How was the initial setup?
The initial setup should not be left to the customer. The best way to do this is to make a basic setup and integration along with cabling and power-up, then verifying requirements and adjusting the configuration.
What's my experience with pricing, setup cost, and licensing?
Basic features and IPs can work without subscriptions. All next-generation features require per-year payments. Enterprise customers usually agree with price and license fees, so I don't see any painful issues with pricing and licensing.
Which other solutions did I evaluate?
I compared Cisco with Fortinet, Checkpoint, and DIY solutions.
What other advice do I have?
All you need to succeed is careful design, professional setup, and a support contract.
Disclosure: My company has a business relationship with this vendor other than being a customer: We have been Cisco channel partners for over 15 years.
Senior IT Networking and Security Manager at a tech services company with 10,001+ employees
It is supported on many platforms and helps us gain access to the network.
What is most valuable?
There are a lot of features which are good and can be implemented, especially in the latest IOS version of the product.
They saved me a lot of time thinking how to solve different scenarios with other solutions.
Cisco AnyConnect for remote access is one of them. It is supported on most of the platforms, which business users use. They can gain access to the network, via functions like PBR, Security groups, contexts, and DNS doctoring. This gives a lot of flexibility to the product.
How has it helped my organization?
It gave us a more secure environment and a lot of flexibility to the business.
What needs improvement?
The next generations part of these products need a better approach. A lot of vendors are definitely a step or two in front of them.
For how long have I used the solution?
I have worked with these types of firewalls for more than 10 years.
What do I think about the stability of the solution?
I can say that this product is one of the most stable products I have ever worked with.
What do I think about the scalability of the solution?
In terms of scalability, this always depends on how the product was chosen and what purpose it will work for. I haven't experienced any issues with the scalability of the product.
How are customer service and technical support?
In terms of technical support, it depends on the different cases. I would surely give Cisco technical support a rating of 9/10.
Which solution did I use previously and why did I switch?
I used to work with open source solutions, but the support and complication behind them was definitely not OK. If you want to have flexibility and stability, you have to move on to something that receives more development in that specific area.
How was the initial setup?
The initial setup was straightforward and there was a lot of documentation that can help out with specific cases.
What's my experience with pricing, setup cost, and licensing?
This is definitely not a cheap solution, but I think it is worth the investment.
Which other solutions did I evaluate?
We evaluated other solutions like Juniper, but we chose Cisco, since our network was becoming more and more Cisco oriented.
What other advice do I have?
I would recommend that you understand the needs of the business case before choosing the product and start implementing it. It is very important to choose the right licenses from the beginning.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Network Engineer at a tech services company with 51-200 employees
Provides the capability of the higher end firewall products to handle most network tasks without issues.
Pros and Cons
- "It makes it very easy to have delineated roles and responsibilities between network engineering and network security."
- "In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."
How has it helped my organization?
It makes it very easy to have delineated roles and responsibilities between network engineering and network security.
What is most valuable?
I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.
What needs improvement?
People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.
In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.
I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.
Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.
What do I think about the stability of the solution?
Stability issues did not occur in my experience, as long as we stayed with the correct image builds.
What do I think about the scalability of the solution?
There were no scalability issues.
How is customer service and technical support?
Customer Service:
Generally, we do not need customer support, so it is hard to rate.
Technical Support:
Generally we do not need technical support, so it is hard to rate.
How was the initial setup?
The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.
What about the implementation team?
We implemented the solution in-house.
What was our ROI?
We cannot determine ROI just yet.
What's my experience with pricing, setup cost, and licensing?
Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.
Which other solutions did I evaluate?
In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.
What other advice do I have?
I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Meraki MX
Zscaler Internet Access
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Palo Alto Networks WildFire
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
hello
respectfully, you are right about routing, Cisco ASA is a best firewall that support routing. however, in best practices offer: do not use firewall as router and also is better to use firewall as transparent mode. because technically firewall designed for access control or something like that, so in high routing environment, sometime firewall cannot handle routing as router.