I primarily use the solution for the IPsec only.
Network Security Engineer at a tech services company with 201-500 employees
Good UI but too expensive and not very stable
Pros and Cons
- "The user interface, the UI, is excellent on the solution."
- "The stability is not the best."
What is our primary use case?
What is most valuable?
The user interface, the UI, is excellent on the solution. Let's say you want to check the real-time locker - you can create it by the UI using ADSM.
What needs improvement?
The VPN portion of the solution isn't the greatest.
The stability is not the best.
The solution is far too expensive.
For how long have I used the solution?
I've been working with the solution for about six months, or maybe a little bit less than that.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
What do I think about the stability of the solution?
I haven't found the stability to be very good. The IPsec stability leaves a lot to be desired. They really need to work on the solution's stability capabilities.
In ASA, I built the IPsec between ASA and Fortigate due to the fact that most of the time I have to restart the timer to flow the data.
What do I think about the scalability of the solution?
We only have two to three users who directly deal with the solution within our company. Overall, we have between 100-200 employees. We haven't really scaled it.
I personally would prefer not to use ASA going forward. However, I don't know if the company itself has any plans to increase usage or not.
How are customer service and support?
While I've dealt with Cisco technical support in the past on other solutions, I have not contacted them in regards to this specific product.
That said, my past experience with Cisco technical support has been very positive and I found them to be very helpful in general. I just can't speak to this specific product.
How was the initial setup?
I was pretty junior when the solution was initially implemented in the organization. For that reason, I did not take an active role in implementing the solution. I wouldn't be able to really discuss the setup specifics or the level of difficulty.
I'm not exactly sure who handles maintenance, if any, within our organization.
What's my experience with pricing, setup cost, and licensing?
The licensing is quite expensive. I don't have the exact amount, however, it's my understanding that it's a very pricey solution. There's a lot of competition out there, including from Fortigate, which offers just as good, if not better products.
What other advice do I have?
I'm not overly familiar with ASA. I only work with it on an administration level.
I work with the latest version and I use the ASDM version server.
I wouldn't recommend that an organization choose ASA as a solution. They should look into other options.
Overall, I would rate the solution at a six out of ten. We haven't had the greatest experience.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Systems Administrator\Ag. IT Manager at a construction company with 201-500 employees
It secures my network and is very stable
Pros and Cons
- "It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon."
- "Its configuration through GUI as well as CLI can be improved and made easier."
What is our primary use case?
I am using Cisco ASA as my firewall. I use it for security purposes to block access and for VPN. It is on the perimeter, so basically, it secures my network.
What is most valuable?
It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon.
What needs improvement?
Its configuration through GUI as well as CLI can be improved and made easier.
For how long have I used the solution?
I have been using this solution for more than five years. I am using the Cisco ASA 5505 model.
What do I think about the stability of the solution?
It is very stable.
How are customer service and technical support?
I manage it myself. If I can't, then I get somebody else. I don't have any support from Cisco.
How was the initial setup?
The initial setup was slow. It took a day or two.
What about the implementation team?
Unfortunately, there were not too many skilled guys who could install it. I had to get a third party for installation and configuration. I had to get somebody qualified in Cisco Security, and he was the only person who could actually configure it well.
What's my experience with pricing, setup cost, and licensing?
I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much.
What other advice do I have?
I would definitely recommend this solution. You just have to learn how to configure it. It is a Cisco solution, and there is not much to be improved. I plan to keep using it and expand its usage.
I would rate Cisco ASA Firewall an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
Owner/CTO at FS NETWORKS
Good solution that is easy to implement
Pros and Cons
- "The initial setup is easy."
- "In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all."
What is our primary use case?
Our primary use case is for perimeter security.
We are using the enterprise version. Cisco has many versions. Maybe we are using the old version of ASA because it needs to be the freeware. In each freeware, there are different types of things. Maybe it is the standard version because the other version cost a lot. I need to combine it with another solution like an open source standard solution of the ASA firewall from Cisco.
What is most valuable?
Firewalls are about blocking. ASA is for blocking, but it does not have the intelligence like Fortinet to detect attacks. If I could use ASA to detect attacks, maybe we could buy another service from Cisco although it's very expensive. I would choose Fortinet, but my clients like ASA support. I prefer Fortinet because Fortinet has a UTM and it's a good firewall.
What needs improvement?
In terms of what could be improved, the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all.
I would like to see all the features like Fortinet has. If I buy ASA, I would like to see a Fortinet-like interface.
It would be good if Cisco could improve their web interface to configure the equipment. Cisco is very reliable and very secure, but has to compete with Fortinet which is very hard.
On a scale of one to ten, I would give Cisco ASA Firewall a nine.
For how long have I used the solution?
I have been using Cisco ASA Firewall for about 15 years.
What do I think about the scalability of the solution?
We have maybe 100 - 200 end users using the solution.
How are customer service and technical support?
I would give their technical support an eight out of ten because of their response time.
Let me give an example. When I have a problem, and I contact support, maybe there is a guy from India or from another country answering me. This is very slow. The people look at the ticket and increase the time for response.
How was the initial setup?
The initial setup is easy. Firewalls are like programming. If you know programming, you know every language. Firewalls are the same. If you know the security and blocking the perimeter, it's the same for all the firewalls. The difference with the different firewalls are the functionalities. Learn the functionalities in every brand.
What other advice do I have?
My advice to anyone considering Cisco ASA Firewall is that you need a lot of money to implement the Cisco solution. But it's a good solution. If you want to go to Cisco, you need a lot of money.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Network Engineer at a manufacturing company with 501-1,000 employees
Good monitoring capability, but it lacks the next-generation firewall functionality
Pros and Cons
- "The most valuable features for my client are the ASDM and monitoring."
- "Cisco ASA is not a next-generation firewall product."
What is our primary use case?
I am a consultant and when clients ask for white papers or studies, I do the research. At that point, they do whatever change processes they have; I give them all of the numbers and other relevant data, but that's the extent of what we do in my organization.
They are just using it as a stateful packet inspection firewall, traditional firewalling.
How has it helped my organization?
At this point, my client is looking for their next solution so something may not be working.
What is most valuable?
The most valuable features for my client are the ASDM and monitoring.
They have familiarity with the Cisco CLI.
What needs improvement?
Cisco ASA is not a next-generation firewall product.
For how long have I used the solution?
My client has been using the Cisco ASA solution for approximately five years.
What do I think about the stability of the solution?
They've been using it for five years and my assumption is that it's been good for what they needed it t do. However, they were consulting to move forward with something different.
What do I think about the scalability of the solution?
The scalability is very limited because as a traditional firewall, it's a step behind. As far as the scale goes, my assumption is that you just buy a bigger model.
Which solution did I use previously and why did I switch?
I was not consulting with this client when they implemented the Cisco ASA.
This is a hardware-based device, versus a virtual one, so it's maxed out.
How was the initial setup?
My assumption is that it's a typical HA, basic setup.
Which other solutions did I evaluate?
My client is looking for a next-generation firewall solution to replace the Cisco ASA.
What they need is a step up from what they already have that includes application-controlled firewall rules, as well as other features that ASA doesn't currently have.
What other advice do I have?
My suggestion for anybody who is looking at Cisco ASA is to work with the vendor, as they have newer products.
I would rate this solution a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Specialist at a financial services firm with 501-1,000 employees
Automated policies save us time
Pros and Cons
- "On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you."
What is our primary use case?
Some are being used as edge firewalls and others are for our server-farm/data center. So some are being used as transparent firewalls and others are used as a break between the LAN and WAN.
In addition to the firewalls, we have Mimecast for email security as we're using Office 365. We're also using IBM's QRadar for SIEM. For antivirus we're just using Microsoft Windows Defender. We also have an internet proxy for content and for that we're using NetScaler.
How has it helped my organization?
Automated policies definitely save us time. I would estimate on the order of two hours per day.
What is most valuable?
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed.
It's not so difficult to pull out reports for what we need.
It comes with IPS, the Intrusion Prevention System, and we're also using that.
For how long have I used the solution?
I've been using Cisco ASA NGFW for five years.
What do I think about the stability of the solution?
The stability is quite good. We haven't had issues. I've used them for five years now and I haven't seen any hardware failures or software issues. They've been running well. I would recommend them for their reliability.
What do I think about the scalability of the solution?
You can extend your network. They are cool. They are good for scalability.
How are customer service and technical support?
We have a Cisco partner we're working with. But if they're struggling to assist us then they can log a ticket for us. Our partner is always a 10 out of 10.
What was our ROI?
Given that we have been upgrading with Cisco firewalls, I would say that our company has seen a return on investment with Cisco. We would have changed to a different product if we were not happy.
The response time from the tech and the support we get from our partner is quite good. We have never struggled with anything along those lines, even hardware RMAs. Cisco is always there to support its customers.
What's my experience with pricing, setup cost, and licensing?
The pricing is quite fair for what you get. If you're comparing with other products, Cisco is expensive, but you do get benefits for the price.
Which other solutions did I evaluate?
The firewall that I was exposed to before was Check Point.
What other advice do I have?
It's very good to get partner support if you're not very familiar with how Cisco works. Cisco Certified Partner support is a priority.
For application visibility and control we're using a WAN optimizer called Silver Peak.
To replace the firewalls within our data center we're planning to put in FMCs and FTDs. With the new FMCs what I like is that you don't need to log in to the firewalls directly. Whatever changes you do are done on your FMCs. That is a much needed improvement over the old ASAs. You can log in to the management center to make any configuration changes.
There are two of us managing the ASAs in our company, myself and a colleague, and we are both network specialists. We plan to increase usage. We're a company of 650 employees and we also have consultants who are coming from outside to gain access to certain services on our network. We need to make provisions on the firewall for them.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
Has next gen features like application awareness and intrusion protection but the CLI needs to be simplified
Pros and Cons
- "They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities."
- "I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."
What is our primary use case?
Our primary use case is whatever is best for our customer. I'm the service provider. The customer's main purpose is to use the malware services protection and the firewall itself, as well as the application awareness feature.
How has it helped my organization?
My client company is Cisco Oriented. They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. That is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.
What is most valuable?
Firepower is an okay product. However, it is better as a firewall than the IPS or other services it provides.
What needs improvement?
I was trying to learn how this product actually operates and one thing that I see from internal processing is that it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. They put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. Something similar can be done in Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. An internal function that is something that they can improve upon.
They can also improve on cost because Cisco is normally expensive and that's the reason customers do not buy them.
Also, if they could provide integration with Cisco Umbrella, that would actually improve the store next level. Integration is one thing that I would definitely want.
From a technical perspective, maybe they could simplify the CLI. That is one thing that I would like to be implemented because Cisco ASA or Cisco, in general, is usually good at simple CLIs. That is one thing that I saw lacking in FTD. Maybe because they got it from another vendor. They're trying to integrate the product.
For how long have I used the solution?
Two years
What do I think about the stability of the solution?
From a stability diagnosis, once I did the deployment it did not give me any issue for at least six to eight months. Once it went to a stable support, I did not see major problems. I don't think there were issues with stability.
However, the core upgrades frequently come in, so you need to be carefully devising that support management. From a stability perspective, if you are happy with your current stuff and you do not require past updates it would be very stable. If you're using an IPS, the only challenge would be past management. With Cisco having cloud integration and just firing one command and getting things done, it is still okay. It is a good stable product.
What do I think about the scalability of the solution?
We have only one or two firewalls as a site data center firewall.
From what I have studied, they are scalable. You can have eight firewalls integrated with the FTP devices. I don't think scalability would be an issue but I do not have a first-hand answer on that.
There are approximately 2,500 customer base users using Cisco Firepower. It's a data center firewall, so all the sites integrate for one data center.
You do not need extra staff to maintain Firepower. One field technician engineer, FTE would be sufficient and should not be a problem. I don't think extra staff would be needed. For support, for instance, you need one person.
How are customer service and technical support?
They have very good documentation, so there's a small chance you will actually need technical support. I would give kudos to the Cisco documentation. That would be the answer.
I have not tried the support because most of it has been solved with the documentation. Nevertheless, Cisco support has typically been a pleasant experience. I don't think that would be a problem with this.
Which solution did I use previously and why did I switch?
We did previously use a different solution. They had two different solutions. One was Cisco ASA itself and before that, they used Check Point.
We are a Cisco company and that's the reason they are moving from one Cisco product to another Cisco product, which was better than the previous one. So, that was a major reason for the switch. I would say the other vendors are improving. This company was just Cisco oriented so they wanted something Cisco.
How was the initial setup?
The initial setup is a bit difficult. Other vendors are doing the app integration solution. The initial setup was medium in complexity.
You need to install the Firepower CLI. You need to log into that and then you'll need to sit down to connect to the ASA and configure the ASA level services. You also need a Firepower management station for it to work appropriately. The setup is serious and a bit complex.
What about the implementation team?
In my scenario, because I had to learn the entire technology over there and then apply it, it took me around two weeks time to do it. Then the integration, improvisation, and stuff that normally happens took some extra time. You can safely say around two to four weeks period is what it normally takes for deployment. This is based on how the company evaluates the product. It depends on how much you know at that point.
Usually, for the deployment, the company works with Cisco, so they only use Cisco products. I am a DIY person, I did the deployment myself.
What's my experience with pricing, setup cost, and licensing?
We normally license on a yearly basis.
The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you.
All the shipping charges will be paid by you also.
I don't think there are any other hidden charges though.
Which other solutions did I evaluate?
We gave them Palo Alto as an alternative option. I think they were more into Cisco. They did not evaluate the Palo Alto though, they just opted for Cisco.
What other advice do I have?
If you're really looking into Cisco Firepower, they have a good product, but I would say study hard and look around. If you want an easier product, you can always use Palo Alto. If you are a Cisco guy and you want to be with Cisco, you'll need to get an integration service engineer from the Cisco side. That will actually help you out a lot. Alternatively, maybe you can go for Palo Alto. That would be the best thing to do.
If you are not worried about the technical integration part and learning how it works and how well it can go with the environment, I would recommend you go ahead and take an integration engineer with you. Doing a POC could be troublesome for you. We have professional services. You can leverage that.
If you do not want to invest much money on all that stuff you can go ahead and hire someone who's already aware. Or if not, you can use any other vendor like Palo Alto.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Officer at a non-tech company with 10,001+ employees
We find this product scalable and stable.
Pros and Cons
- "It is scalable and stable."
- "Tech support could not answer all of our questions. I had to do research on the web to solve my issues."
What is our primary use case?
We primarily use this product for networking. We are a Cisco shop, as far as networking goes.
What needs improvement?
I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
We have not encountered issues with stability of the solution.
What do I think about the scalability of the solution?
The scalability is fine. We have no problems with the solution. We have two of them in a standby configuration.
How is customer service and technical support?
If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.
What's my experience with pricing, setup cost, and licensing?
I would consider this solution on the "high end" of the pricing spectrum.
Which other solutions did I evaluate?
I have considered Check Point and Juniper in the past.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at Modern Woodmen of America
Sourcefires' visibility and control have been a great addition to the product
Pros and Cons
- "Sourcefire has been a great addition. The visibility and control have been nice."
- "If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great."
What is our primary use case?
The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.
How has it helped my organization?
Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had.
What is most valuable?
Sourcefire has been a great addition. The visibility and control have been nice.
I also like the active/standby HA.
What needs improvement?
The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great.
Also, AnyConnect is very difficult to manage and use.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?