Try our new research platform with insights from 80,000+ expert users
Systems Administrator\Ag. IT Manager at a construction company with 201-500 employees
Real User
It secures my network and is very stable
Pros and Cons
  • "It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon."
  • "Its configuration through GUI as well as CLI can be improved and made easier."

What is our primary use case?

I am using Cisco ASA as my firewall. I use it for security purposes to block access and for VPN. It is on the perimeter, so basically, it secures my network.

What is most valuable?

It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon.

What needs improvement?

Its configuration through GUI as well as CLI can be improved and made easier.

For how long have I used the solution?

I have been using this solution for more than five years. I am using the Cisco ASA 5505 model.

Buyer's Guide
Cisco Secure Firewall
March 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is very stable.

How are customer service and support?

I manage it myself. If I can't, then I get somebody else. I don't have any support from Cisco.

How was the initial setup?

The initial setup was slow. It took a day or two.

What about the implementation team?

Unfortunately, there were not too many skilled guys who could install it. I had to get a third party for installation and configuration. I had to get somebody qualified in Cisco Security, and he was the only person who could actually configure it well.

What's my experience with pricing, setup cost, and licensing?

I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much.

What other advice do I have?

I would definitely recommend this solution. You just have to learn how to configure it. It is a Cisco solution, and there is not much to be improved. I plan to keep using it and expand its usage.

I would rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
InfSec4893 - PeerSpot reviewer
Information Security Officer at a non-tech company with 10,001+ employees
Real User
We find this product scalable and stable.
Pros and Cons
  • "It is scalable and stable."
  • "Tech support could not answer all of our questions. I had to do research on the web to solve my issues."

What is our primary use case?

We primarily use this product for networking. We are a Cisco shop, as far as networking goes.

What needs improvement?

I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

We have not encountered issues with stability of the solution.

What do I think about the scalability of the solution?

The scalability is fine. We have no problems with the solution. We have two of them in a standby configuration.

How is customer service and technical support?

If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.

What's my experience with pricing, setup cost, and licensing?

I would consider this solution on the "high end" of the pricing spectrum.

Which other solutions did I evaluate?

I have considered Check Point and Juniper in the past.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
March 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
PeerSpot user
Technical Specialist with 5,001-10,000 employees
Real User
The throughput and reliability of the product improve the network stability of our organization.

What is most valuable?

VPN (site to site VPN and remote access ), NAT policies, modular policy framework, detailed troubleshooting methods.

How has it helped my organization?

The throughput and reliability of the product improve the network stability of our organization.

What needs improvement?

Area : URL filtering and content filtering.

When Cisco ASA is presented as an enterprise firewall, that should be capable doing IPS/IDS, firewalling, VPN concentrator, application filtering, URL filtering and content filtering.

Of course, the last three technologies can do by a proxy. But nowadays, all next generation firewalls like Fortinet, Check Point, and Palo Alto are each bundling the UTM features into a single box with multiple separate content processors (hardware) to do these jobs.

This would enable single pane glass for management. No need to look at different devices for change management and troubleshooting.

I would say Cisco ASA is the best except for its URL and content filtering module. And these modules in ASA are not straightforward, rather complex in managing the device.

What was my experience with deployment of the solution?

I've been using this solution since 2007.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

All product-based firewalls will encounter scalability issues. The firewall sizing is important during the sizing.

How are customer service and technical support?

Good.

Which solution did I use previously and why did I switch?

I used to work with most of the hardware firewalls, Cisco ASA is reliable and few technologies are good enough to compete for the market (VPN, Modular policy framework, NAT, etc.).

How was the initial setup?

Straightforward -- console or via the interface.

What's my experience with pricing, setup cost, and licensing?

Expensive when compared to other products.

Which other solutions did I evaluate?

Yes, all.

What other advice do I have?

If you are looking into implementing VPN or advanced features, I recommend using this product. URL or content filtering is not good as much as the NGFWs are.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
NetworkE721d - PeerSpot reviewer
Network Engineer with 201-500 employees
Real User
Before anything, you need to know your infrastructure really well
Pros and Cons
  • "IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
  • "ASDM can be improved."

How has it helped my organization?

The context aware module gave us good visibility and control over the ingress and egress communications. Allowing us to filter unnecessary communications like streaming video, allowing us to control bandwidth utilization.

What is most valuable?

IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now.

The packet tracer command is a great tool for troubleshooting IPSec Tunnel, which I miss in the Palo Alto and other firewalls.

Also, the IP access list counter is a good feature while troubleshooting.

What needs improvement?

ASDM can be improved.

Also, a rollback option to a previous config in time will be a great option. Logging can be improved to a vast extent, I think Palo Alto has a pretty good logging structure.

What do I think about the stability of the solution?

Yep, more than once, but only on one box out of the three we purchased. Suppose we got a lemon, because once replaced, everything was fine.

What do I think about the scalability of the solution?

We never had an infrastructure that required scalability.

How is customer service and technical support?

An eight out of 10. TAC was very good but some engineers were quite slow and I ended up figuring out the issue myself.

But overall, I like Cisco TAC a 1000 times more than Juniper TAC. Arista is the best TAC so far in my experience, they have the best talent pool.

How was the initial setup?

Quite straightforward for the most part, since I had TAC on call while setting it up.

What's my experience with pricing, setup cost, and licensing?

Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now.

Palo Alto is pretty decent for example, but support is the best with Cisco, hands down. All other TACs do not come close, except Arista, but they do not make firewalls.

Which other solutions did I evaluate?

None. My old company was a complete Cisco shop.

What other advice do I have?

Do look at Palo Alto for comparison, SonicWall is also on the market. But before anything, you need to know your infrastructure really well.

For example, we brought a PAN firewall for east-west traffic control so we could implement a zero trust network. But our business traffic is a bidding traffic which has extremely small packet size and huge connection size per seconds happening, which sent the PAN firewall into a tailspin. Since we bought the device without a POC, we had to eat the cost. So make sure to do a PoC with all the vendor equipment before you purchase it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Operation Manager
Real User
​NGFW features software stability, quick software updates for known bugs/vulnerabilities.

What is most valuable?

NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.

How has it helped my organization?

It is small, nobody knows where it is, nobody knows what it is, it works silently. So, as there is no issue, it is good for business and organization.

What needs improvement?

License politics, license price, precise vendor roadmap for this product.

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

Yes, FirePower is not stable, because every new software version comes with many features that cause problems. Cisco has to do it because other vendors have already added these features.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

High.

Which solution did I use previously and why did I switch?

3Com TippingPoint as IPS, Zyxel ZyWALL ZyXEL ZyWALLas VPN server. Cisco has good documentation and it is easy for Cisco certificated engineers.

How was the initial setup?

Complex, because of non-ready Firepower service software setup.

What's my experience with pricing, setup cost, and licensing?

The last years' experience showed that there is no full security, so why pay more. Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities and reliable hardware, is acceptable for an organization.

Which other solutions did I evaluate?

No.

What other advice do I have?

Cisco's ASA product line will be replaced by Cisco FTD. And Cisco FTD software is not ready for production (lack of many basic NGFW features). So, maybe only high-performance Firepower 41xx/21xx/90xx Series is good as IPS.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Member of the Board of Directors at a tech services company with 1,001-5,000 employees
Consultant
Class-based policing is the most important part of the ASA, and was its differentiator.

What is most valuable?

Class-based policing is the most important part of the ASA, and was its differentiator.

How has it helped my organization?

It gave us more organized DMZs and logical segments.

What needs improvement?

I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a case-by-case basis. This makes it difficult for people who want to study and trial new technologies and features.

For how long have I used the solution?

I’ve been using ASA technology since it was PIX, so since 1999.

What do I think about the stability of the solution?

We have not had stability issues.

What do I think about the scalability of the solution?

We have not had scalability issues.

How are customer service and technical support?

Support with Cisco TAC, or with VARs like WWT and Trace3 is usually pretty good.

Which solution did I use previously and why did I switch?

I have used both ASA and PAN. Different strokes for different folks.

How was the initial setup?

Initial setup is straightforward. You can get as granular and complex as you want, but out of the box, ASAs provide a secure FW solution.

Which other solutions did I evaluate?

We evaluate all other options.

What other advice do I have?

ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution. Documentation and use cases alone tend to make me a fan of Cisco's way of engineering, and they have come a long way over the last few years when it comes to integrating their solutions into comprehensive security communications platforms using tools like PRIME and ISE. FirePOWER and AMP make Cisco an even better overall contender for top FW status.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Security Consultant at a tech services company with 51-200 employees
Real User
It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN.

What is most valuable?

Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

How has it helped my organization?

It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.

What needs improvement?

Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

For how long have I used the solution?

I am using it more than five years.

What was my experience with deployment of the solution?

No issues, very easy to deploy.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

Migration to new version is very easy, therefore no issue.

How are customer service and technical support?

Customer Service:

9/10.

Technical Support:

9/10.

Which solution did I use previously and why did I switch?

Cisco ASA firewall is most reliable to protect the network, therefore I switched.

How was the initial setup?

Yes, straightforward and simple.

What about the implementation team?

I am also vendor.

What was our ROI?

100%.

What's my experience with pricing, setup cost, and licensing?

Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

Which other solutions did I evaluate?

Yes, Fortinet and Palo Alto.

What other advice do I have?

No.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
PeerSpot user
Principal Network Engineer at a tech services company with 51-200 employees
Consultant
Provides the capability of the higher end firewall products to handle most network tasks without issues.
Pros and Cons
  • "It makes it very easy to have delineated roles and responsibilities between network engineering and network security."
  • "In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."

How has it helped my organization?

It makes it very easy to have delineated roles and responsibilities between network engineering and network security.

What is most valuable?

I find the overall capability of the higher end firewall products to handle most network tasks without any issues. In addition, it is easy to train lower level help desk personnel on the GUI management.

What needs improvement?

People tend to think of firewalls as firewalls and routers as routers. Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site-to-site VPN tunnels.

In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines.

I cannot name the organization, but a large national non-profit in the medical field had too many network configuration problems because of the silo mentality.

Large Cisco ASA units have the capability to act as routers. This particular non-profit would not enable routing on the ASA until I explained that it resolve a number of issues that they were experiencing and resolving by static routes, a second Cisco ASA, and a proxy server.

What do I think about the stability of the solution?

Stability issues did not occur in my experience, as long as we stayed with the correct image builds.

What do I think about the scalability of the solution?

There were no scalability issues.

How is customer service and technical support?

Customer Service:

Generally, we do not need customer support, so it is hard to rate.

Technical Support:

Generally we do not need technical support, so it is hard to rate.

How was the initial setup?

The initial setup at many clients' sites was straightforward. Very complicated networks take a lot of planning.

What about the implementation team?

We implemented the solution in-house.

What was our ROI?

We cannot determine ROI just yet.

What's my experience with pricing, setup cost, and licensing?

Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design. This applies to any vendor, not just this product. I find that I always need to buy a higher level product than the specifications request in order to be safe.

Which other solutions did I evaluate?

In locations where I have used Cisco ASA firewalls, I have compared FortiGate and SonicWall.

What other advice do I have?

I utilize different brands of firewalls depending on the needs of a client, i.e., in-house IT versus outsourced. I am vendor agnostic as much as possible.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kiarash Barzoodeh - PeerSpot reviewer
Kiarash BarzoodehSenior Network Designer at ODI
Real User

hello
respectfully, you are right about routing, Cisco ASA is a best firewall that support routing. however, in best practices offer: do not use firewall as router and also is better to use firewall as transparent mode. because technically firewall designed for access control or something like that, so in high routing environment, sometime firewall cannot handle routing as router.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.