We primarily use this product for networking. We are a Cisco shop, as far as networking goes.
Information Security Officer at a non-tech company with 10,001+ employees
We find this product scalable and stable.
Pros and Cons
- "It is scalable and stable."
- "Tech support could not answer all of our questions. I had to do research on the web to solve my issues."
What is our primary use case?
What needs improvement?
I think the room for improvement of this solution is that there is a need for more of an application awareness capability. I just don't think it has the application awareness. It obviously looks at ports and what not, but it is not necessarily able to identify applications by their action, and what they're doing.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
We have not encountered issues with stability of the solution.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
What do I think about the scalability of the solution?
The scalability is fine. We have no problems with the solution. We have two of them in a standby configuration.
How are customer service and support?
If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.
What's my experience with pricing, setup cost, and licensing?
I would consider this solution on the "high end" of the pricing spectrum.
Which other solutions did I evaluate?
I have considered Check Point and Juniper in the past.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at Modern Woodmen of America
Sourcefires' visibility and control have been a great addition to the product
Pros and Cons
- "Sourcefire has been a great addition. The visibility and control have been nice."
- "If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great."
What is our primary use case?
The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.
How has it helped my organization?
Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had.
What is most valuable?
Sourcefire has been a great addition. The visibility and control have been nice.
I also like the active/standby HA.
What needs improvement?
The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great.
Also, AnyConnect is very difficult to manage and use.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
October 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
Owner at David Strom Inc.
Using Cisco ASA CX Firewall To Protect Your Network
Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Consultant at Unify Square
An excellent firewall, and one of the best available choices for big size companies. As usual excellence requires money.
Pros and Cons
- "ASA is stable and with a low level of work required on the maintenance side."
- "You have to know the ASA command line very well because not all operations are available in the graphical interface"
What is our primary use case?
Cisco ASA is born as an hardware firewall. The user case is security check on company's external connections (Internet and VPN access).
Most recent versions include antivirus and intrusion prevention to add security layers (including the above scenarios and the internal network)
How has it helped my organization?
Cisco ASA have been the main security device for many years, slowly replaced with Check Point on the main datacentre.
What is most valuable?
ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web sites filtering and so on.The routing part is high level as usual with Cisco products.
What needs improvement?
You have to know the ASA command line very well because not all operations are available in the graphical interface (or let's say that sometimes it is better to operate with the ASA CLI).If you are searching for an "all in one product" it is not for you
What do I think about the stability of the solution?
No, stability is a really strong point with ASA.
What do I think about the scalability of the solution?
No, an assessment about the workload is important to select the right device.
How are customer service and technical support?
Over many year, the only kind of support we needed directly from Cisco was (really seldom) for parts replacement
Which solution did I use previously and why did I switch?
The previous solution was based on software firewalls that where not able to perform as the Cisco ASA
How was the initial setup?
Setup of a firewall, on a medium / large deployment is always a complex work.
Cisco ASA (more than other vendors' solutions) require a lot of know-how and real world expertise to be configured properly.
What about the implementation team?
More than one external team (Cisco partners) has been involved over time.
All of them were outstanding in their work.
What was our ROI?
Positive. The devices serves thousands of users for many years, outliving other vendors solutions.
What's my experience with pricing, setup cost, and licensing?
Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution.
Which other solutions did I evaluate?
When the choice was made, some comparison was made with other market leaders but integration with the existing Cisco network was a really important positive side in the final decision.
What other advice do I have?
ASA is one of the the state-of-the-art firewall devices for security.
It is affordable and not too complicated to use if you are doing standard operations (modifying ACLs, natting and so on) on an existing deployment.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Operation Manager
NGFW features software stability, quick software updates for known bugs/vulnerabilities.
What is most valuable?
NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.
How has it helped my organization?
It is small, nobody knows where it is, nobody knows what it is, it works silently. So, as there is no issue, it is good for business and organization.
What needs improvement?
License politics, license price, precise vendor roadmap for this product.
For how long have I used the solution?
Two years.
What do I think about the stability of the solution?
Yes, FirePower is not stable, because every new software version comes with many features that cause problems. Cisco has to do it because other vendors have already added these features.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
High.
Which solution did I use previously and why did I switch?
3Com TippingPoint as IPS, Zyxel ZyWALL ZyXEL ZyWALLas VPN server. Cisco has good documentation and it is easy for Cisco certificated engineers.
How was the initial setup?
Complex, because of non-ready Firepower service software setup.
What's my experience with pricing, setup cost, and licensing?
The last years' experience showed that there is no full security, so why pay more. Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities and reliable hardware, is acceptable for an organization.
Which other solutions did I evaluate?
No.
What other advice do I have?
Cisco's ASA product line will be replaced by Cisco FTD. And Cisco FTD software is not ready for production (lack of many basic NGFW features). So, maybe only high-performance Firepower 41xx/21xx/90xx Series is good as IPS.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
We decided to go with Cisco because stability and reliability were major concerns for us.
What is most valuable?
Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.
How has it helped my organization?
We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.
What needs improvement?
Only problem in my opinion is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part you'll need to stick to the CLI which is a bit difficult specially if you don't have a lot of experience around Cisco equipment.
For how long have I used the solution?
We've operated this firewalls for around 2 years now.
What was my experience with deployment of the solution?
ASAs are as complex as they are powerful. Configuration and administration are not as straightforward as other solutions and will take some time and studying to get used to them.
What do I think about the stability of the solution?
In my experience with various Firewall solutions, the stability and reliability of Cisco ASAs is unparalleled.
What do I think about the scalability of the solution?
No
How are customer service and technical support?
Customer Service:
Cisco offers great customer service.
Technical Support:The best I have worked with.
Which solution did I use previously and why did I switch?
We used to have a SonicWall and an older ASA 5510 platform. Both were replaced by a Cisco ASA cluster using a pair of 5525x.
What's my experience with pricing, setup cost, and licensing?
ASAs are expensive. The initial cost is high compared to other similar solutions, and chances are the personnel that will operate them will require some training. But if you're aiming for stability and reliability, this is the best solution you will find.
Which other solutions did I evaluate?
We evaluated Fortinet and SonicWall, both great UTM vendors. Although those platforms are cheaper, we decided to go with Cisco because stability and reliability were mayor concerns for us, also the support is much better in my experience.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Great to know, sounds like you've really had a great experience with ASA. How do you expect these enhancements to help your productivity and/or security in the long term?
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
One of the features that should be improved is the URL filtering engine, but the stability of this product is one of the key functionalities in our deployment.
What is most valuable?
The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.
How has it helped my organization?
This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and reduce impact on other network elements, such as the backend firewall, DMZ zone and VPN concentrators.
What needs improvement?
Cisco ASA lacks some functionalities, when compared with other vendors’ products. Cisco need to implement some more functionalities, like client-less VPN (HTML5), but I expect that Cisco will continue to add, and improve, features of the product. One of the features that should be improved is the URL filtering engine, as currently it has limited functionality. For full functionality, you will need an external URL filtering server, like Websense.
For how long have I used the solution?
We have used it for more than five years, and have implemented it for perimeter network protection. It is designed for basic network protection for our corporate environment.
What was my experience with deployment of the solution?
No issues during the deployment, as we had good planning.
What do I think about the stability of the solution?
No issues with stability. The device is designed for hard work 24/7. I never have a lack of resources like RAM or CPU. The only reason I need to restart the device is during a software upgrade.
What do I think about the scalability of the solution?
In our deployment, we did not have a scalability issue.
How are customer service and technical support?
Customer Service:
It is very high.
Technical Support:We did not have any technical problems with this product, so we have not had need of technical support
Which solution did I use previously and why did I switch?
We implemented ASA after a complete redesign of our network, and we believe that Cisco ASA is the right solution for our needs.
How was the initial setup?
The initial setup is straightforward, as there is a lot of documentation available on the Cisco site, and other sites, which makes planning and deployment pass without any problems. However, the ASA is a complex device, with a lot of features and further tuning is complex and you must have the right knowledge to do it. Configuration can be done through a Java based application called ASDM or through the CLI interface. Using ASDM is much more simple and easy, but ASDM is not compatible with the newer Java version, so before implementation you must read the compatibility notes. Also, keep in mind that when upgrading ASA software, you must also upgrade the ASDM package.
What about the implementation team?
Initial implementation was through a vendor. I would rate their experience and expertise as 9/10.
What was our ROI?
Calculating the ROI for network security or IT security is complex and dependent on many factors, like the implementation, role, expectation etc. IT security cannot be compromised, but on the other hand, we must ask how much is enough. In our case, we do not have a defined ROI for this product.
What's my experience with pricing, setup cost, and licensing?
The cost of the setup was only the product price, local vendor support for the implementation, and employee training. This product is set it and forget it, so we do not have day to day costs.
Which other solutions did I evaluate?
We did not evaluate other products. One reason was that we believe that the ASA is a reliable product and fits our needs. Another reason, was the lack of local support for other solutions.
What other advice do I have?
Unfortunately, the ASA 5500 is EoS and EoL, and I hope that Cisco’s NGF 5500-X series will be a worthy successor. This does not mean that Cisco will stop software support and will continue to release new software versions with new and improved features for the ASA 5500 series.
As with any other product, the main things for a successful implementation are to decide what you want to achieve, and what your main goal is, and then, you need good planning, not only for your current needs, but you also need to keep in mind further grow and needs. Good planning is, at least, 80% of successful implementation.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a government with 10,001+ employees
Is stable, but management features need to be updated
Pros and Cons
- "I like that it is easy to change the settings."
- "Cisco ASDM is a problem because it is old."
What is our primary use case?
We use ASA firewalls to limit traffic between the networks.
We use an on-premises deployment model.
What is most valuable?
I like that it is easy to change the settings.
What needs improvement?
Cisco ASDM is a problem because it is old.
For how long have I used the solution?
I've been working with it for a year, but my company has been using Cisco firewalls for 15 years.
We use Cisco Secure Firewall ASA 5506 and 5508.
What do I think about the stability of the solution?
Cisco Secure Firewall ASA's stability is good.
How are customer service and support?
I recently had a case with technical support that took a couple of weeks to resolve. We use Cisco Smart Licensing and are not connected to the net. It was a big problem to get it to work. Cisco's technical support did not know how it worked, and I had to tell them how it worked. We haven't had interactions with technical support where there were more positive outcomes.
On a scale from one to ten with ten being the best, I would rate technical support at two.
How would you rate customer service and support?
Negative
How was the initial setup?
The initial deployment is easy for this solution.
What other advice do I have?
Overall, I would rate this solution at seven out of ten because Cisco ASDM needs to be updated.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Meraki MX
Zscaler Internet Access
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Palo Alto Networks WildFire
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
Any network engineer you name their career begins with working on Cisco products. Cisco ASA is very user friendly when we use ASDM for configuration.