Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Owner at David Strom Inc.
Writer
ExpertTop 20
Using Cisco ASA CX Firewall To Protect Your Network

Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user623778 - PeerSpot reviewer
it_user623778Technical Lead at a tech vendor with 1,001-5,000 employees
Vendor

Any network engineer you name their career begins with working on Cisco products. Cisco ASA is very user friendly when we use ASDM for configuration.

See all 5 comments
PeerSpot user
Senior Consultant at Unify Square
Real User
An excellent firewall, and one of the best available choices for big size companies. As usual excellence requires money.
Pros and Cons
  • "ASA is stable and with a low level of work required on the maintenance side."
  • "You have to know the ASA command line very well because not all operations are available in the graphical interface"

What is our primary use case?

Cisco ASA is born as an hardware firewall. The user case is security check on company's external connections (Internet and VPN access).

Most recent versions include antivirus and intrusion prevention to add security layers (including the above scenarios and the internal network) 

How has it helped my organization?

Cisco ASA have been the main security device for many years, slowly replaced with Check Point on the main datacentre.

What is most valuable?

ASA is stable and with a low level of work required on the maintenance side. It is a dedicated firewall, so you do not have to manage additional topics like spam, web sites filtering and so on.The routing part is high level as usual with Cisco products.  

What needs improvement?

You have to know the ASA command line very well because not all operations are available in the graphical interface (or let's say that sometimes it is better to operate with the ASA CLI).If you are searching for an "all in one product" it is not for you

What do I think about the stability of the solution?

No, stability is a really strong point with ASA.

What do I think about the scalability of the solution?

No, an assessment about the workload is important to select the right device.

How are customer service and technical support?

Over many year, the only kind of support we needed directly from Cisco was (really seldom) for parts replacement

Which solution did I use previously and why did I switch?

The previous solution was based on software firewalls that where not able to perform as the Cisco ASA

How was the initial setup?

Setup of a firewall, on a medium / large deployment is always a complex work.

Cisco ASA (more than other vendors' solutions) require a lot of know-how and real world expertise to be configured properly.

What about the implementation team?

More than one external team (Cisco partners) has been involved over time.

All of them were outstanding in their work.

What was our ROI?

Positive. The devices serves thousands of users for many years, outliving other vendors solutions.

What's my experience with pricing, setup cost, and licensing?

Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution. 

Which other solutions did I evaluate?

When the choice was made, some comparison was made with other market leaders but integration with the existing Cisco network was a really important positive side in the final decision.

What other advice do I have?

ASA is one of the the state-of-the-art firewall devices for security.
It is affordable and not too complicated to use if you are doing standard operations (modifying ACLs, natting and so on) on an existing deployment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user487374 - PeerSpot reviewer
it_user487374VP Product Management at PeerSpot
Consultant

Did it replace a different product you had? Did you consider other products before choosing to go with this one?

Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
IT Operation Manager
Real User
​NGFW features software stability, quick software updates for known bugs/vulnerabilities.

What is most valuable?

NGFW features software stability, quick software updates for known bugs/vulnerabilities. Why no hardware reliability (see Clock Signal Component Issue -Cisco)? Because without NGFW features it is basically like a home router.

How has it helped my organization?

It is small, nobody knows where it is, nobody knows what it is, it works silently. So, as there is no issue, it is good for business and organization.

What needs improvement?

License politics, license price, precise vendor roadmap for this product.

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

Yes, FirePower is not stable, because every new software version comes with many features that cause problems. Cisco has to do it because other vendors have already added these features.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

High.

Which solution did I use previously and why did I switch?

3Com TippingPoint as IPS, Zyxel ZyWALL ZyXEL ZyWALLas VPN server. Cisco has good documentation and it is easy for Cisco certificated engineers.

How was the initial setup?

Complex, because of non-ready Firepower service software setup.

What's my experience with pricing, setup cost, and licensing?

The last years' experience showed that there is no full security, so why pay more. Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities and reliable hardware, is acceptable for an organization.

Which other solutions did I evaluate?

No.

What other advice do I have?

Cisco's ASA product line will be replaced by Cisco FTD. And Cisco FTD software is not ready for production (lack of many basic NGFW features). So, maybe only high-performance Firepower 41xx/21xx/90xx Series is good as IPS.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
We decided to go with Cisco because stability and reliability were major concerns for us.

What is most valuable?

Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) are a huge step forwards for an already great platform.

How has it helped my organization?

We purchased a pair of ASAs to handle all perimeter traffic in and out of our network. This devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Avalability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.

What needs improvement?

Only problem in my opinion is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part you'll need to stick to the CLI which is a bit difficult specially if you don't have a lot of experience around Cisco equipment.

For how long have I used the solution?

We've operated this firewalls for around 2 years now.

What was my experience with deployment of the solution?

ASAs are as complex as they are powerful. Configuration and administration are not as straightforward as other solutions and will take some time and studying to get used to them.

What do I think about the stability of the solution?

In my experience with various Firewall solutions, the stability and reliability of Cisco ASAs is unparalleled.

What do I think about the scalability of the solution?

No

How are customer service and technical support?

Customer Service:

Cisco offers great customer service.

Technical Support:

The best I have worked with.

Which solution did I use previously and why did I switch?

We used to have a SonicWall and an older ASA 5510 platform. Both were replaced by a Cisco ASA cluster using a pair of 5525x.

What's my experience with pricing, setup cost, and licensing?

ASAs are expensive. The initial cost is high compared to other similar solutions, and chances are the personnel that will operate them will require some training. But if you're aiming for stability and reliability, this is the best solution you will find.

Which other solutions did I evaluate?

We evaluated Fortinet and SonicWall, both great UTM vendors. Although those platforms are cheaper, we decided to go with Cisco because stability and reliability were mayor concerns for us, also the support is much better in my experience.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326337 - PeerSpot reviewer
it_user326337Customer Success Manager at PeerSpot
Consultant

Great to know, sounds like you've really had a great experience with ASA. How do you expect these enhancements to help your productivity and/or security in the long term?

See all 3 comments
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
Real User
One of the features that should be improved is the URL filtering engine, but the stability of this product is one of the key functionalities in our deployment.

What is most valuable?

The ability to intercept unwanted traffic, and prevent attacks without interrupting everyday work, and the stability of this product are the key functionalities in our deployment.

How has it helped my organization?

This product, and our implementation, are not directly correlated with the core business of our company. It is designed to protect our company from outside threats and reduce impact on other network elements, such as the backend firewall, DMZ zone and VPN concentrators.

What needs improvement?

Cisco ASA lacks some functionalities, when compared with other vendors’ products. Cisco need to implement some more functionalities, like client-less VPN (HTML5), but I expect that Cisco will continue to add, and improve, features of the product. One of the features that should be improved is the URL filtering engine, as currently it has limited functionality. For full functionality, you will need an external URL filtering server, like Websense.

For how long have I used the solution?

We have used it for more than five years, and have implemented it for perimeter network protection. It is designed for basic network protection for our corporate environment.

What was my experience with deployment of the solution?

No issues during the deployment, as we had good planning.

What do I think about the stability of the solution?

No issues with stability. The device is designed for hard work 24/7. I never have a lack of resources like RAM or CPU. The only reason I need to restart the device is during a software upgrade.

What do I think about the scalability of the solution?

In our deployment, we did not have a scalability issue.

How are customer service and technical support?

Customer Service:

It is very high.

Technical Support:

We did not have any technical problems with this product, so we have not had need of technical support

Which solution did I use previously and why did I switch?

We implemented ASA after a complete redesign of our network, and we believe that Cisco ASA is the right solution for our needs.

How was the initial setup?

The initial setup is straightforward, as there is a lot of documentation available on the Cisco site, and other sites, which makes planning and deployment pass without any problems. However, the ASA is a complex device, with a lot of features and further tuning is complex and you must have the right knowledge to do it. Configuration can be done through a Java based application called ASDM or through the CLI interface. Using ASDM is much more simple and easy, but ASDM is not compatible with the newer Java version, so before implementation you must read the compatibility notes. Also, keep in mind that when upgrading ASA software, you must also upgrade the ASDM package.

What about the implementation team?

Initial implementation was through a vendor. I would rate their experience and expertise as 9/10.

What was our ROI?

Calculating the ROI for network security or IT security is complex and dependent on many factors, like the implementation, role, expectation etc. IT security cannot be compromised, but on the other hand, we must ask how much is enough. In our case, we do not have a defined ROI for this product.

What's my experience with pricing, setup cost, and licensing?

The cost of the setup was only the product price, local vendor support for the implementation, and employee training. This product is set it and forget it, so we do not have day to day costs.

Which other solutions did I evaluate?

We did not evaluate other products. One reason was that we believe that the ASA is a reliable product and fits our needs. Another reason, was the lack of local support for other solutions.

What other advice do I have?

Unfortunately, the ASA 5500 is EoS and EoL, and I hope that Cisco’s NGF 5500-X series will be a worthy successor. This does not mean that Cisco will stop software support and will continue to release new software versions with new and improved features for the ASA 5500 series.

As with any other product, the main things for a successful implementation are to decide what you want to achieve, and what your main goal is, and then, you need good planning, not only for your current needs, but you also need to keep in mind further grow and needs. Good planning is, at least, 80% of successful implementation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2108076 - PeerSpot reviewer
Network Engineer at a government with 10,001+ employees
Real User
Is stable, but management features need to be updated
Pros and Cons
  • "I like that it is easy to change the settings."
  • "Cisco ASDM is a problem because it is old."

What is our primary use case?

We use ASA firewalls to limit traffic between the networks.

We use an on-premises deployment model.

What is most valuable?

I like that it is easy to change the settings.

What needs improvement?

Cisco ASDM is a problem because it is old.

For how long have I used the solution?

I've been working with it for a year, but my company has been using Cisco firewalls for 15 years.

We use Cisco Secure Firewall ASA 5506 and 5508.

What do I think about the stability of the solution?

Cisco Secure Firewall ASA's stability is good.

How are customer service and support?

I recently had a case with technical support that took a couple of weeks to resolve. We use Cisco Smart Licensing and are not connected to the net. It was a big problem to get it to work. Cisco's technical support did not know how it worked, and I had to tell them how it worked. We haven't had interactions with technical support where there were more positive outcomes.

On a scale from one to ten with ten being the best, I would rate technical support at two.

How would you rate customer service and support?

Negative

How was the initial setup?

The initial deployment is easy for this solution.

What other advice do I have?

Overall, I would rate this solution at seven out of ten because Cisco ASDM needs to be updated.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1662657 - PeerSpot reviewer
Network Engineer at a computer software company with 51-200 employees
Real User
Enables us to create policies based on who is accessing a resource instead of just IP addresses but the UI needs improvement
Pros and Cons
  • "Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
  • "It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."

How has it helped my organization?

I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.

Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.

What is most valuable?

If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.

What needs improvement?

The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable. 

The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.

It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.

For how long have I used the solution?

We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.

What do I think about the stability of the solution?

For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.

What do I think about the scalability of the solution?

We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.

Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.

How are customer service and technical support?

The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.

Which solution did I use previously and why did I switch?

I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.

Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.

How was the initial setup?

I recently deployed a similar solution at a customer's premises, and that setup was straightforward.

The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.

It took two to four hours, including some upgrades.

What other advice do I have?

My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.

I would rate it a seven out of ten. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
MD.SIHAB TALUKDAR - PeerSpot reviewer
System Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Stable and reasonably-priced, and the support is okay
Pros and Cons
  • "The most valuable feature is stability."
  • "The performance should be improved."

What is our primary use case?

This is a product that is used at the infrastructure level to protect the network from outside traffic.

What is most valuable?

The most valuable feature is stability.

What needs improvement?

When using this product, our network is slower. The performance should be improved.

The installation could be made easier.

For how long have I used the solution?

We have been working with Cisco Firepower NGFW Firewall for more than two years.

What do I think about the stability of the solution?

This is a stable product and we plan to continue using it.

How are customer service and technical support?

Support from Cisco is good enough.

How was the initial setup?

The installation can be easy, although it is slightly more difficult to install than Fortinet FortiGate. One day is enough for deployment but it takes a long time to configure.

What about the implementation team?

I deployed Firepower with support from the team in India.

We have a team of three people for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

The price of Firepower is not bad compared to other products.

What other advice do I have?

This is a good product and I recommend it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.