Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.
Network Security Consultant at a tech services company with 51-200 employees
It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN.
What is most valuable?
How has it helped my organization?
It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.
What needs improvement?
Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.
For how long have I used the solution?
I am using it more than five years.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
What was my experience with deployment of the solution?
No issues, very easy to deploy.
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
Migration to new version is very easy, therefore no issue.
How are customer service and support?
Customer Service:
9/10.
Technical Support:9/10.
Which solution did I use previously and why did I switch?
Cisco ASA firewall is most reliable to protect the network, therefore I switched.
How was the initial setup?
Yes, straightforward and simple.
What about the implementation team?
I am also vendor.
What was our ROI?
100%.
What's my experience with pricing, setup cost, and licensing?
Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.
Which other solutions did I evaluate?
Yes, Fortinet and Palo Alto.
What other advice do I have?
No.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer with 1,001-5,000 employees
The solution has worked very well for us, but the configuration/management interface is complex.
What is most valuable?
- Firewall mode
- AnyConnect gateway
- Client-less SSL VPN
How has it helped my organization?
The versatility of the product has allowed us to solve a number of perimeter requirements without having to seek out different products or companies for solutions. It has allowed for a single management mechanism, and by having a single platform solution, it has allowed for simpler training.
What needs improvement?
The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations.
For how long have I used the solution?
I've used Cisco PIX and ASA firewalls since 2003.
What was my experience with deployment of the solution?
Not with the ASAs, with some early version PIX products.
What do I think about the stability of the solution?
Not with the ASAs, with some early version PIX products.
What do I think about the scalability of the solution?
The ASAs offer several different technologies for HA and we have used all of them successfully.
How are customer service and technical support?
Customer Service:
It's excellent.
Technical Support:Excellent, we have always been able to get the specific expertise needed to solve our challenges with the products.
Which solution did I use previously and why did I switch?
Checkpoint Firewalls - the primary reason we switched was cost and limited support options.
How was the initial setup?
It's pretty straightforward. I came at these products already having considerable firewall experience.
What about the implementation team?
It was all in-house, as we all had 10 years plus experience when we moved to PIX firewalls and then a few years later we brought in the ASAs.
Which other solutions did I evaluate?
- Watchguard
- Sonicwall
- Checkpoint
What other advice do I have?
The product line offers tremendous capability. Please look into all of the solutions it can provide for you to maximize your investment.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
November 2024
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
Network security engineer at a tech services company with 1,001-5,000 employees
Good IPS/IDS functionality, straightforward to set up, and simple to deploy
Pros and Cons
- "The most valuable features of this solution are advanced malware protection, IPS, and IDS."
- "Web filtering needs improvement because sometimes the URL is miscategorized."
What is our primary use case?
We use this solution for advanced IPS, IDS, advanced malware protection, and web filtering.
What is most valuable?
The most valuable features of this solution are advanced malware protection, IPS, and IDS.
What needs improvement?
web filtering needs to improve because cisco firepower sync with bright cloud website for the website category. sometimes your URL is falling in the wrong category because of the bright cloud. so if you want to change the category you will have to drop the mail to the bright cloud and they will take action and it's a very long procedure.
For how long have I used the solution?
more than 2 years
What do I think about the stability of the solution?
This is a very reliable solution.
What do I think about the scalability of the solution?
I have extended my Cisco solution and did not have any trouble.
We have more than 400 users and we plan to increase usage.
How was the initial setup?
The initial setup is very simple to deploy in the Egyptian network. It takes two to three days to deploy but if you are implementing AMP then it will take an extra one or two days.
What's my experience with pricing, setup cost, and licensing?
I am happy with the product in general, including the pricing.
Which other solutions did I evaluate?
We evaluated a Sophos firewall but when I checked the reviews, I found that Sophos did not rate as well in terms of IPS, IDS, and malware protection.
What other advice do I have?
Cisco utilizes BrightCloud for URL filtering. Web filtering is the main problem with this product.
My advice to anybody who is considering this product is that if they want good security, compared to other offerings such as those by Check Point and Palo Alto, then they should implement Cisco Firepower.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a manufacturing company with 10,001+ employees
Accurate CLI, knowledgeable support team, valuable features
Pros and Cons
- "To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface."
- "It is hard to collaborate with our filtered environment."
What is our primary use case?
We utilize the solution for our IT security.
What is most valuable?
To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.
We frequently use the Bottleneck feature we purchased specialized from Cisco.
What needs improvement?
It is hard to collaborate with our filtered environment.
If Cisco could combine the Bottleneck feature of ASA, their platform called Umbrella, and the other team they have that has similar malware protection into one, this would be perfect.
For how long have I used the solution?
I have been using the solution for almost three years.
What do I think about the stability of the solution?
The solution is stable. However, It does have some bugs, but Cisco always fixes them really quickly. Sometimes we have to restart and it would be better if the bugs could be fixed without having to reload.
What do I think about the scalability of the solution?
The scalability is not perfect.
How are customer service and technical support?
The support has been great and responsive. Most of their engineers are very professional and knowledgeable.
How was the initial setup?
The setup is easy to do if you are familiar with these type of installs, if not then it could be difficult.
What's my experience with pricing, setup cost, and licensing?
We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier.
Which other solutions did I evaluate?
We will probably change to a higher version in the near future or migrate to a next-generation firewall which would include IPI and some other new features. This makes sense because our current firewall ends the support in several years.
Cisco FirePower, the next-generation firewall, is much better for stability.
What other advice do I have?
I have used many versions of the software over the years, versions 8.6 to 9.1 and 9.9 to 9.12.
Keep in mind before purchasing the solution, if you do need to scale the solution then ASA is probably not right for you.
I rate Cisco ASA Firewall an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator at a non-profit with 1-10 employees
User-friendly UI, blocking by category, has plenty of features
Pros and Cons
- "You do not have to do everything through a command line which makes it a lot easier to apply rules."
- "The solution could offer better control that would allow the ability to restrictions certain features from a website."
What is our primary use case?
We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.
What is most valuable?
Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.
You do not have to do everything through a command line which makes it a lot easier to apply rules.
You are able to see the traffic of what sites users are visiting.
There are warnings if you are about to go to sites that could be malicious.
It also allows you to block within categories, such as, by URL.
The solution always had these capabilities, but it did not have a user interface that was user-friendly.
What needs improvement?
The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.
For how long have I used the solution?
We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.
What do I think about the stability of the solution?
The stability is good so far. My opinion could change in another couple of months once we get more deeply involved with the solution.
What do I think about the scalability of the solution?
We currently are protection approximately 220 users.
How are customer service and technical support?
We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them.
Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.
I rate the tech support service generally from Cisco a seven out of ten.
How was the initial setup?
The installation is not hard and not easy either, it falls in between.
What about the implementation team?
The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.
What other advice do I have?
Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.
I rate Cisco Firepower NGFW Firewall a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security/Network Management at a educational organization with 201-500 employees
Offers great technical support and good security from the firewalls
Pros and Cons
- "The technical team is always available when we have problems."
What is our primary use case?
Our primary use case of this program is network protection.
How has it helped my organization?
Up until now we haven't been down due to issues with the internet connection or denial of service, so the program does what it claims to do.
What is most valuable?
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.
What needs improvement?
The program is very expensive.
For how long have I used the solution?
We've been using Cisco Sourcefile Firewalls for three years.
What do I think about the stability of the solution?
We haven't had any problems with the stability so far.
What do I think about the scalability of the solution?
We have 500 users working on the solution and I believe it may increase, so I believe the program is scalable.
How are customer service and technical support?
The technical support from the company is very good. They are always available when we have problems.
Which solution did I use previously and why did I switch?
We did use another UTM solution before for firewall, URL and band management. We didn't switch, we just have two layers now. If we want to use Cisco for band management or URL safety, we have to pay a license fee and it is very expensive.
How was the initial setup?
The initial setup was straightforward and it took the company about a day to deploy the firewalls.
What's my experience with pricing, setup cost, and licensing?
The licensing is very expensive.
What other advice do I have?
In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Software Engineer at FireEye
Performance-wise, it is top-notch. However, it is a bit tough to navigate and see what is going on.
Pros and Cons
- "It is a comprehensive suite and complete package."
- "Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on."
What is our primary use case?
For the AWS version, Cisco is our primary use. We have our own appliances and products, which are indicated as Cisco ASA. So, we test these product against Cisco ASA using different types of rules for new cases. During the test process, we make sure the integration works.
We have been using the solution for two years.
How has it helped my organization?
Right now, it serves a purpose and has everything that we need. Performance-wise, it is top-notch.
What is most valuable?
It is a comprehensive suite and complete package. We have the following with the product:
- Interest point detection
- Firewall stuff
- VPN
- It's configurable.
- It guards with its own threat intelligence.
We find that virtual instances are helpful because they are easy to use on AWS Marketplace, as they are On Demand. We have a lot of traffic on AWS. Therefore, to monitor the traffic rather than using on-premise, we use virtual instances of Cisco ASA. This is pretty easy to use and we receive value off of it.
What needs improvement?
Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on. While I like the UI and dashboards of Cisco ASA, if you compare them to Palo Alto or Fortinet, they have much richer UIs. An analyst (or anyone) can see them, and say, "I have got all these important pointers on my dashboard." However, with Cisco ASA, we need to dig into many things and go to many views to see what is actually there.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is stable. We put a good amount of stress on it.
What do I think about the scalability of the solution?
Especially for the AWS version, we can spin up multiple instances and do load-balancing.
We have 15 to 20 Cisco ASA switches with a couple of physical appliances and twelve machines. Our team is using four to five machines.
How is customer service and technical support?
It is all self-guided, and we were already using the physical appliances. Therefore, we knew how to use the product.
What was our ROI?
Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase.
For example, if you are working with a physical appliance, then you need to have a dedicated lab administrator to work with it, even to test a simple use case. This takes time because we would need to frequently reset that appliance and load all the data. It is no longer like that.
What's my experience with pricing, setup cost, and licensing?
Purchasing from the AWS Marketplace was easy. It was just point and click.
It is pay-as-you-go, so it much cheaper than buying in the plants.
Which other solutions did I evaluate?
We also checked Fortinet and Palo Alto, their AWS versions.
When compared products, Cisco ASA is easy on AWS. We received a trial version. It is easy to setup and evaluate.
We also already had Cisco products. This provided a tighter integration with what we already had. Since most of our traffic stays in AWS, it made sense to use AWS Cisco ASAv.
What other advice do I have?
Once you deploy a virtual database or virtual machine for any product, like Cisco. The first thing to do with your data is test it. So, you need to be prepared with the test that you want to test before you deploy the instances. Because after deploying instances, you wait and see what the data come back with, how to configure it, and review what doesn't work. Therefore, you need to do some background homework before starting, such as what type of data you need to put into it, how to test it, and will the system process it.
We have used both the on-premise and AWS version. We started using AWS in the past six to seven months. Prior to that, we used the on-premise version. The AWS version is better as it is quick to spin up and configure. Also, with AWS, everything is preset, and it is more flexible.
We have it integrated with many other products, like threat intelligence and analytics. For example, all our logs go into Splunk, then we receive our analytics from there. We also have Splunk on AWS. Thus, all the data stays on the cloud, so there is no latency, etc.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works at IDF technology
Valuable features include AnyConnect, double translations, and an independent IPS module
Pros and Cons
- "Valuable features include AnyConnect, double translations, and an independent IPS module."
- "The licensing needs simplification."
- "The IPS module is combined with the main operating system."
What is our primary use case?
This solution is involved in the protection of the network perimeter and the VPN gateway.
How has it helped my organization?
It allows you to fine-tune and create flexible circuits, as well as unites a large number of different types of connections.
What is most valuable?
- AnyConnect
- Double translations
- Independent IPS module
- High performance
- Various methods of organizing a VPN
What needs improvement?
- Simplify licensing
- Do not combine the IPS module with the main operating system.
- In new products, leave the CLI.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?