Cisco Secure Firewall Reviews

One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination)

A security level will define how trusted is an interface in relation to another interface on the Cisco ASA.

The Higher is the security level, is the more trusted is the interface.

The highest security level is , “ Security Level 100” .

Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful:

- Firepower services

- Security context

- Firepower management

Normally in terms of design, the user prefers to use Cisco ASAv as a border router or a border firewall, because you have two different kinds of firewalls. You have a firewall when the data communication enters the network, and then you have a firewall, for when you've been inside the network. So, for the inside network firewall, Check Point is better because it can make a better notation of your network infrastructure. But, for the incoming data, or border firewall, ASAv is better. In terms of improving the interface, if you compared to the Check Point file, then I think that ASAv should be better. They should improve the interface so that it's similar to the Check Point firewall.

The Cisco ASAv is really stable, especially if you compare it to Check Point. Not long ago Check Point did release one virtual firewall, and the virtual firewall of Check Point is not stable.

The hardware version of the firewall is more stable than the virtual one. In terms of the data center, many companies have a virtual data center in a group environment. Many companies want to have a virtual firewall, but the one from Check Point, in comparison to Cisco, is not stable at the moment. 

The solution is really scalable.

I haven't dealt with technical support. We just check online, and if we have to contact Cisco about major issues, it's an internal department dealing with that. I don't know how technical support is, because our technical support team is located in Sofia, and I am in the Netherlands, so I don't have any view on that.

The setup is always different. If you have a small company, the setup is quite easy, but if you have a bigger company the setups are quite complex. Cisco is pretty good in routing. So in bigger situations, configuring the ASAv file is pretty straightforward.

The deployment also depends on the customer's site. So, the time changes because most of the time we have to do a migration. For example, some customers have an old firewall, and you have to migrate things to a new one. And sometimes, it's just copy/paste, but in some situations, we cannot migrate all firewall configurations to a new one.

In terms of how many people you need for deployment and maintenance, again, it's dependent on the company strategy around the help desk. You should have a maintenance engineer who should be part of a team. The deployment will be done in a team. You can have one person to do the deployment but usually, you always have a backup, so it would be two. And then, for the maintenance, it can be one person or two. The maintenance can be done on the site desk, operating after office hours, so it depends.

It's difficult to give specific advice on the solution because it always depends on the design solution and the strategy. So what I would recommend is to use different firewalls and to use Cisco ASAv as a border firewall.

I would rate this solution as 7.5 out of 10. I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than on ASAv, so that's why I say this. If you want to make things easier for an engineer, you always have to work on the interface. But the product, in and of itself, there's nothing wrong with it.

I worked for a Telecom provider, and we gave this solution to our customers.

The most important feature is its categorization because on the site and social media you are unified in the way they are there.

I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it.

Apart from the cost, I think Cisco is quite well-positioned in the market. Also, in terms of site capabilities, other companies are still in the lead. 

The price, integration, and licensing models are quite odd.

We didn't have any problem with its stability.

Scalability depends on the requirements of the license. The licensing scheme is complicated and not straightforward. I think there were around 200 users, sometimes more.

We used to use Fortinet, but we switched because of the lack of integration.

The initial setup was of a medium complexity. This was especially true when it came to integration of the data servers.

We used a consultant. They were very helpful. The documentation was quite easy to find for configuring the devices. We thought the boxes would be more parceled or more completely behind, but it was not a problem. The data was there.

I would recommend this solution. I would rate this solution as eight out of ten.

We are using both Cisco ASAv and FTD (Firepower Threat Defense). FTD has a better interface, but we have both of them running.

We are using Cisco ASAv for the FirePower service. We use a custom interface for our firewall.

Cisco ASAv is part of our central solution. You can use the ASA family or go on the portal for normal ASAv. We use FirePower at the edge of the network. 

If you are working with cloud services, it's better to use the ASAv family or other Cisco solutions.

We are using the Cisco AnyConnect for our end-user VPN with the ASA. 

If a user wants to connect to our network, they access it via the Cisco intranet and connect to the firewall at the edge.

I don't have any experience with the price, but ASA is a comprehensive solution.

In the next update of the Cisco ASAv, I would like to see them release a patch for ASAv, i.e. to put the FirePower solution into the cross-platform integration.

Normally, in ASA, we have good stability.

The scalability of ASAv we can easily manage. We can have good scalability in different times but we don't have HA in ASAv. Some features are removed in ASAv. 

If it's a normal ASA, i.e. a physical device, you have many more ways to scalability.

For technical support, I have little experience with Cisco, unless they patch some issues. I raised a ticket and got the response immediately. They are very supportive.

For me, ASA is easy. The deployment of ASAv is done in 20 minutes.

We used both an integrator and reseller for the deployment. For the initialization, it was me for our company. If we have an issue, we can raise a ticket or call for a Cisco patch. 

For the Cisco ASAv installation, I did it myself.

The pricing for Cisco ASAv depends on your license. With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect.

Our license is for one year only, renewable at variable pricing.

On a scale from one to ten, I would rate this product at nine. Cisco ASAv is good in many advanced networking features.

I'm working with Cisco. They have competition with many vendors.

I primarily use it for my small company to protect 5-10 users.

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor.

The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco. I think in Cisco it's more complicated to do that, in my opinion. 

It could also use a better web interface because sometimes it's complicated. The interface sometimes is not easy to understand, so maybe a better interface and better documentation.

My impression of the stability of the solution is that it's very good.

I don't have a sense of the scalability. I never extend the processes or usage.

My experience with customer service is very good in general. When I have a good person on the phone, or on the email, it's in general very fast and the reply is good. It's a good solution in general.

I previously used Juniper before Cisco, but only for one year. I switched because my company only used Cisco.

The initial setup was not complex, it's just difficult to find out how to do it. The FAQ is not clear. In terms of deployment, it depends on the client, but deployment takes about an average of six hours.

In general, I implement the solution myself.

I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. 

I would rate the solution 8 out of 10.

We have around 250 users and security is extremely important for us. 

The features I found most valuable in this solution are the overall security features. 

The overall application security features can be improved. 
It could also use a reporting dashboard. 

I found that Cisco ASAv is a really stable solution. 

I haven't tested scalability yet, but I believe it is a very scalable solution. We currently have 250 employees working on it without any issues.

The few times I've had to call in technical support, the service was excellent. I've had no issues.

Our company has used various other solutions in the past. We've decided to also install Cisco ASAv to add extra features to our system.

The initial setup was straightforward and it took me about two days to do the installation. The fine tuning took about a week. I am the IT Infrastructure Manager of our company, but I don't believe that individuals without IT knowledge would struggle to do the installation themselves.

We didn't use any consultant for the deployment - we installed and implemented Cisco ASAv ourselves and we didn't experience any problems.

We pay an annual fee.

We have used many other solutions in the past and we constantly look out for other options. So we didn't switch to Cisco ASAv, we simply started using it together with another solution. We now use two products in the same time.

I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.

We need a good and generic firewall which is why I bought Cisco ASAv. I also needed a secure VPN. The real reason I bought it though, was for the firewall. 

The firewall power that comes with Cisco ASAv is the most valuable asset. They are very easy to manage and configure. 

There definitely is room for improvement. We found it difficult to publish an antenna plug with the ASDM. Cisco should make the interface for the firewall more simple. 

This product is very stable. Before installing Cisco ASAv, I had two or three viruses in my network. Since installing ASA, I have not had any problems with viruses. There is a huge difference with and without ASA.

I am satisfied with the customer service because the assistance I got from the Cisco engineer was very good.

I used a different solution before. I used Meraki and it was a little simpler to use. However, currently, I only have Cisco routers.

The initial setup for Cisco ASAv was fairly simple. It wasn't very complicated, it would be okay for an intermediate professional. It can be made easier. I believe almost anybody could set up an ASA in a few hours. It took about two to three weeks for the platform to work properly.

The installation wasn't complicated at all and I got help from a Cisco engineer. 

I bought a license for three years and it was really affordable. 

I did consider other options as I have experience with Meraki and other devices. Meraki is simpler to use, but I decided on Cisco ASAv. 

I am really satisfied with the product and I rate this an 8.5 out of ten. The reason why I wouldn't rate it a ten, is because I find it a little more complicated to set up a firewall for publishing than when using Meraki. I therefore believe there is room for improvement.

We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.

Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.

Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.

The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.

With regards to stability, we had a critical bug come out during our evaluation.

It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.

Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.

We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.

We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.

Our in-house team tested and evaluated the solution.

Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.

Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.

Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?

We chose a different solution after performing in-house testing.

Our primary use case for this solution is to protect the Internet Edge, and our VPN (Virtual Private Network).

We moved from a Legacy firewall to the ASA with Firepower, increasing our internet Edge defense dramatically.

The most valuable features for us are Firepower and the VPN concentration. These are easy to use and have good insights.

The product would be improved if the GUI could be brought into the 21st Century.