We use ASA firewalls to limit traffic between the networks.
We use an on-premises deployment model.
We use ASA firewalls to limit traffic between the networks.
We use an on-premises deployment model.
I like that it is easy to change the settings.
Cisco ASDM is a problem because it is old.
I've been working with it for a year, but my company has been using Cisco firewalls for 15 years.
We use Cisco Secure Firewall ASA 5506 and 5508.
Cisco Secure Firewall ASA's stability is good.
I recently had a case with technical support that took a couple of weeks to resolve. We use Cisco Smart Licensing and are not connected to the net. It was a big problem to get it to work. Cisco's technical support did not know how it worked, and I had to tell them how it worked. We haven't had interactions with technical support where there were more positive outcomes.
On a scale from one to ten with ten being the best, I would rate technical support at two.
Negative
The initial deployment is easy for this solution.
Overall, I would rate this solution at seven out of ten because Cisco ASDM needs to be updated.
We are using it to manage our environment.
The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices.
It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.
I have been using this solution for five to ten years.
It is rather stable. It can have some peculiarities, but most of the time, it is quite stable.
These are big devices. They have multiple models, but most of the models can be virtualized. You can create many virtual firewalls and add whatever you want.
We faced some issues, but I don't deal with these issues. My colleague interacts with them, and it seems it is not that easy. Cisco is a large company, and sometimes, it is not easy to get quick and very efficient support.
We have a firewall specialist who handles the installation.
It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days.
It is a good solution for a big traffic load, but its management is not very easy. FortiGate is better in terms of management and user-friendliness.
I would rate Cisco ASA Firewall an eight out of ten.
Our primary use case of this program is network protection.
Up until now we haven't been down due to issues with the internet connection or denial of service, so the program does what it claims to do.
The firewalls of this program protects my internet from dangerous internet sites. For us, Cisco is the number one in firewall protection. We are seeking to buy another UTM solution for band management.
The program is very expensive.
We haven't had any problems with the stability so far.
We have 500 users working on the solution and I believe it may increase, so I believe the program is scalable.
The technical support from the company is very good. They are always available when we have problems.
We did use another UTM solution before for firewall, URL and band management. We didn't switch, we just have two layers now. If we want to use Cisco for band management or URL safety, we have to pay a license fee and it is very expensive.
The initial setup was straightforward and it took the company about a day to deploy the firewalls.
The licensing is very expensive.
In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.
One of the important aspect when deploying Ciso ASA firewall, it’s oblige you at the beginning to define your security level, which will make it easier when making your security policy ( traffic allow From Source to Destination)
A security level will define how trusted is an interface in relation to another interface on the Cisco ASA.
The Higher is the security level, is the more trusted is the interface.
The highest security level is , “ Security Level 100” .
Nowadays other Firewall manufacturer try to adopt the same deployment principle as the Cisco ASA with security level, however the Cisco ASA do have other interesting features which I think are very useful:
- Firepower services
- Security context
- Firepower management
Normally in terms of design, the user prefers to use Cisco ASAv as a border router or a border firewall, because you have two different kinds of firewalls. You have a firewall when the data communication enters the network, and then you have a firewall, for when you've been inside the network. So, for the inside network firewall, Check Point is better because it can make a better notation of your network infrastructure. But, for the incoming data, or border firewall, ASAv is better. In terms of improving the interface, if you compared to the Check Point file, then I think that ASAv should be better. They should improve the interface so that it's similar to the Check Point firewall.
The Cisco ASAv is really stable, especially if you compare it to Check Point. Not long ago Check Point did release one virtual firewall, and the virtual firewall of Check Point is not stable.
The hardware version of the firewall is more stable than the virtual one. In terms of the data center, many companies have a virtual data center in a group environment. Many companies want to have a virtual firewall, but the one from Check Point, in comparison to Cisco, is not stable at the moment.
The solution is really scalable.
I haven't dealt with technical support. We just check online, and if we have to contact Cisco about major issues, it's an internal department dealing with that. I don't know how technical support is, because our technical support team is located in Sofia, and I am in the Netherlands, so I don't have any view on that.
The setup is always different. If you have a small company, the setup is quite easy, but if you have a bigger company the setups are quite complex. Cisco is pretty good in routing. So in bigger situations, configuring the ASAv file is pretty straightforward.
The deployment also depends on the customer's site. So, the time changes because most of the time we have to do a migration. For example, some customers have an old firewall, and you have to migrate things to a new one. And sometimes, it's just copy/paste, but in some situations, we cannot migrate all firewall configurations to a new one.
In terms of how many people you need for deployment and maintenance, again, it's dependent on the company strategy around the help desk. You should have a maintenance engineer who should be part of a team. The deployment will be done in a team. You can have one person to do the deployment but usually, you always have a backup, so it would be two. And then, for the maintenance, it can be one person or two. The maintenance can be done on the site desk, operating after office hours, so it depends.
It's difficult to give specific advice on the solution because it always depends on the design solution and the strategy. So what I would recommend is to use different firewalls and to use Cisco ASAv as a border firewall.
I would rate this solution as 7.5 out of 10. I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than on ASAv, so that's why I say this. If you want to make things easier for an engineer, you always have to work on the interface. But the product, in and of itself, there's nothing wrong with it.
Generally, it has highly productive platforms and it has good capabilities.
It just works like an internal firewall. It's an ordinary role of this platform, nothing special.
At this point, we find that this product has high productivity and high availability and there is no need for improvement.
If there is old hardware, or old appliances, it does not necessarily work with the new Cisco generation firewalls.
It is a highly stable product. We rarely receive any serious outdates, so it works quite well.
Yes, we use the technical support maybe twice a year. We received a very fast response time.
It was very straightforward. It was not complex at all.
When evaluating a possible solution, I always consider:
Cisco ASA has an okay CLI with a nice GUI, but has poor performance.
Service Provider Operations manipulating thousands of firewall rules deploying Network Access Translations (NAT) for various multiservice networks.
Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%. This creates less stress on operations and network stability throughout the various maintenance tasks.
ASDM needs to be able to customize applets.
REST API stability needs improvement in order for customizing resource allocation available to the user rather than just being there transparently. This way users can customize REST API and tailor it to their needs.
Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors. We tested the ASA-5525-X in January 2013 and found a much improved user interface and lots of content-aware features.
Any network engineer you name their career begins with working on Cisco products. Cisco ASA is very user friendly when we use ASDM for configuration.