Cisco Secure Firewall Reviews

The primary use is to block incoming threats from the internet, at the edge of the network.

It's performing well. We check the report of blocked pages, blocked attacks, etc.

Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure.

All the features are good. The GUI is among the most valuable.

It is on multiple boxes so ISP load balancing, multiple network load balancing would be helpful.

Also a web-based portal for VPN. Earlier they had it in the ASA model, but currently, they don't have it. The user needs to just click on the link so he can work.

It is quite stable, it is able to detect. But the malware part should probably be upgraded. Performance-wise it is good and it has a long life.

It has limits. If your network is going beyond it, then you'll have to replace it with higher model.

Technical support is good.

We have been using Cisco for a long time, various models. We had PIX, then ASA. We were quite comfortable with the performance, it never failed. But our old solution was coming to end-of-life. Also, this is able to more block more threats from the application layer, etc.

The most important criteria when selecting a vendor are 

• reputation
• technology
• features
• cost.
  

The initial setup was a bit complex.

My advice would depend on what your comfort level is. If you have already used Cisco, I would recommend this, to evaluate it at least. Evaluate it and learn how useful it is.

It gives good performance, the technology is quite good, sufficient for our objectives, protecting our network, etc. The missing two points are because they have to do make more improvements.

Some of the valuable features are detecting malware and blocking blacklisted URLs.

It has enhanced the security in every network over time.

As of now, I can't find any flaws with the device or any improvement that I can suggest.

I have been working with the device for the past two years.

The upgrade is a bit of a pain in the neck.

There were no issues with the stability

Scalability has been all-star perfect.

I would give customer service a rating of 10/10.

I would give technical support a rating of 10/10.

We have only used Cisco security devices.

The setup was smooth and simple.

We implemented it by ourselves and with some support from the Cisco TAC.

The feature sets are great when there are no software bugs. With FirePOWER, you can enhance security, have effective management, and a good reporting engine.

It provides detection of zero day infections through FirePOWER AMP.

Well tested software releases. We have had a number of bugs on the FirePOWER software across several clients which have been very inconsistent and have affected our ability to deliver.

I have used the ASA portion for over eight years and the FirePOWER portion for about three years.

We did have stability issues with the FirePOWER software.

We did not have scalability issues with the high end devices.

I give technical support a rating of 5/10.

We are part of the integrator space. When we changed products, it was to displace a product that no longer met the client’s requirements.

The setup was reasonably straightforward.

Get a clear understanding of what the licensing entails before committing.

We checked out Check Point and FortiGate.

Plan very well in order to have a seamless project implementation and transition.

Robustness

Reliability

No idea -- I learn a lot from them

From 2000 until 2014

Learning at the beginning

Nope -- If well planed you should be alright

Price maybe...

Excellent

Excellent

Not reliable for long term -- seem inferior quality

Depends on the product and the knowledge. Cisco firewalls can be difficult at first but once learned it's fine.

Me, I implemented the firewalls, Cisco switches and routers.

100% in some installations it exceeded the time predicted to keep up with the work load.

Netscreen, Netgear, Checkpoint, others..

Plan well the hardware requirements for future growth and heavy usage.

• Network firewall
• FirePOWER services (URL filtering, IPS)

With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never had before, now we can see all the applications that our users are using the most and we can see if there is malware on our network.

The FirePOWER defense system has no integration with the firewall management of the ASA, I mean you can’t create ACLS, rules, VPNS NAT, and so on. All of this has to be done with the ASDM which, from my point of view, is very complex if you are not used to it, you should be able to manage the entire solution from one central software like Defense system, but right now you can’t. This is one of the biggest problems I see right now

I've used it for two years.

The FirePOWER deployment has to be done from the management port of the ASA. This port has to be dedicated because all the communication from the defense system to the appliance goes by that port, so you need to have different networks (inside and management port) to be able to implement this feature. It would be nice again if you can just configure this from one single point and not two (defense system and ASDM).

No, I have never had any problems with Cisco equipment regarding stability.

No issues encountered.

8/10.

6/10 - I mean you need luck when you open a case with Cisco to have someone with expertise on the product. I’ve had great TAC experiences and the worst ones too, if you have a loss of service they put you with people that know what they are doing, but if you want to configure something extra and you just ask the TAC how to do it, sometimes you get someone that appears to be learning the solution. Many times, I´ve been able to solve it by myself sooner than the TAC.

We previously used Microsoft ISA and switched because it's no longer supported.

In our case straightforward, because we do not have many rules on our firewall, but I’ve seen cases where the migration from one firewall to another can be very tedious.

We did it in-house.

If you are using Cisco, then you will be very familiar with the product, and maybe you won't encounter any problems at all. However, if Cisco is a new solution, you should ask for a demo to see the interface of the ASDM and the defense system in action, and then decide if this is the kind of insight you need of your network.

We use it for our VPN requirements. We wanted to allow people to work from home and we used the ASA to create VPNs through AnyConnect at the endpoints.

It has 

• allowed people to work from home when they otherwise couldn't
• improved response times when there are fires that need to be put out when people are not onsite.

The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.

I would like to see them update the GUI so that it doesn't look like it was made in 1995.

I've been using the Cisco ASA Firewall for between one and two years.

It's been very stable. I don't think we've ever had an issue with it failing entirely.

It scales well. We've had no issues ramping things up.

We're going to expand our usage of it. We rolled it out to about 200 users and now we're going to expand that to about 1,000 users out of our 3,000-user base. It has been really good.

The tech support is excellent. I've always gotten really good tech support from Cisco.

Positive

We did not have a previous solution.

The pricing could always be cheaper.

The solution always requires maintenance. I have about two people who are the "experts" and they help maintain it pretty well.

Cyber security resilience has been extremely important for our organization because of our customers' demands for security. The ASA has really helped to accomplish that with the VPN. My advice to leaders who are looking to build resilience is don't go cheap, and make sure you have backup solutions and high availability.

It's a good, robust firewall and VPN solution, with lots of knobs to turn. It is effective at what it does.

It's very stable and mature.

The content filtering on an application level is not as good as other solutions such as Palo Alto.

While the price is fair with all of the features that it has, it should be cheaper.

I have been using the Cisco ASA Firewall for seven years.

It's a stable solution.

We have plans to continue using this solution in the future.

It's a scalable product. We have 200,000 users in our organization.

Cisco technical support is good.

Previously, we used other products. We used Fortinet and CheckPoint.

We have a team of 50 or 60 Network Engineers to maintain this solution.

The price is fair. It's not the cheapest, but it's not bad.

Cisco ASA Firewall is a good product. I would recommend it to others who are interested in using it.

I would rate it a seven out of ten.

We primarily use the solution for basic firewall configurations such as NAT, FORWARD PORT and Block TCP-UDP Port.

My company is very small just built last year, i now am using cisco asa 5510 for NAT and Port Forward and limit users access directly from internet only via Remote-VPN.

The ability to block threats is its most valuable aspect.

Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.

It's pretty reliable and allows for isolation capabilities within the network.

The ADSM is very good.

I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.

The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use.

Cisco does not have a lot of web management. We have to use ASTM server management to make up for it.

I've been using the solution, give or take, for around five years at this point.

When we need assistance from technical support, we typically deal with the team in China. They've been very good. Whenever I have a problem, they can resolve it. They are knowledgeable and responsive. We're satisfied with the level of support we get.

We typically offer clients a few different solutions. For example, we may recommend Fortinet.

For a new user, the initial setup may be a bit difficult. For me, since I am comfortable with Cisco, it's pretty straightforward. A new connection has its own complexities. It may be a different thing on Java SDK. There may be some programs that may not be able to access it.

In Laos, clients don't have much wiggle room when it comes to cost. The economy right now isn't very good. Most just choose the basic solution in order to avoid pricey licensing fees.

subscription payment  

We're just customers. We use it in our office and suggest it to clients. However, we don't have a business relationship with Cisco.

We try to adhere to our client's needs, and therefore, if they specify hardware they want to use, like Fortinet, we tend to accommodate them.

That said, if they ask my opinion, I usually recommend Cisco ASA.

I know a lot about the product and I'm good at controlling everything. I have a lot of knowledge and understanding after working with it so closely. That's why I tend to favor it when my customers ask for advice.

Overall, I would rate the solution seven out of ten. If the user interface were a bit better, I'd rate it higher.