Cisco Secure Firewall Reviews

• Network firewall
• FirePOWER services (URL filtering, IPS)

With the new FirePOWER services, Cisco has given the ASA new valuable features like URL filtering and a more simple and efficient IPS. With FirePOWER services, we have been able to have more insight of our network, something that we never had before, now we can see all the applications that our users are using the most and we can see if there is malware on our network.

The FirePOWER defense system has no integration with the firewall management of the ASA, I mean you can’t create ACLS, rules, VPNS NAT, and so on. All of this has to be done with the ASDM which, from my point of view, is very complex if you are not used to it, you should be able to manage the entire solution from one central software like Defense system, but right now you can’t. This is one of the biggest problems I see right now

I've used it for two years.

The FirePOWER deployment has to be done from the management port of the ASA. This port has to be dedicated because all the communication from the defense system to the appliance goes by that port, so you need to have different networks (inside and management port) to be able to implement this feature. It would be nice again if you can just configure this from one single point and not two (defense system and ASDM).

No, I have never had any problems with Cisco equipment regarding stability.

No issues encountered.

8/10.

6/10 - I mean you need luck when you open a case with Cisco to have someone with expertise on the product. I’ve had great TAC experiences and the worst ones too, if you have a loss of service they put you with people that know what they are doing, but if you want to configure something extra and you just ask the TAC how to do it, sometimes you get someone that appears to be learning the solution. Many times, I´ve been able to solve it by myself sooner than the TAC.

We previously used Microsoft ISA and switched because it's no longer supported.

In our case straightforward, because we do not have many rules on our firewall, but I’ve seen cases where the migration from one firewall to another can be very tedious.

We did it in-house.

If you are using Cisco, then you will be very familiar with the product, and maybe you won't encounter any problems at all. However, if Cisco is a new solution, you should ask for a demo to see the interface of the ASDM and the defense system in action, and then decide if this is the kind of insight you need of your network.

I use Cisco ASA Firewall at my company for network security.

Cisco ASA Firewall could improve by adding more advanced features such as web filtering, which is available in the next-generation firewalls. However, the Cisco ASA Firewall I am using could be old and these features have been updated.

I have been using this solution for approximately two years.

The stability needs improvement.

I have found the Cisco ASA Firewall scalability could improve.

I have not contacted technical support. There is a lot of information on the internet for troubleshooting. All you need to do is use a search engine and you will find the information you are looking for easily.

They can improve by adding a public troubleshooting process.

I have previously used Fortinet firewalls that I have found to be better.

I would not recommend Cisco.

I rate Cisco ASA Firewall a six out of ten.

I use it for VPNs, remote-access VPNs, environment issues, and failover issues. I also use the
content mode, NAT, and PAT in this firewall. We always use ASA for VPN sites and firewall sites. We use the edge for internet access for data center servers or company customers' internet access.

We always use ASA for integration another companies  and branches easily. 

The Inline Mode configuration works really well, and ASA works very impressively.

I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic at all. It's important, and you'll need an additional firewall. 

All next-generation firewalls don't have much control over Layer 7, but there's a little bit of control for inspection. ASA never controlled Layer 7, and it's a bad point.

 I don't like to use ASDM, a graphical interface, and other solutions for ASA. I wouldn't say I like this, and it's not good(ASDM).

I have over seven years of experience with Cisco ASA Firewall.

It's stable. ASA works very well, and it's impressive. I use only ASA and only the Inline Mode. 

It's a scalable, high availability solution. It's an active/standby model for VPN. But if you don't use VPN in these devices, it works as an active/active high availability model.

If you're a Cisco Administrator or Cisco certified, the initial setup isn't a problem. But if you don't know Cisco devices and how they work, it can get a little complicated.

I would advise new users to look at next-generation firewalls like FTD or other models from Cisco. It's better than Cisco ASA. Cisco ASA Firewall isn't a next-generation firewall.

On a scale from one to ten, I would give Cisco ASA Firewall an eight.

We are using Cisco ASAv in our company and have deployed it for many of our customers. They are in both government and the private sector.

The deployment method varies depending on the customer's needs. For the government, it's through the government cloud while others are on-premises.

It is very stable compared to other firewall products.

It has good security features.

The firewall features make it easy for the users to work on it.

The interface needs improvement. I would like a better interface for Cisco. Other solutions such as Palo Alto have a user-friendly dashboard.

They need a user-friendly interface that we could easily configure.

It would be beneficial to have some of the features that Cisco has, integrating with other types of security.

I have been using this solution for approximately eight years.

It's a very stable solution out of the box and we have not had any issues in our deployment.

We have 86% of the devices being used simultaneously.

It's scalable based on the type of license and modules that you require.

We don't have the option to update the box, but we can add features such as antivirus protection.

We have contacted technical support for some issues outside our technical expertise, mostly for updating the license.

We have a team that handles our issues.

We work on a case-by-case basis and are have good offers by Cisco.

It's very competitive with other products.

They should incorporate it with FortiGate, or Sophos firewalls. 

If they are looking for a layer 7 type of security then they need to go with another solution.

I would rate Cisco ASAv a nine out of ten.

We use this solution to join our private network to the customer's network.

In our business, we don't have to be on the customer's network, so a lot of people will install cheap equipment. We're trying to push it to where we can standardize the equipment, although the cost of Cisco products would have to come down a little bit in order for us to be more competitive.

Firewalls are difficult, and this solution gives us outside access to connect with the customer's network and service them better. It makes us more efficient.

This solution is easy to use if you know how to set it up.

The most valuable features are on the routing side, with the control between the two networks and the rules that are in there.

The inclusion of an autofill feature would improve the ease of commands.

This solution would benefit from being more cost-effective.

This solution is very stable, and I haven't seen any issues with it.

Scalability doesn't really apply to us, as it is just a firewall client.

Technical support for this solution is really good. We had an issue with a firewall and it was a good turnaround that was quick.

Our implementation of this solution was driven by the customer.

The initial setup of this solution is pretty straightforward. We did have some rules that somebody had put on it that didn't match up, but we got it all worked out.

We implemented this solution in-house.

With respect to the routers and switches, or the core stacks that we get, they seem to be pretty comparable so I don't have any issues with the licensing.

Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.

While we have a partnership with Cisco, there are other products that have been used within the company. After evaluating other products such as those by Barracuda, it just happened that this solution worked out better for us. I like the Cisco reputation.

With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward.

My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco.

I don't have any issues with this solution, so I would rate it a ten out of ten.

It was used for a remote office deployment connect back via VPN to the corporate office and services.

Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users.

The ability to have a protected home network on the unit and a separate secured office network linked back to corporate.

More intuitive support for SIP services are needed. This took a long time to configure properly for the user.

The primary use is to block incoming threats from the internet, at the edge of the network.

It's performing well. We check the report of blocked pages, blocked attacks, etc.

Previously, we only had a normal firewall, it was not next generation. It was not blocking many of the threats from Layer 7, the application layer. Now, this solution has IP, an intrusion prevention system, and because of the URL filtering, it can block other malware. It seems with the cloud database and the signatures, it compares the receiving files, then it blocks the URLs, making us more secure.

All the features are good. The GUI is among the most valuable.

It is on multiple boxes so ISP load balancing, multiple network load balancing would be helpful.

Also a web-based portal for VPN. Earlier they had it in the ASA model, but currently, they don't have it. The user needs to just click on the link so he can work.

It is quite stable, it is able to detect. But the malware part should probably be upgraded. Performance-wise it is good and it has a long life.

It has limits. If your network is going beyond it, then you'll have to replace it with higher model.

Technical support is good.

We have been using Cisco for a long time, various models. We had PIX, then ASA. We were quite comfortable with the performance, it never failed. But our old solution was coming to end-of-life. Also, this is able to more block more threats from the application layer, etc.

The most important criteria when selecting a vendor are 

• reputation
• technology
• features
• cost.
  

The initial setup was a bit complex.

My advice would depend on what your comfort level is. If you have already used Cisco, I would recommend this, to evaluate it at least. Evaluate it and learn how useful it is.

It gives good performance, the technology is quite good, sufficient for our objectives, protecting our network, etc. The missing two points are because they have to do make more improvements.

I am using Cisco ASA as the firewall for my business to guard the boundary of my business. It has been very helpful in my sector of media with my clients, essentially focusing on how secure their data is, especially when we are working on a few projects which involve multiple citations across Europe. 

Our content, which is the main asset for our firm, is pretty elusive behind the firewall of Cisco ASA.

It has improved my client's trust. 

VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info and wasted some operational costs. I would like to advise others to please be wary from the start.

It was initially heavy on my pocket, but it soon actualised its worth.