We are a solution provider and the Cisco ASA Firewall is one of the security products that we implement for our customers. My clients use it for security, and also to establish VPN connections.
Network Consulting Engineer at a comms service provider with 201-500 employees
Easy to configure, good VPN capabilities, and the antimalware features provide extra security
Pros and Cons
- "The most important feature is the VPN connection."
- "I would like to see the inclusion of a protocol that can be used to protect databases."
What is our primary use case?
How has it helped my organization?
My client is in the financial sector and all of the connections are doing using the VPN. This type of access makes the connections more secure.
What is most valuable?
The most important feature is the VPN connection.
My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.
Cisco ASA is easy to configure.
The integration with the security features is something that I like.
What needs improvement?
The SecureX ASA administration platform should be improved.
The orchestration of modules should be improved.
I would like to see the inclusion of a protocol that can be used to protect databases. This would be a good feature to have added.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
For how long have I used the solution?
We have been working with the Cisco ASA Firewall for approximately three years.
What do I think about the stability of the solution?
I have not had problems with stability, although I have had some small issues with bugs. In general, I can operate without a problem.
What do I think about the scalability of the solution?
It is very easy to scale this product. With SMC, you can control all levels of ASA in a central console. You can simply add a new ASA firewall to protect your network, and you will be able to control it.
We have approximately 300 users.
My clients for this solution are medium-sized organizations.
How are customer service and support?
I have not been in contact with technical support but I use the implementation guide. I have also used the community support and I think that it's okay. The information that I received about the configuration was good.
Which solution did I use previously and why did I switch?
Prior to Cisco ASA, my client was using Fortinet FortiGate. They switched because there were complaints about the connection being slow.
How was the initial setup?
The complexity of the setup depends on the needs and requirements of the client.
When a client does not know exactly what is needed, the complexity increases because the configuration is not clear. You really have to have a good understanding of what the client needs before configuring it.
If the model does not have SMC then it is complex to configure.
The length of time for deployment also depends on the requirements, but it will usually take between three days and one week.
What's my experience with pricing, setup cost, and licensing?
This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment.
Which other solutions did I evaluate?
My clients did evaluate other options but ultimately chose this product. Other than the VPN connection, I don't know the reasons for this decision.
What other advice do I have?
I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Group Information Technology Manager at a mining and metals company with 201-500 employees
Provides great VPN and firewall features; very stable
Pros and Cons
- "VPN and firewall are good features."
- "Lacks a good graphical user interface."
What is our primary use case?
I'm the group information technology manager and we are customers of Cisco.
What is most valuable?
The best feature for me is the VPN and I also like the firewall.
What needs improvement?
In terms of improvement, we'd like to see a good graphical user interface. I'd also like to see the initial setup simplified. In comparison, if I were to implement the Fortigate firewall from scratch, it's a fairly simple set up. That is not the case with the ASA firewall, where you really need to have the skill and know what you're doing.
For how long have I used the solution?
I've been using this solution for 18 years.
What do I think about the stability of the solution?
The solution is stable, we haven't had any issues. If we need something, we go to a consultant. In terms of product stability, it works very well.
What do I think about the scalability of the solution?
We haven't made any changes since implementing and we haven't tried scaling.
How are customer service and technical support?
We get our support from the resellers, not from Cisco.
What other advice do I have?
For those who have the technical know-how with Cisco products, I would recommend going with the ASA firewall, but if you're new to the field and running a smaller business, deployment will be complicated.
I would rate this solution a nine out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure Firewall
April 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
Executive Director at ict training and development center
Good at blocking threats and pretty reliable but needs a better user interface such as web interface for easier create policy
Pros and Cons
- "It's pretty reliable and allows for isolation capabilities within the network."
- "The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use."
What is our primary use case?
We primarily use the solution for basic firewall configurations such as NAT, FORWARD PORT and Block TCP-UDP Port.
How has it helped my organization?
My company is very small just built last year, i now am using cisco asa 5510 for NAT and Port Forward and limit users access directly from internet only via Remote-VPN.
What is most valuable?
The ability to block threats is its most valuable aspect.
Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.
It's pretty reliable and allows for isolation capabilities within the network.
The ADSM is very good.
I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.
What needs improvement?
The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use.
Cisco does not have a lot of web management. We have to use ASTM server management to make up for it.
For how long have I used the solution?
I've been using the solution, give or take, for around five years at this point.
What do I think about the scalability of the solution?
How are customer service and technical support?
When we need assistance from technical support, we typically deal with the team in China. They've been very good. Whenever I have a problem, they can resolve it. They are knowledgeable and responsive. We're satisfied with the level of support we get.
Which solution did I use previously and why did I switch?
We typically offer clients a few different solutions. For example, we may recommend Fortinet.
How was the initial setup?
For a new user, the initial setup may be a bit difficult. For me, since I am comfortable with Cisco, it's pretty straightforward. A new connection has its own complexities. It may be a different thing on Java SDK. There may be some programs that may not be able to access it.
What's my experience with pricing, setup cost, and licensing?
In Laos, clients don't have much wiggle room when it comes to cost. The economy right now isn't very good. Most just choose the basic solution in order to avoid pricey licensing fees.
Which other solutions did I evaluate?
subscription payment
What other advice do I have?
We're just customers. We use it in our office and suggest it to clients. However, we don't have a business relationship with Cisco.
We try to adhere to our client's needs, and therefore, if they specify hardware they want to use, like Fortinet, we tend to accommodate them.
That said, if they ask my opinion, I usually recommend Cisco ASA.
I know a lot about the product and I'm good at controlling everything. I have a lot of knowledge and understanding after working with it so closely. That's why I tend to favor it when my customers ask for advice.
Overall, I would rate the solution seven out of ten. If the user interface were a bit better, I'd rate it higher.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a healthcare company with 501-1,000 employees
It is a strong solution.
Pros and Cons
- "Cisco ASA is very strong."
- "Migration with other appliances is not easy. It has to be done manually, and this takes a long time."
What is our primary use case?
It is primarily used as a firewall. I think that all firewalls basically work the same, but some have different configurations of the switches. Cisco ASA is very strong.
What needs improvement?
I think that there should be better security of other firewall appliances. Migration is another main issue. If you migrate from the ASA to the new Fire Power Threat Defense appliance, it is not an easy migration. You have to do some of the migration manually, and if you are relacing those firewalls it will take a long time. It should be a smoother migration process. Some of the new engineers are still not familiar with it, and I think that Cisco should rehire some of the engineers coming from Sourcefire to do so.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
There is not much to say about the stability of the product. Migration is the painful aspect of the solution.
How is customer service and technical support?
During the mitigation process, I used tech support. But, I still have not had a completely clean migration process.
What about the implementation team?
I do not like to have too many vendors it becomes difficult to diagnose and deal with. If all the switches also ran the same, I would be OK. But, this does not usually happen. Often there are many configurations of switches and we end up switching on the switches.
What's my experience with pricing, setup cost, and licensing?
Cisco has recently become very expensive. Other solutions on the market are cheaper than this solution.
Which other solutions did I evaluate?
We have also evaluated Fortinet and Sophos UTM as possible solutions.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Operation Manager
Provides software updates for known bugs and vulnerabilities.
What is most valuable?
- Hardware reliability
- Software stability
- Quick software updates for known bugs/vulnerabilities
These are very important in an enterprise environment.
How has it helped my organization?
It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.
What needs improvement?
- License politics
- License price
- Precise vendor roadmap for this product
For how long have I used the solution?
I have used Cisco ASA for five years.
What do I think about the stability of the solution?
We have not had stability issues.
How are customer service and technical support?
I would give them a high rating.
Which solution did I use previously and why did I switch?
We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
Cisco has good documentation and it is easy for Cisco certified engineers.
How was the initial setup?
The initial setup was straightforward.
What's my experience with pricing, setup cost, and licensing?
Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.
Which other solutions did I evaluate?
We did not evaluate any alternatives.
What other advice do I have?
The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Network Engineer at a tech services company with 501-1,000 employees
Valuable features are its VPNs and reliability.
What is most valuable?
VPNs, reliability.
How has it helped my organization?
Connectivity with client Telcos works perfectly way and administration is simple.
What needs improvement?
I think it's the perfect Firewall for SME.
For how long have I used the solution?
Five years.
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
10 out of 10.
Which solution did I use previously and why did I switch?
Version 5515 is better than 5510 or 5505.
How was the initial setup?
If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way
of configuring it with ease.
What's my experience with pricing, setup cost, and licensing?
Go for the complete bundle, it's a one time investment only. Otherwise, in the future you will have to buy other tools as licenses for some add-on services.
Which other solutions did I evaluate?
FortiGate 100D.
What other advice do I have?
I would go for bundle licenses and hire a Cisco engineer for implementation.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Middle-Tier Admin Integrator at a tech services company with 51-200 employees
Cisco firewalls can be difficult at first but once learned it's fine.
What is most valuable?
Robustness
How has it helped my organization?
Reliability
What needs improvement?
No idea -- I learn a lot from them
For how long have I used the solution?
From 2000 until 2014
What was my experience with deployment of the solution?
Learning at the beginning
What do I think about the stability of the solution?
Nope -- If well planed you should be alright
What do I think about the scalability of the solution?
Price maybe...
How are customer service and technical support?
Customer Service:
Excellent
Technical Support:Excellent
Which solution did I use previously and why did I switch?
Not reliable for long term -- seem inferior quality
How was the initial setup?
Depends on the product and the knowledge. Cisco firewalls can be difficult at first but once learned it's fine.
What about the implementation team?
Me, I implemented the firewalls, Cisco switches and routers.
What was our ROI?
100% in some installations it exceeded the time predicted to keep up with the work load.
Which other solutions did I evaluate?
Netscreen, Netgear, Checkpoint, others..
What other advice do I have?
Plan well the hardware requirements for future growth and heavy usage.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Engineer at a tech services company with 1,001-5,000 employees
The new NAT configuration is difficult to understand. The ASDM has significantly improved over the years.
Valuable Features
The ASDM has significantly improved over the years. Real-time logging and filtering is useful. Firewall rules are easy to understand, and enable/disable.
Room for Improvement
Change from Java for ASDM to HTML5. Better options to enable/disable site-to-site VPN tunnels.
Use of Solution
8 years
Deployment Issues
The new NAT configuration is difficult to understand especially for people familiar with the pre v8.3 code.
Customer Service and Technical Support
Customer Service:
Cisco TAC is good. They will set up a remote viewing session so they can work on the firewall as if they are sitting next to you.
Technical Support:Typically fast and useful.
Implementation Team
In-house team.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
Can you tell me, please, how does an ASA learn about the MAC address of the host? Thank you.