Cisco Secure Firewall Reviews

We are a solution provider and the Cisco ASA Firewall is one of the security products that we implement for our customers. My clients use it for security, and also to establish VPN connections.

My client is in the financial sector and all of the connections are doing using the VPN. This type of access makes the connections more secure.

The most important feature is the VPN connection.

My clients also use the antimalware features and the scan is very good. It also supports packet inspection and IPS.

Cisco ASA is easy to configure.

The integration with the security features is something that I like.

The SecureX ASA administration platform should be improved.

The orchestration of modules should be improved.

I would like to see the inclusion of a protocol that can be used to protect databases. This would be a good feature to have added.

We have been working with the Cisco ASA Firewall for approximately three years.

I have not had problems with stability, although I have had some small issues with bugs. In general, I can operate without a problem. 

It is very easy to scale this product. With SMC, you can control all levels of ASA in a central console. You can simply add a new ASA firewall to protect your network, and you will be able to control it.

We have approximately 300 users.

My clients for this solution are medium-sized organizations.

I have not been in contact with technical support but I use the implementation guide. I have also used the community support and I think that it's okay. The information that I received about the configuration was good.

Prior to Cisco ASA, my client was using Fortinet FortiGate. They switched because there were complaints about the connection being slow.

The complexity of the setup depends on the needs and requirements of the client.

When a client does not know exactly what is needed, the complexity increases because the configuration is not clear. You really have to have a good understanding of what the client needs before configuring it.

If the model does not have SMC then it is complex to configure.

The length of time for deployment also depends on the requirements, but it will usually take between three days and one week.

This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment.

My clients did evaluate other options but ultimately chose this product. Other than the VPN connection, I don't know the reasons for this decision.

I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed.

I would rate this solution an eight out of ten.

I'm the group information technology manager and we are customers of Cisco. 

The best feature for me is the VPN and I also like the firewall. 

In terms of improvement, we'd like to see a good graphical user interface. I'd also like to see the initial setup simplified. In comparison, if I were to implement the Fortigate firewall from scratch, it's a fairly simple set up. That is not the case with the ASA firewall, where you really need to have the skill and know what you're doing.

I've been using this solution for 18 years. 

The solution is stable, we haven't had any issues. If we need something, we go to a consultant. In terms of product stability, it works very well.

We haven't made any changes since implementing and we haven't tried scaling.  

We get our support from the resellers, not from Cisco. 

For those who have the technical know-how with Cisco products, I would recommend going with the ASA firewall, but if you're new to the field and running a smaller business, deployment will be complicated. 

I would rate this solution a nine out of 10. 

We primarily use the solution for basic firewall configurations such as NAT, FORWARD PORT and Block TCP-UDP Port.

My company is very small just built last year, i now am using cisco asa 5510 for NAT and Port Forward and limit users access directly from internet only via Remote-VPN.

The ability to block threats is its most valuable aspect.

Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.

It's pretty reliable and allows for isolation capabilities within the network.

The ADSM is very good.

I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.

The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use.

Cisco does not have a lot of web management. We have to use ASTM server management to make up for it.

I've been using the solution, give or take, for around five years at this point.

When we need assistance from technical support, we typically deal with the team in China. They've been very good. Whenever I have a problem, they can resolve it. They are knowledgeable and responsive. We're satisfied with the level of support we get.

We typically offer clients a few different solutions. For example, we may recommend Fortinet.

For a new user, the initial setup may be a bit difficult. For me, since I am comfortable with Cisco, it's pretty straightforward. A new connection has its own complexities. It may be a different thing on Java SDK. There may be some programs that may not be able to access it.

In Laos, clients don't have much wiggle room when it comes to cost. The economy right now isn't very good. Most just choose the basic solution in order to avoid pricey licensing fees.

subscription payment  

We're just customers. We use it in our office and suggest it to clients. However, we don't have a business relationship with Cisco.

We try to adhere to our client's needs, and therefore, if they specify hardware they want to use, like Fortinet, we tend to accommodate them.

That said, if they ask my opinion, I usually recommend Cisco ASA.

I know a lot about the product and I'm good at controlling everything. I have a lot of knowledge and understanding after working with it so closely. That's why I tend to favor it when my customers ask for advice.

Overall, I would rate the solution seven out of ten. If the user interface were a bit better, I'd rate it higher.

It is primarily used as a firewall. I think that all firewalls basically work the same, but some have different configurations of the switches. Cisco ASA is very strong. 

I think that there should be better security of other firewall appliances. Migration is another main issue. If you migrate from the ASA to the new Fire Power Threat Defense appliance, it is not an easy migration. You have to do some of the migration manually, and if you are relacing those firewalls it will take a long time. It should be a smoother migration process. Some of the new engineers are still not familiar with it, and I think that Cisco should rehire some of the engineers coming from Sourcefire to do so.

There is not much to say about the stability of the product. Migration is the painful aspect of the solution.

During the mitigation process, I used tech support. But, I still have not had a completely clean migration process.

I do not like to have too many vendors it becomes difficult to diagnose and deal with. If all the switches also ran the same, I would be OK. But, this does not usually happen. Often there are many configurations of switches and we end up switching on the switches.

Cisco has recently become very expensive. Other solutions on the market are cheaper than this solution.

We have also evaluated Fortinet and Sophos UTM as possible solutions.

• Hardware reliability
• Software stability
• Quick software updates for known bugs/vulnerabilities

These are very important in an enterprise environment.

It is small. Nobody knows where it is or what it is. It works silently. As there ar no issues, it is good for businesses and organizations.

• License politics
• License price
• Precise vendor roadmap for this product

I have used Cisco ASA for five years.

We have not had stability issues.

I would give them a high rating.

We were using TippingPoint as an IPS and ZyXEL ZyWALL as a VPN server.
Cisco has good documentation and it is easy for Cisco certified engineers.

The initial setup was straightforward.

Our experience last year showed us that there is no full security, so why should we pay more? Any security vendor with a user-friendly interface, with good support, on-time updates for known vulnerabilities, and reliable hardware, is acceptable for an organization.

We did not evaluate any alternatives.

The Cisco ASA product line will be replaced by Cisco FTD. Cisco FTD software is not ready for production, due to a lack of many basic NGFW features. Maybe only the high-performance Firepower 41xx/21xx/90xx Series is good as an IPS, because it is using a stable Sourcefire engine.

VPNs, reliability.

Connectivity with client Telcos works perfectly way and administration is simple.

I think it's the perfect Firewall for SME.

Five years.

No.

No.

10 out of 10.

Version 5515 is better than 5510 or 5505.

If you know how to use Cisco IOS, it's easy. Otherwise, you will find no way
of configuring it with ease.

Go for the complete bundle, it's a one time investment only. Otherwise, in the future you will have to buy other tools as licenses for some add-on services.

FortiGate 100D.

I would go for bundle licenses and hire a Cisco engineer for implementation.

Robustness

Reliability

No idea -- I learn a lot from them

From 2000 until 2014

Learning at the beginning

Nope -- If well planed you should be alright

Price maybe...

Excellent

Excellent

Not reliable for long term -- seem inferior quality

Depends on the product and the knowledge. Cisco firewalls can be difficult at first but once learned it's fine.

Me, I implemented the firewalls, Cisco switches and routers.

100% in some installations it exceeded the time predicted to keep up with the work load.

Netscreen, Netgear, Checkpoint, others..

Plan well the hardware requirements for future growth and heavy usage.

The ASDM has significantly improved over the years. Real-time logging and filtering is useful. Firewall rules are easy to understand, and enable/disable.

Change from Java for ASDM to HTML5. Better options to enable/disable site-to-site VPN tunnels.

8 years

The new NAT configuration is difficult to understand especially for people familiar with the pre v8.3 code.

Cisco TAC is good. They will set up a remote viewing session so they can work on the firewall as if they are sitting next to you.

Typically fast and useful.

In-house team.