Cisco Secure Firewall Reviews and Pricing

Tony Petcou

Business Development Executive at CBI

May 3, 2018

Download

Though not NextGen, it is a good firewall

Pros and Cons

"The firewall and policy side are easy to use."

"Make the IPS baked-in."
"It is a good firewall, though not NextGen."

What is our primary use case?

The gateway firewall is where we use it the most.

How has it helped my organization?

The firewall and policy side are easy to use.

What is most valuable?

IDS.

What needs improvement?

Make the IPS baked-in. It is a good firewall, though not NextGen.

Buyer's Guide

Cisco Secure Firewall

March 2025

Free Report: Cisco Secure Firewall Reviews and More

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

DOWNLOAD NOW

839,319 professionals have used our research since 2012.

For how long have I used the solution?

One to three years.

Disclosure: My company has a business relationship with this vendor other than being a customer: CBI is a VAR for these products.

Yasir Al-Musawi

Network Security Specialist at a financial services firm with 501-1,000 employees

Feb 27, 2018

Download

It is easy to create interfaces and routing, but the product needs real-time logs

Pros and Cons

"It is easy to create interfaces and routing, which all can be done at the GUI level."

"The product needs real-time logs to be able to monitor our services, so we can know if any our services have been blocked via the firewall or on the application side."

What is our primary use case?

Currently used for at our disaster recovery site as our internal firewall, not a lot of services are running through it. We are still going around learning how to use it.

How has it helped my organization?

Since we have used Firepower firewall, we are facing issues of getting real-time logs, as they are not available with the latest version.

What is most valuable?

It is easy to create interfaces and routing, which all can be done at the GUI level. For now, we are still going around the services and will add more in the future.

What needs improvement?

The product needs real-time logs to be able to monitor our services, so we can know if any our services have been blocked via the firewall or on the application side.

For how long have I used the solution?

Less than one year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide

Cisco Secure Firewall

March 2025

Free Report: Cisco Secure Firewall Reviews and More

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

DOWNLOAD NOW

839,319 professionals have used our research since 2012.

it_user413292

Regional Manager - Pre Sales at a tech services company with 51-200 employees

Jan 24, 2018

Download

Helps us to identify key, persistent threats so we can set policies accordingly

Pros and Cons

"Its in-depth monitoring and analysis help us to make better decisions and policies."

"Integration aspects and traffic shaping need improvement."
"Initial setup can be complex. It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes requires extensive troubleshooting, even for smaller issues."

How has it helped my organization?

It helps us to identify key, persistent threats so we can set policies accordingly.

What is most valuable?

In-depth monitoring and analysis. It helps us to make better decisions and policies.

What needs improvement?

Integration aspects
Traffic shaping

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Initially there were some stability issues, but in the long-run no.

What do I think about the scalability of the solution?

It requires additional licensing to enable 10G ports.

How is customer service and technical support?

Technical support is very good.

How was the initial setup?

It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes requires extensive troubleshooting, even for smaller issues.

Which other solutions did I evaluate?

We evaluated Huawei, briefly.

What other advice do I have?

It is a good datacenter firewall, as they have now overcome integration issues with latest versions.

Disclosure: My company has a business relationship with this vendor other than being a customer: Cisco Premier Partner.

it_user241755

Senior Network and Security Engineer at a tech services company with 51-200 employees

May 20, 2015

Download

It has very good stability, but it took too much time to create ASA CX.

What is most valuable?

It was a valuable firewall some years ago but then Palo Alto created the next generation firewall and Cisco needed too much time to create ASA CX. At the moment it has, basically, the same features. In my opinion the most valuable features now are the layer seven capabilities and the new FirePOWER.

For how long have I used the solution?

I've used the devices for over 10 years.

What was my experience with deployment of the solution?

I have never had an issue with my deployments.

What do I think about the stability of the solution?

One of the best things about ASA's is that they are very stable.

What do I think about the scalability of the solution?

With ASA, you can scale to the largest deplyments. As an example, I have installed an ASA in an environment with 80.000 users.

How are customer service and technical support?

Customer Service:

Cisco Support is very good, you don't have problems using it.

Technical Support:

10/10.

Which solution did I use previously and why did I switch?

I have migrated customers from Cisco's competitors to ASA's.

How was the initial setup?

Once you have the knowledge it is not complex to install an ASA, but it does depend on the network of the customer.

Which other solutions did I evaluate?

Our customers also evaluate PaloAlto.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partners

sandeep

Senior Manager of Network at a tech company with 1,001-5,000 employees

Aug 6, 2013

ASA5505 Multipurpose Robust Firewall for small office or small organization requiring for network security

Cisco ASA 5505 overview
Selecting a new fire wall is matter of individual requirements and preferences. For small office it is economical to have a single device having small switch and firewall capability. Cisco ASA 5505 is perfectly suitable for small office as it has 8 port connecting end device switch and two of which have PoE capability for connecting cisco ip phones or external wireless access point. Has a expansion slot for connecting IPS (Intrusion prevention System). Additional IPS card (AIP SSC-5), IPS protects form virus, worms Trojans, DDoS attacks. This all features makes it a truly multipurpose firewall for small office.

Pros:

1) Is small in size and light in weight, requires less space suitable for small office.
2) Has integrated 8 port Switch so no need to purchase additional switch.
3) Has 2 PoE ports, so IP phones or external wireless access points can be connected.
4) If IPS card is installed it gives protection form vires, Trojan and worms and DDoS.
5) It supports 3 vlan, traffics can be separated per vlan.
6) Can be easily configured through SDM
7) Last but not the least it is very robust system once installed it dose not need much attention.

Cons:
1) ASA5505 does not support expansion.
2) ASA5505 dose not support fail over ( Aacive / active or active/ standby)
3) ASA5505 does not support multimode.
4) Heavy CPU load and packet latency due to addition of IPS.
5) The ASA 5505 does not support Spanning Tree Protocol for loop detection in the network.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

it_user1020Head of Data Center at a tech company with 51-200 employees

Report as inappropriate

Feb 11, 2014

We have a 5520 with IPS installed. You are right about the CPU load with the IPS addition. It really maximizes the CPU utilization of the system, which can be a cause for concern. We've also have the IPS fail at some point due to a vulnerability. It was later patched with a firmware upgrade.

Fairly expensive, but will get the job done if you know how to configure it. Also recommend to have an HA set-up if protecting critical infrastructure. Might be expensive, but probably a good addition if you already have a Cisco-dominated environment. You should have it protecting you from the outside and use a separate in-line IPS if you want to protect the inside network.

See all 2 comments

it_user5274

Network Manager at a insurance company with 1,001-5,000 employees

May 6, 2013

Download

Good value compared to Check Point. But I had issues when integrating with Cisco IPS.

Valuable Features:

1. I have found tje Cisco ASA to be less expensive than Check Point firewalls. 2. It is smaller in size than Check Point firewall. 3. It is easy to operate and manage with both GUI and Command Line

Room for Improvement:

1. When I integrate Cisco ASA with Cisco IPS it creates lots of problem such as an increase in CPU utilization - as a result I have to stop the IPS service. 2. Cisco ASA does not provide a flash card for free so I cannot back up the firewall configuration for disaster recovery.

Other Advice:

In my opinion it is a nice firewall product at a low price and good value for medium and large enterprises.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

reviewer1441503

CEO & Co-Founder at a tech services company with 51-200 employees

Nov 4, 2020

Download

Good configuration support but needs a few features and better pricing

Pros and Cons

"The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good."

"You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."

What is most valuable?

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

What needs improvement?

You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch.

In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future.

For how long have I used the solution?

I have been using this solution for the last one and a half years.

What do I think about the stability of the solution?

Stability-wise, it is pretty stable. It is probably not very feature-rich, but whatever features we are using, they are pretty stable.

What do I think about the scalability of the solution?

Scalability-wise, we did not have much problem because we have a single site. If we have two or more sites, and if we want to have a site-to-site VPN and more number of users, we are not sure about the scalability. We will have to go for an updated version of the new product line.

We have close to 80 plus users. We anticipate a huge increase in the number of users and plan to increase the usage of Cisco ASA Firewall. We may have to open a new center in a different city, which will lead to more sites, users, and usage.

How are customer service and technical support?

Their support is good, but the cost of support is very high. Next year onwards, we may not go for technical support because most of the time, they only do the configuration, and the configuration-related information is pretty much available on the internet.

Which solution did I use previously and why did I switch?

Initially, we started with some open-source alternatives, like Opium, but eventually, we thought of moving towards a proven solution. We just did a study. We didn't put the open-source solution into production. One of our customers was basically suggesting us to go with this one, and we went for it. We did not get time to go through, study, and explore different options because we didn't have the bandwidth for testing the complete features of the open-source alternatives. Therefore, we thought of going for a commercial solution. A lot of alternatives are available right now for this solution.

How was the initial setup?

The initial setup was not too complicated. It was good.

What about the implementation team?

We took the help of a reseller for the initial configuration.

What's my experience with pricing, setup cost, and licensing?

The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.

What other advice do I have?

I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness.

Which deployment model are you using for this solution?

On-premises

Disclosure: I am a real user, and this review is based on my own experience and opinions.

reviewer1067388

IT Administration at a healthcare company with 11-50 employees

Nov 3, 2020

Download

A stable solution for protecting our edge network, with good technical support

Pros and Cons

"The most valuable feature is the access control list (ACL)."

"This is an older product and has reached end-of-life."

What is our primary use case?

It provides the firewall and security for our edge network.

We are using a really old ASA device that is at end-of-life, so we're replacing it.

What is most valuable?

The most valuable feature is the access control list (ACL).

What needs improvement?

This is an older product and has reached end-of-life.

For how long have I used the solution?

We have been using Cisco ASA for probably ten years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

We're just a small company, so we have not had to scale it.

How are customer service and technical support?

The technical support is definitely very good.

How was the initial setup?

The initial setup was very straightforward.

What about the implementation team?

Just one person is required for maintenance.

What other advice do I have?

My advice for anybody who is implementing Cisco ASA is that it is not very difficult to deploy and not very difficult to understand how to continue adding more rules to it.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller