Cisco Secure Firewall Reviews

I have deployed Cisco ASA as a terminator firewall. Normally, I would have preferred to have a sandwich configuration for firewalls: One possible firewall that would make an internal firewall and another for an external firewall. 

Cisco ASA is best suited for our external firewall protection.

• Its VPN and ASN features are very stable. 
• It is easy to configure. 

In terms of next-generation capabilities, Cisco is a little behind. It is way behind leaders like Palo Alto, Check Point and Fortinet. While Cisco is headed in the right direction, it will take several years for it to get there.

When I need support, Cisco has provided quality support. I like working with them because of their support system.

The setup was straightforward. I was happy with the configuration and deployment of the solution, as it was quick.

It is our firewall solution. We connect to other locations, as well as use programs in-house.

The most valuable feature is the security that it provides our company and users.

Furthermore, our company uses it for making rules for the bank to connect to our server in the DMZ, which is a security challenge.

It needs improvement as a "Next-Generation" firewall solution. In addition, it needs to be more user-friendly. 

There is no downtime, and it is working great. 

It is scalable. We have had no issues. 

The initial setup was complex. But, after that, to maintain and keep creating rules it was easy.

We evalutated Cisco ASA vs Fortinet FortiGate VM.

Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

• UTM features would be nice or some NextGen features. 
• The ASA has become a bit old and needs updating.

I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

It is much better than most of the other firewalls that I have worked with.

It needs more tunneling capabilities. 

It is worth every penny that we have invested in it.

Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.

There is always room for improvement in virtually anything. However, the relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA. Moreover, with FMC (Firepower Management Console) you can complement it with even more admin and reporting capabilities for the entire platform.

No stability issues.

No scalability issues.

Excellent.

New version comes with initial setup tutorial, with very nice security policies baseline, set up by default.

Be sure of what features you are going to utilize to add/remove some from new bundles.

Best value will always be delivered by adding FMC (Firepower Management Console); at least their virtual edition.

Cisco ASA's CLI is very effective and fast to configure the firewall and make changes, but monitoring logs and connections can be eye bothering by reading all the line outputs. ASDM, however, have improved the overall ASA configuration from an GUI standpoint. I really enjoy the log monitor where I can see live logs in a more user friendly interface. The down side of ASDM is that it is build with JAVA and that means a lot vulnerabilities and it does not always work with the latest JAVA version and/or patches.

The packet tracer function, which I use the most, have provided me a packet flow through the firewall and see which rule or policy can cause a drop. Also, I can see if my NAT statement is working properly. This has allowed me to quickly troubleshoot potential firewall related issues for my organization.

L7 firewall is a key for the ASA to be competitive in the current and future market place. By integrating with SourceFire, now call FirePower, on the ASA has helped it to get into the next-generation firewall segment.

It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest way.

It blocked all kinds of internet attacks from outside like DOS or DDOS and avoided any down time. We created a remote tunnel from head office to data center network for easy access of servers that make working fast and they are easily manageable.

It would be great if they would add web filtering functionality to this product.

5 years

No

No

No

Excellent

Good

It is a little difficult in newer IOS versions where the use of the NAT command is different. Otherwise its straightforward to configure.

I deployed it in-house with my team.

This solution reduces any downtime therefore business continuity is not disturbed - that is ultimately ROI.

It is one time cost of about $10,000 and there is no day to day cost.

Yes, I evaluated Fortigate, SonicWall and Juniper but found Cisco ASA to be the best solution for us above all of the others.

Cisco ASA is a reliable product and it benefits you a lot in your network.

• Content filtering
• VPN features
• User interface is also very friendly

Users can VPN into the network from remote locations. It has given us a very robust and well firewalled LAN, that we use for authentication as well for our core network infrastructure.

I've used it for seven years.

No issues encountered.

It's a very stable product.

No issues encountered.

It's good.

It's good.

No previous solution was used.

It was a straightforward setup.

Implementation was in-house as we have Cisco experts.

The initial cost was approximately $6,000.

No other products were evaluated.

ASA is a very reliable product and I have been using it since I cam across it. I strongly recommend the use of the product