Cisco Secure Firewall Reviews

There are a lot of companies who create firewalls but there is not a single one which can compete with ASA. It can have access control from layer 3 to layer 7. The ASA 5510 is more than enough for small to medium business. It has dedicated GUI interface which is known as ASDM, a beautiful tool to manage ASA. You can use ASA to route traffic. AAA service supports plenty of Authentication server types. You can configure advanced NAT in this device. It uses Modular Policy Framework (MPF) to inspect traffic. You can inspect traffic at different layers separately. You can use this as a transparent firewall & fail over is instant. The virtualization works beautifully for this device. VPN is another added advantage.All the types of VPNs are managed through ASA.

The 5505 does not support multiple mode. While running this device on multiple mode you cannot use dynamic routing protocols or multicast routing. Also the IPSEC and SSL VPNs are not supported while running in multiple mode. sometimes analysis might take too long while performing DPI in real-time traffic. The product is expensive. A 5580 series costs more than $50000.

Its very difficult to write something about this product as it has so many options. I have studied 1000 pages about this product and most of the organizations use this firewall as it is the best in the world. I have never seen such a powerful device which can handle 2 million connections at 20Gbps speed. It can also inspect 4 million packets per second.

We use Cisco ASA Firewall to protect different sites at a protocol level. We also use it for antivirus and bot protection.

I think Cisco ASA Firewall is the most stable firewall solution.

The price can be better.

I've been using Cisco ASA Firewall for the last ten years.

I think they're all are stable. I've never seen a firewall that's unstable.

I'm satisfied with their technical support.

It's easy for me to configure one because I have firewall configuration certifications. I don't know what someone with nothing in terms of experience would be able to do. 

It normally takes me a week to implement and deploy. I normally need a week and three people to do maintenance.

I used to implement it several years ago, but now I ask our engineer to do it.

Cisco ASA Firewall should be cheaper.

I would recommend Cisco ASA Firewall to potential users. 

On a scale from one to ten, I would give Cisco ASA Firewall an eight.

Public Cloud

We offer publishing services. It depends on our business, but we use this solution for security.

ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security.

Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering.

Three to five years.

• VPN services
• IDS/IPS services using Firepower
• Provides perimeter and internal firewall services.

We provide managed services based on the Cisco ASA product. The brand is reassuring to customers when procuring our services.

• VPN
• Firewall
• IDS/IPS

These features allow us to deliver services to meet client needs across various industry verticals.

MSSP oriented interface: I would like a single console which would allow me to manage settings creating consistency across all customers.

Less than one year.

We use it as a perimiter firewall and do VPNs and filtering.

As a reseller, because Cisco includes different companies like Sourcefire, Meraki, and Talos, I think Cisco has a good portfolio for the security business, with their own devices too. For example, we have our firewall, we have a Web security appliance, things like OpenDNS with Umbrella. I think Cisco can cover with all the platforms.

All the visibility the device gives us as well as management and administration facilities.

It needs better documentation for when we present solutions to non-technical people. They need to bring together all the information, across the various firewalls, so that we can more clearly explain them.

Also, pricing could be better.

It's very stable. 

When we implement a firewall we need to be aware of whether it is growing over a short time period or a long time period. I think the scalability, from our implementation, is good because you can use the same configuration for another platform. If you implement on a small platform, it It is easy to implement the same configuration to another, bigger device.

I think tech support is a large part of Cisco. It's good, it provides support around the clock, answers problems. I would rate it nine out of 10.

SonicWall.

For some things it is very easy, but configuring other things is a little complex. It depends on the use case.

Cisco may be a little expensive but it has everything, and they support very well.

Juniper, Fortinet.

I think Cisco has all the solutions: switching, routing, security, they have wireless. You can cover all the devices with Cisco. They have all the network and engineered tools to help resolve the issues that we have. They are really very good devices.

In terms of advice, I would say Cisco is the best company. They're very stable, there aren't too many issues. And when there is an issue they have many engineers who can solve the problem.

It’s too early to say anything about this, as it’s still under implementation.

Management Console and user profiling to define activities.

As it’s a GenX firewall, expertise for both implementation and troubleshooting the pain points can be a challenge. This could be a concern when companies are thinking about buying this product.

Still implementing.

Yes, unexpected failure and no RCA provided by the OEM.

Still working on this.

Technical support from OEM is a six out 10, as RCA report has still not been shared to date.

Check Point. We moved to Firepower as an internal firewall to manage internal access and other network load.

Straightforward, two-tire setup.

All our requirements which we need performed by the firewall (e.g. VPN, URL white-listing, or IP based white-listing, etc.) have separate licenses and costs.

Yes, a couple of other of OEMs: Fortinet, Barracuda, etc.

I rate it an eight out of 10, as it’s a new platform. Compared to Cisco ASA, it’s far better, per my usage to date.

Make sure you have an expert resource or subscribe to OEM technical support.

This is our perimeter router. We used it purposely for NAT and to port forward traffic. Other essential features of a firewall are handled separately by a UTM.

The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses.

Three to five years.

No stability issues at all, the most stable firewall I’ve ever worked with.

No scalability issues.

Quite good.

We’ve always used ASA from the get go. We added the UTM is to compliment it.

Straightforward.

Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM).

Juniper, Check Point, Astaro

Go for it. I really like how, once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration.

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

NGIPS: Application visibility, file policies (store files), network discovery, correlation features

SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL.

Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be integrated that would be nice.

5 years+

Basic setup is easy, but if you need to do some advanced stuff, it can be intuitive, but some things require some kind of tutorial to understand how it can be done. Good thing is that this device is becoming popular and there are many 3rd party free tutorials and guides that can help.

I heard about defect that were encountered by my colleagues, but not something that cannot be fixed using an upgrade.

Clustering is available for ASA with firepower services.

Also for firepower appliances, there is stacking available for some models.

Customer Service:

Great support. The engineers know what they are doing.

Technical Support:

10/10

No

Well, it is straight forward as long as you understand the components available.

ASA can be configured using the CLI or ASDM.

For the Firepower you will need to use a FireSIGHT as a management solution.

Since you will be using two GUIs, I wouldn't call it straight forward.