Cisco Secure Firewall Reviews

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

NGIPS: Application visibility, file policies (store files), network discovery, correlation features

SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL.

Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be integrated that would be nice.

5 years+

Basic setup is easy, but if you need to do some advanced stuff, it can be intuitive, but some things require some kind of tutorial to understand how it can be done. Good thing is that this device is becoming popular and there are many 3rd party free tutorials and guides that can help.

I heard about defect that were encountered by my colleagues, but not something that cannot be fixed using an upgrade.

Clustering is available for ASA with firepower services.

Also for firepower appliances, there is stacking available for some models.

Customer Service:

Great support. The engineers know what they are doing.

Technical Support:

10/10

No

Well, it is straight forward as long as you understand the components available.

ASA can be configured using the CLI or ASDM.

For the Firepower you will need to use a FireSIGHT as a management solution.

Since you will be using two GUIs, I wouldn't call it straight forward.

• Stateful inspection
• CLI of the firewall

It has increased the security and works best for VPN users.

The product has been introduced with UTM i.e. FirePower, and I would like to use it and comment on it.

I've used it for three years.

Encountered IOS related bugs in later versions.

No issues encountered.

No issues encountered.

Customer Service:

10/10.

Technical Support:

It depends on the support contract that you have.

I previously used CheckPoint, and switched because of the UTM features.

It was straightforward.

I implemented it myself.

I think evaluated other options with reference to our architecture.

You should analyze the current setup and implement it as per the customers' requirement.

The features that we use are:

• The stateful firewall
• VPN with AnyConnect
• Site-to-site IPSEC solutions
• High availability

The ASA gives us a secure appliance at the perimeter and allows us to provide VPN connectivity to our users. We have the ability to control our VPN users as well as use two-factor authentication if needed (using an outside Radius source).

The ASA has room for improvement in the areas of layers four through seven. I would love to see application specific control, e.g.Facebook, Gmail, etc.

I have used this solution for five years.

No issues with the deployment of the ASA as long as you are using it for what it is intended for.

No issues encountered.

As long as you buy the correct model for your company, in regards to throughput, licenses etc., you will be fine.

Customer Service:

8/10.

Technical Support:

8/10.

I believe it is straightforward, but again it depends on what you are trying to accomplish.

The multi-context mode.

Being able to use the multi-context on the firewall to keep costs down.

No improvement needed.

I've used it for four years.

Yes but I was able to get the support that was needed to resolve any issues.

No issues encountered.

No issues encountered.

Customer Service:

9/10.

Technical Support:

8/10.

Yes and we switched because we needed a fully redundant solution.

If you have no experience with the device it may be complex but being trained on the device helps drastically.

We used a mix of both - vendor help and in-house.

We also evaluated Juniper firewalls.

Excellent product and excellent customer support.

Anyconnect VPN

The features are quite powerful, easy to set-up and for ease of use end user too is excellent. Moreover, this has been quite stable since the day we installed them.

More than 5 years

No

No

No

Customer Service: Very GoodTechnical Support: Excellent

Yes, the document repository is pretty robust and easy to understand.

In-house

Yes, Checkpoint & Juniper

1. I have found tje Cisco ASA to be less expensive than Check Point firewalls. 2. It is smaller in size than Check Point firewall. 3. It is easy to operate and manage with both GUI and Command Line

1. When I integrate Cisco ASA with Cisco IPS it creates lots of problem such as an increase in CPU utilization - as a result I have to stop the IPS service. 2. Cisco ASA does not provide a flash card for free so I cannot back up the firewall configuration for disaster recovery.

In my opinion it is a nice firewall product at a low price and good value for medium and large enterprises.

-Powerful firewall provides multiple contexts. -Highly stable firewall for campus traffic with no shutdown and zero maintenance compared to the Juniper SRX family which performs like a software firewall after 3 months of operation and did not allow the administrator to login. -Easy to use both GUI and command line. Also it may be more easily used through a management application like Cisco ASDM

-Latency and delay due to configuration and monitoring of multiple VLANS and traffic -Increases the delay as the firewall and IPS polices increase -We faced usually a problem with NATING

Cisco delivers a powerful firewall -- it’s not just a firewall but also a modular device that can deliver IPS hosting and wireless LAN controller as well. It also provides site to site VPN and remote access VPN services.

We primarily provide implementation and maintenance services to our clients.

The software itself is very simple.

The solution is easy to operate. It's not overly complex.

The command line is the same as it is on the Cisco iOS router.

The technical support is very helpful and responsive.

The solution needs to have better logging features.

Cisco needs to migrate its ASA Firewall to a management console or to a web console.

I've been working with the solution for six years at this point.

The solution is largely stable. Once we adopted Cisco services, we found that everything was pretty reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's quite good.

The scalability is a problem as the solution has a low throughput.

We've been in touch with technical support and I've always found them easy to reach. They're responsive and helpful. I find their service much better than, for example, Fortinet or Palo Alto. Overall, we're satisfied with Cisco with respect to their technical support.

We have some experience working with Palo Alto and Fortinet solutions as well.

While I don't have the exact pricing of the solution, it's my understanding that Cisco is rather costly. It's not the cheapest option on the market. It's expensive. It's more costly, for example than Palo Alto.

We have a gold partnership status with Cisco, however, we are also partners with companies such as Fortinet and Palo Alto.

For a next-generation firewall, I would likely recommend Palo Alto. However, if a company had the budget, I would recommend Fortinet. That said, for a VPN gateway, I would recommend Cisco ASA.

In general, I would rate Cisco's ASA Firewall at seven out of ten.