Cisco Secure Firewall Reviews

Its security features are the most valuable aspect. It has the ability to detect and prevent intrusions.

The product has helped organizations secure their infrastructure and data. Most organizations are happy to adopt the technology.

The equipment is too expensive compared with other firewall products.

I have used ASA for about three months. I just bought and configured it for a client.

Since I installed and configured it, the client has never called with complaints.

I have not had scalability issues at all. Maybe it is because I have not used it quite extensively.

I haven't had a chance to interact with the support team.

The previous product was limited in throughput and security.

The initial setup was quite complex.

As much as there is value for money, there is a need to make it affordable.

I tried Sophos.

It is a very good device to use for those who value their network security.

Class-based policing is the most important part of the ASA, and was its differentiator.

It gave us more organized DMZs and logical segments.

I’m not a fan of the new modular licensing model. Cisco moved from a base license to an a la carte SaaS model a couple of years back, wherein the customer is required to pay for feature sets on a case-by-case basis. This makes it difficult for people who want to study and trial new technologies and features.

I’ve been using ASA technology since it was PIX, so since 1999.

We have not had stability issues.

We have not had scalability issues.

Support with Cisco TAC, or with VARs like WWT and Trace3 is usually pretty good.

I have used both ASA and PAN. Different strokes for different folks.

Initial setup is straightforward. You can get as granular and complex as you want, but out of the box, ASAs provide a secure FW solution.

We evaluate all other options.

ASAs are a solid solution. Cisco provides more training and learning materials than any other vendor, which is critical if an organization wants to take true ownership of a technological solution. Documentation and use cases alone tend to make me a fan of Cisco's way of engineering, and they have come a long way over the last few years when it comes to integrating their solutions into comprehensive security communications platforms using tools like PRIME and ISE. FirePOWER and AMP make Cisco an even better overall contender for top FW status.

It is good for firewalls, management with the adaptive security device manager (ASDM), and tools such as packet tracers for troubleshooting.

It’s a really good firewall which is easy to manage, but it is not a Next Gen firewall.

Firewall functionality is the main issue when buying this product. We use it to segment our DMZs, it is stateful firewalling, is highly reliable with zero outages, and impeccable failovers during upgrades.

The ASDM is the management tool to administer the ASAs via the GUI. It has an easy to use interface with very nice troubleshooting tools, such as Packet Tracer. This tool lets you simulate a traffic flow so you can see why flows don’t work.

It is a very reliable border firewall which makes it easy for us to organize and secure our DMZs.

• The SSL VPN portal could be better.
• The ASAs support both IPSEC as an SSL VPN.
• For IPSEC you need a Cisco VPN client.
• You can only have two SSL VPN sessions.
• For more SSL sessions you have to pay (750 IPSEC sessions are included with an ASA).
• With SSL, you connect through a browser, so it is clientless. The SSL portal offers a few functionalities which you can offer a user. Configuring this portal is not an easy task.

We have been using the solution for almost five years.

We didn't encounter any issues with stability.

Scalability is limited depending on the chosen model.

I would give technical support a rating of 9/10. Cisco is one of the best, if not the best, in support.

We chose FortiGate from Fortinet as our Next Gen Firewall solution because of the higher value for our money.

The setup was easy with lots of documentation and configuration examples provided.

You have to negotiate well.

We did not evaluate any alternative options for stateful firewalling.

You will want to have Next Generation functionality, so choose FortiGate or Cisco Firepower.

It is very robust, trustworthy and highly customizable.

Solutions using NAT, VPNs, internet and MPLS, are more customizable than other solutions.

It could have more functions for load balance on the internet.

We have been using the solution for two years.

We never had any stability issues. It is the most stable platform that I have used, and I have used several including Fortinet, Sophos, Hillstone, Cisco and D-Link.

We did not encounter any issues with scalability.

I would rate the technical support at 10/10. It is the best.

I implement solutions on several clients, Redneet is a technology integration company and I prefer Cisco ASA for my security solutions.

The setup is a little more complex than other solutions.

It is a bit more expensive than other solutions, but offers more customization and security than other solutions.

We evaluated Fortinet, Sophos, Palo Alto.

Use the best practice guides and online documentation. Cisco has more information online free that any other brand, so use it!!!

The Advanced Malware Protection and Security Group Tag (SGT) are valuable features. You are able to integrate all the networks by using SGT with the pxGrid service. This is built-in technology in Cisco devices and services.

You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication:

• Users login just one time
• You can control all user access to the internet, data center resources, and across the network.

After Firepower V6.1, Cisco added bandwidth shaping on the FTD product. This feature is a little bit weak. You cannot have customized shaping in different projects.

I have used this product, as well as Cisco Firepower Threat Defense, for about two years.

I have heard about some bugs, but I have never encountered any.

This product is very scalable in our experience.

It is easy to initialize. For advanced configurations, it is sometimes complicated.

The base license is delivered with the device. This license includes IPS and user authentication. You should buy a license for an IPS update. You should also buy another license for AMP and URL filtering.

These are the important licenses: BASE, IPS, AMP, and URL filtering. Apart from the base license, the other licenses are subscription based for one, three, or five years.

I evaluated many products, such as CheckPoint, Palo Alto, Fortinet Firewall, Sophos, and Cyberoam Firewall.

This product is very usable when you need integrity in your network. This product is very functional when you use a Cisco Identity Services engine.

It's a standard rule based firewall for us. The AnyConnect VPN has solved a lot of remote access problems. High availability is good. It will fall back to the other ASA without any disruptions.

It has secured our DMZ.

I would like to see the following made easier:

• Objects
• Removing objects
• Correlating access rules and AnyConnect ACLs

Sometimes we suffer from older versions, such as objects, object groups, and aliases (name).

We have been using the solution for nine years.

We did not encounter any stability issues.

We did not encounter any scalability issues.

The technical support is good.

We used Cisco PIX.

I can't really remember the setup. It was too long ago.

We bought the solution, so there were no real recurring costs at that time.

We didn't evaluate any alternative products.

Cisco ASA is a stateful firewall which means they are the fastest and more secure, because they maintain state tables. Cisco ASA is very efficient not only in Firewalling but in VPNs, IPS and content filtering. It also has option of failover and redundancy.

It allows us to filter incoming traffic to our network and provide a secure access to office network from outside through remote access VPN. We also connected our branch office through IPSEC site-to-site VPN tunnel which is very secure and reliable.

Some improvements required on GUI interface called ASDM. It should include health check parameters like temperature, memory used.

I am using it more than five years.

No issues, very easy to deploy.

No.

Migration to new version is very easy, therefore no issue.

9/10.

9/10.

Cisco ASA firewall is most reliable to protect the network, therefore I switched.

Yes, straightforward and simple.

I am also vendor.

100%.

Price is bit high as compared to other vendors, but Cisco ASA has reputation and most reliable product. Always go with minimum security plus license.

Yes, Fortinet and Palo Alto.

No.

Provides advanced malware capabilities.

Simplified the complexity of our security architecture.

Integration of advanced malware services with the firewall through Firepower services.

We have been using this solution for six months.

There were no issues with deployment.

There were no issues with stability.

There were no issues with scalability.

I would give customer service a rating of 10/10.

I would give technical support a rating of 10/10.

We were looking to upgrade to a comprehensive firewall solution that integrated Next Generation Prevention System (NGIPS).

There were no issues with setup.

We implemented in-house.

We calculated for the entire year, but the ROI seemed very decent from the first six months.

Pricing: Negotiate

Licensing: Buy the advanced Malware Protection license subscription for one year. It is worth the investment.

We evaluated Juniper, Fortinet, and Huawei.