Cisco Secure Firewall Reviews

Business use. It has performed well.

Its ability to work with the traffic.

I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface.

Stability has been fine.

It is good.

I have not used technical support.

We have always been with Cisco.

Initial setup was fairly complex. Just having to know the command prompt rather than having a better user interface.

We looking for a possible new solution because of the licensing and VPN.

We evaluated Cisco and Meraki.

Look through what your needs are.

Starting in version 9.7 you could track a login history for audit purposes and, in 9.8, you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure.

There is always room for improvement in virtually anything. However, the relatively new Firepower Threat Defense image (mix of ASA and Sourcefire network security) fills a lot of gaps and features that were missing on ASA. Moreover, with FMC (Firepower Management Console) you can complement it with even more admin and reporting capabilities for the entire platform.

No stability issues.

No scalability issues.

Excellent.

New version comes with initial setup tutorial, with very nice security policies baseline, set up by default.

Be sure of what features you are going to utilize to add/remove some from new bundles.

Best value will always be delivered by adding FMC (Firepower Management Console); at least their virtual edition.

It’s too early to say anything about this, as it’s still under implementation.

Management Console and user profiling to define activities.

As it’s a GenX firewall, expertise for both implementation and troubleshooting the pain points can be a challenge. This could be a concern when companies are thinking about buying this product.

Yes, unexpected failure and no RCA provided by the OEM.

Still working on this.

Technical support from OEM is a six out 10, as RCA report has still not been shared to date.

Check Point. We moved to Firepower as an internal firewall to manage internal access and other network load.

Straightforward, two-tire setup.

All our requirements which we need performed by the firewall (e.g. VPN, URL white-listing, or IP based white-listing, etc.) have separate licenses and costs.

Yes, a couple of other of OEMs: Fortinet, Barracuda, etc.

I rate it an eight out of 10, as it’s a new platform. Compared to Cisco ASA, it’s far better, per my usage to date.

Make sure you have an expert resource or subscribe to OEM technical support.

Firewall only - no advanced services. 

In the early days, before UTM and NGFW, this product was awesome. Cisco tried to add Firepower, but it requires a different management interface and is still too expensive.

• Strong in NAT and access-lists 
• Very good as a stateful inspection firewall, but weak in all other areas. 

• Integrated threat management
• Route-based VPNs: VPNs are weak as this product still does not support route-based VPNs. 
• Single management interface
• Better throughput for price point 

Price point is too high for features and throughput available.

Overall, this is a legacy product. 

Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.

It has taken the pressure off of the IS engineer.

• URL
• AVC
• Advanced malware protection

We've used it for two years.

There was an issue, but it was rectified promptly after troubleshooting the device's configuration.

There were no issues with the scalability.

We've not had any issues scaling yet.

I think it is great but did not use them for this deployment.

I've not had to use them yet for this deployment.

There was no other solution in place.

It was straightforward.

I did the implementation with my colleagues.

It's not really quantified, but we have not experienced downtime due to attacks.

There were no other solutions looked at.

• Firewall
• VPN
• FirePOWER mobile

They should make the ASA accessible via the web instead of ASDM. Also, a big improvement is needed on the transparent mode.

I've used it for over six months.

There were some issues.

There have been some issues with Java.

There were some issues.

8/10.

8/10.

It was straightforward.

Make sure to plan your network carefully.

We use Cisco ASA for traffic control.

It's a flexible solution.

The configuration is an area that needs improvement.

In the next release, I would like to see the UI include or provide web access, and more integration.

I have been using Cisco ASA Firewall for five years.

We are not using the latest version, as it is not available.

It's a stable solution and we have not had any issues.

It's a scalable product. We have approximately 2,000 users in our organization.

We have plans to continue to use it.

Technical support provides us with good service.

The initial setup was straightforward. It was easy for us because we have experience.

It was already deployed when I arrived.

We have two or three guys for deployment and maintenance.

This is a product that I would recommend to others.

I would rate Cisco ASA Firewall a nine out of ten.

• High-performance intrusion prevention
• Malware protection
• Multiple firewalls to control departments on a business by business level (security policies per department).
• Allowed us to consolidating multiple security devices into a single appliance.

• Intrusion protection
• We were able to determine when we are being attacked.
• We determine that our inspections were causing latency.

We needed a way to monitor threat protection and not cause latency.

It allowed us to consolidating multiple security devices into a single appliance. It consolidated and helped us eliminate firmware upgrade issues across multiple devices. The "Keep It Simple" method.

We are looking for software taxi capabilities.   

Going forward, we are evaluating Anomali. The founder of ArcSight founded Anomali. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.