Look at Fortinet's FortiGate for a lower cost and better support for break fixes and configuration assistance. 24 hours, 7 days a week, with techs you are able to understand and they will listen to your issues and work till the issues are completely fixed.Â
Group IT Manager at a manufacturing company with 1,001-5,000 employees
Real User
2021-08-05T08:04:03Z
Aug 5, 2021
Threats that were faced a long time before were based on opened ports and breaches yet now due to AI and machine learning it is no more opening and closing ports but going further to signatures, applications, ransomware and much more intelligent cyber threats.Â
So if you consider ASA then you will be paying money for nothing. The new concept of having a good cyber defense is the NG (Next Generation) Firewall which gives you all the tools to keep your environment safe from any cyber threat.Â
Yet there are a lot of brands but everyone differs from the other with the response time and its manageability to configure, control, monitor & its integration with other systems as long as much more options that differ from one another. ASA is now zero of 10.Â
NG Firewall alone will not protect you 100%. You need to invest in cybersecurity solutions where you can build your architecture on a solid ground that can integrate with other solutions and build on it to unify the communication and the monitoring shields that will keep you proactive.
Technical Solutions Architect at NIL Data Communications
Real User
2022-08-05T05:35:00Z
Aug 5, 2022
Being a partner, we work with customers who already have different vendor solutions as well. At times, there are a mix of small SMB sites, which could be, let's say, a grocery. There are smaller stores and there are bigger stores, and at times, they do local DIAs or local internet breakouts. [That's where] you do see some cloud-based or very small firewalls as well, but when you look at the headquarters or bigger enterprises, that is where we would probably position Cisco. [My advice] would depend [on] if they are comfortable with a particular product, if they've been working with a particular vendor. If it's a Cisco shop, or if they've been working on Cisco, or the customers are quite comfortable with Cisco, I would say this is the way to go. Unless they have a mixed environment. It will still depend on the SME's expertise, how comfortable they are, and then looking at the use cases and which products would nullify or solve them. That is where we should position it. My lessons are endless with ASA, but my lessons are mostly toward product knowledge. When you look at the deployment side of things, or for me, personally, when I was TAC, to know how things work internally within ASA—like an A to Z story, and there are 100 gaps between and you need to know those gaps—and then, eventually, you will get to the problem and solve it in minutes rather than hours.
Assistant Ict Manager at a transportation company with 51-200 employees
Real User
2022-07-17T18:17:00Z
Jul 17, 2022
I would encourage people to go for the newer version of Cisco ASA. When you are procuring that device, be sure to look at the use cases you want it for. Are you also going to use it to serve as your remote VPN and, in that case, do you need more than the out-of-the-box licenses it comes with? How many concurrent users will you need? That is a big consideration when you're purchasing the device. Get a higher version, something that is at least three years ahead of being declared end-of-life or end-of-support.
Director & CIO of IT services at Connectivity IT Services Private Limited
Real User
2022-07-04T22:26:00Z
Jul 4, 2022
I rate Cisco ASA Firewall seven out of ten. If you're implementing a Cisco firewall, you must be crystal clear about your business requirements and how a Cisco ASA firewall will address your problem. You need to understand whether this product line contains all the features you need. Can it pass a security audit? Does it integrate with your network device? How scalable is it? Will this solution you're implementing today be adequate in the next three years? These are the questions that you should ask.
Network Automation Engineer at a financial services firm with 1,001-5,000 employees
Real User
2022-06-29T13:22:00Z
Jun 29, 2022
My advice to others would be to design it well and get it validated by the Cisco team or by a consulting company. Don't be afraid of the solution because they have skin in the game. It's been in the market for so long, it's like buying a Corolla, as odd as that sounds. If you have a use case for your car where you're just driving from A to B, then get that Corolla and it will suit you well. It will last you 100 million miles. Cyber security resilience is super important. We have super important data and we need to secure it. We're regulated and audited by the government and we're audited all the time. I get audited when I breathe. We have to make sure everything is super transparent and make sure that we have all of the fail-safes in place and done well. We have to be very accountable so that there are no "gotchas."
Security architect at a computer software company with 51-200 employees
MSP
2022-06-26T16:40:00Z
Jun 26, 2022
If it is possible, I would advise others to try out a demo with Cisco to test their firewalls. The biggest lesson I learned from using this solution is that there are many ways to achieve the same outcome. I would rate this solution a nine out of ten.
Security engineer at a energy/utilities company with 10,001+ employees
Real User
2022-06-26T16:34:00Z
Jun 26, 2022
Listen to your customers and see what their needs are. The whole stack provided by Cisco is a holistic solution for cybersecurity experts, like myself, and companies who are looking to secure their network. You should partner up with a good team to view all products available, which cater and are customized to your needs. We haven't found any gaps where it is lacking. I would rate this product as eight or nine out of 10.
Director of network engineering at a computer software company with 5,001-10,000 employees
Real User
2022-06-26T16:11:00Z
Jun 26, 2022
To leaders who want to build more resilience within their organization, I would say that the ASA, along with its features, is a good product to have as one of the lines of defense. The solution does require maintenance. We have four network engineers who are responsible for upgrading code and firewall rules, and for new implementations. On a scale from one to ten, I would rate Cisco ASA Firewall a nine. Also, it's a very good product, and it compares well to others.
ASA morphed from being just a traditional firewall, when they introduced the Firepower Next-Generation Firewall side. There has also been progress because you can reflash your old ASAs and turn them into an FTD (Firepower Threat Defense) solution. So you've got everything from your traditional ASA to an ASA with Firepower. Cisco ASA has been improved over time, from what it was originally to what it is now. Your investments are being protected by Cisco because it has moved from a traditional firewall through to being a next-gen firewall. I'm a fan of ASA. I think ASAs are coming towards the end of their lifespan and will be replaced by the FTDs. It's only a matter of time. But there are still a lot of Cisco customers who use ASAs, so migrating that same level of knowledge those customers have of the ASA platform across to the FPR/FTD image, will be a challenge and will require investment.
We are also using Cisco AnyConnect, Umbrella (as a cloud proxy), and ISE. We have between five or six antivirus, proxy, anti-malware, data loss prevention, VPN client, and firewall tools. I would rate this Cisco product as six out of 10.
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
Real User
2022-05-02T16:10:00Z
May 2, 2022
The Nextgen firewalls have a good IPS, but that IPS part wasn't very configurable using the ASDM. Later, they introduced the FMC (Firewall Management Center) and we could integrate the ASA with the FMC and get the IPS configured from the FMC GUI. That was good, but you needed two things to monitor one box. For the IPS you needed an FMC server, and for the firewalls, you needed the ASDM or the CLI. In terms of integration with other solutions, it is a simple firewall that is integrated with the syslog servers and the SNMP monitoring from the NMS. Those types of simple things work very well. I haven't worked with much integration beyond that. You can't attach that many feeds to it. That's more a function of the Next-Generation Firewall with the IPS and FMC. SecureX is a relatively new cloud-based solution. It's been around for one or two years. It's offered for free if you have any Cisco security solution. It encompasses ADR and NDR. The clients I work with in Pakistan are mostly financial institutions. Because it's a cloud-based security solution, they are not interested. They want on-prem solutions.
It is a very good firewall for small companies that don't want to do deep packet inspection at Layer 7. It is not easy, but you can manage it. You should know how to use the command-line interface. Otherwise, it would be difficult to work with it. For Cisco ASA Firewall, there will be no improvements because they will not make these firewalls anymore. They want to make changes to the next-generation firewalls, and they are killing the old ones. I would rate Cisco ASA Firewall a 10 out of 10. I like it very much.
Network Engineer at a tech services company with 51-200 employees
Real User
2021-08-10T15:48:00Z
Aug 10, 2021
I wouldn't recommend this solution because it is already considered to be a legacy firewall. I would rate Cisco ASA Firewall a strong eight out of 10. It is powerful, but it lacks some of the capabilities.
Head of Network Administration Section at Zemen Bank S.C.
Real User
2021-08-10T05:52:00Z
Aug 10, 2021
I would advise understanding its features, advantages, and disadvantages as compared to other solutions. It is simple, but its cost is a negative point. I would rate Cisco ASA Firewall an eight out of 10.
Assistant Director IT at a university with 51-200 employees
Real User
Top 10
2021-06-12T19:57:51Z
Jun 12, 2021
We're just a customer and an end-user. We no longer have an SLA for this solution. We're potentially looking for something new. I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey. In general, I would rate the solution at a seven out of ten.
Sr Technical Consultant at a tech services company with 51-200 employees
Real User
2021-05-18T18:20:51Z
May 18, 2021
I would recommend this solution to others if they are not specifically looking for URL filtering and want to use it for their infrastructure. It is a perfect and very reliable solution, but it lacks when it comes to URL filtering. I would rate Cisco ASA Firewall a nine out of ten.
My advice to those wanting to implement the solution would be that implementations sometimes do not go as planned. You need to do your research to be prepared. We are evaluating other solutions because this one is getting close to its expiration. There are no other technologies out there that offer better features than this ASA solution. I rate Cisco ASA Firewall a six out of ten.
Network Engineer at LIAQUAT NATIONAL HOSPITAL & MEDIACAL COLLEGE
Real User
2021-05-05T12:14:43Z
May 5, 2021
We are just a customer and an end-user. I'd rate the solution at an eight out of ten. Obviously, you need to have one tech person on your online when you are configuring it, or just implementing when you are integrating with your live environment and organization. My advice is that the configuration is easy when a network engineer like myself handles it. A trained person is more than capable of the task. Other than configuring, a less technical person can manage the solution.
It is a good solution for a big traffic load, but its management is not very easy. FortiGate is better in terms of management and user-friendliness. I would rate Cisco ASA Firewall an eight out of ten.
Network Security Engineer at a tech services company with 51-200 employees
Real User
2021-02-02T12:44:22Z
Feb 2, 2021
I would advise new users to look at next-generation firewalls like FTD or other models from Cisco. It's better than Cisco ASA. Cisco ASA Firewall isn't a next-generation firewall. On a scale from one to ten, I would give Cisco ASA Firewall an eight.
Cyber Security Consultant at a tech services company with 51-200 employees
Reseller
2021-02-01T14:28:16Z
Feb 1, 2021
My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.
Senior MIS Manager at a tech company with 201-500 employees
Real User
2021-01-26T12:32:12Z
Jan 26, 2021
We're both a customer of Cisco and a reseller. This month we plan to upgrade from our existing hardware. Overall, we've been happy with the results we've gotten. I would rate the solution at a nine out of ten.
Network Engineer at a tech services company with 201-500 employees
Real User
2021-01-25T18:16:34Z
Jan 25, 2021
We have a gold partnership status with Cisco, however, we are also partners with companies such as Fortinet and Palo Alto. For a next-generation firewall, I would likely recommend Palo Alto. However, if a company had the budget, I would recommend Fortinet. That said, for a VPN gateway, I would recommend Cisco ASA. In general, I would rate Cisco's ASA Firewall at seven out of ten.
Network Administrator at a manufacturing company with 10,001+ employees
Real User
2021-01-15T06:58:39Z
Jan 15, 2021
I have used many versions of the software over the years, versions 8.6 to 9.1 and 9.9 to 9.12. Keep in mind before purchasing the solution, if you do need to scale the solution then ASA is probably not right for you. I rate Cisco ASA Firewall an eight out of ten.
Network Security Engineer at a tech services company with 201-500 employees
Real User
Top 10
2021-01-14T11:15:17Z
Jan 14, 2021
I'm not overly familiar with ASA. I only work with it on an administration level. I work with the latest version and I use the ASDM version server. I wouldn't recommend that an organization choose ASA as a solution. They should look into other options. Overall, I would rate the solution at a six out of ten. We haven't had the greatest experience.
Presales Engineer at a comms service provider with 51-200 employees
Real User
2021-01-09T14:15:32Z
Jan 9, 2021
We support ASA 5508, 5585, and 5525 - all the versions of the firewall. Again, we built a HTAB machine too. We've worked with Cisco for many years and I love working with them. Right now, ASA is getting older. A better recommendation may be to use Firepower, a Next-Generation Firewall, no ASA. In cases for some remote VPN access, we recommend ASA, however, for all of the deployments, the recommendation now is to use a Next-Generation Firewall from Cisco Firepower. Overall, I would rate the solution at a seven out of ten. That said, for remote access alone, I'd rate the product at a nine.
Network Consulting Engineer at a comms service provider with 201-500 employees
Real User
2021-01-06T13:48:43Z
Jan 6, 2021
I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed. I would rate this solution an eight out of ten.
Data Analyst at a hospitality company with 201-500 employees
Real User
2020-12-23T23:36:31Z
Dec 23, 2020
Our company has a partnership with Cisco. We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated. Overall, I would rate the solution at a nine out of ten.
Systems Administrator\Ag. IT Manager at a construction company with 201-500 employees
Real User
2020-12-22T16:14:40Z
Dec 22, 2020
I would definitely recommend this solution. You just have to learn how to configure it. It is a Cisco solution, and there is not much to be improved. I plan to keep using it and expand its usage. I would rate Cisco ASA Firewall an eight out of ten.
Manager IT & Security at mCarbon Tech Innovations Pvt., Ltd.
Real User
2020-12-22T10:59:10Z
Dec 22, 2020
I would not recommend this solution. The technology is old and they should move to Firepower or NextGen Firewall. I would rate the Cisco ASA Firewall an eight out of ten.
Lead Network Engineer at a tech services company with 51-200 employees
Real User
2020-12-21T16:12:54Z
Dec 21, 2020
I would absolutely recommend this solution. It is a very straightforward and reliable solution. I would definitely like to propose and offer this solution to other colleagues. Cisco doesn't have any plans to develop this kind of solution more. Cisco ASA Firewall will not be developed in the future. The next-generation firewall is the next step in the development of the Cisco firewall. For this reason, we are investigating the possibility of migrating to another product. I would rate Cisco ASA Firewall a nine out of ten. We are very happy with this solution. It is very straightforward and reliable, but it is quite a legacy solution and lacks performance.
Administrator at a university with 1,001-5,000 employees
Real User
2020-12-19T19:05:00Z
Dec 19, 2020
I would recommend this product. I suggest this solution to my colleagues because it is a great product and is really stable. When looking at other products in use in other companies this product is superior. I rate Cisco ASA Firewall ten out of ten.
I would suggest to be sure that it smoothly integrates with the infrastructure that you have. Try to take advantage of the DNA subscription and the new monitoring features that it has. Be informed about what's new with this product. I would rate Cisco ASA Firewall a nine out of ten.
My advice to anyone considering Cisco ASA Firewall is that you need a lot of money to implement the Cisco solution. But it's a good solution. If you want to go to Cisco, you need a lot of money.
Group Information Technology Manager at a mining and metals company with 201-500 employees
Real User
2020-11-25T18:54:36Z
Nov 25, 2020
For those who have the technical know-how with Cisco products, I would recommend going with the ASA firewall, but if you're new to the field and running a smaller business, deployment will be complicated. I would rate this solution a nine out of 10.
ICT Systems Engineer at a insurance company with 11-50 employees
Real User
2020-11-23T15:47:00Z
Nov 23, 2020
At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better. I would rate this solution a seven out of ten.
Executive Director at ict training and development center
Real User
2020-11-12T10:43:58Z
Nov 12, 2020
We're just customers. We use it in our office and suggest it to clients. However, we don't have a business relationship with Cisco. We try to adhere to our client's needs, and therefore, if they specify hardware they want to use, like Fortinet, we tend to accommodate them. That said, if they ask my opinion, I usually recommend Cisco ASA. I know a lot about the product and I'm good at controlling everything. I have a lot of knowledge and understanding after working with it so closely. That's why I tend to favor it when my customers ask for advice. Overall, I would rate the solution seven out of ten. If the user interface were a bit better, I'd rate it higher.
Principal Network Engineer at a manufacturing company with 501-1,000 employees
Real User
2020-11-10T00:01:00Z
Nov 10, 2020
My suggestion for anybody who is looking at Cisco ASA is to work with the vendor, as they have newer products. I would rate this solution a seven out of ten.
IT Administration at a healthcare company with 11-50 employees
Real User
2020-11-02T20:39:53Z
Nov 2, 2020
My advice for anybody who is implementing Cisco ASA is that it is not very difficult to deploy and not very difficult to understand how to continue adding more rules to it. I would rate this solution an eight out of ten.
Technical Consultant at Zak Solutions for Computer Systems
Real User
2020-10-28T19:37:30Z
Oct 28, 2020
We're partners with Cisco, Fortinet, and Palo Alto. I work with on-premises deployments and virtual firewalls, however, I don't use the cloud. The solution works well for medium-sized enterprises. Overall, I would rate the solution nine out of ten. I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.
Cisco ASA Firewall Is not as much of a plug and play solution as some of the others. You just need to make sure that you do your research. On a scale from one to ten, I would give Cisco ASA Firewall a rating of nine.
We are the customer. We are in the oil and gas business. We don't have a business relationship with Cisco. I'd recommend the solution to others straight away. It's more or less a very standard option here in Pakistan. Overall, on a scale from one to ten, I'd rate the solution at an eight.
We're Cisco resellers. We're always on the latest version. I don't actually keep track of the version numbers myself, however, part of what the service that we provide for our clients is updating their firewalls to the latest version. We use multiple deployment models. We use both on-premises and cloud versions. They are also all different sizes, according to the requirements of the company. I'd advise other companies considering Cisco to be sure to factor in the cost of the ongoing security subscriptions and the ongoing SmartNet into the purchase price. Those things, over the years, represent more than the cost of the firewall itself - significantly more. However, I'd advise others to get the security subscriptions due to the fact that it really dramatically increases the security of the solution overall. On a scale from one to ten, I'd rate them at an eight. We love the product, however, we feel like it's not Cisco's future direction, which is the only reason I would downgrade its score. To bring it up to a 10, they'd have to make it their main product line again, which they aren't going to do.
Network & Systems Administrator Individual Contributor at T-Systems
Real User
2020-09-17T08:05:57Z
Sep 17, 2020
We're just customers. We don't have a business relationship with Cisco. It's a very good solution. I'd recommend it to other users. Overall, I'd rate it seven out of ten. Although I can't speak to the pricing, I've found the solution works quite well for us. I'd rate it higher if it could integrate a bit better with other solutions.
They should incorporate it with FortiGate, or Sophos firewalls. If they are looking for a layer 7 type of security then they need to go with another solution. I would rate Cisco ASAv a nine out of ten.
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
2020-06-16T08:37:00Z
Jun 16, 2020
We use this solution with Cisco CPEs and background routers. These work well together. We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now. We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD. I would rate the product as an eight (out of 10).
Head of Information Communication Technology at National Building Society
Real User
2020-06-04T09:41:00Z
Jun 4, 2020
My advice is "go for it," 100 percent. If ever I was told to implement a network, ASA would definitely be part and parcel of the solution. The biggest lesson we've learned from using the product is about the rapid growth of the product's offerings. In terms of the maturity of our organization's security implementation, I would like to believe that we are about midway. We still need to harden our security. We need to conduct penetration testing every two years and, resources permitting, maybe yearly. The guys out there who do cyber security crimes are becoming more and more advanced, so there is a need for us to also upgrade our security. We have a two-layer firewall setup, which is what is recommended as the standard for the payment card industry. We probably need solutions linked with cloud providers from the likes of Cisco, and to put in some bank-grade intrusion detection solutions. Because we have already adopted two technologies, Cisco and FortiGate, we might be looking at solutions from those two providers. We're also looking at end-point security solutions. We've been using the one which comes with our Office 365 and Microsoft product, Windows Defender. We are going to be trialing their new end-point management solution. We are trying to balance things from a cost point of view and providing the right level of security. In addition to Windows Defender and the firewalls — ASA and FortiGate — and the network access control, we also have SSL for the website. As for application visibility and control, currently we're just using logging. We don't have the Firepower installed, so it's just general logging and scheduled checks here and there. As for threat visibility, for us the ASA is a perimeter firewall. Behind that firewall we have an IDS and an IPA. We actually have the license for Firepower but we haven't implemented it; it was just an issue of priorities at the time.
Network Specialist at a financial services firm with 501-1,000 employees
Real User
2020-06-03T06:54:00Z
Jun 3, 2020
It's very good to get partner support if you're not very familiar with how Cisco works. Cisco Certified Partner support is a priority. For application visibility and control we're using a WAN optimizer called Silver Peak. To replace the firewalls within our data center we're planning to put in FMCs and FTDs. With the new FMCs what I like is that you don't need to log in to the firewalls directly. Whatever changes you do are done on your FMCs. That is a much needed improvement over the old ASAs. You can log in to the management center to make any configuration changes. There are two of us managing the ASAs in our company, myself and a colleague, and we are both network specialists. We plan to increase usage. We're a company of 650 employees and we also have consultants who are coming from outside to gain access to certain services on our network. We need to make provisions on the firewall for them.
Network Security Consultant at a consultancy with 1-10 employees
Consultant
2020-06-02T08:40:00Z
Jun 2, 2020
Cisco firewalls are not for kids. They are for people who understand security. Now I know why people with Cisco training are very good, because they train you to be competent. They train you to have ability. And when you have ability, their firewall becomes very easy to configure. When Cisco is teaching you, Cisco teaches you the concept. Cisco gives you a concept. They don't focus on how to configure the device. With Fortinet, for instance, Fortinet teaches you how to configure their device, without giving you the concepts. Cisco gives you the concepts about how the technology is working. And then they tell you how you are going to configure things on their box. When you are an engineer and you understand the technology from Cisco, it means that you can drive everything, because if you understand Cisco very well, you can work with FortiGate. If you understand security from Cisco, it means that you can configure everything, you can configure every firewall. This is why I like Cisco. When it comes to other vendors, it's easy to understand and it's easy to configure, but you can configure without understanding. And when you configure without understanding, you can't troubleshoot. To troubleshoot, you need understanding. I'm a security analyst, so I deal with everything about firewalls. I'm talking about ASA firewalls, and I'm talking about ASA with Firepower, FTD, and Cisco Meraki MX. When it comes to security tools I am comfortable with Cisco and everything Cisco. One of our clients was using Cisco ASA. They got attacked, but I don't think that this attack came from outside their company. They were managing their firewall and configuring everything well, but they were still getting attacks. One of their employees had been compromised and his laptop was infected. This laptop infected everything in the organization. So the weakest link can be your employees.
Cisco Security Specialist at a tech services company with 10,001+ employees
Real User
2020-05-27T08:03:00Z
May 27, 2020
Cisco ASA is a very robust solution. It does its job and it has all the top features. If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning. It lacks when it comes to the configuration steps and the pain that that process is. You need to spend loads of time with it at setup. Overall, it does everything they say it does. It's a very good solution but don't only go with the ASA. Go for Cisco Umbrella and join them together. If you have remote employees, go for AnyConnect to be more than secure in your infrastructure. You cannot do everything with Cisco Defense Orchestrator. You have a few options with it but cannot do everything from the cloud if you are connected with the console of a device. You don't have all the same options, you only have some options with it. For example, you can manage the security policies, all of them, from the cloud. However, not all the settings and all the things you can do when in front of the device are available with CDO. What you see is what you get. Most companies using ASA are big companies. They are not SMB companies. There are very few SMB companies using it. There are the banks and consulting companies, the huge ones. Usually the ASAs are for massive companies. Our reality in Portugal is a little different. I was at a Cisco conference here in Lisbon and the guy said, "Oh, we have this solution," — it was for multi-factor authentication — "and we have different licenses. We have a license for 40,000 and for 20,000 users. And I was thinking, "This guy doesn't know Portuguese reality. There are no companies in Portugal with 40,000 employees." Large companies who do use ASA use various security tools like IPS and Layer 7 control. From my experience, and from common sense, it's best to have solutions from different vendors joining together. The majority have defense products for the deterrent capacities they need to achieve security. Our clients also often have Cisco ISE, Identity Service Engine. It's a NAC solution that integrates perfectly with ASA and with AnyConnect as well. As for future-proofing your security strategy, ASA is the perfect solution if you integrate other Cisco solutions. But the ASA alone will not do it because it does not handle some of the core issues, like full visibility of the network, the users, the machines, the procedures, and the applications, in my opinion.
My advice is to take care of and monitor your policies and be aware of the threats. You also have to be careful when changing policies. When you do, don't leave unused policies around, because that will affect performance. You should have audits of your firewall and its policies and follow the recommendations from Cisco support. Among the things I have learned from using Cisco ASA is that integration is easy, especially with Cisco products. And the support helps you to integrate with anything, so you can integrate with products outside of the Cisco family as well.
Sr. Network and Security Engineer at Shopper Local, LLC
Real User
2020-05-14T10:16:00Z
May 14, 2020
If you're looking for a complete solution, such as URL filtering and threat protection, we recommend Palo Alto firewalls, but this Cisco product is also good. We are using three to four security tools: one for web security, and another tool for application security, and another for email security. For email we have an Office 365 email domain so we are using other tools for that. For firewall security we are using Cisco ASA, Palo Alto, and Fortinet for protecting our business. We have about 15 people on my team managing the solutions. They are network admins, and some are in security.
I would recommend this solution. If you have the money, it's a very stable product. Make sure to keep critical spare parts. You might have for instance some modules that will need acceleration cards and those types of things. I would rate it a nine out of ten.
The biggest lesson I've learned so far from using the next-gen firewall is that it has visibility up to Layer 7. Traditionally, it was IP or port, TCP or any protocol we were looking for. But now we can go all the way up to Layer 7, and make sure STTP traffic is not a bit torn. That was something that we did not have before on the up-to-Layer-3 firewall. Do your research, do your homework, so you know what you're looking for, what you're trying to protect, and how much you can manage. Use that to narrow down the devices out there. So far, in our environment, we haven't had any issues with the ASA firewalls. From the first-gen, we have seen that they are pretty good. We are pretty content and happy with them. The solution can help with the application visibility and control but that is one portion we have really not dived into. That's one of the things we are looking forward to. As a small utility, a small organization, with our number of employees available, we can only stretch things so far. It has helped us to identify and highlight things to management. Hopefully, as our staff grows, we'll be able to devote more towards application visibility and all the stuff we really want to do with it. Similarly, when it comes to automated policy application and enforcement, we don't use it as much as we would like to. We're a small enough environment that we can do most of that manually. I'm still a little hesitant about it, because I've talked to people where an incident has happened and quite a bit of their devices were locked out. That is something we try to avoid. But as we grow, and there are more IoT things and more devices get on the network, that is something we'll definitely have to do. As DevNet gets going and we get more involved with it, I'm pretty sure more automation on the ASA, on the network side and security side, will take place on our end. We do find most of the features we are looking on the ASA. Between the ASA firewall and the Sourcefire management console, we have pretty much all the features that we need in this environment. In terms of how the solution future-proofs our organization, that depends. I'm waiting to find out from Cisco what their roadmap is. They're still saying they're going to stick with ASA 55 series. We're also looking at the Sourcefire FireSIGHT product that they have for the firewalls. It depends. Are they going to continue to stick with the 55s or are they going to migrate all that into one product? Based on that, we'll have to adjust our needs and strategize. If I include some of the hiccups we had with the 5506 models, which was a sad event, I would give the ASAs a nine out of ten.
The biggest lesson I've learned from using the ASAs is the fact that they can do a lot. It's just figuring out how to do it. We don't do a lot, although once in a while we will do something a little interesting. These things can do more than what we're using them for. It's just a matter of our trying to figure it out or getting with our Cisco rep to figure it out. My advice would be to have a good handle on your rules and, if you can, take the upgrades easily. We have desktop security, application security, and then we have Umbrella. We use five or six different tools for security, at least. It would be nicer to have fewer but as far as I know there isn't one tool that does it all. We do application firewall rules where it does deep packet inspection and looks at certain things. We don't use it as much as we should, but we do application inspection and have rules that are based on just an application. We usually have two people on a call when we do maintenance, and we usually have Cisco involved. It's usually me and a colleague who is also a network/security engineer. I would rate the ASA overall at eight out of ten. The thing that comes to mind with that rating is the code. As I said, we just upgraded to 6.4.04 and we ran into a handful of bugs. We've done upgrades before and we've run into a bug as well. Just last week, we finished upgrading, and I still have one final service request, a TAC case, open. I had four open at one point. That's at the forefront of my thoughts right now.
For any organization looking for a secure solution that can be deployed in their domain or infrastructure, my advice is to go with Cisco Next-Generation Firewalls because they have a complete bundle of security features. There is a single pane of glass with complete management capabilities and analytic features to understand and gather information about the traffic. The lessons that most of our clients have learned is that in deployment it is easy to configure and it is easy to manage. It's quite stable and they do not get into difficulties in terms of day-to-day operations. We haven't faced any problems with this product. Compared to other OEMs, such as Juniper and Fortinet, Cisco's product is excellent. There are no bugs and I don't see any lack in terms of backend and technical support. In my opinion, at the moment, there is no room for product enhancement. Most of the users are system administrators working on their own domains. The minimum number of users among our clients is a team of 15 to 20 we have clients with up to 700 users at the largest site. The product is quite extensively used in each department, to protect assets and data centers. We are using the attack prevention engine and URL filtering is also used at most of our sites. We are also using it for data center connectivity and for offloading transactions. I would rate Cisco at ten out of ten for the functionality and the features they provide.
Network Administrator at a financial services firm with 1,001-5,000 employees
Real User
Top 5
2019-08-28T09:52:00Z
Aug 28, 2019
My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets. This is a very good solution but it is not perfection. I would rate this solution a nine out of ten.
Network Security/Network Management at a educational organization with 201-500 employees
Real User
2019-08-25T05:17:00Z
Aug 25, 2019
In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.
Senior Network Administrator at a construction company with 1,001-5,000 employees
Real User
2019-08-25T05:17:00Z
Aug 25, 2019
We are using the on-premises deployment model. My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product. I would rate the solution nine out of ten.
I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product. You should have a good technician and admin support for all this product in order to maximize the value and benefits. I would rate it an eight out of ten.
On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface. As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.
They really need support for deployment. I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
Real User
2019-07-09T05:26:00Z
Jul 9, 2019
I would just say that it's expensive. The product is fine on its own, it's high end. It's got a high brand name attached to it. I would recommend the product, however. The product works great. It does everything it's supposed to do. There's no issues with it, no real concerns. It's just expensive. I would rate it an eight out of 10 because it does everything it's designed to do, but it is not any better than other industry-leading solution, and it's far more expensive.
If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.
It's difficult to give specific advice on the solution because it always depends on the design solution and the strategy. So what I would recommend is to use different firewalls and to use Cisco ASAv as a border firewall. I would rate this solution as 7.5 out of 10. I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than on ASAv, so that's why I say this. If you want to make things easier for an engineer, you always have to work on the interface. But the product, in and of itself, there's nothing wrong with it.
Senior Network Administrator at a financial services firm with 1,001-5,000 employees
Real User
2019-07-02T06:57:00Z
Jul 2, 2019
As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.
With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward. My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco. I don't have any issues with this solution, so I would rate it a ten out of ten.
IT Specialist at a government with 1,001-5,000 employees
Real User
2019-07-02T06:57:00Z
Jul 2, 2019
This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into. I would rate this solution a nine out of ten.
Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019
I think I can rate this product as an eight out of ten. A strong eight. The newest version of software and solutions often have bugs and functional problems because they have not been rigorously tested in a production environment. It is not the modern, next-generation firewall, but it solidly serves simple purposes. For simple purposes, it's the best in my opinion. I am used to its CRI (Container Runtime Interface) and its environment, so for me, familiarity and stability are the most important advantages.
IT Infrastructure Manager at Beltone Securities Brokerage S.A.E.
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.
Cloud Services Operation Engineer at Informatic Services Company (ISC)
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
On a scale from one to ten, I would rate this product at nine. Cisco ASAv is good in many advanced networking features. I'm working with Cisco. They have competition with many vendors.
Senior System Engineer at a tech services company with 11-50 employees
MSP
2019-06-23T09:40:00Z
Jun 23, 2019
I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. I would rate the solution 8 out of 10.
I am really satisfied with the product and I rate this an 8.5 out of ten. The reason why I wouldn't rate it a ten, is because I find it a little more complicated to set up a firewall for publishing than when using Meraki. I therefore believe there is room for improvement.
Information Security Manager at a financial services firm with 501-1,000 employees
Real User
2019-05-09T16:21:00Z
May 9, 2019
Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively? We chose a different solution after performing in-house testing.
Information Security Administrator at Bank of Namibia
Real User
2019-04-18T09:59:00Z
Apr 18, 2019
For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them. I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight.
In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem. I would rate Cisco ASA NGFW an 8 out of 10.
Network & Security Administrator at Diamond Bank Plc
Real User
2019-04-02T07:02:00Z
Apr 2, 2019
Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency. I would rate Cisco ASA with an 8 out of 10 points.
I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300. I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.
I would advise someone considering this solution to just go for it. It's expensive but it's a robust solution. The only thing is that you have to convince your finance guy to go for it. I would rate it a nine out of ten.
I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me. I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution. Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution. I would give this product a rating of 9 out of 10!
Cisco Secure Firewall stands as a robust and adaptable security solution, catering to organizations of all sizes. It's designed to shield networks from a diverse array of cyber threats, such as ransomware, malware, and phishing attacks. Beyond mere protection, it also offers secure access to corporate resources, beneficial for employees, partners, and customers alike. One of its key functions includes network segmentation, which serves to isolate critical assets and minimize the risk of...
Look at Fortinet's FortiGate for a lower cost and better support for break fixes and configuration assistance. 24 hours, 7 days a week, with techs you are able to understand and they will listen to your issues and work till the issues are completely fixed.Â
Threats that were faced a long time before were based on opened ports and breaches yet now due to AI and machine learning it is no more opening and closing ports but going further to signatures, applications, ransomware and much more intelligent cyber threats.Â
So if you consider ASA then you will be paying money for nothing. The new concept of having a good cyber defense is the NG (Next Generation) Firewall which gives you all the tools to keep your environment safe from any cyber threat.Â
Yet there are a lot of brands but everyone differs from the other with the response time and its manageability to configure, control, monitor & its integration with other systems as long as much more options that differ from one another. ASA is now zero of 10.Â
NG Firewall alone will not protect you 100%. You need to invest in cybersecurity solutions where you can build your architecture on a solid ground that can integrate with other solutions and build on it to unify the communication and the monitoring shields that will keep you proactive.
Being a partner, we work with customers who already have different vendor solutions as well. At times, there are a mix of small SMB sites, which could be, let's say, a grocery. There are smaller stores and there are bigger stores, and at times, they do local DIAs or local internet breakouts. [That's where] you do see some cloud-based or very small firewalls as well, but when you look at the headquarters or bigger enterprises, that is where we would probably position Cisco. [My advice] would depend [on] if they are comfortable with a particular product, if they've been working with a particular vendor. If it's a Cisco shop, or if they've been working on Cisco, or the customers are quite comfortable with Cisco, I would say this is the way to go. Unless they have a mixed environment. It will still depend on the SME's expertise, how comfortable they are, and then looking at the use cases and which products would nullify or solve them. That is where we should position it. My lessons are endless with ASA, but my lessons are mostly toward product knowledge. When you look at the deployment side of things, or for me, personally, when I was TAC, to know how things work internally within ASA—like an A to Z story, and there are 100 gaps between and you need to know those gaps—and then, eventually, you will get to the problem and solve it in minutes rather than hours.
I would encourage people to go for the newer version of Cisco ASA. When you are procuring that device, be sure to look at the use cases you want it for. Are you also going to use it to serve as your remote VPN and, in that case, do you need more than the out-of-the-box licenses it comes with? How many concurrent users will you need? That is a big consideration when you're purchasing the device. Get a higher version, something that is at least three years ahead of being declared end-of-life or end-of-support.
I would rate this solution an eight out of ten.
I rate Cisco ASA Firewall seven out of ten. If you're implementing a Cisco firewall, you must be crystal clear about your business requirements and how a Cisco ASA firewall will address your problem. You need to understand whether this product line contains all the features you need. Can it pass a security audit? Does it integrate with your network device? How scalable is it? Will this solution you're implementing today be adequate in the next three years? These are the questions that you should ask.
My advice to others would be to design it well and get it validated by the Cisco team or by a consulting company. Don't be afraid of the solution because they have skin in the game. It's been in the market for so long, it's like buying a Corolla, as odd as that sounds. If you have a use case for your car where you're just driving from A to B, then get that Corolla and it will suit you well. It will last you 100 million miles. Cyber security resilience is super important. We have super important data and we need to secure it. We're regulated and audited by the government and we're audited all the time. I get audited when I breathe. We have to make sure everything is super transparent and make sure that we have all of the fail-safes in place and done well. We have to be very accountable so that there are no "gotchas."
If it is possible, I would advise others to try out a demo with Cisco to test their firewalls. The biggest lesson I learned from using this solution is that there are many ways to achieve the same outcome. I would rate this solution a nine out of ten.
Listen to your customers and see what their needs are. The whole stack provided by Cisco is a holistic solution for cybersecurity experts, like myself, and companies who are looking to secure their network. You should partner up with a good team to view all products available, which cater and are customized to your needs. We haven't found any gaps where it is lacking. I would rate this product as eight or nine out of 10.
I would rate this solution a nine out of ten because it is a good product that is more stable than others on the market.
To leaders who want to build more resilience within their organization, I would say that the ASA, along with its features, is a good product to have as one of the lines of defense. The solution does require maintenance. We have four network engineers who are responsible for upgrading code and firewall rules, and for new implementations. On a scale from one to ten, I would rate Cisco ASA Firewall a nine. Also, it's a very good product, and it compares well to others.
ASA morphed from being just a traditional firewall, when they introduced the Firepower Next-Generation Firewall side. There has also been progress because you can reflash your old ASAs and turn them into an FTD (Firepower Threat Defense) solution. So you've got everything from your traditional ASA to an ASA with Firepower. Cisco ASA has been improved over time, from what it was originally to what it is now. Your investments are being protected by Cisco because it has moved from a traditional firewall through to being a next-gen firewall. I'm a fan of ASA. I think ASAs are coming towards the end of their lifespan and will be replaced by the FTDs. It's only a matter of time. But there are still a lot of Cisco customers who use ASAs, so migrating that same level of knowledge those customers have of the ASA platform across to the FPR/FTD image, will be a challenge and will require investment.
I would rate them as nine out of 10.
What it's been configured to do, it does it well. I would rate this solution a nine out of ten.
We are also using Cisco AnyConnect, Umbrella (as a cloud proxy), and ISE. We have between five or six antivirus, proxy, anti-malware, data loss prevention, VPN client, and firewall tools. I would rate this Cisco product as six out of 10.
The Nextgen firewalls have a good IPS, but that IPS part wasn't very configurable using the ASDM. Later, they introduced the FMC (Firewall Management Center) and we could integrate the ASA with the FMC and get the IPS configured from the FMC GUI. That was good, but you needed two things to monitor one box. For the IPS you needed an FMC server, and for the firewalls, you needed the ASDM or the CLI. In terms of integration with other solutions, it is a simple firewall that is integrated with the syslog servers and the SNMP monitoring from the NMS. Those types of simple things work very well. I haven't worked with much integration beyond that. You can't attach that many feeds to it. That's more a function of the Next-Generation Firewall with the IPS and FMC. SecureX is a relatively new cloud-based solution. It's been around for one or two years. It's offered for free if you have any Cisco security solution. It encompasses ADR and NDR. The clients I work with in Pakistan are mostly financial institutions. Because it's a cloud-based security solution, they are not interested. They want on-prem solutions.
I rate Cisco ASA Firewall eight out of 10. Cisco offers a great educational series to train users on their devices.
ASA Firewalls aren't the last firewalls from Cisco. They are out of date.Â
IÂ recommend checking the FirePower Cisco firewalls. They are the last generation firewalls.
It is a very good firewall for small companies that don't want to do deep packet inspection at Layer 7. It is not easy, but you can manage it. You should know how to use the command-line interface. Otherwise, it would be difficult to work with it. For Cisco ASA Firewall, there will be no improvements because they will not make these firewalls anymore. They want to make changes to the next-generation firewalls, and they are killing the old ones. I would rate Cisco ASA Firewall a 10 out of 10. I like it very much.
I would not recommend Cisco. I rate Cisco ASA Firewall a six out of ten.
I would rate Cisco ASA Firewall a nine out of 10.
I wouldn't recommend this solution because it is already considered to be a legacy firewall. I would rate Cisco ASA Firewall a strong eight out of 10. It is powerful, but it lacks some of the capabilities.
I would advise understanding its features, advantages, and disadvantages as compared to other solutions. It is simple, but its cost is a negative point. I would rate Cisco ASA Firewall an eight out of 10.
Well, we have used this product for 10 years, in addition to the WatchGuard product.
According to new needs and increasing threats, a combination of more sophisticated products could be necessary now.Â
We're just a customer and an end-user. We no longer have an SLA for this solution. We're potentially looking for something new. I'd recommend the solution to others. It works well. It's durable and fast and you don't have to check up on it daily as it is rather reliable. That said, it is pricey. In general, I would rate the solution at a seven out of ten.
I would recommend this solution to others if they are not specifically looking for URL filtering and want to use it for their infrastructure. It is a perfect and very reliable solution, but it lacks when it comes to URL filtering. I would rate Cisco ASA Firewall a nine out of ten.
My advice to those wanting to implement the solution would be that implementations sometimes do not go as planned. You need to do your research to be prepared. We are evaluating other solutions because this one is getting close to its expiration. There are no other technologies out there that offer better features than this ASA solution. I rate Cisco ASA Firewall a six out of ten.
We are just a customer and an end-user. I'd rate the solution at an eight out of ten. Obviously, you need to have one tech person on your online when you are configuring it, or just implementing when you are integrating with your live environment and organization. My advice is that the configuration is easy when a network engineer like myself handles it. A trained person is more than capable of the task. Other than configuring, a less technical person can manage the solution.
I rate Cisco ASA Firewall a six out of ten.
It is a good solution for a big traffic load, but its management is not very easy. FortiGate is better in terms of management and user-friendliness. I would rate Cisco ASA Firewall an eight out of ten.
I would advise new users to look at next-generation firewalls like FTD or other models from Cisco. It's better than Cisco ASA. Cisco ASA Firewall isn't a next-generation firewall. On a scale from one to ten, I would give Cisco ASA Firewall an eight.
My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.
We're both a customer of Cisco and a reseller. This month we plan to upgrade from our existing hardware. Overall, we've been happy with the results we've gotten. I would rate the solution at a nine out of ten.
We have a gold partnership status with Cisco, however, we are also partners with companies such as Fortinet and Palo Alto. For a next-generation firewall, I would likely recommend Palo Alto. However, if a company had the budget, I would recommend Fortinet. That said, for a VPN gateway, I would recommend Cisco ASA. In general, I would rate Cisco's ASA Firewall at seven out of ten.
This is a product that I would recommend to others. I would rate Cisco ASA Firewall a nine out of ten.
I have used many versions of the software over the years, versions 8.6 to 9.1 and 9.9 to 9.12. Keep in mind before purchasing the solution, if you do need to scale the solution then ASA is probably not right for you. I rate Cisco ASA Firewall an eight out of ten.
I'm not overly familiar with ASA. I only work with it on an administration level. I work with the latest version and I use the ASDM version server. I wouldn't recommend that an organization choose ASA as a solution. They should look into other options. Overall, I would rate the solution at a six out of ten. We haven't had the greatest experience.
I would recommend Cisco ASA Firewall to potential users. On a scale from one to ten, I would give Cisco ASA Firewall an eight.
I would rate this solution a nine out of 10.
Overall, I am pretty satisfied with this product and I recommend it. I would rate this solution a ten out of ten.
We support ASA 5508, 5585, and 5525 - all the versions of the firewall. Again, we built a HTAB machine too. We've worked with Cisco for many years and I love working with them. Right now, ASA is getting older. A better recommendation may be to use Firepower, a Next-Generation Firewall, no ASA. In cases for some remote VPN access, we recommend ASA, however, for all of the deployments, the recommendation now is to use a Next-Generation Firewall from Cisco Firepower. Overall, I would rate the solution at a seven out of ten. That said, for remote access alone, I'd rate the product at a nine.
I can recommend this product because it is one of the most stable firewalls on the market. The suitability, however, depends on the environment and what is needed. I would rate this solution an eight out of ten.
Cisco ASA is a product that I can recommend for its stability. I would rate this solution a nine out of ten.
In summary, this is a good product and I recommend it. I would rate this solution a nine out of ten.
Our company has a partnership with Cisco. We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated. Overall, I would rate the solution at a nine out of ten.
Cisco ASA Firewall is a good product. I would recommend it to others who are interested in using it. I would rate it a seven out of ten.
I would definitely recommend this solution. You just have to learn how to configure it. It is a Cisco solution, and there is not much to be improved. I plan to keep using it and expand its usage. I would rate Cisco ASA Firewall an eight out of ten.
I would not recommend this solution. The technology is old and they should move to Firepower or NextGen Firewall. I would rate the Cisco ASA Firewall an eight out of ten.
I would absolutely recommend this solution. It is a very straightforward and reliable solution. I would definitely like to propose and offer this solution to other colleagues. Cisco doesn't have any plans to develop this kind of solution more. Cisco ASA Firewall will not be developed in the future. The next-generation firewall is the next step in the development of the Cisco firewall. For this reason, we are investigating the possibility of migrating to another product. I would rate Cisco ASA Firewall a nine out of ten. We are very happy with this solution. It is very straightforward and reliable, but it is quite a legacy solution and lacks performance.
I would recommend this product. I suggest this solution to my colleagues because it is a great product and is really stable. When looking at other products in use in other companies this product is superior. I rate Cisco ASA Firewall ten out of ten.
I would suggest to be sure that it smoothly integrates with the infrastructure that you have. Try to take advantage of the DNA subscription and the new monitoring features that it has. Be informed about what's new with this product. I would rate Cisco ASA Firewall a nine out of ten.
My advice to anyone considering Cisco ASA Firewall is that you need a lot of money to implement the Cisco solution. But it's a good solution. If you want to go to Cisco, you need a lot of money.
This is a product that I can recommend to others. I would rate this solution a ten out of ten.
For those who have the technical know-how with Cisco products, I would recommend going with the ASA firewall, but if you're new to the field and running a smaller business, deployment will be complicated. I would rate this solution a nine out of 10.
At this point, Cisco ASA is not a product that I recommend. My advice is that people should look at other solutions because there are other products available on the market that are just as good, if not even better. I would rate this solution a seven out of ten.
We're just customers. We use it in our office and suggest it to clients. However, we don't have a business relationship with Cisco. We try to adhere to our client's needs, and therefore, if they specify hardware they want to use, like Fortinet, we tend to accommodate them. That said, if they ask my opinion, I usually recommend Cisco ASA. I know a lot about the product and I'm good at controlling everything. I have a lot of knowledge and understanding after working with it so closely. That's why I tend to favor it when my customers ask for advice. Overall, I would rate the solution seven out of ten. If the user interface were a bit better, I'd rate it higher.
My suggestion for anybody who is looking at Cisco ASA is to work with the vendor, as they have newer products. I would rate this solution a seven out of ten.
I would rate this solution a ten out of ten.
My advice for anybody who is implementing Cisco ASA is that it is not very difficult to deploy and not very difficult to understand how to continue adding more rules to it. I would rate this solution an eight out of ten.
I would rate Cisco ASA Firewall a seven out of ten. It needs improvement in terms of a few features and cost-friendliness.
We're partners with Cisco, Fortinet, and Palo Alto. I work with on-premises deployments and virtual firewalls, however, I don't use the cloud. The solution works well for medium-sized enterprises. Overall, I would rate the solution nine out of ten. I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.
Cisco ASA Firewall Is not as much of a plug and play solution as some of the others. You just need to make sure that you do your research. On a scale from one to ten, I would give Cisco ASA Firewall a rating of nine.
We are the customer. We are in the oil and gas business. We don't have a business relationship with Cisco. I'd recommend the solution to others straight away. It's more or less a very standard option here in Pakistan. Overall, on a scale from one to ten, I'd rate the solution at an eight.
We're Cisco resellers. We're always on the latest version. I don't actually keep track of the version numbers myself, however, part of what the service that we provide for our clients is updating their firewalls to the latest version. We use multiple deployment models. We use both on-premises and cloud versions. They are also all different sizes, according to the requirements of the company. I'd advise other companies considering Cisco to be sure to factor in the cost of the ongoing security subscriptions and the ongoing SmartNet into the purchase price. Those things, over the years, represent more than the cost of the firewall itself - significantly more. However, I'd advise others to get the security subscriptions due to the fact that it really dramatically increases the security of the solution overall. On a scale from one to ten, I'd rate them at an eight. We love the product, however, we feel like it's not Cisco's future direction, which is the only reason I would downgrade its score. To bring it up to a 10, they'd have to make it their main product line again, which they aren't going to do.
We're just customers. We don't have a business relationship with Cisco. It's a very good solution. I'd recommend it to other users. Overall, I'd rate it seven out of ten. Although I can't speak to the pricing, I've found the solution works quite well for us. I'd rate it higher if it could integrate a bit better with other solutions.
They should incorporate it with FortiGate, or Sophos firewalls. If they are looking for a layer 7 type of security then they need to go with another solution. I would rate Cisco ASAv a nine out of ten.
I would rate Cisco ASAv a six out of ten.
We use this solution with Cisco CPEs and background routers. These work well together. We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now. We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD. I would rate the product as an eight (out of 10).
My advice is "go for it," 100 percent. If ever I was told to implement a network, ASA would definitely be part and parcel of the solution. The biggest lesson we've learned from using the product is about the rapid growth of the product's offerings. In terms of the maturity of our organization's security implementation, I would like to believe that we are about midway. We still need to harden our security. We need to conduct penetration testing every two years and, resources permitting, maybe yearly. The guys out there who do cyber security crimes are becoming more and more advanced, so there is a need for us to also upgrade our security. We have a two-layer firewall setup, which is what is recommended as the standard for the payment card industry. We probably need solutions linked with cloud providers from the likes of Cisco, and to put in some bank-grade intrusion detection solutions. Because we have already adopted two technologies, Cisco and FortiGate, we might be looking at solutions from those two providers. We're also looking at end-point security solutions. We've been using the one which comes with our Office 365 and Microsoft product, Windows Defender. We are going to be trialing their new end-point management solution. We are trying to balance things from a cost point of view and providing the right level of security. In addition to Windows Defender and the firewalls — ASA and FortiGate — and the network access control, we also have SSL for the website. As for application visibility and control, currently we're just using logging. We don't have the Firepower installed, so it's just general logging and scheduled checks here and there. As for threat visibility, for us the ASA is a perimeter firewall. Behind that firewall we have an IDS and an IPA. We actually have the license for Firepower but we haven't implemented it; it was just an issue of priorities at the time.
It's very good to get partner support if you're not very familiar with how Cisco works. Cisco Certified Partner support is a priority. For application visibility and control we're using a WAN optimizer called Silver Peak. To replace the firewalls within our data center we're planning to put in FMCs and FTDs. With the new FMCs what I like is that you don't need to log in to the firewalls directly. Whatever changes you do are done on your FMCs. That is a much needed improvement over the old ASAs. You can log in to the management center to make any configuration changes. There are two of us managing the ASAs in our company, myself and a colleague, and we are both network specialists. We plan to increase usage. We're a company of 650 employees and we also have consultants who are coming from outside to gain access to certain services on our network. We need to make provisions on the firewall for them.
Cisco firewalls are not for kids. They are for people who understand security. Now I know why people with Cisco training are very good, because they train you to be competent. They train you to have ability. And when you have ability, their firewall becomes very easy to configure. When Cisco is teaching you, Cisco teaches you the concept. Cisco gives you a concept. They don't focus on how to configure the device. With Fortinet, for instance, Fortinet teaches you how to configure their device, without giving you the concepts. Cisco gives you the concepts about how the technology is working. And then they tell you how you are going to configure things on their box. When you are an engineer and you understand the technology from Cisco, it means that you can drive everything, because if you understand Cisco very well, you can work with FortiGate. If you understand security from Cisco, it means that you can configure everything, you can configure every firewall. This is why I like Cisco. When it comes to other vendors, it's easy to understand and it's easy to configure, but you can configure without understanding. And when you configure without understanding, you can't troubleshoot. To troubleshoot, you need understanding. I'm a security analyst, so I deal with everything about firewalls. I'm talking about ASA firewalls, and I'm talking about ASA with Firepower, FTD, and Cisco Meraki MX. When it comes to security tools I am comfortable with Cisco and everything Cisco. One of our clients was using Cisco ASA. They got attacked, but I don't think that this attack came from outside their company. They were managing their firewall and configuring everything well, but they were still getting attacks. One of their employees had been compromised and his laptop was infected. This laptop infected everything in the organization. So the weakest link can be your employees.
Cisco ASA is a very robust solution. It does its job and it has all the top features. If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning. It lacks when it comes to the configuration steps and the pain that that process is. You need to spend loads of time with it at setup. Overall, it does everything they say it does. It's a very good solution but don't only go with the ASA. Go for Cisco Umbrella and join them together. If you have remote employees, go for AnyConnect to be more than secure in your infrastructure. You cannot do everything with Cisco Defense Orchestrator. You have a few options with it but cannot do everything from the cloud if you are connected with the console of a device. You don't have all the same options, you only have some options with it. For example, you can manage the security policies, all of them, from the cloud. However, not all the settings and all the things you can do when in front of the device are available with CDO. What you see is what you get. Most companies using ASA are big companies. They are not SMB companies. There are very few SMB companies using it. There are the banks and consulting companies, the huge ones. Usually the ASAs are for massive companies. Our reality in Portugal is a little different. I was at a Cisco conference here in Lisbon and the guy said, "Oh, we have this solution," — it was for multi-factor authentication — "and we have different licenses. We have a license for 40,000 and for 20,000 users. And I was thinking, "This guy doesn't know Portuguese reality. There are no companies in Portugal with 40,000 employees." Large companies who do use ASA use various security tools like IPS and Layer 7 control. From my experience, and from common sense, it's best to have solutions from different vendors joining together. The majority have defense products for the deterrent capacities they need to achieve security. Our clients also often have Cisco ISE, Identity Service Engine. It's a NAC solution that integrates perfectly with ASA and with AnyConnect as well. As for future-proofing your security strategy, ASA is the perfect solution if you integrate other Cisco solutions. But the ASA alone will not do it because it does not handle some of the core issues, like full visibility of the network, the users, the machines, the procedures, and the applications, in my opinion.
My advice is to take care of and monitor your policies and be aware of the threats. You also have to be careful when changing policies. When you do, don't leave unused policies around, because that will affect performance. You should have audits of your firewall and its policies and follow the recommendations from Cisco support. Among the things I have learned from using Cisco ASA is that integration is easy, especially with Cisco products. And the support helps you to integrate with anything, so you can integrate with products outside of the Cisco family as well.
If you're looking for a complete solution, such as URL filtering and threat protection, we recommend Palo Alto firewalls, but this Cisco product is also good. We are using three to four security tools: one for web security, and another tool for application security, and another for email security. For email we have an Office 365 email domain so we are using other tools for that. For firewall security we are using Cisco ASA, Palo Alto, and Fortinet for protecting our business. We have about 15 people on my team managing the solutions. They are network admins, and some are in security.
I would recommend this solution. If you have the money, it's a very stable product. Make sure to keep critical spare parts. You might have for instance some modules that will need acceleration cards and those types of things. I would rate it a nine out of ten.
The biggest lesson I've learned so far from using the next-gen firewall is that it has visibility up to Layer 7. Traditionally, it was IP or port, TCP or any protocol we were looking for. But now we can go all the way up to Layer 7, and make sure STTP traffic is not a bit torn. That was something that we did not have before on the up-to-Layer-3 firewall. Do your research, do your homework, so you know what you're looking for, what you're trying to protect, and how much you can manage. Use that to narrow down the devices out there. So far, in our environment, we haven't had any issues with the ASA firewalls. From the first-gen, we have seen that they are pretty good. We are pretty content and happy with them. The solution can help with the application visibility and control but that is one portion we have really not dived into. That's one of the things we are looking forward to. As a small utility, a small organization, with our number of employees available, we can only stretch things so far. It has helped us to identify and highlight things to management. Hopefully, as our staff grows, we'll be able to devote more towards application visibility and all the stuff we really want to do with it. Similarly, when it comes to automated policy application and enforcement, we don't use it as much as we would like to. We're a small enough environment that we can do most of that manually. I'm still a little hesitant about it, because I've talked to people where an incident has happened and quite a bit of their devices were locked out. That is something we try to avoid. But as we grow, and there are more IoT things and more devices get on the network, that is something we'll definitely have to do. As DevNet gets going and we get more involved with it, I'm pretty sure more automation on the ASA, on the network side and security side, will take place on our end. We do find most of the features we are looking on the ASA. Between the ASA firewall and the Sourcefire management console, we have pretty much all the features that we need in this environment. In terms of how the solution future-proofs our organization, that depends. I'm waiting to find out from Cisco what their roadmap is. They're still saying they're going to stick with ASA 55 series. We're also looking at the Sourcefire FireSIGHT product that they have for the firewalls. It depends. Are they going to continue to stick with the 55s or are they going to migrate all that into one product? Based on that, we'll have to adjust our needs and strategize. If I include some of the hiccups we had with the 5506 models, which was a sad event, I would give the ASAs a nine out of ten.
The biggest lesson I've learned from using the ASAs is the fact that they can do a lot. It's just figuring out how to do it. We don't do a lot, although once in a while we will do something a little interesting. These things can do more than what we're using them for. It's just a matter of our trying to figure it out or getting with our Cisco rep to figure it out. My advice would be to have a good handle on your rules and, if you can, take the upgrades easily. We have desktop security, application security, and then we have Umbrella. We use five or six different tools for security, at least. It would be nicer to have fewer but as far as I know there isn't one tool that does it all. We do application firewall rules where it does deep packet inspection and looks at certain things. We don't use it as much as we should, but we do application inspection and have rules that are based on just an application. We usually have two people on a call when we do maintenance, and we usually have Cisco involved. It's usually me and a colleague who is also a network/security engineer. I would rate the ASA overall at eight out of ten. The thing that comes to mind with that rating is the code. As I said, we just upgraded to 6.4.04 and we ran into a handful of bugs. We've done upgrades before and we've run into a bug as well. Just last week, we finished upgrading, and I still have one final service request, a TAC case, open. I had four open at one point. That's at the forefront of my thoughts right now.
Think before you buy, as this solution can be your success or failure. Always work with professionals and not promoters.
For any organization looking for a secure solution that can be deployed in their domain or infrastructure, my advice is to go with Cisco Next-Generation Firewalls because they have a complete bundle of security features. There is a single pane of glass with complete management capabilities and analytic features to understand and gather information about the traffic. The lessons that most of our clients have learned is that in deployment it is easy to configure and it is easy to manage. It's quite stable and they do not get into difficulties in terms of day-to-day operations. We haven't faced any problems with this product. Compared to other OEMs, such as Juniper and Fortinet, Cisco's product is excellent. There are no bugs and I don't see any lack in terms of backend and technical support. In my opinion, at the moment, there is no room for product enhancement. Most of the users are system administrators working on their own domains. The minimum number of users among our clients is a team of 15 to 20 we have clients with up to 700 users at the largest site. The product is quite extensively used in each department, to protect assets and data centers. We are using the attack prevention engine and URL filtering is also used at most of our sites. We are also using it for data center connectivity and for offloading transactions. I would rate Cisco at ten out of ten for the functionality and the features they provide.
My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets. This is a very good solution but it is not perfection. I would rate this solution a nine out of ten.
This is the number one firewall product that I recommend. I would rate this solution an eight out of ten.
In the future, I would like to see friendlier configuration and only one license because everything needs a license. You need a URL license, security license, everything is based on a license. I would like to have one license that covers everything. But I am really impressed by the program and my rating is nine out of ten.
We are using the on-premises deployment model. My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product. I would rate the solution nine out of ten.
I would advise someone considering this solution to have a technical support or maintenance contract with the vendor or a third-party to help maintain the product. Without help with maintenance, there is no value to the product. You should have a good technician and admin support for all this product in order to maximize the value and benefits. I would rate it an eight out of ten.
On a scale of one to ten with one being worst and ten being best, I would rate Cisco SourceFire Firewall as a nine. It could easily be a ten if it had a better GUI interface. As far as making recommendations to other people about the product, I recommend they buy it if they need an enterprise solution. Also, I would recommend other Cisco solutions like Cisco AMP (Advanced Malware Protection). I think most large companies that require strong security should always use Cisco because it's stable, scalable, and has many features. Enterprise organizations will benefit from Cisco because their business requirement will be more complicated and require a better solution and more flexibility. I think all the companies should use Cisco because it's number one the market and has the best security, better stability, and better scalability.
They really need support for deployment. I would rate this solution nine out of 10 because I think if you have the budget and you plan it properly I think you won't have the initial deployment problems I faced.
I would just say that it's expensive. The product is fine on its own, it's high end. It's got a high brand name attached to it. I would recommend the product, however. The product works great. It does everything it's supposed to do. There's no issues with it, no real concerns. It's just expensive. I would rate it an eight out of 10 because it does everything it's designed to do, but it is not any better than other industry-leading solution, and it's far more expensive.
If people want to build a solid security solution for their company, I think this solution is the best but it would depend on the configuration of your company. For a good company to have a good solution for security, you can choose the Cisco firewall for that and be confident. I think I can give that product an eight out of ten. It comes down to the user interface. It needs to be easier so that more people can quickly develop the skills to manage the product. It would be better for us right now for more people to have certification or to just develop the skills to use the product. But if Cisco made it easier and took away the need for certification, it would be easier for us to use company-wide and have more people involved.
I would recommend this solution. I would rate this solution as eight out of ten.
It's difficult to give specific advice on the solution because it always depends on the design solution and the strategy. So what I would recommend is to use different firewalls and to use Cisco ASAv as a border firewall. I would rate this solution as 7.5 out of 10. I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than on ASAv, so that's why I say this. If you want to make things easier for an engineer, you always have to work on the interface. But the product, in and of itself, there's nothing wrong with it.
As far as rating this product, I would give it a nine out of ten. The only real drawbacks are the lack of multi-monitoring and not really having clear instructions prior to jumping in and implementing it.
With this solution, we have everything that we need. I don't know about other people's use cases, but ours is pretty straightforward. My advice to anybody researching this type of solution is to stick with Cisco products, no matter which one it is. We've had pretty good luck with everything from Cisco. I don't have any issues with this solution, so I would rate it a ten out of ten.
This is a very straightforward firewall. There is a management platform with its own operating system. Just make sure that everything is set up properly for your uplink switches because that is an issue that we ran into. I would rate this solution a nine out of ten.
This is a good product from a trustworthy vendor, but it is not perfect. I would rate this solution an eight out of ten.
I think I can rate this product as an eight out of ten. A strong eight. The newest version of software and solutions often have bugs and functional problems because they have not been rigorously tested in a production environment. It is not the modern, next-generation firewall, but it solidly serves simple purposes. For simple purposes, it's the best in my opinion. I am used to its CRI (Container Runtime Interface) and its environment, so for me, familiarity and stability are the most important advantages.
The functionality is fine. When they prove to me they cannot be hacked then I can give them a ten. I would rate this solution as eight out of ten.
I rate this solution an eight out of ten and I would definitely recommend it to other users. If the developers would add a reporting dashboard, and perhaps lower the pricing, I will rate it higher. But overall I am really satisfied with Cisco ASAv.
On a scale from one to ten, I would rate this product at nine. Cisco ASAv is good in many advanced networking features. I'm working with Cisco. They have competition with many vendors.
I would advise that If you want something robust, a good hardware solution, I think it's competitive and you have a good warranty, you have to choose Cisco. I would rate the solution 8 out of 10.
I am really satisfied with the product and I rate this an 8.5 out of ten. The reason why I wouldn't rate it a ten, is because I find it a little more complicated to set up a firewall for publishing than when using Meraki. I therefore believe there is room for improvement.
Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively? We chose a different solution after performing in-house testing.
For the Cisco ASA NGFW, it is a bit more expensive than other products, but their method is a lot more stable in my experience. It has all the features that you would need in a next-generation firewall. They are always developing new features and introducing them. I don't have anything that I'm currently missing with Cisco. On a scale from one to ten, I would rate the product at eight.
In Georgia, there is no problem using the Cisco firewall, because it's accessible. You cannot use other products, because they are not accessible. That's the whole problem. I would rate Cisco ASA NGFW an 8 out of 10.
Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency. I would rate Cisco ASA with an 8 out of 10 points.
I always encourage our existing customers to move to the Cisco ASA Firepower version, i.e. the next generation Firepower like 2100, 4000, or 9300. I would rate Cisco ASA an eight out of ten. An eight and not a ten because some of the features are limited and some are awful. We had to install other solutions for security and had to spend a lot on other hardware. Other vendors like Fortinet or Palo Alto Networks focus more on offering complete solutions.
I would advise someone considering this solution to just go for it. It's expensive but it's a robust solution. The only thing is that you have to convince your finance guy to go for it. I would rate it a nine out of ten.
I would recommend the product, but cost is a big factor. Some companies cannot afford expensive products, like Cisco and Palo Alto.
I am satisfied with the current facility and the management environment of the Cisco ASA, it's great for me. I think that the cost would be the main factor when evaluating solutions since some of the companies or some of our clients ask about costs upfront. Once the client has made their initial request and inquired about any subsequent subsystem connectivity integration ideas, they always want to know how much everything will cost. The deciding factor is mainly based on the price point of the total user solution. Overall, the criteria that we consider when constructing an integration decision depends largely on the client company we are working with. We evaluate clients based according to their size, industry function, and the total budget that would be recommended for an effective solution. I would give this product a rating of 9 out of 10!