Cisco Secure Firewall Reviews

We use it for our university department firewall. It replaced our 12-year-old Cisco ASA 5520, which used to protect web servers, mail servers, SVN repositories, office computers, research computers, and computer labs. It was used for blocking the internet for exams. It was not used for IPS, so we did not buy the new threat protection or malware license. We connected it to a Layer 3 switch for faster Inter-VLAN routing.

It works better through specs than our old ASA 5520. It seems to perform the same functionality unless you buy the additional threat protection licenses, so this is a disappointment. I found a bug where the ASDM could not be used with Windows 2016, but it did work with Windows 10.  

• Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. 
• I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall.
• Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events.
• I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed.
• I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS.
• I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type.
• It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated.
• The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI.
• While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings.
  

• It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center. It would be nice to have a Windows program instead of a virtual appliance for the Firepower Management Center.  The ASA and Firepower module seem redundant, not sure which one to set the rules in, but maybe that was for backward compatibility. I am not sure that is very useful.
• It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it.
  
• 10Gb interfaces should be available on more models. 
  

ASA pricing seems high compared to other firewalls, such as the Sophos XG models. 

The licensing features are getting more complicated. These should be simplified. 

I am using Cisco ASA as the firewall for my business to guard the boundary of my business. It has been very helpful in my sector of media with my clients, essentially focusing on how secure their data is, especially when we are working on a few projects which involve multiple citations across Europe. 

Our content, which is the main asset for our firm, is pretty elusive behind the firewall of Cisco ASA.

It has improved my client's trust. 

VPN load balancing: This has been particularly essential for my connections to integrate via multiple time zones.

I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info and wasted some operational costs. I would like to advise others to please be wary from the start.

It was initially heavy on my pocket, but it soon actualised its worth.

We use it as a firewall and it has performed adequately.

It allows the securing of various network segments, based on use.

DMZ segmentation, and IDS and IPS.

It is fairly stable. However, Cisco suffers from some integration issues with other products, but this product, as a standalone, is fine. There is a problem with the Cisco Catalyst Switches in terms of assembling bursts and having them interact properly with the Cisco Firepower.

The scalability is good.

Tech support has been good.

We've been using Cisco. Prior to this it was Cisco ASA. This was the next evolution.

When selecting a vendor it is important that they have positive industry feedback, that they are a visionary leader.

I was involved in the initial set up and it was complex.

I give this solution a seven out of 10. Some of the tools are still a little bit difficult to use.

Remote network access: We primarily use ASA for VPN, NAT, PAT routing, SLA, and multiple ISP providers.

Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix.

ASDM provides GUI for configurations. ASDM has made configuring ASA easy. No need to memorize CLI commands.

• UTM features would be nice or some NextGen features. 
• The ASA has become a bit old and needs updating.

The primary use case is for edge firewall at multiple locations and remote access VPN. We use these for security and have them integrated with Splunk/QRadar.  

Edge security and Sourcefire have been nice. Sourcefire was a major improvement over the legacy IDS that it previously had. 

Sourcefire has been a great addition. The visibility and control have been nice. 

I also like the active/standby HA. 

The solution has two separate GUIs and at least three different CLIs (ASA CLI, Sourcefire CLI, and Firepower Management Center CLI). In addition, ASDM plus Firepower Management Center GUIs. If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great. 

Also, AnyConnect is very difficult to manage and use. 

The gateway firewall is where we use it the most.  

The firewall and policy side are easy to use. 

IDS.

Make the IPS baked-in. It is a good firewall, though not NextGen.

We use it to protect the perimeter of the network.

It is reliable, and does the job that it is supposed to be doing.

• IPS
• Antivirus
• IP filtering

it is not very user-friendly for the administration.

The Cisco solution that we have now is very stable. That is why we are interested in continuing with the Cisco solution and upgrading to the next generation.

It can be used by multiple users.

We use the technical support of Cisco through a partner, so I do not have direct access to the Cisco IT technical support.

We just shortlisted Cisco and Fortinet.

We needed a Cisco technician to do the initial setup. We had to outsource the implementation.

We need to upgrade our security requirements due to the new security requirement applicable in Europe (from GDPR) and the cyber security guidelines for our vessel (we are a US shipping company). 

Most important criteria when selecting a vendor: familiarity, reliability, and price.

I have been using the 5510 a lot, and have been working with it for many years. I have also used the 5505 and other firewalls.

It is much better than most of the other firewalls that I have worked with.

It needs more tunneling capabilities. 

It is worth every penny that we have invested in it.