Cisco Secure Firewall Reviews

Robustness

Reliability

No idea -- I learn a lot from them

From 2000 until 2014

Learning at the beginning

Nope -- If well planed you should be alright

Price maybe...

Excellent

Excellent

Not reliable for long term -- seem inferior quality

Depends on the product and the knowledge. Cisco firewalls can be difficult at first but once learned it's fine.

Me, I implemented the firewalls, Cisco switches and routers.

100% in some installations it exceeded the time predicted to keep up with the work load.

Netscreen, Netgear, Checkpoint, others..

Plan well the hardware requirements for future growth and heavy usage.

Firewalling is the most valuable feature. We wanted a back-end/internal firewall solution, and the Cisco ASA 5525 was great.

It has taken the pressure off of the IS engineer.

• URL
• AVC
• Advanced malware protection

We've used it for two years.

There was an issue, but it was rectified promptly after troubleshooting the device's configuration.

There were no issues with the scalability.

We've not had any issues scaling yet.

I think it is great but did not use them for this deployment.

I've not had to use them yet for this deployment.

There was no other solution in place.

It was straightforward.

I did the implementation with my colleagues.

It's not really quantified, but we have not experienced downtime due to attacks.

There were no other solutions looked at.

• It provides our company with security and protection on all our devices.
• It's highly available.

We're able to implement best security practices to secure our company data.

We've used it for over seven years.

We had some issues during deployment.

No issues encountered.

No issues encountered.

Customer service is excellent.

Technical support is excellent.

It was a little complex, but not so much that we couldn't figure it out.

I was the implementor for a client.

It's excellent.

Depends on the customer's budget, but we evaluate all vendors that meet the them. It's a mission-critical product.

I give it a thumbs up.

It gives us the ability to do lan-to-lan VPN.

So far it has proven to be rock solid and relatively easy to maintain.

• Support for automation tools (Puppet)
• More granular logging

I've used ASA for four years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10

8/10

We moved our VPN termination from a Cisco ASR to an ASA. We switched because the ASR was not scalable and we realized it was a bad idea to use the same device for routing and VPN termination.

The most complex part was figuring out the failover and what NAT mode to implement.

We did it in-house.

Licenses and prices are pretty high. I understand the validity of the product, so I can't complain much.

No options were evaluated. We heavily rely on Cisco hardware for our infrastructure

I'd say it would be very beneficial to posses certification such as CCNP Security, at least, to get the most out of it. It's a complex product which requires good knowledge of procedures and best practices. Being a CCIE R&S I know the value of those certifications, and I wish I had a CCNP Security to better handle the task.

Cisco ASA's CLI is very effective and fast to configure the firewall and make changes, but monitoring logs and connections can be eye bothering by reading all the line outputs. ASDM, however, have improved the overall ASA configuration from an GUI standpoint. I really enjoy the log monitor where I can see live logs in a more user friendly interface. The down side of ASDM is that it is build with JAVA and that means a lot vulnerabilities and it does not always work with the latest JAVA version and/or patches.

The packet tracer function, which I use the most, have provided me a packet flow through the firewall and see which rule or policy can cause a drop. Also, I can see if my NAT statement is working properly. This has allowed me to quickly troubleshoot potential firewall related issues for my organization.

L7 firewall is a key for the ASA to be competitive in the current and future market place. By integrating with SourceFire, now call FirePower, on the ASA has helped it to get into the next-generation firewall segment.

It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest way.

It blocked all kinds of internet attacks from outside like DOS or DDOS and avoided any down time. We created a remote tunnel from head office to data center network for easy access of servers that make working fast and they are easily manageable.

It would be great if they would add web filtering functionality to this product.

5 years

No

No

No

Excellent

Good

It is a little difficult in newer IOS versions where the use of the NAT command is different. Otherwise its straightforward to configure.

I deployed it in-house with my team.

This solution reduces any downtime therefore business continuity is not disturbed - that is ultimately ROI.

It is one time cost of about $10,000 and there is no day to day cost.

Yes, I evaluated Fortigate, SonicWall and Juniper but found Cisco ASA to be the best solution for us above all of the others.

Cisco ASA is a reliable product and it benefits you a lot in your network.

It's a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM.

• Easy to setup VPNs
• Firewall ACL
• Easy to modify
• Easy to perform maintenance

The ADSM is incompatible with different versions of Java.

I've used it for six years.

I have issues with some versions of Java and ASDM.

It's high.

It's high.

I used a Cisco 881 router as a firewall and VPN solution. ASA allows conformity and various amounts of functionality in work.

It can be complex, since a lot of CLI commands are different with respect to the CLI of IOS routers.

We implemented ASA without vendor support. For first time implementation, it is good to have someone with ASA experience involved.

Prices could be a little bit lower to make the product more accessible.

NGFW: VPN (IPSec, SSL), NAT (provides great flexibility)

NGIPS: Application visibility, file policies (store files), network discovery, correlation features

SSL decryption for modules. Although I think it is better to separate SSL decryption as a service from the software module since it requires additional hardware, but I think it would be great if there is an option to use the ASA (not the software module) to decrypt the SSL.

Ex: Add a license to decrypt SSL traffic on the ASA itself. The ASA already supports SSL VPN. So if SSL decryption can be integrated that would be nice.

5 years+

Basic setup is easy, but if you need to do some advanced stuff, it can be intuitive, but some things require some kind of tutorial to understand how it can be done. Good thing is that this device is becoming popular and there are many 3rd party free tutorials and guides that can help.

I heard about defect that were encountered by my colleagues, but not something that cannot be fixed using an upgrade.

Clustering is available for ASA with firepower services.

Also for firepower appliances, there is stacking available for some models.

Great support. The engineers know what they are doing.

10/10

No

Well, it is straight forward as long as you understand the components available.

ASA can be configured using the CLI or ASDM.

For the Firepower you will need to use a FireSIGHT as a management solution.

Since you will be using two GUIs, I wouldn't call it straight forward.