We just raised a $30M Series A: Read our story
Asif Najmi
Network Engineer at LIAQUAT NATIONAL HOSPITAL & MEDIACAL COLLEGE
Real User
Top 20
Very reliable, with good security and a straightforward setup

Pros and Cons

  • "Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform."
  • "We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."

What is our primary use case?

We primarily use the solution to operate that LAN environment over the internet and use the public and private networks separately. It's a very good firewall in terms of security, in terms of certain scenarios, and also from an ethical hacking point of view. Both are available in our environment. Both are doing great.

What is most valuable?

Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong. 

Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to.

It's great for securing the network. You learn a lot.

The initial setup is straightforward.

The solution is very stable.

The scalability of the solution is very good.

What needs improvement?

Most of the firewalls almost 90%, 95% of the firewalls will move to GUI. This is the area which needs to be improved. The graphical interface and the monitoring level of the firewall need to be worked on. 

Most of us are using the monitoring software where we get the alarm, then details of the servers, et cetera. This aspect needs to be much updated. 

From just the security point of view, in the security, it needs to be updated every day and every week. It is getting better day by day, however, from a monitoring point of view is not the same view as we have on the different monitoring servers or monitoring software, such as PRTG and Solarwinds. It needs to be changed and improved.

Cisco has launched its multiple products separately. Where there's a new version of the hardware, there is Firepower in it. However, there must be a solution for an integrated version that includes everything in your network and your firewall as well so that you can manage and integrate from the same web portal without going to every device and just configuring it and just doing everything separately. 

It would be ideal if a solution can be configured separately and then managed centrally on one end.

We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI. If I have three firewalls and one is a normal firewall, I need to configure everything separately. I can't have it on the same port or integrated on the same single IP or bind it something like it.

For how long have I used the solution?

We've mostly used Cisco solutions for two or three years at this point. Our old Cisco devices were due to be changed, and we moved over to ASA.

What do I think about the stability of the solution?

The firewall is stable, however, every two, three, or four years, you have to change the hardware and therefore get an updated version of the firewall.

This is something which companies have been doing for the sake of a new product and launching a new device. Yet, the stability needs to be considered where you have to upgrade for every two, three, four years and change the product and go for the new updated version. What I mean is that there is stability, however, obviously, it's not long-term.

What do I think about the scalability of the solution?

The firewall is very scalable. Most contact versions are available depending upon the organization you have. It works for very large organizations. They are scalable for many scenarios. The scalability obviously is there for sure.

How are customer service and technical support?

Cisco technical support is one of the best around. They have the most advanced and most experienced level of tech support I've been in contact with. Whether it is a hardware or software issue, the tech team can support you and help. They are very helpful and knowledgeable. We are quite satisfied with the level of support on offer. 

Which solution did I use previously and why did I switch?

We also have experience using FortiGate.

How was the initial setup?

The Cisco firewall is straightforward. It isn't a complex implementation. Obviously, you have to bind your IP on the port and then you must go on to configure for security and something like that. It's easy for me to configure a firewall at such a level.

What's my experience with pricing, setup cost, and licensing?

If you pay for the hardware, you get the Firepower and if you don't, then you get the Cisco Firewall. 

What other advice do I have?

We are just a customer and an end-user.

I'd rate the solution at an eight out of ten.

Obviously, you need to have one tech person on your online when you are configuring it, or just implementing when you are integrating with your live environment and organization. My advice is that the configuration is easy when a network engineer like myself handles it. A trained person is more than capable of the task. Other than configuring, a less technical person can manage the solution.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RW
Cyber Security Consultant at a tech services company with 51-200 employees
Reseller
Top 20
A reliable but outdated firewall

Pros and Cons

  • "It is extremely stable I would say — at least after you deploy it."
  • "They need to do an overhaul of the management console."

What is our primary use case?

Most of our use cases revolve around the basic firewall features. Our client is also leveraging on Anyconnect, which is serving the client-based VPN. Sometimes they will establish a VPN connection from one firewall with another. It's the type-for-type VPN. In terms of Cisco, typically, these are just some of the legacy features, that's what we use. In terms of a next-gen firewall, I feel that our customers would prefer to use other brands like Palo Alto, Check Point, and FortiGate.

Our clients who use this solution are typically small businesses. I think there's a Gartner chart that says that Palo Alto is actually the foreleader, followed by Check Point, then FortiGate. Cisco is not anywhere near. From a cybersecurity standpoint, they are quite weak.

What needs improvement?

They need to do an overhaul of the management console because they are still using the client-based management tool, which is quite outdated in terms of functionality and usability. The interface hasn't changed since the last generation many years back.

For how long have I used the solution?

I have been using Cisco ASA Firewall for roughly four years.

What do I think about the stability of the solution?

It is extremely stable I would say — at least after you deploy it. Typically, there won't be any instability in terms of the hardware as well as the software. It can be running for many years without any issues. It's a totally different story when compared to other brands because, out-of-the-box, they offer far more features and are actually leveraged on more resources which leads to more instability.

What do I think about the scalability of the solution?

I would say in terms of scalability, they are still the greatest family of products. Scalability means you can actually add on some processing parts to actually increase the throughput when the requirement comes up. They have a range of products for that, but this solution, it's already going out of phase, because at JSC, you can only allow up to a certain amount of upgrades that can be added on.

How are customer service and technical support?

Support is not a requirement. In the whole industry, there are a lot of Cisco-trained personnel that we can actually seek advice from. There's not much leveraging on the Cisco support so far.

If our clients need support, we provide it. Support is not cheap. Sometimes a device will go out of warranty, but the customers are not willing to renew the support contract. Of course, there are a lot of cheaper alternatives. In Singapore, a lot of companies outsource support. Most of the time we go through third-party companies instead of Cisco directly.

How was the initial setup?

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

What about the implementation team?

We handle the implementation for our customers. 

I am a sales engineer, we are mainly in charge of selling the product. In terms of support, we have a department that covers that aspect. Sometimes after implementation, we also provide maintenance support services towards the whole project and sell it as a whole bundle. As a distributor, we also sell our products, our equipment, and devices. So the support team covers that aspect.

What's my experience with pricing, setup cost, and licensing?

We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.

What other advice do I have?

My main concern is the full revamp of the management console. We'd like to see a more user-friendly total revamp of how to manage the firewall rules. Also, there are a lot of additional features that need to be granular because with Cisco, at this point in time, all these features are still working in silos. A lot of integration needs to be done in general. 

Personally, I would discourage people from using Cisco. Overall, on a scale from one to ten, I would give this solution a rating of six.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Learn what your peers think about Cisco ASA Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
RF
Data Analyst at a hospitality company with 201-500 employees
Real User
Top 20
User-friendly, provides good access, and is fairly easy to implement

Pros and Cons

  • "It is a very user-friendly product."
  • "I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."

What is our primary use case?

We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

What is most valuable?

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

What needs improvement?

We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

For how long have I used the solution?

I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

What do I think about the stability of the solution?

The solution has been quite stable.

Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

What do I think about the scalability of the solution?

I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

How are customer service and technical support?

I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

Which solution did I use previously and why did I switch?

In the past, I've worked with Check Point and Fortinet as well.

How was the initial setup?

I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

What about the implementation team?

We're handing the implementation via our own in-house team.

What's my experience with pricing, setup cost, and licensing?

I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

What other advice do I have?

Our company has a partnership with Cisco.

We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

Overall, I would rate the solution at a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
TR
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
Top 20
A stable firewall that our customers use as their AnyConnect VPN solution

Pros and Cons

  • "The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one."
  • "One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes."

What is our primary use case?

We are an ISP, so it's primarily for customer firewalls that we help customers setup and maintain. While we do use Cisco ASA in our company, we mostly configure it for customers. Our customers use it as a company firewall and AnyConnect VPN solution.

How has it helped my organization?

A lot of people trust Cisco. Just by its name, they feel more secure. They know it's a quality solution, so they feel safer.

What is most valuable?

The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.

It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.

What needs improvement?

One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes.

If you use Cisco ASDM with the command line configuration, it can look a bit messy. We have some people who use them both. If you use one, it's not a problem. If you use both, it can be an issue.

For how long have I used the solution?

For five or six years.

What do I think about the stability of the solution?

We haven't had any issues with the firewalls.

The maturity of our company's security implementation is good. We are very satisfied as long as we maintain the software. It has needed to be updated quite a few times.

What do I think about the scalability of the solution?

We don't have any firewalls that can handle more than a couple of gigabits, which is pretty small. I think the largest one we have is the 5525-X, though we haven't checked it for scalability.

In my company, there are probably 16 people (mostly network engineers) working with the solution: seven or eight from my group and the others from our IT department.

How are customer service and technical support?

I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.

Which solution did I use previously and why did I switch?

This was the first firewall solution that I worked with.

How was the initial setup?

The initial setup has been pretty straightforward. We have set up a lot of them. The solution works.

The deployment takes about half an hour. It takes a little longer than if we were using their virtual firewalls, which we could implement in a minute.

What about the implementation team?

We have a uniform implementation strategy for this solution. We made some basic configurations with a template which we just edited to fit a customer's needs. 

What was our ROI?

We haven't notice any threats. The firewalls is doing its job because we haven't noticed any security issues.

What's my experience with pricing, setup cost, and licensing?

The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference.

Which other solutions did I evaluate?

Our company has five or six tools that it uses for security. For firewalls, we have Check Point, Palo Alto, Juniper SRX, and CIsco ASA. Those are the primary ones. I think it's good there is some diversity. 

The GUI for Cisco ASA is the easiest one to use, if you get it to work. Also, Cisco ASA is stable and easy to use, which are the most important things.

What other advice do I have?

We use this solution with Cisco CPEs and background routers. These work well together. 

We have some other VPN options and AnyConnect. We do have routers with firewalls integrated, using a lot of ISR 1100s. In the beginning, we had a few problems integrating them, but as the software got better, we have seen a lot of those problems disappear. The first software wasn't so good, but it is now.

We have disabled Firepower in all of our firewalls. We don't use Cisco Defense Orchestrator either. We have a pretty basic setup using Cisco ASDM or command line with integration to customers' AD.

I would rate the product as an eight (out of 10).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
KUMAR SAIN
Network Security Administration at Rackspace Technology
Real User
Top 5
Provides DDoS protection and multi-factor authentication

Pros and Cons

  • "They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality."
  • "Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic."

What is our primary use case?

Our business requirements are URL filtering and threat protection. We're using the Cisco 5525 and 5510 series. We have eight to 10 firewalls.

Our company is looking for vendors who can protect from the current, advanced technologies. We are looking for any technology that protects from the most threats, and that covers things like DDoS protection, spyware, and SSL.

How has it helped my organization?

We feel secure using Cisco firewalls. That's why we're using them. Cisco has never disappointed us, from a business point of view.

What is most valuable?

Cisco provides the most solutions.

We use some of our Cisco firewalls offsite. They provide DDoS  protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy.

What needs improvement?

Cisco needs to work more on the security and tech parts. Palo Alto gives a complete solution. Customers are very happy to go with Cisco because they have been around a long time. But that's why we are expecting from Cisco to give us a solution like Palo Alto, a complete solution. 

Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic. There is a focus on SSL traffic, encrypted traffic. Cisco firewalls are not powerful enough to check the behavior of SSL traffic. Encrypted traffic is a priority for our company.

In addition, while Cisco Talos is good, compared to the market, they need to work on it. If there is an attack, Talos updates the IP address, which is good. But with Palo Alto, and possibly other vendors, if there is an attack or there is unknown traffic, they are dealing with the signature within five minutes. Talos is the worst around what an attacker is doing in terms of updating bad IPs. It is slower than other vendors.

Also, Cisco's various offerings are separate. We want to see a one-product, one-box solution from Cisco.

For how long have I used the solution?

I have been working on the security side for the last one and a half years. The company has been using Cisco ASA NGFW for three to four years.

What do I think about the stability of the solution?

The stability is good. It's the best, around the world.

What do I think about the scalability of the solution?

The scalability is also good. But in terms of future-proofing our security strategy, it depends on the points I mentioned elsewhere that Cisco needs to work on.

How are customer service and technical support?

We are getting the best support from Cisco and we are not getting the best support from Palo Alto.

What's my experience with pricing, setup cost, and licensing?

In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.

Which other solutions did I evaluate?

Cisco is the most tested product and is more reliable than others. But Cisco needs to work on the security side, like website protection and application behavior. We have more than 40 locations around the world and all our customers are expecting Cisco. If Cisco provides the best solution, we can go with Cisco rather than with other vendors.

Palo Alto gives the best solution these days, but the problem is that documentation of the complete solution is not available on their site. Also, Palo Alto's support is not as good as Cisco's. We don't have a strong bond with Palo Alto. The longer the relationship with any vendor, the more trust you have and the more it is stable. We are more comfortable with Cisco, compared to Palo Alto.

What other advice do I have?

If you're looking for a complete solution, such as URL filtering and threat protection, we recommend Palo Alto firewalls, but this Cisco product is also good.

We are using three to four security tools: one for web security, and another tool for application security, and another for email security. For email we have an Office 365 email domain so we are using other tools for that. For firewall security we are using Cisco ASA, Palo Alto, and Fortinet for protecting our business.

We have about 15 people on my team managing the solutions. They are network admins, and some are in security.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Alexander Mumladze
Network Engineer at LEPL Smart Logic
Real User
Top 5
One-time licensing, very stable, and very good for small companies that don't want to do deep packet inspection at higher layers

Pros and Cons

  • "We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
  • "The virtual firewalls don't work very well with Cisco AnyConnect."

What is our primary use case?

I have used the Cisco ASA 5585-X Series hardware. The software was probably version 9. We implemented a cluster of two firewalls. In these firewalls, we had four virtual firewalls. One firewall was dedicated for Edge, near ISP, and one firewall was for the data center. One firewall was for the application dedicated to that company, and one firewall was dedicated only to that application.

How has it helped my organization?

Dynamic policies were useful in the data centers for our clients. They were making some changes to the networks and moving virtual machines from one site to another. With dynamic policies, we could do that easily.

What is most valuable?

We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.

It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4. 

What needs improvement?

The virtual firewalls don't work very well with Cisco AnyConnect. 

There are two ways of managing it. You can manage it through the GUI-based software or command-line interface. I tried to use its GUI, but I couldn't understand it. It was hard for me. I know how to use the command line, so it was good for me. You should know how to use the command-line interface very well to make some changes to it. Its management through GUI is not easy.

What do I think about the stability of the solution?

It is very stable. It has been five years since I have configured them, and they have been up and running.

What do I think about the scalability of the solution?

It is not much scalable. It is only a Layer 4 firewall. It doesn't provide deep packet inspection, and it can see packets only up to TCP Layer 4. It can't see the upper layer packets. So, it is not very scalable, but in its range, it is a very good one. What it does, it does very well.

How are customer service and support?

I have not worked with Cisco support for this firewall.

How was the initial setup?

It is not straightforward. You should know what to do, and it needs to be done from the command line. So, you should know what to do and how to do it.

From what I remember, its deployment took a week or 10 days. When I was doing the deployment, that company was migrating from an old data center to a new one. We were doing configurations for the new data center. The main goal was that users shouldn't know, and they shouldn't lose connectivity to their old data center and the new one. So, it was a very complex case. That's why it took more time.

What was our ROI?

Our clients have seen an ROI because they paid only once, and they have been using their firewalls for five years. They didn't have to pay much for anything else.

What's my experience with pricing, setup cost, and licensing?

I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA Firewall. Our clients are also very satisfied with its licensing model.

Which other solutions did I evaluate?

You cannot compare Cisco ASA Firewall with any of the new-generation firewalls because they are at a higher level than Cisco ASA Firewall. They are at a different level.

What other advice do I have?

It is a very good firewall for small companies that don't want to do deep packet inspection at Layer 7. It is not easy, but you can manage it. You should know how to use the command-line interface. Otherwise, it would be difficult to work with it.

For Cisco ASA Firewall, there will be no improvements because they will not make these firewalls anymore. They want to make changes to the next-generation firewalls, and they are killing the old ones.

I would rate Cisco ASA Firewall a 10 out of 10. I like it very much.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Ahmed El-Ghawabi
Technical Consultant at Zak Solutions for Computer Systems
Real User
Top 20
Good stability, excellent technical support, and powerful intrusion detection

Pros and Cons

  • "Technical support services are excellent."
  • "On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering."

What is our primary use case?

We primarily use the solution for the various firewalls.

What is most valuable?

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There are one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

What needs improvement?

Before an ASA, it was a live log. It was easy and comfortable to work with. After the next-generation firewall, Firepower, the live log became really slow. I cannot reach the information easily or quickly. This has only been the case since we migrated to next-generation firewalls.

There is some delay between the log itself. It's not really real-time. Let's say there's a delay of more than 20 seconds. If they had a monitoring system, something to minimize this delay, it would be good.

It would be ideal if I could give more bandwidth to certain sites, such as Youtube.

I work with Fortinet also, and I find that Fortinet is easier now. Before it was Cisco that was easier. Now Fortinet is simpler to work with.

On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.

For how long have I used the solution?

I've been using the solution since about 2003, when I originally implemented it.

What do I think about the stability of the solution?

The solution is extremely stable. We don't have any issues whatsoever. It doesn't have bugs or glitches. It works well. Occasionally, it may need patches, however, there's very little downtime.

What do I think about the scalability of the solution?

The scalability of the solution is very good. We have no trouble expanding the solution.

They have multiple products that fit in multiple areas. They also have virtual firewalls, which are working well in virtualization systems. They have the data center firewalls feature for data centers. It's scalable enough to cover most of the use cases that might arise.

How are customer service and technical support?

Cisco offers excellent technical support.  They're useful and very responsive - depending on the situation itself. Sometimes we require the support of agents and we've found Cisco to have one of the best support systems in the market.

Which solution did I use previously and why did I switch?

I also work with Fortinet, and it's my sense that, while Fortinet is getting easier to use, Cisco is getting harder to deal with.

How was the initial setup?

The initial setup is not complex at all. It's pretty straightforward.

A full deployment takes between two and three days. It's pretty quick to set up.

What's my experience with pricing, setup cost, and licensing?

The pricing is neither cheap nor expensive. It's somewhere in the middle. If you compare it to Fortinet or Palo Alto, Fortinet is low and Palo Alto is very high. Cisco falls in the middle between the two.

As far as deployment options go, they often have more wiggle-room with discounts, especially for larger deployments. Therefore, in general, it ranges closer to Fortinet's pricing.

What other advice do I have?

We're partners with Cisco, Fortinet, and Palo Alto.

I work with on-premises deployments and virtual firewalls, however, I don't use the cloud.

The solution works well for medium-sized enterprises.

Overall, I would rate the solution nine out of ten.

I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
LX
Network Specialist at a financial services firm with 501-1,000 employees
Real User
Top 5
Automated policies save us time

Pros and Cons

  • "On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you."

    What is our primary use case?

    Some are being used as edge firewalls and others are for our server-farm/data center. So some are being used as transparent firewalls and others are used as a break between the LAN and WAN.

    In addition to the firewalls, we have Mimecast for email security as we're using Office 365. We're also using IBM's QRadar for SIEM. For antivirus we're just using Microsoft Windows Defender. We also have an internet proxy for content and for that we're using NetScaler.

    How has it helped my organization?

    Automated policies definitely save us time. I would estimate on the order of two hours per day.

    What is most valuable?

    On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed.

    It's not so difficult to pull out reports for what we need.

    It comes with IPS, the Intrusion Prevention System, and we're also using that.

    For how long have I used the solution?

    I've been using Cisco ASA NGFW for five years.

    What do I think about the stability of the solution?

    The stability is quite good. We haven't had issues. I've used them for five years now and I haven't seen any hardware failures or software issues. They've been running well. I would recommend them for their reliability.

    What do I think about the scalability of the solution?

    You can extend your network. They are cool. They are good for scalability.

    How are customer service and technical support?

    We have a Cisco partner we're working with. But if they're struggling to assist us then they can log a ticket for us. Our partner is always a 10 out of 10.

    What was our ROI?

    Given that we have been upgrading with Cisco firewalls, I would say that our company has seen a return on investment with Cisco. We would have changed to a different product if we were not happy.

    The response time from the tech and the support we get from our partner is quite good. We have never struggled with anything along those lines, even hardware RMAs. Cisco is always there to support its customers.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is quite fair for what you get. If you're comparing with other products, Cisco is expensive, but you do get benefits for the price.

    Which other solutions did I evaluate?

    The firewall that I was exposed to before was Check Point.

    What other advice do I have?

    It's very good to get partner support if you're not very familiar with how Cisco works. Cisco Certified Partner support is a priority.

    For application visibility and control we're using a WAN optimizer called Silver Peak.

    To replace the firewalls within our data center we're planning to put in FMCs and FTDs. With the new FMCs what I like is that you don't need to log in to the firewalls directly. Whatever changes you do are done on your FMCs. That is a much needed improvement over the old ASAs. You can log in to the management center to make any configuration changes. 

    There are two of us managing the ASAs in our company, myself and a colleague, and we are both network specialists. We plan to increase usage. We're a company of 650 employees and we also have consultants who are coming from outside to gain access to certain services on our network. We need to make provisions on the firewall for them.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions.