<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>Score 8.6 out of 100
Based on 217 reviews and ratings
Likelihood to Recommend
Cisco ASA is well suited for Large & Medium Scale infrastructure as it provides a bundle of security features in a single device & also it provides best-in-class technical support with easy documentation. Also, it provides deep scanning but for that need to purchase a firepower license additionally which is very costly.
Feature Rating Comparison
Active Directory and LDAP
Firewall Management Console
Reporting and Logging
- How we can manage: ASDM the GUI is so much easier to manage it even for a new guy also.
- Traffic handling capacity
- More secure and the different features it gives.
- Support from the TAC team or from the community manages to handle issues very efficiently.
- The Java based ASDM can botch commands and isn't compatible on some more locked down systems.
- Monitoring. Really the same complaint as above, the monitoring available through the ASDM is crappy at best. A much better solution is to send the logs and mirror packets to a SEIM, but that can create issues of its own when looking for realtime analysis.
- Compatibility across other ASA models. ASA 5520s don't play well with 5525X which don't play well with older 5510s. Each is great on it's own, but it's next to impossible to logically stack them or have them as layers of firewalls in an infrastructure.
- Lack of cloud based management. The Cisco Meraki security devices do this well, but the ASAs are still behind in this regard.
Likelihood to Renew
Cisco ASA 9.0
Based on 1 answer
I am committed to low-OpEx usage model, know most (nearly all) hw and sw features and have a good customer base to continue to use Cisco ASA.
Cisco ASA 8.4
Based on 12 answers
The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good.
Cisco made sense from the standpoint that my engineers already knew it and there was little learning curve. Personally, I prefer a purpose-built hardware solution. Untangle is not ready for the enterprise as a whole but works great to do web/application filtering . Checkpoint and Palo are VERY high cost and have few support options
Return on Investment
- The next gen features allowed us to remove an older exinda device from our network by replacing that qos functionality and reporting.
- The geoblocking features have allowed us to block many of our biggest threat sources from even trying to attach our systems, which makes our security reporting look much cleaner.
- We needed granular user reporting in our web filtering, so we did have to implement a separate proxy solution (which we already had). It was a fair amount of work to integrate but does work with the ASA. Unfortunately, the reporting wasn't as tied to the users for our HR department to rely on.
Engineer in Information TechnologyHigher Education Company, 501-1000 employees
Premium Consulting/Integration Services—
Entry-level set up fee?