Cisco ASA 5500-X with FirePOWER Services
Cisco ASA 5500-X with FirePOWER Services
Cisco ASA 5500-X, we have deployed this firewall to most of our customers. We also run a pair of these in our data center and so far we …
The Cisco ASA 5500-X with FirePOWER Services can be deployed in a number of different scenarios which can vary from the protection of …
We use Cisco ASA, 5512, 5515, 5506, 5516, 5525, and 5585. Prior to that we used 5510 and 5540. We have started to use 2130 with ASA. We …
The Cisco 5500-X is currently used as one of our branch Firewall, it manages traffic from the inside LAN to the WAN, also connects two …
Cisco ASA 5500-X with FirePOWER is an advanced firewall designed to detect and prevent a cyber attack on your organization. It gives lots …
Cisco ASA with FirePOWER Services is a very good product for complete and deep-level security on your network. All the users of Cisco ASA …
We used Cisco ASA 5500-SFR in our organization [for] the network security as Cisco is so user friendly. Cisco has the best support (as per …
Cisco ASA 5500-X with FirePOWER Services is being used by each and every employee within our organization. The firewalls help to protect …
Cisco ASA 5500-X with FirePOWER Services was deployed to upgrade the Cisco ASA to a next generation firewall. Lots of security features …
Cisco ASA FirePOWER is a next-generation firewall (NGFWs) to prevent any type of cyber attack on an organization. it provides URL …
[Cisco ASA 5500-X with FirePOWER Services] are threat-focused true next-generation firewalls that protect your organization from any type …
Cisco ASA 5500-X with FirePOWER Services provides advanced-level security features like advanced intrusion detection and prevention …
In our organization, we were using ASA 5525 but lots of security features were missing so we decided to upgrade [to] the Cisco ASA 5500-X …
Cisco ASA 5500-X with FirePOWER Services is a next-generation firewall. With Cisco as old as 5500 lots of security features like layer 7 …
Firewall Management Console (27)
Reporting and Logging (27)
Content Inspection (27)
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Cisco ASA 5500-X with FirePOWER Services, and make your voice heard!
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://www.cisco.com/c/en/us/solutions…
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
4 people want pricing too
Cisco ASA 5500-X with FirePOWER Services is a security appliance solution designed to empower users to beat sophisticated cyber attacks. This solution is a threat-focused next-generation firewall.
- Supported: Identification Technologies
- Supported: Visualization Tools
- Supported: Content Inspection
- Supported: Policy-based Controls
- Supported: Active Directory and LDAP
- Supported: Firewall Management Console
- Supported: Reporting and Logging
- Supported: VPN
- Supported: High Availability
Cisco offers a threat-focused next-generation firewall (NGFW), the ASA 5500-X Series. The ASA 5500 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD). The series features appliances in a variety of form factors, including standalone options for small and midsize businesses, ruggedized appliances for extreme environments, midsize appliances for security at the Internet edge, and high-performance appliances for enterprise data centers.
Reviewers rate High Availability highest, with a score of 9.6.
The most common users of Cisco ASA 5500-X with FirePOWER Services are from Mid-sized Companies (51-1,000 employees) and the Information Technology & Services industry.
Companies can't remove reviews or game the system. Here's why
Cisco ASA 5500-X, we have deployed this firewall to most of our customers. We also run a pair of these in our data center and so far we have not experienced any issues with the setup. The firewalls are configured in an active/standby mode allowing connectivity back to the ISP via diverse routes and utilizing BGP. Direct peering with the ISP means we don't require managed layer 3 routers from the ISP, reducing the cost and removing another unneeded layer of hardware, and improving latency.
- High Availability in Active/Acitve mode and the use of virtual context.
- Straight forward software upgrades.
- Provides robust AnyConnect remote access VPN for users.
- The use of a VMware appliance to manage firepower is not really great, as this introduces another on-prem box to manage, this could all be done via the cloud.
- Licensing is never straight forward, this could be improved.
With a limited budget, this firewall can be deployed to do basic firewalling and routing as a starting point. Once in place with an improved budget firepower services can be activated with an additional license. Depending on the scenario an appropriate model can be bought to meet the needs of the business. These firewalls range from the small 5506-X to the massive 5585-X suitable for data center deployments.
The firewall is great but there is always room for improvement. The use of VMWare to manage the firewall is not great, it's yet another expense that can be avoided. However, once the firewall is installed and running it just works with no issues. Also, it's very straightforward to install updates or upgrade the firewall software. The fact that there are different models means there is always a firewall for every budget.
The Cisco ASA 5500-X with FirePOWER Services can be deployed in a number of different scenarios which can vary from the protection of important business data to or separation of different user groups. I have personally deployed these devices on the perimeter of the network to delimit to internal network from the internet.
- Application visibility and control
- Local administration
- Complex policies - you need training
- Not as slick as the FTD
- It's not FTD, its an ASA with FIrepower, therefore two areas of configuration
The ASA with Firepower services is well suited for deployment on the edge of the network. It should be noted however that if you had the choice that the FTD image is deployed on the ASA however I appreciate that many IT departments can run ASA but there is less experience with the FTD image. I would not try and run an ASA with FPR without an FMC as you lose functionality.
Cisco support is generally excellent and we always ensure that any customers deploy a support contract that aligns with their business needs. From a hardware perspective, the ASA firewall supports High Availability and therefore you know that your overall uptime SLA is excellent. I know with Cisco that you get great support.
We use Cisco ASA, 5512, 5515, 5506, 5516, 5525, and 5585. Prior to that we used 5510 and 5540. We have started to use 2130 with ASA. We use them for typically hosting customer with 4- 8 networks, internet access, and a small network of VMs and storage. We supply customers with sportsbook and sports trading applications that we host in our data centres. We also use ASA on our internal site networks. We also use AnyConnect to support all our remote users and home workers. We have over 2000 site VPNs and a number of VPNs to AWS and Azure using VTI. We find these devices are easy to configure and offer very good performance and security features.
- Remote Access with AnyConnect
- Intuitive GUI
- High performance
- Well established product set with Cisco and this means good support
- Easy to Manage and learn
- Easy to deploy VPNs
- GUI to be HTML5 rather than needed JAVA and ASDM
- In relation to Firewall power, the Management console is rather lacking support.
- Better 10 gig support
- Cost is high compared to comparative providers of firewalls.
- Better DNS object support / there are a number of shortfalls
- Layer 4-7 firewall features
- Better threat defense options
Cisco ASA 5500-X with FirePOWER is well suited for sites that will be using VPN and RAS. It is quick to set up and deploy and has good support from Cisco and the community at large. There is a product that meets any size of network.
Support is world-class but is very expensive compared to its competitors. Community support is very good with many people using ASA already.
Some features are hard to set up or hard to find.
The Cisco 5500-X is currently used as one of our branch Firewall, it manages traffic from the inside LAN to the WAN, also connects two branches via a site to Site-VPN. Although we are not using the IPS capabilities, we can see all the traffic going in and out.
- Traffic monitoring.
- Site-to-Site VPN.
- IPS (Needs a valid license).
- Stateless Firewall.
- You can upgrade ASA image to Firepower.
- Better integration with Firepower IOS.
- ASA system still using Java for GUI.
- Firepower needs Firesight Management console to manages rules.
It is fine if you need a branch firewall, usually on branches that don't offer services outside the organization a stateless firewall like ASA 5500-X will do the job. Function like monitoring, VLAN, and VPN are managed relatively easily on the ASA platform. You can upgrade to a much slick GUI by upgrading the IOS to Firepower, however, you will need to start from zero since the configuration isn't compatible between ASA and Firepower. Cisco hardware is pretty durable.
Support is great if you have paid Cisco support. However, in the Cisco world, there are plenty of resources for any potential issue you may find. I found that most of the time there are articles on the Cisco website that help you to enable a function or enhance a rule. Also, the GUI makes easy-to-navigate menus.
Cisco ASA 5500-X with FirePOWER is an advanced firewall designed to detect and prevent a cyber attack on your organization. It gives lots of advanced security features which are fully capable to stop malicious activity in your organization. We have used it for the last 3 years and we have configured the advanced IPS, sandbox, URL filtering, site-to-site VPN, remote VPN, etc.
- URL filtering.
- IPSEC site to site VPN.
- SSL remote VPN.
- Centralized dashboard.
- Easy CLI commands.
- Low cost.
- Good customer support.
- Advanced IPS.
- Easy to check logs.
- Graphical user interface is little bit slow and sometimes it hangs during configuration.
Cisco ASA 5500-X with FirePOWER Services is a very advanced firewall and well suited for every size of the organization. Cisco provides all the advanced features at a very low cost and we can easily configure and manage this device. The customer support is really helpful and lots of documentation is available on the website to help.
Cisco is always good for customer support. it provides 24/7/365 customer support. They have highly experienced engineers who are available for help.
Cisco ASA with FirePOWER Services is a very good product for complete and deep-level security on your network. All the users of Cisco ASA were facing some options on layer 7 security. Very few features were available so Cisco introduced the FirePOWER Services. Advanced level IDS/IPS, sandboxing, URL filtering, advanced malware protection and other deep-level security for protecting your network.
- Deeply scan every packet through sandbox
- URL filtering
- Advanced malware protection
- Advanced IPS/IDS
- URL filtering category sync issue.
- Sometimes ASDN hang and not response.
- Very difficult to configure through GUI.
If you are already a user of ASA and you need more deep level security then you can add FirePOWER Services. This service will increase your security with advanced level IDS/IPS, malware protection and it provides you more control over users' traffic. You can put more restriction on your organization's user traffic.
The support of Cisco products is very good. They have a very highly experienced support guy for any type of help. Lots of support documentation is also available on the market for help. Support guys are highly experienced and helpful. SLA is very good with Cisco support.
We used Cisco ASA 5500-SFR in our organization [for] the network security as Cisco is so user friendly. Cisco has the best support (as per my experience) and documentation available open on the internet. Cisco SFR provides the IPS feature to prevent the attacks. Its also reduces the attack surface by using its other technologies i.e. URL filtering etc. Creating the Site to Site /Remote VPN is so easy.
- VPN Services
- User Friendly CLI
- Documentation available openly on internet
- Cisco SFR should work on their URL filtering database as sometimes it doesn't filter the correct categorization.
- Cisco SFR ASDM app crashes sometimes and has room for improvement.
- Cisco has the best CLI commands and [is] easy to use, but I feel it lacks ease in their GUI.
Cisco ASA 5500 SFR is best suited for almost all types of organization as it's so user friendly. Cisco has the best support onsite/offsite. Even in case of device failure, they provide the RMA device within 24 hours unlike some other vendors who ask for many documentations before getting the RMA done. Configuration documentations are easily available on internet.
I always say this (based upon my experiences) Cisco has the best support both onsite and offsite. Cisco does the RMA of faulty device within the defined 24 hours. And their TAC support is very good as it's also available in India. Overall, I would say Cisco has the best Customer Support.
Cisco ASA 5500-X with FirePOWER Services is being used by each and every employee within our organization. The firewalls help to protect our equipment against malware, viruses, hacking, and all other cyber crimes targeted toward our organization and we always make sure that no intruder has access to any of our systems, this helps us to keep everything intact.
- Threat protection
- Threat detection
- Disaster recovery
- Return on investment
Cisco ASA 5500-X with FirePOWER Services is well suited in large business environments where intruders are a high target and there is a necessity to protect the environment against cyber crimes such as hacking, virus and malware attacks, SQL injection, cross-site scripting, and all other threats targeted at the business. It is less suited in small organizations where cyber crimes are not much of a threat.
I gave this rating because Cisco ASA 5500-X with FirePOWER Services offers the best technical and software solutions and it has the best customer care service. They solve issues within 24 hours and they provide so much consistent support and relevant solutions to products at hand and it is too cheap compared to all other software we have ever used as an organization.
Cisco ASA 5500-X with FirePOWER Services was deployed to upgrade the Cisco ASA to a next generation firewall. Lots of security features like deep packet scanning, malware protection, threat detection, and prevention were missing in Cisco ASA, so Cisco launched the FirePOWER Services. It provides us with all features that help us to stop any type of cyber attack on our organization. We [have been] using FirePOWER for the last two years and we are using all services for our company.
- Advanced threat protection
- Cisco Any Connect VPN
- Advanced malware protection
- Advanced Intrusion Detection Systems and Intrusion Prevention Systems
- Smart Licensing
- High availability firewall
- URL filtering
- Content inspection
- Application control
- Site to site VPN
- High cost for FirePOWER Services
- Some issues in URL filtering. Like sometimes [it] block[s the] correct URL and mark[s it] as the wrong category
- GUI slowness and crash issue
Cisco ASA 5500-X with FirePOWER Services is well suited for every small and middle-sized organization who needs deep-level security scanning and security from advanced level cyber attacks. It will prevent any type of cyber attack like malware, phishing attack, etc. If you are already using Cisco ASA, then you can upgrade with FirePOWER very easily. It provides the very advanced level IPS and malware protection that will help to protect your organization.
Cisco provides the best technical support and also the best in documentation and training video. If you are facing any issues and want any help in configuration and implement[ation], then you can just raise the ticket and they will contact you within the SLA and provide the best support and solution.
Cisco ASA FirePOWER is a next-generation firewall (NGFWs) to prevent any type of cyber attack on an organization. it provides URL filtering, cloud-based sandboxing and malware protection, etc. With the help of these features, we can easily protect our organization from any type of cyber attack. We are using FirePOWER services for protection against malware and other dangerous attacks.
- url filtering
- advanced malware protection
- advanced IDS and IPS
- cloud based sandbox
- content filtering
- application control
- very high cost
- UI is very slow and lots of bugs
Cisco ASA 5500-X with FirePOWER Services is well suited for every organization. It proves lots of advanced features can control any type of malware and other types of cyber attacks on your organization. If you are already a Cisco ASA user then you can use FirePOWER Services for control on layers 3 and 4 and advanced security feature for protect layer 7.
Cisco provides us very good technical support and lots of documentation available for help in configuration and management.
[Cisco ASA 5500-X with FirePOWER Services] are threat-focused true next-generation firewalls that protect your organization from any type of cyber attack. It provides performance, reliability, and advanced security for small to medium-sized businesses. We are using [Cisco ASA 5500-X with FirePOWER Services] for our all sites. We are using URL filtering, advanced malware protection, and advanced IPS to protect [our] organization from cyber-attacks.
- URL filtering
- Anti Spyware
- Advanced Intrusion Prevention System
- Content filtering
- Application layer control
- Remote Access VPN
- Site-to-site VPN
- Integration with Snort
- Rich routing features
- Stateful firewall
- Network Address Translation
- Clustering for high-performance
- Remote access with Cisco AnyConnect VPN
- Cost is very high
- Some issue with URL filtering
- Slowness in UI
[Cisco ASA 5500-X with FirePOWER Services] are best for small and middle-sized organizations who need security from multilayers attacks. We have a startup and previously we were using Cisco ASA with firepower. Lots of features were missing. Cisco ASA doesn't provide layer 7 security so we upgraded our firewall and purchased firepower services. [Cisco ASA 5500-X with FirePOWER Services] provides lots of advanced features like URL filtering, advanced malware protection, sandbox, etc. With the help of these features we can prevent [an] attack on any organization.
Cisco provides one of the best technical support services as compared to other vendors. They have very experienced [people] to help and provide solutions within the SLA. [They have] lots of technical study material available for help.
Cisco ASA 5500-X with FirePOWER Services provides advanced-level security features like advanced intrusion detection and prevention systems, advanced malware protection, the sandbox for deep packet scan, etc. We were using the Cisco ASA 5525 in our organization but lots of features were missing like application-level security, URL filtering, and many more so we upgraded our firewall and purchased Cisco ASA 5500-X with FirePOWER Services. We are using all these advanced features to protect our organizations.
- Event logging and analysis
- Intrusion prevention
- Malware defense
- Application control
- Security analytics
- URL filtering
- Email security
- Defense orchestrator
- Very high cost for services
- UI is very slow and not user friendly
- Policy takes time to deploy
This is new and next-generation. [It] is well suited for every organization. If you are already using this firewall, then you should purchase [Cisco ASA 5500-X with FirePOWER Services]. It provides lots of advanced features which helps protect your organization from any type of cyber-attacks. Sandbox and advanced malware protection will deep scan every packet and block every type of malware attack.
Cisco is always best for technical support. Lots of study material is available. Cisco community is best for searching for [an] issue.
In our organization, we were using ASA 5525 but lots of security features were missing so we decided to upgrade [to] the Cisco ASA 5500-X with FirePOWER Services. Cisco ASA 5500-X with FirePOWER Services provides you very advanced security features to protect your organization and enhance your infrastructure security. Advanced malware protection, sandbox, and URL filtering features are very advanced. With the help of these features, we can easily protect our organization from any type of security attack.
- URL filtering
- Advanced malware protection
- Advanced IPS/IDS
- Site to site VPN
- Content filtering
- More control on user traffic
- Content inspection
- GUI is very low
- URL filtering database needs to improve
- High cost
If you are already using Cisco ASA and facing issue[s] with low security features, then you should upgrade [to] the Cisco ASA 5500-X with FirePOWER Services. It provides you very advanced features like sandbox, advanced malware protection, IPS, etc. With the help of these features you can easily protect your organization.
Cisco ASA 5500-X with FirePOWER Services [has] 24/7, 365 support [and] is always best for any product. I opened tickets lots of times on the Cisco portal and I received the support call within the SLA. Lots of documentation and training videos are available on-site to help in configuration and managing. Support teams are highly experienced.
Cisco ASA 5500-X with FirePOWER Services is a next-generation firewall. With Cisco as old as 5500 lots of security features like layer 7 security, malware protection, content inspection, URL filtering were missing so Cisco introduced the firepower services. with the help of firepower services, you can protect your organization from any type of external cyber-attacks.
- Advanced malware protection
- Advanced intrusion detection and prevention systems (IPS)
- Anti spam
- Content inspection
- URL filtering
- SSL inspection
- Take lots of time to push the policy
- ASDM is very slow
- High cost
if you have Cisco ASA and want advanced-level security and deep packet scanning then you should go through Cisco ASA 5500-X with FirePOWER Services. it will provide you the very advanced features like sandbox, anti-spam, and malware protection. the cost of firepower is a little bit high but you will get lots of features
The Cisco support is very good as compared to other firewalls companies. Cisco SLA is very impressive and lots of documentation and training videos are available on-site to help in configure. I have opened many tickets on Cisco during the issue and I never faced any issue from Cisco customer support. The support guys are very experienced in their technology.
We are using Cisco ASA 5500-X with Firepower for Sandboxing & Advance IPS & Malware Protection. We are using it for advanced security features implemented in our environment. It also prevents bad actors from any unauthorized access in our environment. We are also using it for remote VPN to connect with our remote branches & easily share the resource.
- High Availability
- Nating customization options is not that good
Cisco ASA 5500-X with Firepower is well suited for Medium & Large Scale infrastructure having confidential data & also need to fulfill the security compliance. As it provides a bundle of security features that helps infrastructure to keep updated from the security point of view. It also provides URL filtering that helps in data protection.
Cisco ASA 5500-X with Firepower provides high-security features as well as high availability. It provides features such as sandboxing & Deep Scanning that provide the infrastructure with high security.
We used Cisco ASA 5500-X with FirePOWER [Services] in our organization to secure our organization Infra. We were able to secure our network with its security features and also used it to create the Site to Site IPSec VPN with our clients and partner and it worked so smoothly. We used the Remote VPN Cisco AnyConnect to connect the office resources from home.
- Network Security
- Site to Site VPN
- URL Filtering
- Categorization issue and false positive
- Packet capture (pcap) not available in troubleshooting
If any company wants to secure their network infra only, they can [with] Cisco ASA 5500-X with FirePOWER Services but if they want to use its other features like URL filtering then my advice would be to please avoid as we are pissed off with its URL filtering functionality it has huge false positive ratio.
Cisco Customer support is good as its also available locally in India as well. They have one problem, when it comes to firewall part their support is good and Support engineers are able to resolve the issues but when [there] is any FirePower related URL filtering issues they are not able to do it quickly.
The main problem with Cisco ASA was not security on application level and malware attack so Cisco introduced FirePOWER Services to cover all the parameters for a secure organization. The Cisco ASA with FirePOWER Services and Advanced Malware Protection (AMP) provide a security solution that helps you to find the threats and enforce the policies before an attack takes place. We have replaced single Cisco ASA with Cisco ASA with FirePOWER Services.
- Access Control Policy - means which traffic you want to permitted or denied in a network.
- Advanced intrusion detection and prevention.
- File control to secure your network.
- Advanced Malware protection.
- Application programming interfaces for securing your organization.
- Good performance.
- Support cloud features.
- Very expensive services.
- Cisco SFR ASDN slowness.
This service is good for those of you already using Cisco ASA and needing to implement more security and no need take more burden to deploy and configure. This is very easy to configure and easy to implement. Cisco AMP and sandboxing services are very good for find any type of attack and find virus before attack.
No one can give to support like Cisco. Cisco is one of best and top of every company for customer support. Very helpful and experienced customer support for help in every configuration and implement. Lots of training videos available for any help.
Our Cisco ASA is an integral part of our network. It is our main firewall and responsible for all our VPN connections utilizing Cisco AnyConnect clients. In addition, we fully utilize the FirePOWER services for content filtering and malware detection managed via a VMware appliance running Linux. Although not perfect, this device has proven to be a very powerful robust piece of hardware which I would highly recommend.
- Policy based content filtering.
- VPN services are excellent.
- Very robust firewall.
- Learning curve for unfamiliar users.
- Yearly license costs for content and malware protection.
This device fits very well in medium to large enterprise networks, the ability for active/passive failover makes it extremely reliable should you choose to purchase two units. For smaller networks, the 5500 series may be overkill with a multitude of less expensive options available. Having everything in one box and management utilizing the Cisco ASDM console is very nice.
We have had very little interaction with support on this ASA. On the few occasions we have, Cisco has been responsive and corrected the problem. As mentioned in my previous comment, we have an ongoing issue with the internet going offline and since it's a random problem Cisco hasn't been able to help yet.
Lots of security features were missing in Cisco ASA so Cisco launched the Firepower services to add on and [Cisco ASA 5500-X with FirePOWER Services] is very good and trustworthy. The advanced malware protection and IPS is best option to protect your organization. I am using firepower services for the last 2 years and I am very happy with the services and security features.
- Advanced malware protection is one of the best security features providing by firepower
- Advanced IPS
- Anti spam
- Every time available technical support for help you
- ASDN is not good option for configuration. It [got] stuck and crashed during the push policy
- Very expensive as compare to other companies
if you have a good budget and you worry about deep security then you can choose this product. [Cisco ASA 5500-X with FirePOWER Services offers] lots of option like AMP and Advanced IPS which helps you to secure your organization from external threats. Anti-spam and others features also good for organization security. Sandbox is a new but very good feature for deep scanning every packet which is comping to your organization.
Cisco support is one of the best advantage. their highly experience technical support persons and SLA is really good. I [think] Cisco is [one of the best for support services.]
Our ASA 5500-X with FirePOWER Services is used on our network to protect our large branch from external threats such as hackers, ransomware, malware in general and denial of service attacks. The model in question is the Cisco ASA 5545-x with layer 7 protection features, web content filter, anti-virus, anti-spam and VPN. We have two units with the ultimate goal of creating a significant protection redundancy. The appliance allows us to access servers, internal services from a VPN client with a cryptographic tunnel.
- Complete network protection against external attacks
- Anti-malware solution
- Anti-spam solution with AMP
- IPS Solution
- Url filter solution and application control
- Ipsec and ssl VPN
- The appliance overloads a lot and degrades performance by enabling all ASA Firepower services.
- Warranty service with expensive value.
It is good hardware with advanced security features known as Next Generation that can be purchased through license subscriptions. I recommend to use it in the edge scenario of the internet. It is great to offer protection to the internal network, servers, PCs, sensitive data and to offer the remote service to company users remotely from the use of an SLL VPN. It is important to measure the number of users and the speed of internet links to find the right Cisco ASA model for your scenario.
I would recommend the purchase of the Smartnet 24x7 service in the case of a unit and the Smartnet 8x5NBD in the case of only one appliance installed on site. This service is important to always have the latest firmware updates, corrective updates and especially the hardware warranty and maintenance service in case of problems. The service is done by phone or on the official Cisco website and I can say that it is very good and efficient.
Cisco ASA 5500-X with FirePOWER Services is the true next generation introduced by Cisco. It fulfills layer 7 security and lots of security features to prevent any kind of attacks in your organization. they are offering advanced malware protection, advanced intrusion prevention and content filtering. I updated my Cisco ASA 5500-X with FirePOWER in my organization.
- Capable to provide advanced malware protection
- Amazing technical support
- Advanced IPS/IDS
- Easy to deploy
- Issues with URL filtering sometime fall in wrong category
- Application control features not available
If you have a medium or SBS company and you want to deeply secure your infrastructure on a normal budget then you can go with Cisco ASA 5500-X with FirePOWER Services firewall.
Cisco customer support really best, they are providing 24*7 support and their SLA is the best SLA to satisfy their client.
We are using Cisco ASA 5500-X with FirePOWER Services--mainly the 5516-X in the active/standby modes--in our organization to build OT/process control networks. This is the perfect solution to isolate and segment your production environment from the business network.
- Cisco ASA 5500-X with FirePOWER Services are very well suited for most environments.
- Cisco ASA 5500-X with FirePOWER Services have a variety of networking features including NextGen, web content filtering, data analysis, high availability failover, packet inspection, context-based ACL, and other features to protect your networks.
- It's easy to deploy and manage.
- New models do not support switch ports.
Cisco ASA is the world’s most widely deployed, enterprise-class stateful firewall which includes Clustering & High Availability option, Intrusion Prevention & Stateful Layer 2-7 inspection, Advanced Malware Protection, URL Filtering, Network Firewall Routing and Switching, Application Visibility & Control and some other.
The Cisco Technical Assistance Center provides great support from the beginning to the end. Also, there is Cisco community support available with tons of questions and answers.
We use several Cisco ASA's with FirePOWER [Services] throughout our organization. They serve as edge firewalls that touch the internet as well as internal networks that need to be walled off from the outside. The added security of the firepower services within the ASA bring the ASA up to speed as far as next generation firewall are concerned. I use a range of sizes of ASA-5500-X models from the smaller 5506-X to the 55250-X. Depending on the type and amount of traffic that will be going through will determine which one was used. In general I would say the performance of these units is on par with the industry as long as they were sized correctly. I feel they have a done a good job at securing the networks they protect.
- Intrusion Detection
- Intrusion Prevention
- Integration with AMP
- Network Address Translations
- Securing multiple networks
- Performance when using FirePower services make the unit slow
- Capacity of what the FirePower services need
- The interface is better than ASDM but these still need ASDM and that can be a challenge to get the correct Java version loaded
- Certain 5500-X models are different than previous versions with no switchport options
If you were looking for a internet edge firewall and wanted to add the modern day "next gen" features than I would say the [Cisco ASA 5500-X with FirePOWER Services] would do the job. The packages Cisco offers with the hardware is pretty easy to understand and you can add the right feature sets to it. If you don't need next gen functions for basic NAT/PAT then it still would be a good firewall. If you wanted it for a data center to inspect traffic going from the LAN to the Data Center it would be a good fit. If you do not size these correctly you might quickly run out of performance or capacity when using the FirePOWER Services. The smaller 5506-X with Firepower really seems to struggle when adding FirePower with it. I would say you would be less likely to use it if your organization has more than 100 devices. You would need to move up to a 5508-X, 5512-X or larger units.
Every time I have ever needed support for these devices I have had a good experience. The TAC team Cisco has in place to help with their security appliances has been excellent. The TAC engineers are normally pretty quick about getting on a support call with you to dig in with you to figure out the issue. If you have the right smartnet plans in place you can get a bad device swapped out pretty quick without too much hassle. The support updates and patches that come to the device are not bad to install and keep it up and supported isn't too taxing on my day to day workload.
The Cisco ASA firewall is being used to protect the environment from external threats and viruses. We also use it for external access to our servers i.e. port forwarding, DMZ and the guest wifi access also gets restricted via the firewall. Our users can also access our environment externally from the SSL VPN which is configured on the firewall.
- SSL VPN
- Port Forwarding
- Threat Control
- Remote access
- User friendliness
- Additional features similar to other competitor firewalls
- Licensing cost compared to other vendor brands
The Cisco ASA firewalls is perfect for managing traffic on your network especially between your LAN and the Internet. As this is an integrated appliance, it also includes a host of other features such as advanced malware protection, application control, remote access and site to site VPN capability and much more. If you have multiple Cisco ASA firewalls, I would recommend you purchase Cisco Firepower Management Centre as it provides in-depth visibility and control over you network.
Depending on where the firewall is being deployed, I would select Cisco SmartNet support (24x7x4hours) onsite support should this be deployed within the data centre. For branch offices, you could maybe go with the Cisco SmartNet next business day support which can save a bit of costs if your business model supports this. With SmartNet, Cisco will resolve issues faster and mitigate risk with 24 hour access to Cisco experts online or via the telephone.
Cisco firepower provides automatation for an organisations security operations to detect and stop the most advanced threats fast. It also assists in preventing attacks in using intelligence and innovative solutions.
The Cisco ASA 5500-X was used by our clients as a perimeter firewall. It addresses the problems of malware detection and potential attacks outside the organization.
- Easy to connect remote access VPN
- URL Filtering
- With Cisco ASDM Dashboard
- Upgrade paths
- Firepower Threat Defense (FTD) platform has slow GUI
- Firewalls require a complete refresh to transition.
It is well-suited in a work from home setup. If you have many employees working from home it can accommodate users depending on the license installed. It is less appropriate for small and medium enterprises because of the cost.
It is a good firewall for an enterprise organization.