Skip to main content
TrustRadius
Cisco ASA 5500-X with FirePOWER Services

Cisco ASA 5500-X with FirePOWER Services

Overview

What is Cisco ASA 5500-X with FirePOWER Services?

Cisco offers a threat-focused next-generation firewall (NGFW), the ASA 5500-X Series. The ASA 5500 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD). The series features appliances in a variety of form factors, including…

Read more
Recent Reviews
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 11 features
  • VPN (30)
    9.8
    98%
  • Active Directory and LDAP (29)
    9.8
    98%
  • Firewall Management Console (30)
    9.2
    92%
  • Content Inspection (29)
    9.1
    91%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Cisco ASA 5500-X with FirePOWER Services?

Cisco offers a threat-focused next-generation firewall (NGFW), the ASA 5500-X Series. The ASA 5500 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD). The series features appliances in a variety of form factors, including standalone options for small and…

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.cisco.com/c/en/us/solutions…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

20 people also want pricing

Alternatives Pricing

N/A
Unavailable
What is Cisco Firepower 1000 Series?

The Cisco Firepower® 1000 Series for small to medium-size businesses and branch offices is a family of four threat-focused Next-Generation Firewall (NGFW) security platforms designed to deliver business resiliency through superior threat defense. The vendor provides that they offers exceptional…

What is Azure Firewall?

Microsoft's Azure Firewall is a managed cloud-based network security service that protects Azure Virtual Network resources.

Return to navigation

Features

Firewall

A firewall is a filter that stands between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out

9
Avg 8.5
Return to navigation

Product Details

What is Cisco ASA 5500-X with FirePOWER Services?

Cisco ASA 5500-X with FirePOWER Services is a security appliance solution designed to empower users to beat sophisticated cyber attacks. This solution is a threat-focused next-generation firewall.

Cisco ASA 5500-X with FirePOWER Services Features

Firewall Features

  • Supported: Identification Technologies
  • Supported: Visualization Tools
  • Supported: Content Inspection
  • Supported: Policy-based Controls
  • Supported: Active Directory and LDAP
  • Supported: Firewall Management Console
  • Supported: Reporting and Logging
  • Supported: VPN
  • Supported: High Availability

Cisco ASA 5500-X with FirePOWER Services Competitors

Cisco ASA 5500-X with FirePOWER Services Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo

Cisco ASA 5500-X with FirePOWER Services Downloadables

Frequently Asked Questions

Cisco offers a threat-focused next-generation firewall (NGFW), the ASA 5500-X Series. The ASA 5500 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD). The series features appliances in a variety of form factors, including standalone options for small and midsize businesses, ruggedized appliances for extreme environments, midsize appliances for security at the Internet edge, and high-performance appliances for enterprise data centers.

pfSense, WatchGuard Network Security, and SonicWall TZ are common alternatives for Cisco ASA 5500-X with FirePOWER Services.

Reviewers rate Policy-based Controls and Active Directory and LDAP and VPN highest, with a score of 9.8.

The most common users of Cisco ASA 5500-X with FirePOWER Services are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(85)

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Shephered Moyo | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Cisco ASA 5500-X, we have deployed this firewall to most of our customers. We also run a pair of these in our data center and so far we have not experienced any issues with the setup. The firewalls are configured in an active/standby mode allowing connectivity back to the ISP via diverse routes and utilizing BGP. Direct peering with the ISP means we don't require managed layer 3 routers from the ISP, reducing the cost and removing another unneeded layer of hardware, and improving latency.
  • High Availability in Active/Acitve mode and the use of virtual context.
  • Straight forward software upgrades.
  • Provides robust AnyConnect remote access VPN for users.
  • The use of a VMware appliance to manage firepower is not really great, as this introduces another on-prem box to manage, this could all be done via the cloud.
  • Licensing is never straight forward, this could be improved.
With a limited budget, this firewall can be deployed to do basic firewalling and routing as a starting point. Once in place with an improved budget firepower services can be activated with an additional license. Depending on the scenario an appropriate model can be bought to meet the needs of the business. These firewalls range from the small 5506-X to the massive 5585-X suitable for data center deployments.
Firewall (8)
92.5%
9.3
Identification Technologies
100%
10.0
Visualization Tools
80%
8.0
Content Inspection
90%
9.0
Active Directory and LDAP
100%
10.0
Firewall Management Console
90%
9.0
Reporting and Logging
80%
8.0
VPN
100%
10.0
High Availability
100%
10.0
  • Once deployed and running, the firewall is very robust which means less downtime and more production with great ROI.
  • This firewall has a long life span and even if it's reaching the end of life cisco continues to support the product which means you can continue to rely on the firewall and also keep getting software updates, and security updates.
  • When managed centrally, management is improved, and policies can be changed once and applied to all firewalls in one go.
  • Cisco Nexus switches as Core routers connecting a customer site to the datacenter via a private WAN.
  • Trunking between the 5508-X and a cisco 3750 switch to allow different VLANs access to the internet via the same firewall.
  • Cisco Meraki Access Points behind the 5508-X.
One of our customers required access to the internet when working from home via the office internet, as a result, we implemented AnyConnect for each and every user and forced their home traffic to go to the office and breakout to the internet via the office connection. This helps with possible traffic interception when using non-secure home wifi or internet cafes.
We have been using these firewalls for a long time now, and every day we can see hackers trying to break into them, trying to exploit different vulnerabilities and so far they have not been able to gain access. We also configured reporting which means that we get alerted when there is a brute force attack or a single IP address that keeps trying to break in, once we get these notifications we then add those offending IP addresses to the blacklist and they won't be able to continue malicious activities against our environment.
The firewall is great but there is always room for improvement. The use of VMWare to manage the firewall is not great, it's yet another expense that can be avoided. However, once the firewall is installed and running it just works with no issues. Also, it's very straightforward to install updates or upgrade the firewall software. The fact that there are different models means there is always a firewall for every budget.
Palos are great but they are a bit more expensive. Cisco ASA 5500-Xs are very competitive budget-wise. Small to medium offices can easily afford Cisco ASA 5500-X with FirewPOWER services compared to Palo Altos. At the end of the day cisco even though more affordable still get the protection you need from a firewall.
Instead of investing in a lot of products like IPS, IDS, and Email Proxies, Cisco ASA 5500-X with FirePOWER Services comes fully packed with all these features which only require licenses to activate and use. This also means collecting logs is made very easy since the logs will be coming from a single device. In all our deployments we are able to see and get notified when an IP address is running a scan or attempting to execute malicious code against our networks.
Deploying firewalls in High Availability (HA) and also making sure that the same Cisco ASA 5500-X with FirePOWER Services are deployed at the Disaster Recovery (DR) sites, so that when an attack happens the business can switch to the DR site and continue operating while the main site is dealing with a disaster.
Ever since we installed Cisco ASA 5500-X with FirePOWER Services we have never had to deal with an attack. We can see in the logs almost every day hackers attempting to break into our networks and failing. We also have the ability to blacklist every IP address that attempts to break into our firewalls.
We implemented a centralized management of all our Cisco ASA 5500-x with FirePOWER Services so that we can have a holistic view of all our sites in London and other European countries. This also helps when making changes, instead of login on to each firewall we can use Firepower Management Center (FMC) to central deploy changes across all devices.
We have never had an outage caused by firewall failure. We have had a few outages caused by the internet failing or cloud applications going offline but never a firewall breaking down. When making changes we have a very strong change control, major software updates are always carried out out of working hours. At places where we have two firewalls in HA, we are able to do upgrades in working ours and the users will never know that an upgrade is taking place, that how great these firewalls are.
Like any other firewall the Cisco ASA 5500-X with FirePOWER Services requires knowledge to deploy and manage, but the Cisco ASA is very straightforward to work with. It integrates well with most switch vendors and we deploy FMC in VMware. Site-to-site VPN with the Azure cloud and AWS is very straightforward. It also works well with other vendors like Palo Alto and Juniper.
  • Integrated Cisco AnyConnect VPNs with SAML to allow single sing on with Office 365 accounts.
  • Integrated access to management with Duo to provide MFA for administrators
  • We are working on starting Ansible automation
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Cisco ASA, 5512, 5515, 5506, 5516, 5525, and 5585. Prior to that we used 5510 and 5540. We have started to use 2130 with ASA. We use them for typically hosting customer with 4- 8 networks, internet access, and a small network of VMs and storage. We supply customers with sportsbook and sports trading applications that we host in our data centres. We also use ASA on our internal site networks. We also use AnyConnect to support all our remote users and home workers. We have over 2000 site VPNs and a number of VPNs to AWS and Azure using VTI. We find these devices are easy to configure and offer very good performance and security features.
  • Remote Access with AnyConnect
  • Intuitive GUI
  • High performance
  • Well established product set with Cisco and this means good support
  • Easy to Manage and learn
  • Easy to deploy VPNs
  • GUI to be HTML5 rather than needed JAVA and ASDM
  • In relation to Firewall power, the Management console is rather lacking support.
  • Better 10 gig support
  • Cost is high compared to comparative providers of firewalls.
  • Better DNS object support / there are a number of shortfalls
  • Layer 4-7 firewall features
  • Better threat defense options
Cisco ASA 5500-X with FirePOWER is well suited for sites that will be using VPN and RAS. It is quick to set up and deploy and has good support from Cisco and the community at large. There is a product that meets any size of network.
Firewall (9)
84.44444444444444%
8.4
Content Inspection
70%
7.0
Policy-based Controls
90%
9.0
Active Directory and LDAP
90%
9.0
Firewall Management Console
80%
8.0
Reporting and Logging
90%
9.0
VPN
100%
10.0
High Availability
90%
9.0
Stateful Inspection
70%
7.0
Proxy Server
80%
8.0
  • Some of the smaller products have good ROI
  • The larger units such as 558g are far to too expensive to see a good ROI.
Cisco technically has better support on things like VPN, but the Fortinet seems slightly cheaper.
Support is world-class but is very expensive compared to its competitors. Community support is very good with many people using ASA already.
1000
Customers
users
developers
1
network engineer with good Cisco knowledge
  • VPN Gateway
  • Edge firewall
  • Branch firewall
  • RAS gateway
  • It's the cornerstone of our remote access for home users.
  • Firewall
Overall, it does most of the things we want without too much effort. Support is good but expensive.
No
  • Product Reputation
  • Prior Experience with the Product
I have used Cisco for many years, and the organization I work with now has used it for many years.
We did not evaluate it, but we are now looking at Fortinet as possible replacement option in the future, as the ASA is much more expansive than Fortinet.
  • Implemented in-house
No
Change management was minimal
We build this regularly on behalf of customers as part of new projects, so we have a process we follow to deploy into production.
  • none
We find these easy to deploy and we have a process we follow. We normally take 1-2 days to deploy.
Yes
We find the support is good mostly, but is very expensive.
No
Most of the time support for TAC is thorough, and we can see they have skilled and professional staff, but sometimes to get the right person is slow and frustrating.
  • ASDM is easy to use
  • Support on Cisco.com is very good
  • Community is excellent
  • Has many how-tos and example configs available
  • Sometimes ASDM and JAVA causes us problems
  • A better GUI that was based on HTML 5 would be awesome
No
Some features are hard to set up or hard to find.
David Orellana | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
The Cisco 5500-X is currently used as one of our branch Firewall, it manages traffic from the inside LAN to the WAN, also connects two branches via a site to Site-VPN. Although we are not using the IPS capabilities, we can see all the traffic going in and out.
  • Traffic monitoring.
  • Site-to-Site VPN.
  • IPS (Needs a valid license).
  • Stateless Firewall.
  • You can upgrade ASA image to Firepower.
  • Better integration with Firepower IOS.
  • ASA system still using Java for GUI.
  • Firepower needs Firesight Management console to manages rules.
It is fine if you need a branch firewall, usually on branches that don't offer services outside the organization a stateless firewall like ASA 5500-X will do the job. Function like monitoring, VLAN, and VPN are managed relatively easily on the ASA platform. You can upgrade to a much slick GUI by upgrading the IOS to Firepower, however, you will need to start from zero since the configuration isn't compatible between ASA and Firepower. Cisco hardware is pretty durable.
Firewall (9)
76.66666666666667%
7.7
Identification Technologies
70%
7.0
Visualization Tools
60%
6.0
Content Inspection
70%
7.0
Policy-based Controls
70%
7.0
Active Directory and LDAP
80%
8.0
Firewall Management Console
80%
8.0
Reporting and Logging
80%
8.0
VPN
90%
9.0
High Availability
90%
9.0
  • The price is competitive with other.
  • The licenses to manage IPS and other functions are expensive.
  • Any additional feature you need to pay license.
  • Hardware is pretty durable.
  • Catalyst Products.
  • Solarwinds.
We have integrated ASA into our Solarwinds products, so we can monitor the traffic beyond ASA graphics. The product works fine with each other and because Cisco is widely used it is easy to find articles if we encounter any issue.
Usually, an ASA5500-X will be used for a branch office where services aren't open to WAN. With this understanding, ASA is a good product to manage daily in and out traffic. You could Geo fence traffic to avoid unwanted traffic. Overall it has been a relatively easy deployment. Upgrading is fast and it is up 99% of the time.
Support is great if you have paid Cisco support. However, in the Cisco world, there are plenty of resources for any potential issue you may find. I found that most of the time there are articles on the Cisco website that help you to enable a function or enhance a rule. Also, the GUI makes easy-to-navigate menus.
Meraki MX is a much robust product, however in terms of licenses, Meraki MX you need to pay a per-year basic subscription that in 3 years surpass the value of the ASA 5500-X with features that you may not need. This is for a branch firewall not for the Main firewall.
60
They are the core of our organization providing support to our clients. They do daily emails and training. Due to COVID-19 meeting clients via web meetings etc. So internet connection is a must for the day to day business.
2
This is why we use Cisco products, we have a very limited personal looking for all devices and ASA allows us to set up fast and find resources to solve any issue relatively fast. Cisco a widely use so looking for solutions or people that can help us is cost-effective. Usually, hardware is durable.
  • Port Blocking.
  • Traffic.
  • Business continuity.
  • Integration with Solarwinds.
  • We can identify traffic use during office hours.
  • VPN access
We are exploring cloud services, the services are getting cheaper and the features offered in terms of hardware and software are becoming comparable to ASA.
No
  • Price
  • Product Usability
The overall factor was price and use case. This product was deployed on a branch office that doesn't have any service. The only purpose of this firewall is to manage in and out traffic and site-to-site VPN with the main branch. Also, we need robust hardware that could last in the server room without supervision.
Nothing, I think in terms of price, compatibility, and overall use. Cisco products are pretty good. Also, any technician can potentially work on a Cisco product and this gives a business a continue in case we need to use third-party support to serve the firewall. This allows us to save money in the long term.
Return to navigation