Reviews (1-25 of 45)
- Cisco ASAs are simple to configure and manage.
- Cisco ASAs allow easy setup of VPNs.
- Cisco ASAs provide secure segmentation to offer compliance with PCI.
- The CLI commands of the ASA is a bit different than Cisco's IOS devices.
- SSL VPN.
- Site-to-Site VPN.
- Ease of use and configuration.
- Easy CLI.
- Easy to troubleshoot.
- ASDM ease-of-use could be improved.
- Upgrade/migration from previous versions and the way objects are named.
- Bring in more support contexts in the default licensing.
- Bring in more support for SSL VPN connections in the default licensing.
- Zero downtime upgrades.
- Consistent API interface.
- Rich feature set.
- The GUI (ASDM) should get rid of Java.
- API specifications and commands lack proper documentation.
- Deeper regression testing on later releases.
- We Can use multiple contexts or also known as Firewall multimode.
- Ability to use dynamic routing protocols.
- The complex way of connecting external connectivity.
- Would like more SLA and event manager functionality.
- GUI interface is lacking. The interface is java specific.
- Positive: VPN functionality with the ease of setup and security. Being a Cisco shop, this proved to be more cost-effective with less need of multiple experts in-house.
- Negative: the inability to use VPN while in multimode. Would prefer a single entry point with load balancing.
- The ASA has been around forever, and has been proven to be a great firewall solution.
- ASAs are very versatile, running everything from VPNs and ACLs to content filtering.
- Running them in tangent with other Cisco routing solutions allows for a very diverse and secure setup.
- There are two types of technologists: ones who speak Cisco, and ones who don't. The ASA is no different from any Cisco device, in that it comes with a learning curve.
- These aren't consumer products, and they come with an enterprise price tag.
- Like many vendors, Cisco uses a java based admin consoles. This is its own special form of torture.
- HA NAT
- Maybe this has changed, but our ASAs were/are limited ACLs based on Object-Groups/IPs/Ports versus our Palo Altos offer application layer inspection to make sure that traffic traversing the firewall on a specific well known port such as 22 is actually SSH traffic or that traffic on port 80/443 is actually HTTP/HTTPS.
You can even give access to the other team for monitoring purposes and helping with debugs.
- Top of the line crypto, and firepower inline makes threat management easy.
- easy to set up vpn, now including tunnel interfaces!
- SOLID infrastructure for client to site vpn with anyconnect
- TCO is higher than most.
- firepower integration into the appliance is straightforward but weak. Units often times cannot process the amount of traffic thrown at them.
- Support can be painful to work with at times. Need more english speaking staff.
* VPN Functionality - Client to Site/Site to Site
* Internet Edge Gateway - NAT/PAT providing internet access to staff/production networks
* Interior firewall - Network segmentation
- Excellent integration with several systems and equipment of other brands, as well as with the entire Cisco ecosystem.
- Very good support and attention from the company and its associates. Constant security updates and functionalities.
- Robust and reliable equipment, great flexibility in configurations and fully scalable in power and functionalities to the need of the company.
- Well, the price is always an important factor with this brand, but I am witnessing that it is worth what it costs, although the ROI is generally not as good as the investors would like it to be.
- The virtual appliance still consumes too many resources compared to similar ones and I have to assign physical network cards to get an adequate performance when implementing it.
- ASA units provide firewall capabilities that would normally be found in much more expensive equipment
- ASA units provide POE capability for use with VOIP phones or other equipment.
- ASA units connect outside internet to inside networks and VPN's with very little overhead and no loss of signal speed.
- ASA units allow me to run a wireless access point in parallel so that both wired and wireless devices can share one DHCP scope which makes it easier to manage and maintain.
- ASA units make use of ASDM but also the Cisco standard CLI which makes it easier to train engineers to manage and have ease of deployment using config templates.
- In the ASA5506, unlike its predecessor, there are no switched Ethernet ports. Adding that feature would be helpful and save the cost of the additional switch that must be purchased.
- The real time log viewer is not that great, it's not 100% reliable, its explanations are often a bit too technical, the filter could use some enhancement
- The ASDM interface as a whole being java is not good. Java has become a nightmare due to poor backwards compatibility and cliff-facing certificate requirements between versions, so java versions for administrators become a nightmare to manage for what should be simple changes
- Cisco ASA is very configurable.
- Cisco ASA has a lot of features.
- Cisco ASA is robust. Failing almost never.
- Cisco ASA can integrate with many other Cisco security solutions.
- There is a learning curve for Cisco ASA.
- A lot of what can be done, initially, needs to be done at the command line interface.
- Organizing all the firewall rules can be a little daunting with the current UI.
- Easy to configure with a template and CLI.
- TACACS command authorization and accounting is must have for compliance.
- Good SNMP monitoring options.
- Well developed and very compatible firewall OS.
- The 'Next Generation' options feel bolted on and the performance is underwhelming.
- Impact of enabling the Firepower Inspection is too big. Both response time and throughput suffered horribly.
For Next Gen features you had better look at the firepower threat defense devices, as the next generation features of ASA are not well integrated.
- When sized appropriately, it can handle demanding traffic well.
- Cisco is pretty good about putting out security-related updates so we can rest assured that the networks can be as safe as possible.
- The hardware is very reliable and I don't recall any hardware related issues in the 5+ years of using them.
- Software upgrades are smooth and I would recommend getting Cisco support assistance for them to review your current configuration and have them advise which stable and secure version you should move to. They may provide additional commands to enter prior to upgrading if you are moving from a very old version of the software.
- Reporting, especially for VPN functionality, could use some improvements to be able to pinpoint when particular users log in/out.
- The JAVA-based GUI could use some modernization. I currently have to use an older version of JAVA JRE to run the ASDM.
- Some of the licensing structure could use some simplifying. You really have to size the appliance for growth before purchasing the initial license. The bare-bones license doesn't provide much flexibility.
- Rock solid when it comes to VPN Site-to-Site.
- Excellent Firewall functionalities.
- HA capabilities, it never fails.
- It would be better if Cisco continues improving the ASDM for new administrators starting their networking career.
- It would be great if Cisco builds a management web interface like they do for small business products.
- Allows remote phones to VPN and connect to the phone system
- It’s secure and allows TLS 1.2 encryption
- It’s more reliable to use a physical phone than soft clients e.g. Jabber
- Since we use it for VPN phones the devices need to be configured internally before we deploy them in the field. I have to be able to update the VPN profiles remotely.
- How we can manage: ASDM the GUI is so much easier to manage it even for a new guy also.
- Traffic handling capacity
- More secure and the different features it gives.
- Support from the TAC team or from the community manages to handle issues very efficiently.
- I would say Cisco should concentrate more how they will move way the traditional IPS to a new sand-boxing kind of environment.
- Great user management
- Good usage of ACE and ACL rules that control the network
- Decent power for a VPN that can be easily created
- Not user friendly
- The GUI is nice, but it doesn't tell you what it does
- Sometimes, it's hard to track down exactly what is going on
- Definitely well suited for a small to medium business where it can highlight the usage of its firewall and small amounts of VPN connectivity.
- It might get overshadowed in a larger company.
- Customer support is Cisco's forte, and ASA is no exception. If you have issues, they are available 24/7 to help you resolve them.
- Longevity. I still have a 5510 running that has been running for over 3 years without a reboot with zero issues.
- URL filtering works great.
- Get rid of the Java based ASDM
- The licensing could be easier.
- Packet filtering could use some improvement.
- The Cisco AnyConnect VPN is used by our users and is a very easy and secure method for employees to access corporate resources.
- The Cisco ASA 5585 can be configured in a cluster for larger throughput and high availability.
- When purchased with FirePOWER the Cisco ASA can be configured to inspect the application layer of the packets for better threat detection.
- The Cisco ASA can be configured via command line and with a GUI interface. The GUI interface needs work. It uses Java and depending on Java version you can have issues launching the application.
- The Cisco ASA needs better logging for troubleshooting. When trying to narrow down an issue the logging needs more information.
- Licensing can be difficult to understand and there are many options. Make sure you fully understand your needs before ordering.
For smaller companies the Cisco ASA may not be good fit as someone with network experience needs to administer the ASA. Other firewalls can be setup for use out of box.
- Filtering of traffic is made easier and we are able to better control our environment.
- VPN is secure and easy to manage through our ASAs.
- As part of our overall security strategy, Cisco ASAs help keep our perimeter more secure through their ability to customize to our company's needs.
- More training on customization would be great.
- Cisco could provide better Best practice reviews of our environment once set up.
- More reporting features for Execs would help.
- Cisco ASA is very robust device that keeps our network secure from threats
- Cisco ASA is very in intelligent device and full of multiple features such as load balancing , quality of service and many more
- Cisco ASA have enough licensing options which any customer can choose it from.
- Cisco ASA is limited to UTM features such as malware and antivirus
- Cisco ASA is less modular in terms of adding / removing modules
- Cisco ASA don't have AC/DC combined power options
Cisco ASA is not well suited in scenarios where we need excessive routing of data traffic
Cisco ASA Scorecard Summary
Feature Scorecard Summary
About Cisco ASA
Cisco Adaptive Security Appliance (ASA) software is the core operating software for Cisco’s ASA suite. It supports a variety of specialized network security and firewall options, allowing users to modularize to their business needs. It is scaled for enterprises through “clustering” ASAs, enabling 128 Gbps processing load and 50 million concurrent connections.
Cisco ASA provides a robust VPN setup process and integrates with other Cisco security offerings, including Cloud Web security and Trustsec. CWS provides cloud-based systems security across public and private clouds, and Trustsec is a software-defined segmentation product that mitigates the scope of network threats and data breaches. The platform also supports IPv4 and IPv6, enabling a smoother evolution in Internet Protocols for users.
Cisco ASA Technical Details