Cisco ASA, same old dog but starting to learn new tricks
April 18, 2017
Cisco ASA, same old dog but starting to learn new tricks
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cisco ASA
We are currently using a pair of Cisco ASA 5585 on our perimeter. We use the Cisco ASA along with their Firepower module/service. It is providing our first layer of security into the organization.
- The firewall protections have been strong and secure for years.
- The procedures for nat and other traffic have been standardized and work well.
- Support from Cisco (that you pay for) is very responsive and thorough.
- The vpn options on the firewall work reliably.
- The gui interface is good, but often lacks the ability to perform full tasks without command line.
- Integration with other products can be complicated and you may need to find the custom commands from the 3rd party or support to make it work.
- A lot of their advanced features are present, but aren't fully integrated yet.
- The next gen features allowed us to remove an older exinda device from our network by replacing that qos functionality and reporting.
- The geoblocking features have allowed us to block many of our biggest threat sources from even trying to attach our systems, which makes our security reporting look much cleaner.
- We needed granular user reporting in our web filtering, so we did have to implement a separate proxy solution (which we already had). It was a fair amount of work to integrate but does work with the ASA. Unfortunately, the reporting wasn't as tied to the users for our HR department to rely on.
- Palo Alto Networks PA-5000 Series, WatchGuard XTM - Discontinued Product and SonicWall TZ
I had previously used Watchguard and Sonicwall firewalls (in addition to older Cisco firewalls). The Sonicwall worked ok as a small business firewall, but isn't really on the same level as Palo Alto and Cisco. Watchguard is closer to that level, and I did like their gui better, but their advanced features and reviews weren't as good. Palo Alto and Cisco went head to head for us. In the end, the Palo Alto had more developed features, but Cisco worked to undercut their price. When we looked at the rest of our network (and phone system) being Cisco and the price, the Cisco made the most sense for us. If we had a bigger budget for our firewall solution, we may have gone a different direction.