Cisco ASA, same old dog but starting to learn new tricks
April 18, 2017

Cisco ASA, same old dog but starting to learn new tricks

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco ASA

We are currently using a pair of Cisco ASA 5585 on our perimeter. We use the Cisco ASA along with their Firepower module/service. It is providing our first layer of security into the organization.
  • The firewall protections have been strong and secure for years.
  • The procedures for nat and other traffic have been standardized and work well.
  • Support from Cisco (that you pay for) is very responsive and thorough.
  • The vpn options on the firewall work reliably.
  • The gui interface is good, but often lacks the ability to perform full tasks without command line.
  • Integration with other products can be complicated and you may need to find the custom commands from the 3rd party or support to make it work.
  • A lot of their advanced features are present, but aren't fully integrated yet.
  • The next gen features allowed us to remove an older exinda device from our network by replacing that qos functionality and reporting.
  • The geoblocking features have allowed us to block many of our biggest threat sources from even trying to attach our systems, which makes our security reporting look much cleaner.
  • We needed granular user reporting in our web filtering, so we did have to implement a separate proxy solution (which we already had). It was a fair amount of work to integrate but does work with the ASA. Unfortunately, the reporting wasn't as tied to the users for our HR department to rely on.
I had previously used Watchguard and Sonicwall firewalls (in addition to older Cisco firewalls). The Sonicwall worked ok as a small business firewall, but isn't really on the same level as Palo Alto and Cisco. Watchguard is closer to that level, and I did like their gui better, but their advanced features and reviews weren't as good. Palo Alto and Cisco went head to head for us. In the end, the Palo Alto had more developed features, but Cisco worked to undercut their price. When we looked at the rest of our network (and phone system) being Cisco and the price, the Cisco made the most sense for us. If we had a bigger budget for our firewall solution, we may have gone a different direction.
Quest Identity Manager, Websense Web Filter & Security, Microsoft Exchange, Microsoft Office 365, Skype for Business, BMC Track-It!, Barracuda Load Balancer, Dean Evans and Associates Event Management Software, Microsoft SQL Server, Veeam Backup & Replication, Microsoft Office 2016
The current Cisco ASA firewall is a good, solid firewall for any small to medium business or school. They have many of the advanced, next gen firewall features available to give you the added protection you need. The platform is stable and, provided you pay for support, their product support is solid and responsive. Many of the next gen features do lack the granularity of some of the other big players, so if you need granular reporting on web filtering and user tracking, you may need to integrate a separate 3rd party filter or look at a different solution.