1. Home
  2. Firewall Software
  3. Cisco Adaptive Security Appliance (ASA) Software Reviews
  4. User Review of Cisco Adaptive Security Appliance (ASA) Software
Cisco Next Generation Firewalling
April 26, 2017

Cisco Next Generation Firewalling

Fahad Ahmad | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco ASA

We have managed customers who use Cisco ASA as their primary firewall and I manage it for them. It is used by our customers for their environment and it secures customer environments against unauthorized access. It addresses issues in terms of security of the environment where there are online threats including DDOS, DOS, viruses, malware, hacking etc.
  • Cisco ASA sends logs to a syslog server either in the same location or remotely which helps admin for audit and security events across all networks devices.
  • Syslog traffic should be encrypted.
  • Cisco ASA provides multiple security contexts (require a licence). It's a good thing (like virtualized firewalls). It can be used as a transparent (Layer 2) firewall or routed (Layer 3).
  • Cisco ASA provides IPS module or SCS module.
  • Cisco ASA can inspect Layer 2-7 protocol inspection and also IP connection limits.
  • New feature is added for Memory Threshold Notifications where it eliminates low-memory (CPU etc) on firewall and it generate SNMP notification when memory pool buffer is used to a level where service performance issues can arise.
  • Ths feature is available in Cisco ASA 8.4 and onwards
  • It should have room for a confirm configuration or a config checker (pattern) instead of directly applied on CLI and it would become operational straightaway.
  • It should have some option to roll back the configuration if applied in error or something else is disturbed by the new config implementation.
  • There should be some time limit (day and time duration) option where a configuration is applied and pulled off.
  • On an active/failover scenario, the business continuity will not be disturbed which is ultimately an ROI. One time cost of licenses and hardware and support (optional).
  • Positive impact is [we] haven’t seen any downtime due to DOS or DDOS attacks.
  • I haven't received any performance related complaining or issues from using Cisco ASA.

The Cisco ASA 5500 Series comes with high-performance security services which include firewall and anti-virus, anti-phishing, anti-spam and web filtering services.Cisco ASA Software delivers enterprise-class security capabilities for the ASA. Introduced new FirePower NGIPS which is a real-time next-generation intrusion prevention system (IPS) with contextual awareness and Advanced threat protection (AVP)feature that uses global threat intelligence to protect against zero-day threats.

Cisco ASA firewall powerful Modular Policy Framework is a unique combination of hardware and software extensibility

Cisco ASA is well suited where a customer environment requires low latency traffic or a mixed-traffic environment that has many SSL/IPSec VPNs. The latest Cisco ASA 5580 has a throughput of 20 gigabits per second (Gbps) and a 10,000 user remote access concentrator for a secure sockets layer (SSL) and IP security site-to-site (IPsec)-based virtual private networks (VPN).


It is not appropriate in a service provider or enterprise development environment where configuration changes are required quite often. You cannot use VPN services such as remote access or site-to-site VPNs, or dynamic routing protocols. With multiple context mode, Cisco ASA 5580 has limitations as well as it is designed as a firewall and VPN only and cannot use other security features such as IDS or IPS. Like other firewall vendors Cisco ASA does not receive real-time updates from Cisco. So it's not suitable where sensitive data such as government department etc., can be compromised as security requires real-time updates from the vendor.