Gold Standard in Enterprise Security
Brian Taylor | TrustRadius Reviewer
January 18, 2018

Gold Standard in Enterprise Security

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Cisco ASA

My organization switched to the ASA from the PIX close to 8 years ago. We were looking for a solution that provided added security, better redundancy, integrated well with our existing Cisco infrastructure and was easy to manage and use. The ASA addressed all of those concerns and has been a critical component in our network stacks since.
  • Consistent commands. A lot of the general commands used on other Cisco switches and routers also work here, making it easy script common tasks and changes across multiple devices without having to switch command structure.
  • Processing power. The ASA is incredibly fast and doesn't introduce much if any latency.
  • The Java based ASDM can botch commands and isn't compatible on some more locked down systems.
  • Monitoring. Really the same complaint as above, the monitoring available through the ASDM is crappy at best. A much better solution is to send the logs and mirror packets to a SEIM, but that can create issues of its own when looking for realtime analysis.
  • Compatibility across other ASA models. ASA 5520s don't play well with 5525X which don't play well with older 5510s. Each is great on it's own, but it's next to impossible to logically stack them or have them as layers of firewalls in an infrastructure.
  • Lack of cloud based management. The Cisco Meraki security devices do this well, but the ASAs are still behind in this regard.
  • The ASA is a relatively cheap firewall. For the security and peace of mind provided by a reliably up critical component of your network, it returns it's value quickly.
  • The Cisco licensing model can wreck a budget if not planned for properly. The hardware would of course still work if the support contract isn't renewed, but as they say you don't need the support until you don't have it.
We evaluated other Cisco security devices and other vendors, but chose the Cisco ASA due to it's price point and compatibility. While Fortinet and Palo Alto are leaders in the field, we found that for the price, the features we needed were fully satisfied by the ASA. We considered using pfSense as an internal firewall, but eventually decided against it as we would have to home grow hardware for it, and the ASA still did everything we needed.
The ASA is the gold standard of adaptive security devices in a Cisco environment. If your organization predominately uses Cisco hardware, then the ASA is the firewall of choice as it plays nicely with other routers and switches. If your infrastructure uses a mix of hardware vendors or open network hardware, there can sometimes be issues communicating between those devices, but workarounds are easy enough and issues well documented.