Great solution heading in right direction.
January 25, 2018

Great solution heading in right direction.

Sergei Chernooki | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Review Source

Overall Satisfaction with Cisco ASA

Cisco ASA is used as a border firewall at the network edge and also between critical network segments and other parts of the network. With Cisco ASA we achieved remote access connectivity and event logging. Next-gen features are used at network edge with regard to performance. By using Cisco ASA awe created reliable network edge gateways with minimal Open.
  • Stateful inspection is perfectly implemented, reliable and has a very good performance.
  • NAT is feature-reach, perfectly implemented, reliable and has a very good performance.
  • VPN is feature-reach, perfectly implemented, reliable and has a very good performance (hardware limited).
  • I am not quite happy with 5500 series NGFW performance, this was fixed starting from 2100 series on.
  • HTTP inspection performance also is a bottleneck, it should not be used without clear need.
  • Licensing costs may triple the appliance price.
  • It does it's best when working for 5+ years with minimal OpEx. Patches needed twice a year and clustering makes it easy and smooth. Network redesign is possible without a hardware change.
Cisco does transport-layer inspections, NAT and VPN just great. CheckPoint is more expensive, gives greater network visibility compared to Cisco ASA, next-gen features work faster on CheckPoint (model-dependent). Management Centre for Cisco NGFW is a heavy virtual appliance with a complex interface, you may need a special training for it. FortiGate is just cheaper by price per protected Megabyte per second.
It does it's best when minimal OpEx is required. Initial setup may be complex for inexperienced engineers. Network visibility may be incomplete without additional tools. Performance of next-gen features may be low on cheap models.

Using Cisco ASA

3 - Network and security engineers, support engineers. I also provide training to customers.
1 - You will need authorized training or long-term experience to efficiently support Cisco ASA. Service contract also needed to obtain patches and vendor-side support.
  • Network border firewall.
  • Perimeter protection.
  • NAT and VPN gateway.
  • VXLAN tunnel endpoint.
  • Routing between VPN tunnels in star topology.
  • Datacenter virtual firewall.
I am committed to low-OpEx usage model, know most (nearly all) hw and sw features and have a good customer base to continue to use Cisco ASA.