Cisco ASA - Solid contender, but don't use the ips!
October 18, 2018

Cisco ASA - Solid contender, but don't use the ips!

Larry Chisholm | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Cisco ASA

The Cisco ASA platform has become the standard which I use for most of my SOHO and enterprise setups. I most recently have used this as a buffer between an AWS environment and a production network, where it behaved flawlessly. A second use case was as a VPN concentrator to consolidate all client to site, and site to site VPN connectivity, where it again behaved admirably.
  • Top of the line crypto, and firepower inline makes threat management easy.
  • easy to set up vpn, now including tunnel interfaces!
  • SOLID infrastructure for client to site vpn with anyconnect
  • TCO is higher than most.
  • firepower integration into the appliance is straightforward but weak. Units often times cannot process the amount of traffic thrown at them.
  • Support can be painful to work with at times. Need more english speaking staff.
  • Most network engineers have worked with ASA, so there is no need for re-training when adding or turning over staff
  • Current configs from older devices plug in easily, and are operational on larger devices if an upgrade is required
  • Many support options available
Cisco made sense from the standpoint that my engineers already knew it and there was little learning curve. Personally, I prefer a purpose-built hardware solution. Untangle is not ready for the enterprise as a whole but works great to do web/application filtering . Checkpoint and Palo are VERY high cost and have few support options.
Places where this product is well suited -
* VPN Functionality - Client to Site/Site to Site
* Internet Edge Gateway - NAT/PAT providing internet access to staff/production networks
* Interior firewall - Network segmentation