Overall Satisfaction with Cisco ASA
The Cisco ASA platform has become the standard which I use for most of my SOHO and enterprise setups. I most recently have used this as a buffer between an AWS environment and a production network, where it behaved flawlessly. A second use case was as a VPN concentrator to consolidate all client to site, and site to site VPN connectivity, where it again behaved admirably.
- Top of the line crypto, and firepower inline makes threat management easy.
- easy to set up vpn, now including tunnel interfaces!
- SOLID infrastructure for client to site vpn with anyconnect
- TCO is higher than most.
- firepower integration into the appliance is straightforward but weak. Units often times cannot process the amount of traffic thrown at them.
- Support can be painful to work with at times. Need more english speaking staff.
- Most network engineers have worked with ASA, so there is no need for re-training when adding or turning over staff
- Current configs from older devices plug in easily, and are operational on larger devices if an upgrade is required
- Many support options available
Cisco made sense from the standpoint that my engineers already knew it and there was little learning curve. Personally, I prefer a purpose-built hardware solution. Untangle is not ready for the enterprise as a whole but works great to do web/application filtering . Checkpoint and Palo are VERY high cost and have few support options.