Decent Firewall at a decent price point.
Updated July 09, 2019

Decent Firewall at a decent price point.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco ASA

We've deployed ASAs throughout our multiple datacenters and we also use them as onsite edge devices at many of our client sites. We're using them for NATing client devices as well as applying stringent ACLs to control what clients can access on our networks and what we can access on a clients network.
  • HA NAT
  • ACLS
  • FAILOVER
  • HA
  • VPN
  • Maybe this has changed, but our ASAs were/are limited ACLs based on Object-Groups/IPs/Ports versus our Palo Altos offer application layer inspection to make sure that traffic traversing the firewall on a specific well known port such as 22 is actually SSH traffic or that traffic on port 80/443 is actually HTTP/HTTPS.
  • Allow us to keep our clients and our business secure.
  • Allow us to use NAT IPs for client side devices so that we're not having to do as much crazy routing or validating that clients aren't using overlapping address space.
  • HA/Failover has been fairly flawless which helps us continue to meet our SLAs.
Our Palo Altos and Cisco ASAs are pretty comparable. They both seem to work well when used in an HA pair. They can both do IP/Port based ACLs. But the Palos also have APP-ID which helps to make sure that the traffic passing through your firewall is the type of traffic you'd expect it to be. I will say this has been both a good and bad thing. On occassion there have been some false positives, but overall APP-ID works very well and helps us maintain a tighter security posture than we could with ASAs alone. The ASAs though tend to be cheaper which makes them appealing for areas where you can/will take a more layered approach to security. Additionally the Junipoer SRX that I've used in the past were fairly capable of IP/Port based ACLs and seemed to work fairly well.
Palo Alto Panorama, Palo Alto Networks URL Filtering PAN-DB, Palo Alto Networks Next-Generation Firewalls - PA Series, Ansible, GitHub, PyCharm, Kubernetes, Docker, Mellanox Switches, Cisco Application Centric Infrastructure, Cisco Nexus, Cisco Catalyst Switches, Cisco Routers, Cisco SSL VPN, F5 BIG-IP, Citrix NetScaler, HAProxy
They work fairly well for firewalling and tended to be lower cost than our Palo Altos. If you're looking for a decent firewall and cost is a concern I'd say ASAs are a decent option. If you'e looking for a more secure environment you might want to look at the Palo Altos in addition to or instead of the ASAs.