Item: Cisco ASA 5500-X with FirePOWER Services
Rating: 8
Author: Jason Lachowsky

Use Cases and Deployment Scope

While the business environment was very traditional in that most employees worked at the office and didn't need (or want) to use network resources from home, there was still a need for a firewall that was independently managed and deployed for use throughout the organization. The firewall served as the principal conduit to the internet as well as other government entities.

Pros and Cons

Well-regarded remote access VPN solution through AnyConnect. Your users will already likely have some familiarity with this product.
Reputation and category-based URL filtering enables web browsing to be tailored to your internet use policies.
Dashboards offer an easy way to gain visibility into the state of your network and generate relevant reports.

The transition from ASA (ASDM) software to the Firepower Threat Defense (FTD) software platform was awkward. Firewalls require a complete reflash to transition.
The FirePOWER services were originally baked-on rather than integrated into the project.
Java-based ASDM, which was replaced by the Firepower Threat Defense (FTD) platform, was functional but not pretty on the eyes.

Return on Investment

The upgrade from the previous firewalls increased the throughput available by over 200%
The team has direct insight into traffic flowing in and out of the network
It has required a greater staff investment to configure properly.

Alternatives Considered

Cisco Firepower 9300 Series and Check Point 12000 Appliances

I have some familiarity with other products in the firewall space, but I feel that Cisco offers the best ability to integrate all of our data sources together, being that the majority of the infrastructure is Cisco. That being said, Check Point, Fortinet, F5 and others offer strong competition to Cisco.

Support Rating

Cisco TAC support is as painful to deal with as most technical support situations. However, they do offer good online tools that prevent a phone call. When a replacement has been needed, Cisco has sent replacement equipment quickly and well within the service level agreement. Having your ducks in a row (registration, accounts) before you experience an issue can save you time.

Key Insights

Do you think Cisco ASA 5500-X with FirePOWER Services delivers good value for the price?

Yes

Are you happy with Cisco ASA 5500-X with FirePOWER Services's feature set?

Yes

Did Cisco ASA 5500-X with FirePOWER Services live up to sales and marketing promises?

Yes

Did implementation of Cisco ASA 5500-X with FirePOWER Services go as expected?

Yes

Would you buy Cisco ASA 5500-X with FirePOWER Services again?

Yes

Likelihood to Recommend

Since the ASA platform is in the midst of a transition, it is best for new users. The Firepower Threat Defense (FTD) is straight-forward, helps you deploy key features easily, and is pleasing to the eye. The 5500-X line has a wide array of models that are suitably for environments both big and small. There are aspects of ASDM that are not yet available in the FTD platform, especially power-user features like a CLI. So this has left ASA junkies high and dry.

Training Types Used

Online training

The venerable ASA line with added FirePOWER is still staying relevant in an advanced world

Overall Satisfaction with Cisco ASA 5500-X with FirePOWER Services