Cisco ASA 5500-X with Firepower adds next generation features to the classic Cisco Firewall
February 13, 2021
Cisco ASA 5500-X with Firepower adds next generation features to the classic Cisco Firewall
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cisco ASA 5500-X with FirePOWER Services
We use several Cisco ASA's with FirePOWER [Services] throughout our organization. They serve as edge firewalls that touch the internet as well as internal networks that need to be walled off from the outside. The added security of the firepower services within the ASA bring the ASA up to speed as far as next generation firewall are concerned. I use a range of sizes of ASA-5500-X models from the smaller 5506-X to the 55250-X. Depending on the type and amount of traffic that will be going through will determine which one was used. In general I would say the performance of these units is on par with the industry as long as they were sized correctly. I feel they have a done a good job at securing the networks they protect.
- Intrusion Detection
- Intrusion Prevention
- Integration with AMP
- Network Address Translations
- Securing multiple networks
- Performance when using FirePower services make the unit slow
- Capacity of what the FirePower services need
- The interface is better than ASDM but these still need ASDM and that can be a challenge to get the correct Java version loaded
- Certain 5500-X models are different than previous versions with no switchport options
- Providing secure internet access for business needs
- Constant uptime when in HA mode for business connectivity
- Reducing risk
- Securing data center boarders for data protetion
- VPN access for remote workers
- Cisco AMP End point protection
- Stealthwatch
- Microsoft Active Directory
- Secure X
- Cisco Anyconnect
The Cisco ASA [5500-X with FirePOWER Services] can integrate into many different systems. Some of the best ones would be adding it to Cisco Secure X for better visibility of the networks secured boarders. When you add that with AMP then you can see and understand how threats are coming into your clients. Any connect is a good VPN that is built into the ASA. You can really secure how the VPN can connect and what the clients can do once it is installed. This can take some time to setup all the way but once it is setup it works really well. I would say any connect, when connected to an ASA provides a better than average VPN experience. You can use LDAP for controller who accesses the firewall and have it tie to any connect so the user can use the same credentials to login. When you do these things you can see where the client is connecting from (IP), what their end points are doing and if any risks like malware or viruses are attempting to run.
The [Cisco ASA 5500-X with FirePOWER Services] does compete okay when compared to other devices. This model is begging to age and does not perform as well as the newer models but that is to be expected. I think their interface is okay but again I think ASDM is aging more compared to other web only based interfaces. Cisco has replaced these models with the Firepower 1000 and 2000 series and I think if you were to purchase a direct replacement that would be it. I think they still work in todays security world and will for a few more years, so if you have one you don't need to run out and replace them this year.