Overall Satisfaction with Cisco ASA 5500-X with FirePOWER Services
Cisco ASA 5500-X, we have deployed this firewall to most of our customers. We also run a pair of these in our data center and so far we have not experienced any issues with the setup. The firewalls are configured in an active/standby mode allowing connectivity back to the ISP via diverse routes and utilizing BGP. Direct peering with the ISP means we don't require managed layer 3 routers from the ISP, reducing the cost and removing another unneeded layer of hardware, and improving latency.
- High Availability in Active/Acitve mode and the use of virtual context.
- Straight forward software upgrades.
- Provides robust AnyConnect remote access VPN for users.
- The use of a VMware appliance to manage firepower is not really great, as this introduces another on-prem box to manage, this could all be done via the cloud.
- Licensing is never straight forward, this could be improved.
Do you think Cisco ASA 5500-X with FirePOWER Services delivers good value for the price?
Yes
Are you happy with Cisco ASA 5500-X with FirePOWER Services's feature set?
Yes
Did Cisco ASA 5500-X with FirePOWER Services live up to sales and marketing promises?
Yes
Did implementation of Cisco ASA 5500-X with FirePOWER Services go as expected?
Yes
Would you buy Cisco ASA 5500-X with FirePOWER Services again?
Yes
- Once deployed and running, the firewall is very robust which means less downtime and more production with great ROI.
- This firewall has a long life span and even if it's reaching the end of life cisco continues to support the product which means you can continue to rely on the firewall and also keep getting software updates, and security updates.
- When managed centrally, management is improved, and policies can be changed once and applied to all firewalls in one go.
- Cisco Nexus switches as Core routers connecting a customer site to the datacenter via a private WAN.
- Trunking between the 5508-X and a cisco 3750 switch to allow different VLANs access to the internet via the same firewall.
- Cisco Meraki Access Points behind the 5508-X.
One of our customers required access to the internet when working from home via the office internet, as a result, we implemented AnyConnect for each and every user and forced their home traffic to go to the office and breakout to the internet via the office connection. This helps with possible traffic interception when using non-secure home wifi or internet cafes.
Palos are great but they are a bit more expensive. Cisco ASA 5500-Xs are very competitive budget-wise. Small to medium offices can easily afford Cisco ASA 5500-X with FirewPOWER services compared to Palo Altos. At the end of the day cisco even though more affordable still get the protection you need from a firewall.
Cisco ASA 5500-X with FirePOWER Services Feature Ratings
Resilience and Reliability
Instead of investing in a lot of products like IPS, IDS, and Email Proxies, Cisco ASA 5500-X with FirePOWER Services comes fully packed with all these features which only require licenses to activate and use. This also means collecting logs is made very easy since the logs will be coming from a single device. In all our deployments we are able to see and get notified when an IP address is running a scan or attempting to execute malicious code against our networks.
Deploying firewalls in High Availability (HA) and also making sure that the same Cisco ASA 5500-X with FirePOWER Services are deployed at the Disaster Recovery (DR) sites, so that when an attack happens the business can switch to the DR site and continue operating while the main site is dealing with a disaster.
- Integrated Cisco AnyConnect VPNs with SAML to allow single sing on with Office 365 accounts.
- Integrated access to management with Duo to provide MFA for administrators
- We are working on starting Ansible automation