Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Cisco Secure Firewall ASA Virtual - PAYG

Cisco Systems, Inc.

Reviews from AWS customer

28 AWS reviews

External reviews

81 reviews
from and

External reviews are not included in the AWS star rating for the product.

2-star reviews ( Show all reviews )

    Dimitar Angelov

Rebuilt complex global security has exposed licensing hurdles yet still delivers solid protection

  • April 29, 2026
  • Review from a verified AWS customer

What is our primary use case?

I have mainly worked with Cisco Firewall, specifically FTD and FMC, controlling the Firewall Threat Defenses from FMC, using Talos and Cisco ISE for approximately two and a half to three years. I completed a comprehensive re-architecture and added different vendors for a company called Gaming Laboratories International, where I extensively used their products.

For a span of two years, I extensively used Cisco products, ranging from switching and routers to firewall solutions for Gaming Laboratories International. For the last year, I have mainly worked with Palo Alto and Cato products, transitioning toward SD-WAN and SASE solutions.

At Gaming Laboratories International, I inherited a poorly designed network architecture and completely re-architected the network using Cisco Secure Firewall FTD and FMC across 45 different offices around the globe, spanning 435 jurisdictions at that time. My team and I used Cisco Secure Firewall as our internal firewall, securing the internal perimeter and protecting our DMZ from the inside. On the outside, we implemented Palo Alto because Cisco Secure Firewall could not handle the capabilities we required, such as application identification, which Palo Alto truly excels at.

What is most valuable?

Cisco Secure Firewall is quite scalable, and I have found it relatively easy to set up high availability using their proprietary protocol HSRP. I have truly enjoyed the flexibility, though their proprietary cables can be prohibitively expensive compared to standard options available from other vendors.

The benefit of Cisco Secure Firewall lies in keeping it to the basics through hardware, which costs a bit more, but the real problem emerges when integrating other platforms and their licensing, which is quite expensive. When calculating the total costs, including ISE, DNA Center, and hardware maintenance, it becomes exorbitant for medium-sized enterprises. It may work for large enterprises already entrenched in Cisco products.

What needs improvement?

The biggest inefficiency with Cisco Secure Firewall, to be honest, is the licensing—too many licenses for too many different products. There is not a single platform, which is essential nowadays. Cisco Secure Firewall is a bit of a colossus where they add weight on top of it, and I believe it amounts to simply placing products next to each other, which is not a very good solution from the perspective of a network security engineer.

There are many features I would personally remove, amend, or create differently from an engineering perspective. The Frankenstein architecture needs to stop and focus on AI. Nowadays, with different products, it is essential to have a single platform for better data and line application control. Everything about AI is to control application usage and how users interact with your systems.

The process with FMC is quite a hurdle, and attempting to integrate it with DNA Center or ISE turns into a nightmare. There is a stark contrast with Palo Alto and Prisma—everything just flows.

When setting up Cisco Secure Firewall, I encounter significant challenges, especially with on-premise Next-Generation Firewalls. There is lacking clarity in documentation, particularly when changing internet service providers or external IP addresses. This lack of guidance often leads to being locked out or corrupting files within the Next-Generation Firewall, resulting in wasted time troubleshooting.

For how long have I used the solution?

I worked with Cisco Secure Firewall more than a year ago, exactly eleven months, to be precise.

What do I think about the stability of the solution?

I am really happy with the performance and capabilities of Cisco Secure Firewall to manage heavy workloads. Although it performs well, integrating the software with existing systems often creates complications.

What do I think about the scalability of the solution?

Cisco Secure Firewall is quite scalable, and I have found it relatively easy to set up high availability using their proprietary protocol HSRP.

How are customer service and support?

Cisco's customer service and technical support respond in a timely manner, which is good. However, they do not always come up with effective solutions. Many times, I need to dig deep to find solutions due to the complexity of the environments where I work, especially in game development.

I would rate Cisco technical support as a seven. They deserve a six or seven for their efforts, but I feel sympathy for them given the challenging circumstances they work under.

Which solution did I use previously and why did I switch?

At the moment, I do not use Cisco Secure Firewall at all. For the last eleven months, I have been working solely with Palo Alto Next-Generation Firewall, Prisma Access, and Cato. I am primarily integrating Cato for companies, and I have witnessed its rise over Cisco Secure Firewall because of its simplicity, ease of management, and deployment cost and time efficiency.

How was the initial setup?

When setting up Cisco Secure Firewall, I encounter significant challenges, especially with on-premise Next-Generation Firewalls. There is lacking clarity in documentation, particularly when changing internet service providers or external IP addresses.

What other advice do I have?

For high traffic rates and heavy CPU consumption, Cisco Secure Firewall could fit well. However, security can lead to lock-out situations, so those considering Cisco Secure Firewall should thoroughly assess their needs. SASE solutions are dominating the market; I primarily work with Cato, which finds traction in eight out of ten meetings I have with customers, with Palo Alto depending on the desired security posture.

I suggested in the design, and that was approved to be moved internally because Palo Alto had better capabilities to handle security concerns. Cisco Secure Firewall overly relies on administrators to do the heavy lifting to connect those platforms with open-source or third-party solutions. Licensing is a recurring issue—it would be much easier if there were a package, but that is not the case.

When we do not talk about money, time has become the critical factor where Cato massively outperforms Cisco Secure Firewall. I would rate this review a five point five overall.

    Sébastien Peeters

Configuration has been frustrating with outdated tools but secure remote access works reliably

  • February 10, 2026
  • Review provided by PeerSpot

What is our primary use case?

My main use case for Cisco Secure Firewall is only as a VPN concentrator.

What is most valuable?

The only feature I find most valuable in Cisco Secure Firewall is the VPN concentrator because we use it.

The only real benefit I realize from using Cisco Secure Firewall in this use case is that it's a different vendor, so a different attack vector.

What needs improvement?

A significant drawback for Cisco Secure Firewall is the ASA software, as I have not used the Firepower software yet. The ASA software has a GUI that is extremely ugly and appears to be made in the 1980s. At 28 years old, I am not accustomed to working with something that primitive.

The update procedures do not work, and the VPN creation wizard does not work. The GUI is useless for me and frustrates me to a very high degree, which led me to switch to the CLI for configuration.

For how long have I used the solution?

I have been using Cisco Secure Firewall for three years.

What do I think about the stability of the solution?

I assess the stability and reliability of this firewall as both very good. I have had no issues with stability, as once they run, they run.

What do I think about the scalability of the solution?

Since I am not using Cisco Secure Firewall for very heavy operations such as IPS or other intensive features, it scales quite well. We have two Firepower 1150s, and we are far under the limit of what our organization needs, so it scales well with our needs.

How are customer service and support?

I have used Cisco support extensively, and I used it for this product once because during the setup there was an issue with the licensing, and I needed Cisco support to help me with the licensing for the ASA.

I am always satisfied with the level of support that I received. On a scale of 1 to 10, it is a 10 because they are reactive and effective. That is all we ask for in support.

Which solution did I use previously and why did I switch?

We could accomplish this with another vendor such as Palo Alto, where we would not have to pay for licensing.

How was the initial setup?

When I use the CLI, everything works quite well. I attempted to do everything with the GUI at the beginning, but nothing works. I managed to set up the HA pair with no issues once I used the CLI.

Which other solutions did I evaluate?

We are using quite a few other vendors for firewalls, and I do not think I can disclose which firewall we use where, but we use other major vendors such as Fortinet, Palo Alto, and Check Point. We have a bit of everything in our portfolio.

What other advice do I have?

If it was my choice, I would have put another firewall there with something easier to configure, more straightforward, and a cleaner interface to maintain it.

My honest advice for someone who is evaluating Cisco Secure Firewall based on my experience would be that if you can get something else, go for something else. If you are going to use it, then use the CLI because the GUI is not usable. If I had the choice, I would not be using Cisco Firepower or ASA on top of it because in my opinion and the opinion of my colleagues and my management, it is not the best device for the role it is playing.

My overall rating for Cisco Secure Firewall is 5 out of 10.

    Wendy S.

Does what it's supposed to do

  • March 09, 2023
  • Review provided by G2

What do you like best about the product?
Easy to use and customer support is quick and efficient.
What do you dislike about the product?
I have not had any negative experiences with Cisco at this time.
What problems is the product solving and how is that benefiting you?
We are a large company with vast network connections, this has made navigating through systems must faster.

    Ryan P.

We need the product to have HA pairs, so we can failover. It is relatively stable.

  • December 09, 2018
  • Review from a verified AWS customer

It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.
I have been using the product for two years, but it has been installed in my company for four years.
What needs improvement?
Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It has been relatively stable, in the sense that it stays up. It doesn't die on us.
What do I think about the scalability of the solution?
Scalability has been a pain point for us.
It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.
How is customer service and technical support?
We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.
How was the initial setup?
The integration and configuration were pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.
The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.
With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.
Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.
Which other solutions did I evaluate?
Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.

showing 1 - 4