My main use case for Cisco Secure Firewall is only as a VPN concentrator.
Cisco Secure Firewall ASA Virtual - PAYG
Cisco Systems, Inc.External reviews
77 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Configuration has been frustrating with outdated tools but secure remote access works reliably
What is our primary use case?
What is most valuable?
The only feature I find most valuable in Cisco Secure Firewall is the VPN concentrator because we use it.
The only real benefit I realize from using Cisco Secure Firewall in this use case is that it's a different vendor, so a different attack vector.
What needs improvement?
A significant drawback for Cisco Secure Firewall is the ASA software, as I have not used the Firepower software yet. The ASA software has a GUI that is extremely ugly and appears to be made in the 1980s. At 28 years old, I am not accustomed to working with something that primitive.
The update procedures do not work, and the VPN creation wizard does not work. The GUI is useless for me and frustrates me to a very high degree, which led me to switch to the CLI for configuration.
For how long have I used the solution?
I have been using Cisco Secure Firewall for three years.
What do I think about the stability of the solution?
I assess the stability and reliability of this firewall as both very good. I have had no issues with stability, as once they run, they run.
What do I think about the scalability of the solution?
Since I am not using Cisco Secure Firewall for very heavy operations such as IPS or other intensive features, it scales quite well. We have two Firepower 1150s, and we are far under the limit of what our organization needs, so it scales well with our needs.
How are customer service and support?
I have used Cisco support extensively, and I used it for this product once because during the setup there was an issue with the licensing, and I needed Cisco support to help me with the licensing for the ASA.
I am always satisfied with the level of support that I received. On a scale of 1 to 10, it is a 10 because they are reactive and effective. That is all we ask for in support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We could accomplish this with another vendor such as Palo Alto, where we would not have to pay for licensing.
How was the initial setup?
When I use the CLI, everything works quite well. I attempted to do everything with the GUI at the beginning, but nothing works. I managed to set up the HA pair with no issues once I used the CLI.
Which other solutions did I evaluate?
We are using quite a few other vendors for firewalls, and I do not think I can disclose which firewall we use where, but we use other major vendors such as Fortinet, Palo Alto, and Check Point. We have a bit of everything in our portfolio.
What other advice do I have?
If it was my choice, I would have put another firewall there with something easier to configure, more straightforward, and a cleaner interface to maintain it.
My honest advice for someone who is evaluating Cisco Secure Firewall based on my experience would be that if you can get something else, go for something else. If you are going to use it, then use the CLI because the GUI is not usable. If I had the choice, I would not be using Cisco Firepower or ASA on top of it because in my opinion and the opinion of my colleagues and my management, it is not the best device for the role it is playing.
My overall rating for Cisco Secure Firewall is 5 out of 10.
Does what it's supposed to do
What do you like best about the product?
Easy to use and customer support is quick and efficient.
What do you dislike about the product?
I have not had any negative experiences with Cisco at this time.
What problems is the product solving and how is that benefiting you?
We are a large company with vast network connections, this has made navigating through systems must faster.
We need the product to have HA pairs, so we can failover. It is relatively stable.
It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.
I have been using the product for two years, but it has been installed in my company for four years.
What needs improvement?
Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It has been relatively stable, in the sense that it stays up. It doesn't die on us.
What do I think about the scalability of the solution?
Scalability has been a pain point for us.
It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.
How is customer service and technical support?
We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.
How was the initial setup?
The integration and configuration were pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.
The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.
With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.
Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.
Which other solutions did I evaluate?
Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.
showing 1 - 3