Our main use cases for Cisco Secure Firewall include firewall, IPS, and URL filtering.
Cisco Secure Firewall ASA Virtual - PAYG
Cisco Systems, Inc.External reviews
77 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Central management empowers us with unified policy control and compliance
What is our primary use case?
What is most valuable?
The feature of Cisco Secure Firewall that I prefer the most is IPS. I appreciate the IPS feature because it's built in and I can control it using the FMC and push out the policy company-wide, making it centrally managed. The IPS benefits my company because that's one of the requirements; we used to have separate IPS. Now it's all integrated, providing ease of use for us. Cisco Secure Firewall has helped my company achieve its goals because it's a next-generation firewall. That's what we need to maintain certain compliance from the security side. Having IPS built in, firewall, URL filtering, everything is centrally managed, so we have more visibility and management.
What needs improvement?
For how long have I used the solution?
I have been using Cisco Secure Firewall in my company for the last two years.
What do I think about the stability of the solution?
I haven't seen any breakdown or instability; the platform has been stable, and we haven't had any issues.
What do I think about the scalability of the solution?
Cisco Secure Firewall scales with the growing needs of my company as we're going to implement clustering. I've used clustering in my past experience; it's very easy and straightforward. We had some minor issues with the clustering. I appreciate the clustering capability, though I haven't implemented it in my current job.
How are customer service and support?
The customer service and technical support have been great; they've always been great.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I considered other solutions such as Palo Alto before choosing Cisco Secure Firewall. We were using Palo Alto, but we decided to go with Cisco because of its ease of use. We were a Cisco shop, and there's a micro facility where you can migrate all the ASA to the firewall.
How was the initial setup?
The deployment process of Cisco Secure Firewall is simple enough. Out of the box, you perform the initial management configuration, specify the FMC location, join FMC, and then you can manage it from FMC. The process is straightforward and simple.
What was our ROI?
From my point of view, the biggest return on investment when using Cisco Secure Firewall is the single pane of glass, which is a huge plus for us. Having that visibility, managing all the alerts, IPS alerts, vulnerability management - everything is a huge plus.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup costs, and licensing is that it's consistent. I don't have much visibility on the licensing side, but I assume it remains the same.
Which other solutions did I evaluate?
There are differences between Palo Alto and Cisco, particularly on the cloud side. Palo Alto has Prisma Cloud and additional tools. I would say Cisco has room for improvement in that area for the future. We're not heavily in the cloud, so for us, it's not a significant concern.
What other advice do I have?
We haven't used any new features or functionalities in Cisco Secure Firewall recently, but we plan to try file scanning, focusing more on the malware side, AMP and everything. That's something we want to try next.
My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is limited as we haven't tried SSL encryption yet. That's something we might explore in the future.
Regarding Cisco Secure Firewall's ability to unify policies across my environment, managing via FMC ensures accuracy. Unifying policies is essential for my company because it provides one pane of glass. Software pushes, policy implementation, traffic monitoring, and having all alerts in one place are crucial.
The impact of the cloud-delivered firewall on my company's security posture is significant. Having the same FTD running in the cloud, managed by FMC, is our future direction. We currently implement this with Azure.
Regarding zero trust security model implementation, we are exploring options with SD-WAN, both on-premises and in the cloud with firepower. I'm meeting with a Cisco engineer next week to discuss implementation strategies.
I don't see anything that needs improvement in Cisco Secure Firewall; we've been very satisfied with it. I've been using FTD for almost five to seven years now, including with a previous company, and heavily worked on migration from ASA to FTD.
From one to ten, I would rate Cisco Secure Firewall a ten.
Been using it as a AnyConnect VPN solution for over a year now
We setup an EC2 instance to act as an AnyConnect VPN gateway, to be able to access our various IP addresses in AWS and even resources in our office because the office has an ipsec link to AWS. And yeah, it's been working great/solid for a little over a year now. We have about 15 remote employees who anyconnect vpn into it regularly. We don't set the default route to go out through the vpn though, because AWS charges for network traffic, but we route all our private IP's and a small handful of public IP addresses through the vpn tunnel and it's been stable.
We need help to upgrade to the version of the ASA OS that currently is on version 7.16 and an upgrade to version 9.14(2)8 is required
We request your important support to review the causistry of updating the VPN services found in AWS, we have 6 C5xlarge with images of Cisco Secure Firewall ASA Virtual - PAYG which we require to upgrade to the version of the ASA OS that currently is on version 7.16 and an upgrade to version 9.14(2)8 is required
i-0521966302cb81d67
i-06f377eef48968e71
i-0e2a22338ca7e533a
i-0141f49bb48f8c3b5
i-010e4caa4fe7a687b
i-0c5cd8239b2233718
i-082c7850b684ac26c
default password - read the directions
Folks the inquiries about the default password... Sigh- read the directions. https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/asav/quick-start/asav-quick/asav-aws.html
Here is how to make it work... BEFORE you launch the AMI you must click advanced details and ADD a zero day configuration via text entry. Once you do connect via SSH and the username is admin. That said I was a victim too on the first try.
Really close to the physical rackmount version
Using these for work for most of the year now with a site-to-site tunnel from an asa-v in us-east-1 to an asa-v in us-west-2 as well as several incoming site-to-site tunnels and remote access VPN on both 9.5.2.204 and 9.5.2.207. Make sure you know what you're doing...you're comfortable with Cisco config via user data (and later ASDM if needed), you have compared what ASA-v doesn't provide, etc. otherwise you'll give undeserved 1-star reviews like those before. Only issue seen so far is Syslog can die with lots of traffic around a month in (204) or several months in (207) which requires a restart of the appliance. I'm hoping 9.6.2.1 fixes that. Other than that a ChangeLog for each AMI version would be nice to see.
Nice to have
It's easy to manage because ASA OS is same as appliances.
I think ASAv is supported via a Smart License model.
showing 1 - 6