Cisco ASA Firewall Valuable Features
Cisco Security Specialist at a tech services company with 10,001+ employees
All the features are very valuable.
Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users.
The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago.
Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA.
Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center.View full review »
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.
Also, it's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.
When it comes to threat visibility, the ASA is good. The ASA denies threats by using common ACLs. It can detect some DoS attacks and we can monitor suspicious ICMP packets using the ASA. It helps you know when an attack is detected.
Cisco Talos is good. It provides threat intelligence. It updates all the devices to be aware of the new threats and the new attacks out there, so that is a good thing. It's like having God update all the devices. For example, even if you have FTD in your company, malware can be very difficult to detect. There is a new type of malware called polymorphic malware. When it replicates, it changes its signature which makes it very difficult for a firewall to detect. So if your company encounters one type of malware, once, it is automatically updated in your environment. And when it is updated, Talos then updates every firewall in the world, so even if those other firewalls have not yet encountered those particular types of malware, because Talos automatically updates everything, they're able to block those types of malware as well. Talos is very beneficial.
When it comes to managing, with FMD (Firepower Management Device) you can only manage one device, but when you work with FMC (Firepower Management Center) you can manage a lot of sensors, meaning FTDs. You can have a lot of FTDs but you only have one management center and it can manage all those sensors in your company. It is very good.View full review »
Among the most valuable features are the reports which are generated according to the rules that we've put in place to either block traffic or report suspicious attempts to connect to our network. They would come standard with any firewall and we're always monitoring them and taking any corrective steps needed.
Cisco's support is great.
For experienced users, they are pretty much able do anything they want in the interface with few restrictions.
The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made."
We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.
Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.View full review »
The solution can allow and block traffic over the VLANs.Some of the unauthorized actions and malicious traffic can also be blocked effectively, as we are following PCI DSS compliance. We are a card industry. We are using cards as a payment method, and therefore we need to follow the compliance over the PCI DSS. That's why we chose one of the best products. ASA Firewall is very secure.
It's always easy to integrate Cisco with the same company products. If you are using other CIsco products, there's always easy integration.
Cisco is one of the most popular brands, and therefore the documentation is easily available over the internet.
They are best-in-class.
The remote VPN feature is one of the best features we've found.
We like that there is two-factor authentication on offer. We can integrate a Google authenticator with Cisco ASA so that whenever a person is logging on to any network device, they need to enter the password as well as the security code that is integrated by Google. It's a nice added security feature.
Cisco ASA provides us with very good application visibility and control. The Cisco CLI command line is one of the easiest we found on the market due to the fact that the GUI and the user interface are very familiar. If you're a beginner, you can easily access it. There's no complicated UI.
When compared to other products available, the cost is pretty similar. There's no big gap when you compare Cisco pricing to other products.
There are multiple features in a single appliance, which is quite beneficial to us.
Support that is on offer 24/7. Whenever we face some technical issue, we can reach out to them easily.
We have not had any security breaches.
They provide a helpful feature that allows us to configure email.
We are getting a lot from the appliance in real-time.View full review »
CSD Manager at BTC
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.
The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products.
Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco.
It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat.
One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic.
In addition, Talos is an enhancement to Cisco firewalls, and provides a better view.
The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes.View full review »
The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java.
High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.
The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals.
IPS is also valuable for intrusion detection and prevention. It is a paid module that can be added. I'm using it for security, VLAN management, segregation management, and so on.
It is easy to use. In our region and our country, Cisco is well known, and most of the companies are using Cisco products. We have been using Cisco devices for a while, and our company primarily has Cisco devices. So, we are familiar with it, which makes it very easy to use for us. Even when we compare it with other products, it is easier to use.
It is easy for us to manage it because it is a familiar product, and it has been a part of our environment. Now, other products are providing free training, free access, and free license, because of which things are changing. So, you can easily become familiar with other products.View full review »
Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong.
Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to.
It's great for securing the network. You learn a lot.
The initial setup is straightforward.
The solution is very stable.
The scalability of the solution is very good.View full review »
Data Analyst at a hospitality company with 201-500 employees
In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be.
The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.
From what I've already done with ASA, I've noted that it's a very simple solution.
It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn.View full review »
Tier 2 Network Engineer at a comms service provider with 1,001-5,000 employees
The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.
It is one of the easiest firewalls that I've worked with. Therefore, if you're not comfortable with command line, it probably is one of the best solutions on the market.View full review »
Cisco provides the most solutions.
We use some of our Cisco firewalls offsite. They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. That is a feature that makes our customers happy.View full review »
We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.
It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4.View full review »
Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.
Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There are one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.
The stability is very good.
Technical support services are excellent.View full review »
Network Specialist at a financial services firm with 501-1,000 employees
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you. Once you get all your rules in place, done correctly, you have some sort of security in terms of who can have access to your network and who has access to what, even internally. You're secure and your authorization is in place for who can access what. If someone who is trying to penetrate your network from the outside, you know what you've blocked and what you've allowed.
It's not so difficult to pull out reports for what we need.
It comes with IPS, the Intrusion Prevention System, and we're also using that.View full review »
Technical Specialist, consultant at a computer software company with 10,001+ employees
The configuration capabilities and the integration with other tools are the most valuable features.
I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.View full review »
The clusters in data centers are great.
We enjoy the use of the remote access VPN. We have a mechanical firewall with IPS and we have no more than these. In general, ASA is for remote access and the mechanical firewall right now is more used for data centers.
We work to combine customers and we have a lot of customers that use networking from Cisco. They buy Cisco firewalls due to the fact that all of their networks are working with Cisco features.View full review »
Overall, the solution works very well.
The solution is quite fast. We found that the speed was good and the throughput was good.
The stability has been very good.
The solution can scale as necessary.
The product is quite robust and durable.
I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.View full review »
CEO & Co-Founder at a tech services company with 51-200 employees
The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.View full review »
Network Consulting Engineer at a comms service provider with 201-500 employees
Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints.View full review »
The ability to block threats is its most valuable aspect.
Most clients in Laos use the basic setup, which works quite well. It ensures that nothing can get onto the local network.
It's pretty reliable and allows for isolation capabilities within the network.
The ADSM is very good.
I like that I can use the command line. I use a lot of Cisco and often work with this. If you are comfortable with the command line, it's quite good.View full review »
The solution is stable. We haven't had any issues in that sense.
The security of the hardware is excellent. Cisco is very serious in its approach to security.
We have a high level of trust in Cisco and its products.
The solution is excellent for enterprise-level networks.View full review »
Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.
The biggest advantage of Cisco products is technical support. They provide the best technical support.
President at a tech vendor with 11-50 employees
I like them mostly because they don't break and they have great diagnostics. If something is awry, you can generally figure it out. And of course, everybody has a VPN, but I like the security of their VPN.View full review »
Network Security Engineer at a tech services company with 201-500 employees
The user interface, the UI, is excellent on the solution. Let's say you want to check the real-time locker - you can create it by the UI using ADSM.View full review »
Firewalls are about blocking. ASA is for blocking, but it does not have the intelligence like Fortinet to detect attacks. If I could use ASA to detect attacks, maybe we could buy another service from Cisco although it's very expensive. I would choose Fortinet, but my clients like ASA support. I prefer Fortinet because Fortinet has a UTM and it's a good firewall.View full review »
Sr Network Administrator at Orient Petroleum Inc
The security the solution offers is very good. Security-wise, it's the top in the world.
The product has excellent technical support.
The user interface is easy to navigate.
Everything is user friendly.View full review »
The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.
Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.View full review »
Network Administrator at Novabase
The most valuable feature we have found to be the VPN because we use it often. Additionally, overall the solution is user-friendly and especially the ASDM GUI.View full review »
The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping.View full review »
Network & Systems Administrator at T-Systems
It's an almost perfect solution.
The configuration is very easy.
The management aspect of the product is very straightforward.
The solution offers very good protection.
The user interface itself is very nice and quite intuitive.View full review »
Network Administrator at a manufacturing company with 10,001+ employees
To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.
We frequently use the Bottleneck feature we purchased specialized from Cisco.View full review »
CEO at a security firm with 1-10 employees
The most valuable feature is that the encryption is solid.View full review »
The most valuable feature is that it's secure.
It is really stable and I've never had an occasion that due to this firewall, I have had issues with the network, a breakdown, or otherwise.
This is a user-friendly product. Once you have a specialist who can configure it properly, you'll be pretty protected everything you want is in it.View full review »
Information Security Manager at a financial services firm with 501-1,000 employees
It's a flexible solution and is well-known in the community. Most professionals are familiar with Cisco products and we prefer to work with products that we know. That is why we chose to work with Cisco firewalls, and also for the quality.View full review »
Lead Network Engineer at a tech services company with 51-200 employees
We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution.View full review »
Network Security Engineer at a tech services company with 51-200 employees
The Inline Mode configuration works really well, and ASA works very impressively.View full review »
The software itself is very simple.
The solution is easy to operate. It's not overly complex.
The command line is the same as it is on the Cisco iOS router.
The technical support is very helpful and responsive.
Principal Network Engineer at a manufacturing company with 501-1,000 employees
The most valuable features for my client are the ASDM and monitoring.
They have familiarity with the Cisco CLI.View full review »
Senior Information Security Analyst at a manufacturing company with 10,001+ employees
I have found the most valuable feature to be the access control and IPsec VPN. There are a lot of people moving towards the next-generation versions of firewalls which have some advanced features such as this one. You can define rules based on the application instead of how they are traditionally are done. There are more general and traffic controls, and additional features for intrusion prevention for malware analysis.View full review »
It is very stable compared to other firewall products.
It has good security features.
The firewall features make it easy for the users to work on it.View full review »
Network Security Engineer at a tech services company with 1,001-5,000 employees
The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices.View full review »
Administrator at a university with 1,001-5,000 employees
It is a flexible solution and can be easily integrated with your network hardware. It is a very useful product. This product is very popular in the industry and the network security environment is good.
Gerente de Unidad at Redescomm, C.A.
The most valuable feature is the ability to block almost all of the ports.
All of the commands work the same way, whether in the graphical interface or when using the command line.
Cisco products have a lot of features.View full review »
It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon.View full review »
Consulting Engineer at IV4
The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities. Because I primarily deal with the VPN functionality, I don't get very deep into the IPS or other capabilities.View full review »
Lead System Engineer at a comms service provider with 201-500 employees
I like all of the features.View full review »
IT Consultant at Hostlink IT Solutions
The high-availability and remote VPN features are most valuable.
It is easy to configure. It has a GUI and a CLI.View full review »
Sr. Network Engineer at a construction company with 10,001+ employees
The best features are stability and scalability.View full review »
Group Information Technology Manager at a mining and metals company with 201-500 employees
The best feature for me is the VPN and I also like the firewall.View full review »
Jr. Engineer at a computer software company with 5,001-10,000 employees
It is already improved because all of the computer updates are available online. So, you can update, and I think that the ASA 5585 is already updated.
All of the licensing features can be upgrades.
The interface is user-friendly.View full review »
Enterprise Integration Architect at a insurance company with 10,001+ employees
It's very stable and mature.View full review »
System Engineer at a tech services company with 501-1,000 employees
It's a flexible solution.View full review »
IT Administration at a manufacturing company with 11-50 employees
The most valuable feature is the access control list (ACL).View full review »
Network Engineer at a pharma/biotech company with 1,001-5,000 employees
The solution is simple to deploy and stable.View full review »
Consultor at a government with 201-500 employees
I like the IPS feature, it is the most valuable.View full review »