Cisco Secure Firewall ASA Virtual - PAYG with 30-Day Free Trial
Cisco Systems, Inc. | 9.22.1.1Linux/Unix, Other 9.22.1.1 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Keeps costs low and provides granular control using appliances familiar to the team
Whatever you have that’s potentially public-facing, you need to protect it. As our technology moves to the cloud, so our need for security transfers from physical appliances to virtual ones. This is the classic Cisco ASA device, virtualised.
How has it helped my organization?
Ease of spinning one up: The hourly charge has made demos and testing better because it’s a truer representation of a real-life situation.
It has allowed us to reduce costs and to make sure we provide rounded, secure products to customers.
What is most valuable?
Top features:
* Easy to deploy for staff to use VPNs
* Ease of setup
* Integrated threat defence
* Great flow-based inspection device
* Easy ACLs
* Failover support
* Each virtual appliance is separate so you get great granular control
* Has own memory allocation
* Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
* License control
* SSH or RESTful API
What needs improvement?
We didn’t find any huge issues. Obviously, there are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates.
Admin rights need to be given out carefully as they give overarching control to all devices - but that’s the same for everything.
How was the initial setup?
We went with this solution via the AWS Marketplace because it’s been made so easy to use an ASAv on AWS with simple drop downs to set it up. Our demo machines were also in AWS so we wanted a one-stop shop where we could spin them up or down as needed and configure the ASAv before it was launched.
What other advice do I have?
Almost all IT staff have used, or can easily learn how to use, the Cisco ASA appliance because it’s been around for years and is so popular (with good reason). For us, we stuck with what we know. It was an easy sell to get it signed off by higher-ups as they’d also heard of the ASA device from their time in IT.
- Leave a Comment |
- Mark review as helpful
It provides the transparency of a single UI to ensure security
Our primary use case is security.
How has it helped my organization?
From a security perspective, we are getting assurance with the respect to the the infrastructure which is getting built or the threats which are emanating from the Internet. With these, we can obtain the visibility that we need to know where we need to improve.
What is most valuable?
The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it.
What needs improvement?
The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The stability is alright.
What do I think about the scalability of the solution?
Scalability is not an issue.
How is customer service and technical support?
Its technical support is the main reason why we selected the product.
How was the initial setup?
The integration and configuration are transparent and easy.
What's my experience with pricing, setup cost, and licensing?
We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy.
Which other solutions did I evaluate?
We evaluated VMware Virtual Networking and Check Point.
We chose Cisco because of the support and their roadmap for the changing technology landscape is good. Therefore, it is always better to be partnered with them.
What other advice do I have?
When you are going to select a product, don't look at the cost, but at the functionality. Also, look at the stability. These days, the startups will show a new function or functionality, but when looking for a partner, make sure the company is sustainability for the new four years? Do they have the funding?
We have a large ecosystem system: Symantec, McAfee, Splunk, Check Point firewalls, Cisco firewalls and IPS IDS from Cisco. They integrate and work well together. Cisco has been security leader for the last 20 years, so the products are quite stable working in sync.
We need the product to have HA pairs, so we can failover. It is relatively stable.
It's our firewall for our AWS VPC on the internal side that connects our VPC to headquarters.
I have been using the product for two years, but it has been installed in my company for four years.
What needs improvement?
Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version. We needed the ability to failover to one of the others to do maintenance, and this is a glaring issue. However, it is one of their cheaper products, so its understandable. It is just that we would hope by now, because it has been in use in a lot of different environments, for even moderately sized companies, the ability to have HA pairs would be extremely useful.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It has been relatively stable, in the sense that it stays up. It doesn't die on us.
What do I think about the scalability of the solution?
Scalability has been a pain point for us.
It's great for what it does. Just make sure you know whatever environment you are using it in is not going to have to scale. Just use it for sandbox. As long as they stay competitive, use the ASA, but make sure you have a plan to grow out of it.
How is customer service and technical support?
We have definitely made some calls to Cisco regarding issues. While it is time consuming, they are thorough. Sometimes depending on the urgency, if there is a real P1 problem going on, it would be more helpful to go straight to the chase than to have to go through troubleshooting steps that are mandated. A lot of times, it is understandable why they're there, but I wish they had a different, expedited process, especially when they're dealing with our senior network engineer who has already ruled out some things. Cisco tends to make you go through the steps, which is part of any normal troubleshooting. However, when you're dealing with an outage, it can be very frustrating.
How was the initial setup?
The integration and configuration were pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
We purchased the product through the AWS Marketplace. While I wasn't part of the buying process for Cisco ASA, I have used it to purchase AMIs.
The AWS Marketplace been great, but it could be a bit more user-friendly from an aesthetic perspective. It is fully functional and easy to figure out once you are in it. However, the layout of the AMIs has a lot missing, e.g., you have to side click to find the area for community AMIs. It would be awesome if AWS Marketplace would put up a wider range of AMIs.
With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy. The problem is that we already paid for the ASAs, and we grew quickly. Now, we have found ourselves in a situation where we have to wait for next year's budget and everyone is using it. We've gone from a sandbox model to full production. If Cisco was a bit more on the ball with this type of thing, such as pay a smaller lump sum, then scale as a pay by use or have an option to switch models. This would be good because then we could actually leverage this type of model.
Right now, we want to go to the rocket stuff, and our people who make the decisions financially will just have a heart attack. They will choke on it. However, if we can roll it into our AWS bill, and slowly creep it in, it is usually more palatable. As crazy as that sounds, even if its more expensive to do it this way.
Which other solutions did I evaluate?
Our network guy looked at alternatives and settled on Cisco ASA. It was the cheapest available option, virtualized, and he was familiar with Cisco, like many people are because it's a great company. It made the most sense at the time, because our VPC was a sandbox at first. Now, it has grown, which is where the pain point is: the scalability of the ASA. We have sort of wedged ourselves into a corner.
Client works well for security and connectivity
What do you like best about the product?
Easy to use; practically effortless because it runs in the background at startup for devices.
What do you dislike about the product?
Updating software consistently becomes a tiresome task to continue the smooth streamline use.
What problems is the product solving and how is that benefiting you?
Computer server client security
Quietly in the background
What do you like best about the product?
Overall, this program runs smoothly and you barely notice it in the background.
What do you dislike about the product?
Updates can be annoying, but that seems standard with most current applications.
What problems is the product solving and how is that benefiting you?
We do a lot of work/research online. This program protects the integrity of our software.
Recommendations to others considering the product:
This is a standard security program that is useful if you spend a lot of time searching the internet. I have not had any problems with malware.
default password - read the directions
Folks the inquiries about the default password... Sigh- read the directions. https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/asav/quick-start/asav-quick/asav-aws.html
Here is how to make it work... BEFORE you launch the AMI you must click advanced details and ADD a zero day configuration via text entry. Once you do connect via SSH and the username is admin. That said I was a victim too on the first try.
VPN Security
What do you like best about the product?
That it provides maximum security as for the VPN Network especially when we use our tools for modification purposes with client accounts.
What do you dislike about the product?
Sometimes it glitches and does not work and puts an error with our internet connection.
What problems is the product solving and how is that benefiting you?
It definitely helps us with our country or internet protocol locked tools using with our job.
Told it's free for 5 days
Yet I was charged $45 and no way to get refund. I contacted AWS and they said to contact Cisco. It states clearly no Cisco subscription charges, but yet.. still charged for cisco and the cost of the instance.
Easy to use and deploy
What do you like best about the product?
Easy to deploy and manage. Being virtual has it’s benefits and if you’re not doing much throughout, it’s the way to go.
What do you dislike about the product?
The ASDM interface still runs on Java which is clunky at best. Would be nice to have an HTML5 interface or you can just manage it via SSH.
What problems is the product solving and how is that benefiting you?
Less hardware allows for more space in the data center.
Very flexible
What do you like best about the product?
Nice combination of traditional ASA and NGFW
What do you dislike about the product?
Cost of Cisco licensing is extremely high
What problems is the product solving and how is that benefiting you?
Network segmentation
Recommendations to others considering the product:
Keep the cost of licensing in your mindp
showing 11 - 20