Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
N/A
SonicWall TZ
Score 7.2 out of 10
N/A
SonicWall TZ is an entry to mid-tier NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.
We moved our operations entirely to the cloud a few years ago. We loved the stability and scalability of the ASA and wanted to, somehow, keep using it. We discovered that ASA was available in the cloud as well and it was branded ASAv. We tested it and noticed that it was equally robust and a perfect fit for us. During the entire migration period, we used ASAv for cloud operations and put a lot of load on it. ASAv performed very well and gave us an easy transition from on-prem to the cloud.
Good price for scope of functionality Challenge for those that are not highly technical Many options within Firewall Setting that need to understood to maximize use of the device. Would be nice to see some sort of configuration wizard to assist in configuring unit.
The Java based ASDM can botch commands and isn't compatible on some more locked down systems.
Monitoring. Really the same complaint as above, the monitoring available through the ASDM is crappy at best. A much better solution is to send the logs and mirror packets to a SEIM, but that can create issues of its own when looking for realtime analysis.
Compatibility across other ASA models. ASA 5520s don't play well with 5525X which don't play well with older 5510s. Each is great on it's own, but it's next to impossible to logically stack them or have them as layers of firewalls in an infrastructure.
Lack of cloud based management. The Cisco Meraki security devices do this well, but the ASAs are still behind in this regard.
management is confusing has many items that could be improved to facilitate the work to the network administrator
in the diagnostic tool I would improve the response times, that is, if a ping test is required, it should be quick, since in cases of failures it is sought to minimize the impact as much as possible.
each function has a different license item, I would place a single license package for all team functions
To be honest there has been now great products out in the market compared to Cisco ASA. I beleieve Cisco has to do a lot of improvement in this area. The other defeiniete factors is the cost when it comes to renewals which is always a premium on Cisco products
Overall the new interface is very logical and easy to navigate. We did struggle at first coming from the older interface and finding our way around the new. But our new users found it very simple to find what they were looking for. One negative we do all struggle with is packet cpature not always being clear how its set/what is being monitored. this could do with more information on teh intial page instead of having to look for it
I generally have not noticed the outages, however since it's a machine it can malfunction, we need to implement the firewall infrastructure in such a way that it is highly available with device failure, region failure etc. Else any solution will be having the issues if they are not build with resiliency.
The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good.
Once you get to a competent technician the support experience is better. But I have found that the lower tiers of support are very slow to respond (like 1 email per day) and you typically have to re-explain yourself a couple times before they get it. I have not used Phone support, and that may be a better experience.
It was quite a good one, how ever requires an expertise to deploy hence the SMB segment would be finding it difficult to implement this product. The one good reason is that there are lot of ASA certified engineers in compared to the other certified engineers. Hence this resembles positively on the deployment as you have quite a lot of experienced engineer on your deployment
Cisco has made it easy to buy, set up, and manage all of our firewalls with the central FirePower Management Center. All licensing is done via one license portal too. Tech support is standardized for all ASA devices and like support engineers who know the different models to provide timely help for any issues. Cisco Talos is a premier could platform which scours the internet looking for threats and develops protections for the ASA's and as such provides zero second coverage when it best can detect global issues.
SonicWall and WatchGuard are both fine appliances, but I am accustomed to the Barracuda NG. The Barracuda Control Center is so powerful and useful that it beats out the other two. SonicWall does a great job of dividing up firewall rules and NAT policies, but this is a preference among engineers.
The 5510 is still being used in one of our setups, and still doing its job this is a lot of Return on Investment.
We have managed to turn around projects quickly because most of our engineers understand this firewall very well. We deploy them in a matter of minutes[.]