Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
N/A
Juniper SRX
Score 9.0 out of 10
N/A
Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.
The company has been using Cisco Adaptive Security Appliance (ASA) Software for more than 10 years, for the support team its operation is simple, so even though Palo Alto has more functions, we would have a certain cost of investment and time in training the entire team, or we …
Integration with Cisco Ecosystem, Cisco Adaptive Security Appliance (ASA) Software integrates smoothly with other Cisco security products and networking solutions. We have already invested in Cisco networking equipment and infrastructure which is why we chose Cisco Adaptive …
I've used the Firepower to a small extent. It's way better. It does up to layer seven. It does a lot more inspection. It does URL filter. It does IPS, it does antibody, it does all the things that the ASA doesn't do.
Cisco has made it easy to buy, set up, and manage all of our firewalls with the central FirePower Management Center. All licensing is done via one license portal too. Tech support is standardized for all ASA devices and like support engineers who know the different models to …
The ASA led the pack for our use case since we were familiar with it and the ASA (and ASAv) was able to integrated with our environment very easily. We were also able to apply MFA to the ASA with very little effort, further improving our posture. In comparison, other tools were …
This was selected due to our organization standard and our branch office is using ASA. Integration with the same product is really a good option with ASA.
We moved from older ASAs to Firepower and were excited to see the new features and higher reliability. Throughput is faster and as our old ASAs were breaking down intermittently it was time for the upgrade. The newer GUI has a better dashboard and is easy to maneuver in, easier …
Configuration and management of Cisco's ASA are straightforward. We chose Cisco ASA for many reasons, as well as Cisco's threat response reports. We previously had issues with Sophos UTM due to its poor performance. We no longer have to be concerned about performance issues …
Palo Altos blow Cisco ASAs away in terms of form and function. They are next-generation firewalls that have very advanced rule sets and AI to help protect your cooperation; however, they are also about 20 times more than a comparable Cisco ASA firewall.
Fortinet and SonicWall firewalls are not without their own unique merits, but Cisco ASA devices are our go-to devices for all of our clients' firewall needs. We have found creating and keeping VPN tunnels established is much easier on a Cisco ASA device.
Cisco ASA is doing well, has [a] lot of documents available, [and easy] implementation, however, other vendors are also very easy to deploy. Cisco ASA has [a] great support team. Cisco ASA is truly [a] next-generation product. Now it is cloud-managed, along with zero-touch …
We have never used any other firewall. This is the first firewall in our organization and we are very happy with its features and technical support. [Cisco ASA] is easy to configure and we never face any downtime with it.
We have a small network so we were using clearos for security but this firewall is just a basic functionality so we decided to change and installed the Cisco ASA firewall. Cisco ASA provides us lots of features like NAT, routing, as well as security features for protecting our …
We were not using any firewall before this, so we searched and purchased the Cisco ASA 5525 Series Firewall. It provides us [a] firewall with router features. The performance of this firewall is very good.
We were using the Sophos firewall but this firewall is very complicated and lots of bugs [are] in this firewall. Lots of [times] we faced the policy misbehave [as well as] downtime. Technical support is also not good so we purchased the Cisco ASA series and after Cisco ASA, we …
We have a startup and this is our first organization. We researched lots of firewalls but the price was very high so we decided to purchase the Cisco ASA. It provides us [a lot] of features at a low cost. Cisco ASA provides us router functionality [as well] so it is easy for us …
We were using pfsence before [the] Cisco ASA firewall and we were not happy with pfsense features. Lots of features are missing in pfSence so we decided to install the [Cisco] ASA 5525 and we are very happy with the features. There are lots of options in nat and you can easy to …
We were using Pfsense in our environment before for remote VPN but we were facing continuous configuration misbehave issues. After using Cisco ASA is have resolved our remote VPN & security issues. It has also GUI Based control access so that we can easily check & manage things …
We were using the PFSense but we were not happy with the services. We were facing lots of downtime and bugs during the production hours. That's why we selected Cisco ASA. It is a really very good firewall and we haveb't faced any downtime in the last 3 years.
We were using PfSense before in our environment but we were facing continuous issues in configuration management & policy-based management. After the implementation of Cisco ASA, it has resolved both the previous problems & also provided us a reliable solution with High …
We were using [pfSense] before in our environment but we regularly facing difficulties over it due to software bugs & downtime. After implementing Cisco ASA, it resolved our availability issue & provides us a reliable solution with the best security features & easy to …
Juniper SRX stands tall compared to all these products for Large Service Provider Networks, where traffic volume is larger. Also, cost comparison with SRX's few other products can also be another contributing factor while selecting this. As well as Juniper Routers, Switches, …
The comparison between the different firewalls is really down to preference and price at this point. The SRX is a solid device, and we have not seen a hardware failure to date. The Juniper support I have had is stellar and has helped me out with larger more complex scenario …
Equipment prices ran about the same. Performance and management were also more or less equal. The biggest deciding factors for going with Juniper were (1) fewer security incidents related to SRX firewalls and (2) technical support costs were significantly less.
Juniper SRX is significantly better in every category.
Cisco ASA was terrible. The config is unintuitive and not easy to manage. Cisco left the ASA abandoned from any kind of meaningful software updates for around a decade.
I love the Cisco ASA but I've become used to the SRX. I am a CLI kind of guy so the SRX works for me. Others may be more GUI based so the ASA may be more comfortable to you. If that's the case then the ASA's ASDM is a solid platform to manage your FW. Junos hasn't gotten this …
The SRX Stacks up well to the ASA and Sonic wall but I feel the features provided by Fortigate/Palo Alto and Checkpoint far exceed that of the competitors.
We moved our operations entirely to the cloud a few years ago. We loved the stability and scalability of the ASA and wanted to, somehow, keep using it. We discovered that ASA was available in the cloud as well and it was branded ASAv. We tested it and noticed that it was equally robust and a perfect fit for us. During the entire migration period, we used ASAv for cloud operations and put a lot of load on it. ASAv performed very well and gave us an easy transition from on-prem to the cloud.
Juniper vSRX is an excellent edge gateway device. The combination of Tunneling protocols supported and the advanced routing & security features makes it perfect for this kind of deployment. It is available in physical, virtual appliances as well as support on multiple clouds so you can have the same box be your edge gateway in multiple environments for consistency.
It can also work as a Internet Gateway, DMZ Firewall/Router and it would function just fine.
While it can also work as a DC firewall (North-South), the poor GUI will make it harder in the day to day administration for the multiple policies in a DC.
The Java based ASDM can botch commands and isn't compatible on some more locked down systems.
Monitoring. Really the same complaint as above, the monitoring available through the ASDM is crappy at best. A much better solution is to send the logs and mirror packets to a SEIM, but that can create issues of its own when looking for realtime analysis.
Compatibility across other ASA models. ASA 5520s don't play well with 5525X which don't play well with older 5510s. Each is great on it's own, but it's next to impossible to logically stack them or have them as layers of firewalls in an infrastructure.
Lack of cloud based management. The Cisco Meraki security devices do this well, but the ASAs are still behind in this regard.
To be honest there has been now great products out in the market compared to Cisco ASA. I beleieve Cisco has to do a lot of improvement in this area. The other defeiniete factors is the cost when it comes to renewals which is always a premium on Cisco products
I generally have not noticed the outages, however since it's a machine it can malfunction, we need to implement the firewall infrastructure in such a way that it is highly available with device failure, region failure etc. Else any solution will be having the issues if they are not build with resiliency.
The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good.
This is the one area where I have a beef with Juniper. When I called into Cisco TAC, 90% of the time, the first person I spoke with was able to resolve my issue. With Juniper TAC, 90% of the time, the first person I speak with is not able to resolve my issue, seems to almost be reading from a script, and must escalate my ticket. All of which takes time.
It was quite a good one, how ever requires an expertise to deploy hence the SMB segment would be finding it difficult to implement this product. The one good reason is that there are lot of ASA certified engineers in compared to the other certified engineers. Hence this resembles positively on the deployment as you have quite a lot of experienced engineer on your deployment
Cisco has made it easy to buy, set up, and manage all of our firewalls with the central FirePower Management Center. All licensing is done via one license portal too. Tech support is standardized for all ASA devices and like support engineers who know the different models to provide timely help for any issues. Cisco Talos is a premier could platform which scours the internet looking for threats and develops protections for the ASA's and as such provides zero second coverage when it best can detect global issues.
Equipment prices ran about the same. Performance and management were also more or less equal. The biggest deciding factors for going with Juniper were (1) fewer security incidents related to SRX firewalls and (2) technical support costs were significantly less.
The 5510 is still being used in one of our setups, and still doing its job this is a lot of Return on Investment.
We have managed to turn around projects quickly because most of our engineers understand this firewall very well. We deploy them in a matter of minutes[.]
It is a workhorse for our field operations. It provides the last touch for an ISP to the customer. The customer has no view of the device, but with the repeatability of the device, they do not need to.
The ability to roll out a dynamic routing protocol attached to a security zone allows elasticity to the environment that supports growth.
VLAN support on the inside interfaces allow this to be the only device in some smaller deployments we install these in.