There are a number of issues that will help you in the decision
1) Cost - usually top or near the top of the list.
2) Support within company - do you have people within the organisation who can support Linux or support ASA
3) Support from vendor. Many enterprise environments are still unhappy using a "free" distribution and would be happier and feel more comfortable using a vendor like Cisco. Your organisation may or may not be one of them
4) Features - what exactly do you need your firewall to do. Not all firewalls are equal. There will be some things the ASA can do well and some things the linux firewall can do well. You need to draw up a list of all the technical requirements and then match them against the capabilities of the firewalls.
5) Closely tied to 4) is extra capabilities other than just firewalling ie. would you like inbuilt IDS/IPS for example
6) Performance - how much performance in terms of throughput etc. do you need from your firewall.
Those are some of the more important criteria. There is very rarely a simple "this is better than that" answer. You need to work out your requirements both technical and non-techical as per the list above and then decide which one most meets those requirements.
Just to add one thing to Jon's comprehensive post,
7) Being a financial institution, you may be required to have a FIPS compliant firewall. Your audit team can help with the network device requirements. When in doubt I would refer to the DISA standards.
instead of pointing a solution like Vidyalal_2009, i told you my experience.
in my company i have 12 firewalls.
few in linux, 1 mcafee, 1 junniper, 2 watchguard, and the rest on Cisco Pix 515E, ASA 5510 and ASA5520 with SSM-20.
The thing is i'm not preffer one solution than others.
in the case of the linux i need to have this because in linux i could create rules with BOUNCE target, it's means, if one computer inside of the lan network resolve a site it's located in the same zone, the firewall in the case of pix can't route this packet, in the case of linux it's only requiered to make 2 packet re-writes and it's works.
and so over, pix, asa it's much better firewall than linux in rude mode, when a host attack the perimmeter, only asa, pix with ios 7.2+,8.0+, 8.1+, 8.2+ with mode shun, could stop attacks, try to do with linux the same thing, it's barely impossible.
IMHO, just you need to take approaches what need to do, what need to protect, how much knowledge you got to stablish a good solution, how much money you have to spend in a solution, like hardware or software, but all the time, check all requierements from customers before point a solution.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :