Cisco Support Community
Community Member

best firewalls

Hi, my company is looking at new firewalls for the internet connections, we use ASA's for the vpn's etc, but they seem to want another vendor for these firewalls, they have looked at cisco, but seem to prefer the checkpoint and juniper.

do the asa's have as much feature as them ?


Re: best firewalls

The Cisco ASA 5500 Series Firewall Edition enables businesses to securely deploy mission-critical applications and networks in a highly reliable manner, while providing significant investment protection and lower operational costs through its unique, modular design. Businesses can protect their networks from unauthorized access using the Cisco ASA 5500 Series Firewall Edition's robust policy enforcement services. These services combine with market-leading VPN services to enable businesses to securely extend their networks across low-cost Internet connections to business partners, remote sites, and mobile workers. This flexible solution can adapt as an organization's needs evolve along with the ever-changing security threat landscape, giving businesses the ability to easily integrate market-leading intrusion prevention, antivirus, antispam, antispyware, URL filtering, and other advanced content security services for additional layers of protection. Combined with Cisco management and monitoring application solutions, the Cisco ASA 5500 Series Firewall Edition provides world-class security with lower operational costs.

For further information click this link


Re: best firewalls

I love seeing people asking for advices like

this and people without much knowledge of

other vendors such as Checkpoint or Juniper

products knowledge but yet they are jumping

the Cisco bandwagon and quoting stuffs from

Cisco marketing brochure without knowing

all the facts.

The answer really depends on how complex your

network is. If you have a very simple

network setup and not too savy network

engineers on your staffs, then ASA is probably

a good choice.

If you have very complex network with lot of

VLANs, rules and interfaces, then Checkpoint

is a better choice due to it management

capability. Furthermore, checkpoint has much

better troubleshooting tool such as tcpdump

and fw monitor. You can search the rulebase

for object/ip address very quickly. With

SmartView tracker, you can look at the log

and this is extremely helpful in

troubleshooting issues.

Every vendors can do IPS, antivirus, antispam,

etc... therefore, buying ASA is not a strong

argument here. The buzz word for this is

Unified Threat Management (UTM).

I used to work at a place where we have 4 CCIE

Security on staff. When it comes to pick

a firewall vendor, we unanimously select

Checkpoint firewalls.

my 2c

CreatePlease to create content