Cisco ASA/Firepower
Cisco ASA/Firepower
Cisco ASA/Firepower integrates stateful inspection with threat-focused capabilities for traffic control and visibility. It supports modular policy enforcement and centralized management across distributed environments.
Cisco ASA/Firepower integrates stateful inspection with threat-focused capabilities for traffic control and visibility. It supports modular policy enforcement and centralized management across distributed environments.
Cost considerations
Functionality
Compatibility
User experience
Customer support
Why these ratings?
Cyberse perspective
Solution details
Deployment
Subcategory
Product features
Cloud ecosystem partners
Market segment
Key features
Integrations
Pricing
Services support
Target industry
We use the following criteria to evaluate this product:
Cost considerations
Cisco ASA/Firepower appliances sit at the pricey end of the firewall market, with users noting far higher hardware cost than comparable models from other vendors. Intrusion prevention, malware defense, URL filtering and even the Firepower Management Center each require their own recurring licenses, so renewal bills add up quickly. These layered fees leave the overall cost per Gbps higher than many peers and can make the long-term value hard to justify
Cost considerations
Cisco ASA/Firepower appliances sit at the pricey end of the firewall market, with users noting far higher hardware cost than comparable models from other vendors. Intrusion prevention, malware defense, URL filtering and even the Firepower Management Center each require their own recurring licenses, so renewal bills add up quickly. These layered fees leave the overall cost per Gbps higher than many peers and can make the long-term value hard to justify
Functionality
Cisco ASA/Firepower delivers next-gen firewalling, Snort IPS, application control, and integrates with Threat Grid to analyze files in a sandbox. Version 7.2 adds the ability to decrypt and inspect TLS 1.3 traffic, extending protection to modern encrypted flows. Native machine-learning analytics, zero-trust segmentation, and SD-WAN capabilities are limited or absent, so functionality sits just below the top tier.
Functionality
Cisco ASA/Firepower delivers next-gen firewalling, Snort IPS, application control, and integrates with Threat Grid to analyze files in a sandbox. Version 7.2 adds the ability to decrypt and inspect TLS 1.3 traffic, extending protection to modern encrypted flows. Native machine-learning analytics, zero-trust segmentation, and SD-WAN capabilities are limited or absent, so functionality sits just below the top tier.
Compatibility
Cisco Secure Firewall is delivered as rack-mount appliances, hypervisor images, Kubernetes-native containers, and is sold in public cloud stores such as AWS. The software natively processes IPv6 traffic and supports routing protocols like OSPF and BGP. A documented REST API lets SIEM or SOAR tools pull events and automate responses with minimal scripting
Compatibility
Cisco Secure Firewall is delivered as rack-mount appliances, hypervisor images, Kubernetes-native containers, and is sold in public cloud stores such as AWS. The software natively processes IPv6 traffic and supports routing protocols like OSPF and BGP. A documented REST API lets SIEM or SOAR tools pull events and automate responses with minimal scripting
User experience
Administrators rely on Java-based ASDM or Firepower Management Center, which function but feel dated and can be sluggish when switching tabs. Many routine tweaks still happen in the CLI, so new staff need more than a quick walkthrough to gain confidence. Cisco publishes extensive guides, so most answers are documented even if the navigation is not always intuitive.
User experience
Administrators rely on Java-based ASDM or Firepower Management Center, which function but feel dated and can be sluggish when switching tabs. Many routine tweaks still happen in the CLI, so new staff need more than a quick walkthrough to gain confidence. Cisco publishes extensive guides, so most answers are documented even if the navigation is not always intuitive.
Customer support
Cisco ASA/Firepower customers reach Cisco TAC 24×7 and Severity-1 cases receive an engineer within 15 minutes under premium contracts. Daily intrusion-signature downloads are scheduled automatically. Smart Net gives next-business-day hardware replacement, but the lack of hourly signature pushes keeps support just below the top tier
Customer support
Cisco ASA/Firepower customers reach Cisco TAC 24×7 and Severity-1 cases receive an engineer within 15 minutes under premium contracts. Daily intrusion-signature downloads are scheduled automatically. Smart Net gives next-business-day hardware replacement, but the lack of hourly signature pushes keeps support just below the top tier