Cisco ASA5500X GUI?

U

USMCGrunt

2[H]4U
Joined
Mar 19, 2010
Messages
3,103
Context for the question, I'm CCNA Routing and Switching certified and went through the Cisco academy at my local community college so I've got some limited hands-on (40-ish hours) with the hardware and CLI.

I'm currently debating on getting an ASA 5500-X series firewall or a WatchGuard M200. While these two devices are on completely different levels, the non-profit I work for can get the Cisco device for $500 bucks putting them on a much closer price plane. The only reason I haven't pulled the trigger on the Cisco device is because I wanted to know;

A: Can it be programmed through a GUI Interface or all CLI?
B: Is the GUI intuitive to navigate?

I've got experience working with WatchGuard's configuration software so I know the flow of the GUI but if I can't score the Cisco hardware I'd rather do that. I just don't have experience configuring the a security device at the command line so I'd prefer not to try and learn it on a production network.
 
Cisco gui for managing an ASA is ASDM. I use it quite a bit and it is pretty intuitive. And I generally dislike any GUI for networking gear.
 
The CLI on ASAs can be unintuitive compared to IOS or other vendors.

ASDM (their GUI) is decent.
 
Cisco ASA uses the ASDM, which is ok, but if you use the wizards to config you get a lot of un-needed items in your configuration.

Have you looked into the PA-200 from Palo Alto at all. IMO, it is a much better firewall.
 
buckobilly said:
Cisco ASA uses the ASDM, which is ok, but if you use the wizards to config you get a lot of un-needed items in your configuration.

Have you looked into the PA-200 from Palo Alto at all. IMO, it is a much better firewall.
Click to expand...

I actually forgot I posted this here, thanks for the input guys. As for the PA-200, it doesn't fit the bill in a lot of areas. I am going to have two physical sites being lit with 100Mb fiber requiring a site-to-site VPN connection and the company has a desire to move towards teleworking with approx. one dozen workers teleworker ready now. The PA-200 suffers from poor performance and limited IPSec VPN sessions in this scenario where-as the ASA 5512-X has plenty of overhead if we decide to go beyond 100Mb and up to 250 VPN connections.
 
Ok, I was thinking you were looking for a cheap solution.

I have a pair of PA-3020's with 9 site to site VPNs terminating (ASA5505). Seems pretty reliable, We also use it for Threat prevention and content filtering.
 
buckobilly said:
Ok, I was thinking you were looking for a cheap solution.

I have a pair of PA-3020's with 9 site to site VPNs terminating (ASA5505). Seems pretty reliable, We also use it for Threat prevention and content filtering.
Click to expand...

Well, being a non-profit, we are able to get the 5512-X for $500....so it's cheap for us...but not a cheap product generally.
 
USMCGrunt said:
Well, being a non-profit, we are able to get the 5512-X for $500....so it's cheap for us...but not a cheap product generally.
Click to expand...

Jesus $500 for a 5512x? Killer.

Just deployed a 5512x with FirePOWER a few months ago and have been loving the performance of it so far. No issues with ASDM but did most of the initial setup through CLI as I find it easier to look at rules that way when I'm in the cisco zone...
 
Easius said:
Jesus $500 for a 5512x? Killer.

Just deployed a 5512x with FirePOWER a few months ago and have been loving the performance of it so far. No issues with ASDM but did most of the initial setup through CLI as I find it easier to look at rules that way when I'm in the cisco zone...
Click to expand...
501(c)(3) organizations get some pretty amazing deals --> www.techsoup.org
 
You must log in or register to reply here.
Back
Top