Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cisco ASA vs Pfsense install

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newbieuser1234
      last edited by

      I am interested in hearing opinions on whether a properly configured pfsense install is safer than an ASA with no local support. I know that probably is a dumb question.  But take into account the configuration difficulty of the ASA for most companies.  Currently, vendors are relied upon to apply security updates, rule changes, etc to our ASA. Any thoughts on the security of each device.  Our ASA is getting older and I feel Cisco devices are overly complex.  Any thoughts on the two comparitively in a production environment.  I have been using pfsense for about a year at home and have had great luck.  Even when a pentester tried to hack my home network.  The internet link where the ASA is located is faily lame at 10MB, but supports about 120 users.  Thanks

      1 Reply Last reply Reply Quote 0
      • A
        abidkhanhk
        last edited by

        we actually use Juniper SSG20 in our production environment, compared to ASA SSg20 is fairly new.

        SSG20 vs pfsense, Pfsense wins

        With ssg20 you really need to have CCNA, its annoyingly complex, Firewall rules confused me a number of times,
        I have had to do some routing which put the ssg20 in the crapper for a whole day, the list goes on and on,

        Pfsense is much more easier to configure, it has understandable logs, has multiple types of packages like squid, pfblocker, captive portal for guest access… etc. Last but not least, every time you make a change a backup is created automatically, which you can access using terminal.

        the only thing going against pfsense is that some people think paid service is better than free opensource. if you are in a position where you can make the decision to switch to pfsense I think it would be worth it.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Depends what you mean by safer. From a security point of view there is probably very little to choose between the two correctly configured devices. It then comes down to the speed at which new exploits/bugs are patched and updates released. The pfSense team have a good track record there and needless to say Cisco have whole departments of programmers doing that! However if, as you say, it's not possible to apply the patches for whatever reason it doesn't really matter how quickly they are released. An important measure of security is how many hours/days your router is running code with known exploits. My opinion.  :)

          Steve

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.