I have worked with PIX and ASA for several years. The first firewall I worked with and still have a softspot in my heart for, is Novell’s BorderManager. The way I learned to manage Border Manager and the PIX was through the GUI (or equivalent in Border Manager’s case) interface. I looked at trying to manage the PIX via CLI (command line interface) but had more success and felt more comfortable with the GUI.
That changed recently when I had the chance to go to CCBootCamp’s two week long CCSP school. One of the exercises we went through was to work up the equivalent to QOS which is otherwise known as MPF (Modular Policy Framework). This is where I first saw how much easier CLI would be over the GUI. Building a MPF model was very straightforward in CLI, you litterally wrote it out as you thought about what you wanted to do. Doing it in the GUI was not only harder because not everything was laid out as logically as I found in the CLI. Also, making a change to the MPF model was significantly harder than in the CLI. Moving to the CLI isnt as hard as you would think. Cisco actually helps you make the transition. There is an option in ASDM that allows you to preview the commands you have entered in the GUI as they will be submitted to the ASA. This can help make the move a little easier. There will still be some tricks you will learn along the way, you will be come more comfortable with the CLI as time goes on.
Don’t get me wrong. I still use ASDM quite a bit. I have found it better at monitoring what is going on with the ASA using ASDM without having to enter as much on the command line and remembering how to enter it. Something I bought before going to CCBOOTCAMP’s CCSP school was Eric Severson’s PIX/ASA Firewall Keys (http://www.firewallkeys.com/). Since most of us have some type of home lab, this eBook does a good job and helping you get it up and running to where you have a working ASA which may be a little different than what you may find in the corporate world.
I have known a CCIE by the name of Andy McCullough for several years. He challenged me last year to go whole hog into managing the ASA via CLI. While I will admit I still do a few things using ASDM (more out of habit than anything else), I have found that doing things via CLI is much faster and easier than ASDM. Give it a try, I think you will feel the same say.