The short version: vShield Edge is a HORRIFIC implementation that should be avoided at all costs.
The long version:
IPSec Instability - tunnels created with VSE have proven to be unreliable. They bounce up and down like a pogo stick, and for seemingly no reason. We removed VSE from the equation and terminated the same tunnels (with no changes on the far end) onto hardware based devices and every singe problem went away. The remote devices were Cisco ASAs and Sonic Walls and both had the same issue.
Rule Maintenance - Maintaining the rule database is insanely tedious. There is no ability to copy rules. There is no ability to create rule groups or object groups.
Double Entry - With static NAT assignments in place, every firewall rule requires two entries: one "into" the external IP and one "out of" the internal IP. As maddening as this is, the worst part is that it took two VMware support engineers to figure this out because there is no documentation and even those on the VShield support team seem to struggle to make the thing work.
No Documentation - Whereas the documentation for the admittedly far more advanced Cisco ASA is many book volumes in length, the vShield Edge documentation is barely TWO PAGES.
Backup Issues - For those of us that are in multi-tenant environments, a single VSE cannot be backed up or restored. It is an all-or-nothing proposition, and this alone should disqualify its use.
No Debugging - When things do not go as planned, such as the aforementioned IPSec issue, there are virtually no debugging options available to the network engineer. What is there is useless.
In the end, the idea of having a fully functional virtual firewall appliance is definitely attractive. However, VSE 5 is alpha-quality code at best and should not, under any circumstances, be used in a production environment.
Rick