Cisco Identity Services Engine and F5 BIG-IP Access Policy Manager compete in the access management solutions category. Cisco ISE seems to have the upper hand in Cisco environments due to its deep integration and feature set, while F5 APM provides superior session customization and cloud flexibility.
Features: Cisco ISE integrates with Cisco environments and offers features like 802.1X, TrustSec, and TACACS+. Its RADIUS feature supports Active Directory for user authentication, and it provides granular control over network access. F5 APM is praised for virtual IP creation, session customization, and seamless integration with various authentication protocols. It facilitates user session management and offers strong performance and reliability.
Room for Improvement: Cisco ISE's setup is complex with a steep learning curve, and there are issues with posture assessment stability and third-party integration. Its update process and interface could be improved. F5 APM requires better cloud support and post-acquisition service reliability, with calls for GUI improvements and easier identity provider integration.
Ease of Deployment and Customer Service: Cisco ISE is mainly used on-premises with hybrid cloud support, backed by knowledgeable TAC teams, although support can be slow and require multiple engineers. F5 APM also offers hybrid deployments, with feedback indicating a need for better documentation and faster support. Cisco ISE benefits from structured ATC partner support, while F5 APM users report a more self-driven setup.
Pricing and ROI: Cisco ISE has complex pricing with multiple tiers, potentially leading to high costs for large networks, yet offers ROI through robust network protection and integration. Licensing confusion is reported, and there’s a move toward subscription models. F5 APM’s pricing is high but simpler, with cost justified by its security features. Both solutions deliver security and operational ROI, though Cisco's complexity and pricing are more commonly discussed.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
I rate the technical support as one out of ten.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
Even if they respond, they don't update me with the process or what's going on.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
Sometimes, the logs are not quite informational or easy to understand.
Additionally, the product is vulnerable and has many bugs.
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
If I could copy and paste objects instead of picking and configuring them from scratch each time, it would be great.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
Cisco Identity Services Engine (ISE) is very good at device administration.
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility.
A lot of features are useful to me, including mostly the authentication, SAML, or SSO, with no sign-on.
Cisco Identity Services Engine (ISE) offers comprehensive network access control and visibility, supporting features like 802.1X authentication, profiling, and posturing. It integrates with Microsoft and other Cisco products, facilitating robust security policies across distributed networks.
Cisco Identity Services Engine is a key player in network access control, offering centralized management and a user-friendly interface. It supports zero trust principles and provides strong authentication for wired and wireless networks. ISE's capabilities include granular security policies, enhanced device posturing, and seamless integration, bolstering security infrastructure. Users benefit from its dual authentication through EAP, simplifying access management across networks.
What are the key features of Cisco ISE?In industries like finance, healthcare, and education, Cisco ISE is pivotal for securing wired and wireless networks, implementing BYOD policies, and managing user access. Organizations leverage ISE for effective authentication and authorization, while maintaining compliance with industry security standards.
F5 BIG-IP Access Policy Manager (APM) is an access management proxy solution for managing global access to the enterprise networks, cloud providers, applications, and application programming interfaces (APIs). Through a single management interface, BIG-IP APM consolidates remote, mobile, network, virtual, and web access.
BIG-IP APM can also serve as a bridge between modern and classic authentication and authorization protocols and methods. For applications which are unable to support modern authentication and authorization protocols, like SAML and OAuth with OIDC, but which do support classic authentication methods, BIG-IP APM converts user credentials to the appropriate authentication standard supported by the application.
BIG-IP APM Benefits:
BIG-IP APM Features:
Reviews from Real Users
Below are some reviews and helpful feedback written by BIG-IP APM users.
Mahmmoud Rabie, Senior Site Reliability Engineer, writes that BIG-IP APM is "A highly stable solution for load balancing, but the initial setup is complex."
Clyde Livingston, Senior Process Specialist at Telstra, says that BIG-IP APM is "Easy to use, useful access remotely, but lacking stability."
Chris Lam, Senior Solution Consultant at Macroview Telecom Limited, states that BIG-IP APM is "Useful for remote access VPN and VPI integration with VMware.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
