Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs F5 BIG-IP Access Policy Manager (APM) comparison

Cisco and F5 are both solutions in the Network Access Control (NAC) category. Cisco is ranked #2 with an average rating of 7.9, while F5 is ranked #7 with an average rating of 8.3. Cisco holds a 22.4% mindshare in NAC, compared to F5’s 1.2% mindshare. Additionally, 87% of Cisco users are willing to recommend the solution, compared to 88% of F5 users who would recommend it.
Cisco Identity Services Eng...
Read 145 Cisco Identity Services Engine (ISE) reviews
  • 15,135 Views
  • 9,838 Comparison Views
87% willing to recommend
F5 BIG-IP Access Policy Man...
Read 18 F5 BIG-IP Access Policy Manager (APM) reviews
  • 2,814 Views
  • 366 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2024

Cisco Identity Services Engine and F5 BIG-IP Access Policy Manager compete in the access management solutions category. Cisco ISE seems to have the upper hand in Cisco environments due to its deep integration and feature set, while F5 APM provides superior session customization and cloud flexibility.

Features: Cisco ISE integrates with Cisco environments and offers features like 802.1X, TrustSec, and TACACS+. Its RADIUS feature supports Active Directory for user authentication, and it provides granular control over network access. F5 APM is praised for virtual IP creation, session customization, and seamless integration with various authentication protocols. It facilitates user session management and offers strong performance and reliability.

Room for Improvement: Cisco ISE's setup is complex with a steep learning curve, and there are issues with posture assessment stability and third-party integration. Its update process and interface could be improved. F5 APM requires better cloud support and post-acquisition service reliability, with calls for GUI improvements and easier identity provider integration.

Ease of Deployment and Customer Service: Cisco ISE is mainly used on-premises with hybrid cloud support, backed by knowledgeable TAC teams, although support can be slow and require multiple engineers. F5 APM also offers hybrid deployments, with feedback indicating a need for better documentation and faster support. Cisco ISE benefits from structured ATC partner support, while F5 APM users report a more self-driven setup.

Pricing and ROI: Cisco ISE has complex pricing with multiple tiers, potentially leading to high costs for large networks, yet offers ROI through robust network protection and integration. Licensing confusion is reported, and there’s a move toward subscription models. F5 APM’s pricing is high but simpler, with cost justified by its security features. Both solutions deliver security and operational ROI, though Cisco's complexity and pricing are more commonly discussed.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM) Report (Updated: December 2025).
Buyer's Guide
Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM)
December 2025
Download the complete report
Helped 880,954 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.1
Cisco Identity Services Engine enhances security, simplifies operations, and reduces costs while boosting productivity and ensuring regulatory compliance.
Sentiment score
6.8
F5 BIG-IP Access Policy Manager offers cost savings, quick ROI, and enhances security by ensuring crucial access and reducing costs.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
SunilkumarNaganuri
Service Line Manager (Service Operations Expert) - Network Access Control at a pharma/biotech company with 10,001+ employees
We also save money because we increased security, stopped incidents, and reduced breaches and security breaches.
Mohamed Fouad
Cybersecurity Team Leader at EMAK For Integrated Solutions
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
No quotes available
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
 

Customer Service

Sentiment score
6.7
Cisco ISE support is highly rated for knowledge and responsiveness but struggles with response times and communication challenges.
Sentiment score
6.8
F5 BIG-IP APM customer service receives mixed reviews, with some praising responsiveness and others citing delays and communication issues.
I rate the technical support as one out of ten.
SunilkumarNaganuri
Service Line Manager (Service Operations Expert) - Network Access Control at a pharma/biotech company with 10,001+ employees
Cisco support has pretty good teams for support and every time we had good answers and we could somehow solve the issues we had.
NicolasFigaro
Network and Technology Information Manager at Akkodis
TAC support from Cisco is a notable feature; it provides very professional support.
Mohamed Fouad
Cybersecurity Team Leader at EMAK For Integrated Solutions
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
Even if they respond, they don't update me with the process or what's going on.
reviewer2644098
Professional Services Specialist at a security firm with 51-200 employees
Most of the technical support is managed in-house due to our extensive experience with F5 products.
STRATOS GEROU
Business Development Manager at Pylones
F5 technical support is responsive and helpful.
ChrisLam
Solutions Manager at Macroview Telecom Limited
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
SunilkumarNaganuri - PeerSpot reviewer
NF
Mohamed Fouad - PeerSpot reviewerreviewer2644098 - PeerSpot reviewer
SG
CL
 

Scalability Issues

Sentiment score
7.3
Cisco ISE supports smooth scalability for diverse enterprises, but virtualization and hardware challenges may require strategic solutions.
Sentiment score
7.3
F5 BIG-IP APM scales for diverse deployments, offering flexibility and effective tools, though hardware limitations might challenge scalability.
You can run an all-in-one deployment and switch to distributed mode as your company grows, relying on Cisco Identity Services Engine (ISE) to support your scalability needs.
Mohamed Fouad
Cybersecurity Team Leader at EMAK For Integrated Solutions
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
SunilkumarNaganuri
Service Line Manager (Service Operations Expert) - Network Access Control at a pharma/biotech company with 10,001+ employees
However, you can have some latency issues depending on where your devices are.
NicolasFigaro
Network and Technology Information Manager at Akkodis
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
The product's flexibility and company culture contribute to resolving these challenges.
STRATOS GEROU
Business Development Manager at Pylones
I would rate the scalability of F5 BIG-IP Access Policy Manager (APM) between seven and eight.
ChrisLam
Solutions Manager at Macroview Telecom Limited
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
Mohamed Fouad - PeerSpot reviewerSunilkumarNaganuri - PeerSpot reviewer
NF
SG
CL
 

Stability Issues

Sentiment score
7.7
Cisco ISE is stable and reliable, but large deployments may face challenges, requiring proper configuration and effective support.
Sentiment score
7.9
F5 BIG-IP APM is praised for reliability, performance, and minimal bugs, with minor suggestions for log clarity improvement.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
reviewer2590572
Solution Architect, Presales Engineer at a computer software company with 51-200 employees
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
SunilkumarNaganuri
Service Line Manager (Service Operations Expert) - Network Access Control at a pharma/biotech company with 10,001+ employees
Sometimes when we have upgrades or failovers with Cisco Identity Services Engine (ISE), we had some minor issues.
NicolasFigaro
Network and Technology Information Manager at Akkodis
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
On a scale from one to ten for stability, I would rate F5 BIG-IP Access Policy Manager (APM) a ten.
ChrisLam
Solutions Manager at Macroview Telecom Limited
Sometimes, the logs are not quite informational or easy to understand.
reviewer2644098
Professional Services Specialist at a security firm with 51-200 employees
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
reviewer2590572 - PeerSpot reviewerSunilkumarNaganuri - PeerSpot reviewer
NF
CL
reviewer2644098 - PeerSpot reviewer
 

Room For Improvement

Cisco ISE is hindered by complexity, compatibility issues, costly licensing, and needs improvements in usability, support, and performance.
F5 BIG-IP APM requires improvements in pricing, cloud integration, user interface, documentation, support, and additional features for enhanced performance.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Jeremiah Ngure
Technical Services Lead at Telenet Solutions
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
reviewer2590572
Solution Architect, Presales Engineer at a computer software company with 51-200 employees
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
SunilkumarNaganuri
Service Line Manager (Service Operations Expert) - Network Access Control at a pharma/biotech company with 10,001+ employees
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
If I could copy and paste objects instead of picking and configuring them from scratch each time, it would be great.
reviewer2644098
Professional Services Specialist at a security firm with 51-200 employees
The main improvement needed for F5 BIG-IP Access Policy Manager (APM) is to integrate into the cloud-delivered services from F5.
STRATOS GEROU
Business Development Manager at Pylones
The ability to run the Anycast feature would be valuable, as the current solution only operates on-premises.
SalihUcpinar
Senior Cyber Security Consultant at KoçSistem
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
JN
reviewer2590572 - PeerSpot reviewerSunilkumarNaganuri - PeerSpot reviewerreviewer2644098 - PeerSpot reviewer
SG
 

Setup Cost

Cisco ISE pricing is complex and costly, with strong vendor partnerships needed for discounts, favoring large enterprises over smaller businesses.
F5 BIG-IP APM is costly but valued for high performance, with unpredictable cloud pricing and additional fees for features.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
reviewer2590572
Solution Architect, Presales Engineer at a computer software company with 51-200 employees
The license costs can range between $50,000 to $100,000 per year for enterprises.
Jeremiah Ngure
Technical Services Lead at Telenet Solutions
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
SunilkumarNaganuri
Service Line Manager (Service Operations Expert) - Network Access Control at a pharma/biotech company with 10,001+ employees
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
F5 products are more expensive than other solutions but are valued for their quality and reliability.
STRATOS GEROU
Business Development Manager at Pylones
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
reviewer2590572 - PeerSpot reviewer
JN
SunilkumarNaganuri - PeerSpot reviewer
SG
 

Valuable Features

Cisco ISE excels in security, network access control, and integration, offering adaptability, scalability, and centralized management for organizations.
F5 BIG-IP APM offers secure remote access with SSL VPN, multi-factor authentication, and comprehensive integration and security features.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
Jeremiah Ngure
Technical Services Lead at Telenet Solutions
There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss.
John Ntambi
Ag Systems & Networks Head at UNBS
The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.
NicolasFigaro
Network and Technology Information Manager at Akkodis
For more quotes and insights, download the Cisco Identity Services Engine (ISE) report
APM is quite flexible for customers to use, providing secure remote access through various host-checking conditions for both machines and users.
ChrisLam
Solutions Manager at Macroview Telecom Limited
It provides robust security and offers integration with multi-factor authentication systems, which is crucial for an organization's security policy.
STRATOS GEROU
Business Development Manager at Pylones
A lot of features are useful to me, including mostly the authentication, SAML, or SSO, with no sign-on.
reviewer2644098
Professional Services Specialist at a security firm with 51-200 employees
For more quotes and insights, download the F5 BIG-IP Access Policy Manager (APM) report
JN
JN
NF
CL
SG
reviewer2644098 - PeerSpot reviewer
 

Categories and Ranking

Cisco Identity Services Eng...
Ranking in Network Access Control (NAC)
2nd
Average Rating
8.2
Reviews Sentiment
6.6
Number of Reviews
145
Ranking in other categories
Cisco Security Portfolio (4th)
F5 BIG-IP Access Policy Man...
Ranking in Network Access Control (NAC)
7th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
18
Ranking in other categories
Secure Web Gateways (SWG) (15th), SSL VPN (5th), Remote Access (10th), Access Management (9th)
 

Mindshare comparison

As of January 2026, in the Network Access Control (NAC) category, the mindshare of Cisco Identity Services Engine (ISE) is 22.4%, down from 28.3% compared to the previous year. The mindshare of F5 BIG-IP Access Policy Manager (APM) is 1.2%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Access Control (NAC) Market Share Distribution
ProductMarket Share (%)
Cisco Identity Services Engine (ISE)22.4%
F5 BIG-IP Access Policy Manager (APM)1.2%
Other76.4%
Network Access Control (NAC)
 

Featured Reviews

NF
NicolasFigaro
Network and Technology Information Manager at Akkodis
Has improved authentication management and simplified visitor network access
The log capacity in Cisco Identity Services Engine (ISE) could be enhanced because today natively on the ISE can only have a look at the logs from the day before. You cannot search into the oldest logs; you have to use another tool for that. This can be blocking if you don't have any log consolidation solution. To do a search for an issue or something that happened two days ago, you cannot search directly in there. The capacity of Cisco Identity Services Engine (ISE) could be enhanced. Something between one week and one month for the log capacity would be nice.
Read full review
SalihUcpinar
Senior Cyber Security Consultant at KoçSistem
Has provided reliable policy controls and secure web access for large enterprises
I consider Cloudflare when evaluating centralized access control features; Cloudflare utilizes multi-factor authentication and full API support, while F5 BIG-IP Access Policy Manager (APM) needs to enhance its API support. I recommend F5 BIG-IP Access Policy Manager (APM) for large companies such as Tüpraş and Ford. Tüpraş is one of the biggest companies in Turkey, along with other customers such as Tofaş, Euroko, Koç Holding, and more. For on-premises deployment, I would rate it a 10. For cloud deployment, I would rate it a seven. I primarily use it on-premises. I rate F5 BIG-IP Access Policy Manager (APM) eight out of ten.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
See recommendations
880,954 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
11%
Computer Software Company
11%
Financial Services Firm
9%
Government
9%
Financial Services Firm
14%
Manufacturing Company
12%
Government
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise32
Large Enterprise91
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise1
Large Enterprise9
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
See all answers
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
See all answers
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
See all answers
What do you like most about F5 BIG-IP Access Policy Manager (APM)?
In my opinion, the GUI is perfect with the configuration options provided. F5 BIG-IP has given customization options and policy configuration tools in the GUI. It's good and good enough to work.
See all answers
What is your experience regarding pricing and costs for F5 BIG-IP Access Policy Manager (APM)?
F5 products are more expensive than other solutions but are valued for their quality and reliability, akin to purchasing a Bentley as opposed to an Audi.
See all answers
What needs improvement with F5 BIG-IP Access Policy Manager (APM)?
F5 BIG-IP Access Policy Manager (APM) is not user-friendly and operates slowly. Additional features for architecture such as Anycast would be beneficial. The ability to run the Anycast feature woul...
See all answers
 

Comparisons

Aruba ClearPass vs Cisco Identity Services Engine (ISE) Logo
Aruba ClearPass vs Cisco Identity Services Engine (ISE)
Compared 24% of the time
Fortinet FortiNAC vs Cisco Identity Services Engine (ISE) Logo
Fortinet FortiNAC vs Cisco Identity Services Engine (ISE)
Compared 20% of the time
Forescout Platform vs Cisco Identity Services Engine (ISE) Logo
Forescout Platform vs Cisco Identity Services Engine (ISE)
Compared 8% of the time
CyberArk Privileged Access Manager vs Cisco Identity Services Engine (ISE) Logo
CyberArk Privileged Access Manager vs Cisco Identity Services Engine (ISE)
Compared 3% of the time
Portnox vs Cisco Identity Services Engine (ISE) Logo
Portnox vs Cisco Identity Services Engine (ISE)
Compared 3% of the time
More Cisco Identity Services Engine (ISE) Competitors
Ivanti Connect Secure vs F5 BIG-IP Access Policy Manager (APM) Logo
Ivanti Connect Secure vs F5 BIG-IP Access Policy Manager (APM)
Compared 6% of the time
CyberArk Privileged Access Manager vs F5 BIG-IP Access Policy Manager (APM) Logo
CyberArk Privileged Access Manager vs F5 BIG-IP Access Policy Manager (APM)
Compared 5% of the time
Citrix Gateway vs F5 BIG-IP Access Policy Manager (APM) Logo
Citrix Gateway vs F5 BIG-IP Access Policy Manager (APM)
Compared 5% of the time
Fortinet FortiGate vs F5 BIG-IP Access Policy Manager (APM) Logo
Fortinet FortiGate vs F5 BIG-IP Access Policy Manager (APM)
Compared 5% of the time
OneLogin vs F5 BIG-IP Access Policy Manager (APM) Logo
OneLogin vs F5 BIG-IP Access Policy Manager (APM)
Compared 4% of the time
More F5 BIG-IP Access Policy Manager (APM) Competitors
 

Product Reports

Buyer's Guide
Cisco Identity Services Engine (ISE)
January 2026
Cisco Identity Services Engine (ISE) reportDownload Cisco Identity Services Engine (ISE) product report
Buyer's Guide
F5 BIG-IP Access Policy Manager (APM)
January 2026
F5 BIG-IP Access Policy Manager (APM) reportDownload F5 BIG-IP Access Policy Manager (APM) product report
 

Also Known As

Cisco ISE
F5 Access Policy Manager
 

Overview

Cisco Identity Services Engine (ISE) offers comprehensive network access control and visibility, supporting features like 802.1X authentication, profiling, and posturing. It integrates with Microsoft and other Cisco products, facilitating robust security policies across distributed networks.

Cisco Identity Services Engine is a key player in network access control, offering centralized management and a user-friendly interface. It supports zero trust principles and provides strong authentication for wired and wireless networks. ISE's capabilities include granular security policies, enhanced device posturing, and seamless integration, bolstering security infrastructure. Users benefit from its dual authentication through EAP, simplifying access management across networks.

What are the key features of Cisco ISE?
  • 802.1X Authentication: Supports network security for authorized device access.
  • Profiling: Identifies devices for accurate policy enforcement.
  • Posturing: Evaluates device compliance for access decisions.
  • TACACS: Streamlines network device authentication and authorization.
  • Guest Access: Provides secure access to visitors.
  • Microsoft Compatibility: Seamlessly integrates with Microsoft environments.
What benefits and ROI should be considered?
  • Security Enhancement: Offers strong network security policies.
  • Operational Efficiency: Centralized management improves operational aspects.
  • Improved Compliance: Ensures adherence to industry standards.
  • Scalability: Supports growing network demands effectively.

In industries like finance, healthcare, and education, Cisco ISE is pivotal for securing wired and wireless networks, implementing BYOD policies, and managing user access. Organizations leverage ISE for effective authentication and authorization, while maintaining compliance with industry security standards.

Cisco

F5 BIG-IP Access Policy Manager (APM) is an access management proxy solution for managing global access to the enterprise networks, cloud providers, applications, and application programming interfaces (APIs). Through a single management interface, BIG-IP APM consolidates remote, mobile, network, virtual, and web access. 

BIG-IP APM can also serve as a bridge between modern and classic authentication and authorization protocols and methods. For applications which are unable to support modern authentication and authorization protocols, like SAML and OAuth with OIDC, but which do support classic authentication methods, BIG-IP APM converts user credentials to the appropriate authentication standard supported by the application.

BIG-IP APM Benefits:

  • Ease of use
  • Flexibility
  • Ability to integrate with other systems
  • Security features
  • Granular access control
  • Responsive and helpful support team

BIG-IP APM Features:

  • Support for Identity Aware Proxy (IAP) enabling Zero Trust application access
  • Context-based authorization with dynamic L4/L7 ACLs
  • Integration with third-party MFA solutions
  • DTLS 2.0 mode for delivering and securing applications
  • SAML 2.0 identity federation support
  • Support for OAuth 2.0 authorization protocol
  • SSO support for classic authentication (Kerberos, header- based, etc.), credential caching, OAuth 2.0, SAML 2.0, and FIDO2 (U2F)
  • AAA server authentication and high-availability
  • Integration with leading IAM vendor products (Microsoft, Okta, Ping Identity)
  • BIG IP Edge Client and F5 Access integrate with VMware Horizon ONE (AirWatch), Microsoft Intune and IBM MaaS360
  • Risk-based access leveraging third-party UEBA and risk engines (HTTP Connector)

Reviews from Real Users

Below are some reviews and helpful feedback written by BIG-IP APM users.

Mahmmoud Rabie, Senior Site Reliability Engineer, writes that BIG-IP APM is "A highly stable solution for load balancing, but the initial setup is complex."

Clyde LivingstonSenior Process Specialist at Telstra, says that BIG-IP APM is "Easy to use, useful access remotely, but lacking stability."

Chris LamSenior Solution Consultant at Macroview Telecom Limited, states that BIG-IP APM is "Useful for remote access VPN and VPI integration with VMware.

F5
 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
City Bank, Ricacorp Properties, Miele, American Systems, Bangladesh Post Office
Buyer's Guide
Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM)
December 2025
Free Report: Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM)
Find out what your peers are saying about Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM) and other solutions. Updated: December 2025.
DOWNLOAD NOW
880,954 professionals have used our research since 2012.
See our Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM) report.
See our list of best Network Access Control (NAC) vendors.

We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.