Cisco Identity Services Engine (ISE) vs F5 BIG-IP Access Policy Manager (APM) comparison

Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM)

Download the complete report

Helped 801,634 peers since 2012

Categories and Ranking

Cisco Identity Services Eng...

Ranking in Network Access Control (NAC)

1st

Average Rating

8.2

Number of Reviews

139

Ranking in other categories

Cisco Security Portfolio (1st)

F5 BIG-IP Access Policy Man...

Ranking in Network Access Control (NAC)

7th

Average Rating

8.2

Number of Reviews

Ranking in other categories

Secure Web Gateways (SWG) (19th), SSL VPN (5th), Remote Access (13th), Access Management (10th)

Mindshare comparison

As of September 2024, in the Network Access Control (NAC) category, the mindshare of Cisco Identity Services Engine (ISE) is 29.9%, down from 31.4% compared to the previous year. The mindshare of F5 BIG-IP Access Policy Manager (APM) is 1.2%, down from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Network Access Control (NAC)

Featured Reviews

Adarge Ekholt

Network Engineer at a university with 1,001-5,000 employees

Aug 3, 2023

The ability to see what devices are online for a particular user helps a lot with our troubleshooting

Another big benefit for us is definitely security in terms of wireless user activity. We spent a lot of time looking at live logs and user logs to figure out where they've been in the network and in which buildings. We can get rogue granular with locations of where people are and where they're experiencing issues. We have definitely saved time since using ISE when it comes to building some of the policies around the types of users, like library users versus student union or even admin users. The policy building is complicated, but after a while, it's pretty straightforward in terms of repeatability of staff turnover, and things like that. It's not the learning curve that's hard for continuous maintenance.

Read full review

Ishan Shah

Senior Network Engineer at Fiserv

Feb 12, 2024

Facilitates packet inspection, modification, and offloading and offers visibility and troubleshooting capabilities, allowing for pre-production server testing

From my perspective, the work I do benefits from good visibility before anything goes to production. We can generate traffic with F5's load generators to see how it behaves, exposing any packet errors and other issues. This is valuable for me, as it allows for troubleshooting without involving server personnel. Additionally, we can capture traffic directly on the F5, analyzing it using F5's traffic analytics feature. This independence from network engineers is good, eliminating the need to constantly ask them to check server issues. In essence, using F5 allows us to verify its health and traffic handling independently. Overall, this has been very helpful. Overall, I would rate the scalability a nine out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's scalable."

"The WiFi portal in Cisco ISE is very useful for WiFi customers."

"We were originally a Cisco shop and Cisco ISE integrated well with our other Cisco switches and networks."

"We have seen ROI. It has done its job. It has protected us when we needed it to."

"The policy sets give us more granular groups for end-user access."

"The best feature of the Cisco ISE platform is that it is compatible with Microsoft products."

"Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization."

"The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD."

More Cisco Identity Services Engine (ISE) pros

"This is a product that is easy to install and integrate, and it is simple to use."

"In my opinion, the GUI is perfect with the configuration options provided. F5 BIG-IP has given customization options and policy configuration tools in the GUI. It's good and good enough to work."

"The tool is reliable and easy to configure."

"Our customers have never complained about the stability"

"The portal access was very good."

"Stickiness is the most valuable feature of the product."

"We have seen a return on investment from F5 BIG-IP Access Policy Manager. It provided access at a time when we didn't have it."

"The performance of the solution is valuable."

More F5 BIG-IP Access Policy Manager (APM) pros

Cons

"Documentation is probably the worst part of the software."

"The policies could be adjusted to make them more easily implementable."

"The tracking mechanism in Cisco ISE is relatively costly, especially its vendor-specific protocol."

"The installation is not straightforward, it took us approximately one month."

"The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade."

"When I work with customers to do my knowledge transfer, they're really overwhelmed with the navigation of the product and the number of things you can do with it. From a user interface standpoint, Cisco could focus on making certain tasks a bit more guided and easier for customers to walk through. That is, a user-friendly interface and streamlined workflows would be great."

"The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do."

"The solution can lag somewhat as we have a large database."

More Cisco Identity Services Engine (ISE) cons

"The solution is quite costly."

"Integrating identity providers and single sign-on solutions can simplify user authentication and access control."

"The price of this product can be improved."

"The solution’s GUI looks very old."

"We do not have knowledgeable support teams locally."

"Cloud services are something that F5 Access Policy Manager could do better"

"The technical support’s response time must be improved."

"F5 BIG-IP Access Policy Manager has room for improvement in integration with other products."

More F5 BIG-IP Access Policy Manager (APM) cons

Pricing and Cost Advice

"I think the price is okay."

"In general, licensing can be quite complex with Cisco products. It would be nice if it was a bit more intuitive and had fewer "gotchas" in there."

"The price of Cisco ISE (Identity Services Engine) is expensive and we are thinking about changing to FortiGate."

"Our customers pay for the license of Cisco ISE (Identity Services Engine). They have an annual subscription, rather than a monthly subscription."

"Cisco is moving towards a subscription service, which would mean additional costs."

"It is not that pricey."

"If you go directly with Cisco for the implementation it's very, very expensive."

"It is difficult to measure security breaches, but since we have not been attacked so far, it has paid for itself over the years."

More Cisco Identity Services Engine (ISE) pricing and cost advice

"The tool is a little bit expensive."

"Recently, they have simplified the licensing"

"I rate the tool's pricing an eight out of ten."

"The product is very expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.

See recommendations

801,634 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

25%

Computer Software Company

16%

Government

Financial Services Firm

14%

Computer Software Company

11%

Government

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?

Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...

What are the main differences between Cisco ISE and Forescout Platform?

OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...

How does Cisco ISE compare with Fortinet FortiNAC?

Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...

What do you like most about F5 BIG-IP Access Policy Manager (APM)?

In my opinion, the GUI is perfect with the configuration options provided. F5 BIG-IP has given customization options and policy configuration tools in the GUI. It's good and good enough to work.

What is your experience regarding pricing and costs for F5 BIG-IP Access Policy Manager (APM)?

The tool is a little bit expensive. I rate the pricing a six out of ten.

What needs improvement with F5 BIG-IP Access Policy Manager (APM)?

I'd suggest improved documentation integration directly within the GUI. Right now, finding comprehensive documentation often requires going to external websites like the community portal. In the AP...

Aruba ClearPass vs Cisco Identity Services Engine (ISE)

Comparisons

Compared 26% of the time

Fortinet FortiNAC vs Cisco Identity Services Engine (ISE)

Compared 18% of the time

Forescout Platform vs Cisco Identity Services Engine (ISE)

Compared 14% of the time

CyberArk Privileged Access Manager vs Cisco Identity Services Engine (ISE)

Compared 9% of the time

Cisco Secure Client (including AnyConnect) vs Cisco Identity Services Engine (ISE)

Compared 1% of the time

More Cisco Identity Services Engine (ISE) Competitors

Citrix Gateway vs F5 BIG-IP Access Policy Manager (APM)

Compared 13% of the time

CyberArk Privileged Access Manager vs F5 BIG-IP Access Policy Manager (APM)

Compared 12% of the time

Ivanti Connect Secure vs F5 BIG-IP Access Policy Manager (APM)

Compared 9% of the time

Microsoft Entra ID vs F5 BIG-IP Access Policy Manager (APM)

Compared 7% of the time

Aruba ClearPass vs F5 BIG-IP Access Policy Manager (APM)

Compared 6% of the time

More F5 BIG-IP Access Policy Manager (APM) Competitors

Product Reports

Cisco Identity Services Engine (ISE)

Download Cisco Identity Services Engine (ISE) product report

Cisco Identity Services Engine (ISE) report

F5 BIG-IP Access Policy Manager (APM)

Download F5 BIG-IP Access Policy Manager (APM) product report

F5 BIG-IP Access Policy Manager (APM) report

Also Known As

Cisco ISE

F5 Access Policy Manager

Learn More

Cisco

Overview

Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

Features of Cisco ISE

Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
Device profiling: ISE features predefined device templates for different types of endpoints.
Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

Benefits of Cisco ISE

Cisco’s holistic approach to network access security has several advantages:

Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

Support

You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

Licensing

Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

Reviews from Real Users

"The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

“Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."

F5 BIG-IP Access Policy Manager (APM) is an access management proxy solution for managing global access to the enterprise networks, cloud providers, applications, and application programming interfaces (APIs). Through a single management interface, BIG-IP APM consolidates remote, mobile, network, virtual, and web access.

BIG-IP APM can also serve as a bridge between modern and classic authentication and authorization protocols and methods. For applications which are unable to support modern authentication and authorization protocols, like SAML and OAuth with OIDC, but which do support classic authentication methods, BIG-IP APM converts user credentials to the appropriate authentication standard supported by the application.

BIG-IP APM Benefits:

Ease of use
Flexibility
Ability to integrate with other systems
Security features
Granular access control
Responsive and helpful support team

BIG-IP APM Features:

Support for Identity Aware Proxy (IAP) enabling Zero Trust application access
Context-based authorization with dynamic L4/L7 ACLs
Integration with third-party MFA solutions
DTLS 2.0 mode for delivering and securing applications
SAML 2.0 identity federation support
Support for OAuth 2.0 authorization protocol
SSO support for classic authentication (Kerberos, header- based, etc.), credential caching, OAuth 2.0, SAML 2.0, and FIDO2 (U2F)
AAA server authentication and high-availability
Integration with leading IAM vendor products (Microsoft, Okta, Ping Identity)
BIG IP Edge Client and F5 Access integrate with VMware Horizon ONE (AirWatch), Microsoft Intune and IBM MaaS360
Risk-based access leveraging third-party UEBA and risk engines (HTTP Connector)

Reviews from Real Users

Below are some reviews and helpful feedback written by BIG-IP APM users.

Mahmmoud Rabie, Senior Site Reliability Engineer, writes that BIG-IP APM is "A highly stable solution for load balancing, but the initial setup is complex."

Clyde Livingston, Senior Process Specialist at Telstra, says that BIG-IP APM is "Easy to use, useful access remotely, but lacking stability."

Chris Lam, Senior Solution Consultant at Macroview Telecom Limited, states that BIG-IP APM is "Useful for remote access VPN and VPI integration with VMware.

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University

City Bank, Ricacorp Properties, Miele, American Systems, Bangladesh Post Office

Cisco Identity Services Engine (ISE) vs. F5 BIG-IP Access Policy Manager (APM)