Cisco Identity Services Engine and F5 BIG-IP Access Policy Manager compete in the access management solutions category. Cisco ISE seems to have the upper hand in Cisco environments due to its deep integration and feature set, while F5 APM provides superior session customization and cloud flexibility.
Features: Cisco ISE integrates with Cisco environments and offers features like 802.1X, TrustSec, and TACACS+. Its RADIUS feature supports Active Directory for user authentication, and it provides granular control over network access. F5 APM is praised for virtual IP creation, session customization, and seamless integration with various authentication protocols. It facilitates user session management and offers strong performance and reliability.
Room for Improvement: Cisco ISE's setup is complex with a steep learning curve, and there are issues with posture assessment stability and third-party integration. Its update process and interface could be improved. F5 APM requires better cloud support and post-acquisition service reliability, with calls for GUI improvements and easier identity provider integration.
Ease of Deployment and Customer Service: Cisco ISE is mainly used on-premises with hybrid cloud support, backed by knowledgeable TAC teams, although support can be slow and require multiple engineers. F5 APM also offers hybrid deployments, with feedback indicating a need for better documentation and faster support. Cisco ISE benefits from structured ATC partner support, while F5 APM users report a more self-driven setup.
Pricing and ROI: Cisco ISE has complex pricing with multiple tiers, potentially leading to high costs for large networks, yet offers ROI through robust network protection and integration. Licensing confusion is reported, and there’s a move toward subscription models. F5 APM’s pricing is high but simpler, with cost justified by its security features. Both solutions deliver security and operational ROI, though Cisco's complexity and pricing are more commonly discussed.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
I rate the technical support as one out of ten.
Cisco support has pretty good teams for support and every time we had good answers and we could somehow solve the issues we had.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
Even if they respond, they don't update me with the process or what's going on.
Most of the technical support is managed in-house due to our extensive experience with F5 products.
F5 technical support is responsive and helpful.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
However, you can have some latency issues depending on where your devices are.
The product's flexibility and company culture contribute to resolving these challenges.
I would rate the scalability of F5 BIG-IP Access Policy Manager (APM) between seven and eight.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
Sometimes when we have upgrades or failovers with Cisco Identity Services Engine (ISE), we had some minor issues.
On a scale from one to ten for stability, I would rate F5 BIG-IP Access Policy Manager (APM) a ten.
Sometimes, the logs are not quite informational or easy to understand.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
If I could copy and paste objects instead of picking and configuring them from scratch each time, it would be great.
The main improvement needed for F5 BIG-IP Access Policy Manager (APM) is to integrate into the cloud-delivered services from F5.
The ability to run the Anycast feature would be valuable, as the current solution only operates on-premises.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
F5 products are more expensive than other solutions but are valued for their quality and reliability.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss.
The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.
APM is quite flexible for customers to use, providing secure remote access through various host-checking conditions for both machines and users.
It provides robust security and offers integration with multi-factor authentication systems, which is crucial for an organization's security policy.
A lot of features are useful to me, including mostly the authentication, SAML, or SSO, with no sign-on.
| Product | Market Share (%) |
|---|---|
| Cisco Identity Services Engine (ISE) | 24.2% |
| F5 BIG-IP Access Policy Manager (APM) | 0.8% |
| Other | 75.0% |
| Company Size | Count |
|---|---|
| Small Business | 44 |
| Midsize Enterprise | 31 |
| Large Enterprise | 91 |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 1 |
| Large Enterprise | 9 |
Cisco Identity Services Engine (ISE) offers comprehensive network access control and visibility, supporting features like 802.1X authentication, profiling, and posturing. It integrates with Microsoft and other Cisco products, facilitating robust security policies across distributed networks.
Cisco Identity Services Engine is a key player in network access control, offering centralized management and a user-friendly interface. It supports zero trust principles and provides strong authentication for wired and wireless networks. ISE's capabilities include granular security policies, enhanced device posturing, and seamless integration, bolstering security infrastructure. Users benefit from its dual authentication through EAP, simplifying access management across networks.
What are the key features of Cisco ISE?In industries like finance, healthcare, and education, Cisco ISE is pivotal for securing wired and wireless networks, implementing BYOD policies, and managing user access. Organizations leverage ISE for effective authentication and authorization, while maintaining compliance with industry security standards.
F5 BIG-IP Access Policy Manager (APM) is an access management proxy solution for managing global access to the enterprise networks, cloud providers, applications, and application programming interfaces (APIs). Through a single management interface, BIG-IP APM consolidates remote, mobile, network, virtual, and web access.
BIG-IP APM can also serve as a bridge between modern and classic authentication and authorization protocols and methods. For applications which are unable to support modern authentication and authorization protocols, like SAML and OAuth with OIDC, but which do support classic authentication methods, BIG-IP APM converts user credentials to the appropriate authentication standard supported by the application.
BIG-IP APM Benefits:
BIG-IP APM Features:
Reviews from Real Users
Below are some reviews and helpful feedback written by BIG-IP APM users.
Mahmmoud Rabie, Senior Site Reliability Engineer, writes that BIG-IP APM is "A highly stable solution for load balancing, but the initial setup is complex."
Clyde Livingston, Senior Process Specialist at Telstra, says that BIG-IP APM is "Easy to use, useful access remotely, but lacking stability."
Chris Lam, Senior Solution Consultant at Macroview Telecom Limited, states that BIG-IP APM is "Useful for remote access VPN and VPI integration with VMware.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
