Cisco IOS Security Reviews

We use it for endpoint security, to control access to our edge level. Basically, Cisco IOS checks the identity of each endpoint (printers, etc.). There's a specific group allowing the printer to immediately connect to the network. Also, if there is a laptop, for example, then the IOS will tell you, okay this is a laptop, please add the user name and password to access the network. Once it gets authenticated with IOS, they will still do something like posturing, checking the compliance list. For example, if a laptop doesn't have an updated antivirus or updated patches - if it's non-compliant with any one of those things, the system will reject it and isolate it in a special network, so it cannot access our network. 

Previously, anyone in the organization would see any data point in the wall. They could just go and connect their machine with that data point and could access the network. But now, even if someone came and tried that, they will not be given access. Because Cisco IOS will ask for the identity. So, you will now need to give your identity. If you are not part of the organization, you will not be given access.

I think it's a complicated product. It is very complicated, especially in the design. If in some way you mess up the logic and design, you can really mess up and you will hate your life. The dashboard is actually very complicated. There's a lot of options. They don't need to do this. They need to make it more simple. Going to the direct point, showing what to do, where to configure, how to make the policy. They need to simplify the dashboard management more. Also, they need to improve the dashboard statistics. We need to see the statistics in a more organized way and clear. Reporting features, I think are also missing. It should be there.

Maybe they need to add in posturing. Cisco is able to check if a device is updated or not. Taking action to isolate it outside the network, and then requesting automatically for the updates to that system would be helpful. It's something in automation they can improve.

I have been using the solution for 1 year.

Initially, we faced some stability problems with the wifi systems. And sometimes it authenticates, sometimes it doesn't. But, overall, it's 90% stable. It's not causing many problems, because, no one is touching that. No one is touching that box.

Their support was very bad. We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues. They keep asking about a lot of things. And they know that we are not expert in the system. So, we are wasting our time. And it takes time to respond. Sometimes one single issue will stay on the stack for three weeks, just to resolve it. The last ticket for me reached six weeks, not three weeks even. They are not like that in all products. Just this product.

The initial setup was very complicated. For the initial setup, you need to configure the TAC servers and assigning the password, user name and the group for authenticating, etc. The deployment took more than three months.

We used a vendor. We are not doing anything ourselves except for the basic things. We are using the vendors to do this. Not everything is handled by vendors; only, again, for the complicated products. We try to approach the integrators to do it.

I did not evaluate other options. I was thinking maybe Aruba might be a good option, but I did not switch over to it actually because Cisco's a big company and known in the market.

Even now, we are not fully utilizing the features because it'll add complicated things. I would rate this solution 7 out of 10 because of both support and interface. After this experience, next time in any project we are going to go more secure. 

I usually use it for GRE channels and VPNs. Is very stable and is a good solution. It has been stable.

I'm able to securely transfer data over the internet network. With the GRE I'm able to transfer data within one site to another sites in a public way, like the internet. The communication is encrypted and is private. It gives me added privacy.

The GRE kernels and IPSEC security are the most valuable features.

There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing.

More than five years.

It is stable but is missing functionalities. For example, everyone is bound to one single router. 

This product is being used on a daily basis, 24/7. We are a bank, so it is always running. We have no downtime and our customers don't have any downtime. 

You can do a lot in terms of the scalability. In my department, I have 11 branches that are using it and everything works flawlessly for them. 

Cisco's technical support is the best. 

I have previously used FortiGate and I didn't switch solution, I switched companies. Cisco is stable once it is up and running. You can forget about it, it's going to work unless the hardware fails. As your centers deploy, make sure it's configured and up and running. You just have to put it there and forget it.

The complexity of the initial setup will depend on your level of expertise and your experience with the product. It was simple for me but I have seen others struggle with it.  

Usually, when I did deploy I do it on a lap setup. The time it takes depends mostly on how we are going to plan the deployment. It can be done within a day or a week.

Sometimes we will use an integrator for the deployment and sometimes we will do it ourselves. 

The return on investment has already been achieved and it is great.

The solution is a one-off fee once, it's just a matter of whether we are using IOS security you want to use the IT functionality, you need to have the security licenses.

It's a good product you just have to have someone that really knows how to configure it otherwise it's going to be a nightmare.

I would rate it a seven out of ten. 

We use it for routing and switching, VPNs, connectivity to some degree, and firewalls.

In certain spots it has improved our security program's maturity, for example around virtualization and network segmentation.

The most valuable feature is the scalability. The nice thing with the bigger vendors is that they're very good at scale.

I would like to see much more embedded security that works and that isn't a bolt-on.

It's pretty stable. The stability has been good.

I would rate the technical support at eight out of ten. We've had a lot of good feedback. 

Different products come and go but we've been using Cisco for 20 years. 

We use every consulting firm and probably most integrators, depending on the project. On any day it could be Deloitte, Accenture, etc.

I'm sure we've seen ROI. Routing is better than picking up a file, carrying it to you and handing it to you. But it's been in place for quite a long time.

Look at this solution and figure out what you're trying to accomplish. You should probably augment it with some other vendors as well. I'm not a big single-vendor type of person. I don't think anyone does it perfectly well. With Cisco, you bring them in for their core competencies which are routing, switching, and virtual networking. Then you augment it with some security vendors that have been doing security the entire time.

I would rate it at eight out of ten. It's not a ten because of the criticisms around security.

EEM (Embedded Event Manager) is a software component of Cisco IOS.

I found that EEM is a handy feature [but it is an underdog for the end user] if fine tuning of monitoring is required or if you would like to turn a Cisco device (switch or router) into a programmable device (without fancy words like ACI or Python, etc.). It is low level but efficient and money saving. It is available by default (but check the IOS feature support first). For curious minds, it could be used in combination with IP SLA and tracking features, a network engineer Swiss army knife.

• Increased monitoring level for KPIs normally not tracked by network management systems.
• Ability to correlate events and report back in a predefined format/customized message on the switch.
• Making a Cisco switch act as a network event sensor is enhancing visibility on the network.

• Tailored monitoring/notifications and some sort of added intelligence moved now to the edge of the network. (Actually, it could be done at any point of network: core, distribution, or access.)

As it is a tailored solution, it is not very scalable, but this is a trade off; you need a hammer or a scalpel. And EEM is a scalpel.

No licenses but what comes with the features of IOS.

Before choosing this product, we evaluated other options. I looked for a tailored solution.

The competition (like Juniper) do offer similar approaches (scripting capabilities, but I did not look into the details). The question is that in many cases, users are not extending their expertise to adopt these money/time-saving features that vendors provide with their OSs.

1. Cisco IOS Security feature provides key features such as AAA, VPN, IPsec, content filtering, IPS, etc in all IOS based Cisco devices. 2. I like it because they include powerful security features that come with all Cisco Router and Switch from low to higher end. 3. It helped me to convert my Cisco router into a zone-based policy firewall. 4. It helped me to implement port security at my switch end. 5. I have implemented AAA in all Cisco routers and switch easily. 6. I have configured VPN server in a Cisco router with ease compare to OPENVPN configuration in a Linux OS environment.

1. IOS security related IPS facility is not as strong as Cisco ASA and the signature file of IPS does not update automatically like Cisco ASA. 2. When I converted the Cisco router into a zone-based firewall, CPU utilization shot up and slowed down network performance.

Cisco IOS security feature is the most robust and simple security facility which nice and small to implement. It helped me protect my network from external and internal attack.

Cisco IOS is the best OS for Cisco routers and switches. There are a lot of plus points of using Cisco IOS. A brief introduction about them are as follows.AAA- Cisco IOS has a lot advantages while using AAA. It can use various encryption services which also includes EAP with Radius.Firewall- You can use Cisco IOS Advance IP Services for creating Zone based firewalls on Cisco Routers.TCP Intercept- It prevents DDOS attacks quite effectively.PKI- You can use RSA keys in PKI. Also lets you use Certificates in PKI.VPN- Almost any type of VPN can be configured using IOS security. Site to site or remote. 802.1X- This facility has helped a lot of organizations and ISPs to maintain authentication for their users.

It is very hard to find any limitations of this OS Still when you use this as Zone based firewall you can see its limitations. You need to restrict traffic with ACL, which is fine but you need to create too many ACLs. Hence management of ACLs is a tedious task. Works better with TACACS+ which is Cisco proprietary. WAN connectivity is difficult on a router which is running IOS Security.

The best OS from my point of view in Cisco IOS is Advanced IP Services. This OS has changed the definition of network security by using the router. The use of VPN concentrator is coming to an end because this OS can handle any kind of VPN using the router, so no need of VPN concentrators.

We primarily use the product as a security solution within our company.

Overall, the devices are very good and reliable.

The product is easy to use.

It's quite a stable solution.

The installation process is easy.

Technical support has always been very good.

It's a good device yet it's not a market leader. There are better options for customers to choose from.

There could be a bit more functions on offer that could make it easier to use.

We have used the solution for four years. It's been a while. We have a bit of experience with it at this point. 

The stability is great and the performance is good. It's reliable. There are no bugs or glitches. it doesn't crash or freeze. 

We have about 2,000 users on the product currently.

Cisco technical support is the best in the world. They are very helpful and responsive and we are always satisfied with the amount of assistance we get.

Previous to this solution, we did not use anything else.

It's straightforward to set up. The product isn't too complex in terms of implementation. It takes about two days to deploy everything. 

You only need two people for installation. We have two technicians for the installation of the product and two engineers for managing the product.

We handle the implementation ourselves in-house. We don't need outside consultants or integrators. 

We pay a yearly subscription for signatures and stuff for the filtering, debugging inspection.

We did not evaluate anything before we started using Cisco. We didn't evaluate other options.

We always use two versions behind the latest version. We do not use the latest version typically.

I'd rate the solution at a six out of ten.

I wouldn't recommend the solution to other users or organizations at this time.

On-premises

The solution is used for security purposes. 

The Intrusion Firewall is a valuable feature. 

Cisco is an expensive firewall, so the pricing can be improved. 

 I have been using Cisco IOS Security for more than five years. 

The stability can be improved. I rate the stability an eight out of ten. 

It is a scalable solution. Presently, two hundred users are using the solution. 

The technical support team is good. 

Positive

The initial setup is not very difficult. 

The pricing is expensive. 

I will recommend it if your entire infrastructure is Cisco-based, because the compatibility is good.

I rate the overall solution an eight out of ten. 

Public Cloud