Cisco ISE (Identity Services Engine) vs Cisco Secure Firewall comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco ISE (Identity Services Engine) and Cisco Secure Firewall based on real PeerSpot user reviews.

Find out in this report how the two Cisco Security Portfolio solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall Report (Updated: September 2023).
745,775 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD.""Our clients like Cisco ISE because they already use various Cisco solutions. It's easy for them to use this solution because they have an engineer with Cisco certifications.""The solution enables us to authenticate with AD.""The solution enables us to do everything from one interface.""I like that Cisco ISE is easy to use.""I've had no issues with scalability. I started using it on two campuses, and now I'm using it across the country and scaling it across subsidiaries in other countries.""Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities.""The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues."

More Cisco ISE (Identity Services Engine) Pros →

"Cisco Secure Firewall made it easier so that more than one person can handle things. We are able to have a bigger team that can handle simple tasks and have a smaller team focus on the deep-dive needs.""The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them.""The management aspect of the product is very straightforward.""With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall.""The VPN is our most widely used feature for Cisco Secure Firewall. Since we were forced into a hybrid working situation by COVID a few years back, VPN is the widely used feature because everybody is working remotely for our agency. So it came in very handy.""Collaboration with other Cisco products such as ISE and others is the most valuable feature.""The most valuable feature is zone segmentation, which we utilize through the Firepower management console.""I work with Cisco and other partners, but the Cisco team is the best team in our country. When I call them, they always help us."

More Cisco Secure Firewall Pros →

Cons
"With the recent release of the solution, we had a bunch of bugs and we had to delay our deployment. Other than that, the solution is good.""When I work with customers to do my knowledge transfer, they're really overwhelmed with the navigation of the product and the number of things you can do with it. From a user interface standpoint, Cisco could focus on making certain tasks a bit more guided and easier for customers to walk through. That is, a user-friendly interface and streamlined workflows would be great.""The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do.""The tracking mechanism in Cisco ISE is relatively costly, especially its vendor-specific protocol.""There are always some things that I would request.""The pricing is fair.""Some of ISE's features need to be more agile. For example, we couldn't integrate our data because Cisco needs your data to be in its own format.""Automation [is an area for improvement]. It seems like everywhere I look, automation is super important. Automation and integrations. That's the area it could be improved..."

More Cisco ISE (Identity Services Engine) Cons →

"It needs to provide the next-generation firewall features that other vendors provide, like data analytics, telemetry, and deep packet inspection.""We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach.""Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing.""With the new FTD, there is a little bit of a learning curve.""They should work on making it a little more intuitive for users and not quite as complex. Still, it's a good product.""The management of the firewalls could be improved because there are a lot of bugs.""Cisco Secure Firewall's integration with cloud providers has room for improvement. We could do more in terms of integration, for example, if we had a tag on an instance.""Licensing is complex, and I'd like it to be simplified. This is an area for improvement."

More Cisco Secure Firewall Cons →

Pricing and Cost Advice
  • "There is a license to use this solution and the price is reasonable."
  • "It costs around 50,000 baht in the first year, but I'm unsure about the second year."
  • "Standard licensing gives backup access and very few features, and then there's VM licensing - each VM we use needs to be licensed."
  • "The licensing is subscription-based and based on the user account."
  • "The price for Cisco ISE itself is very low, however, Cisco professional services are quite expensive. Subscription amount is dependent on number of users."
  • "Our customers pay for the license of Cisco ISE (Identity Services Engine). They have an annual subscription, rather than a monthly subscription."
  • "ISE has always been expensive compared to other products in terms of what it does on a user level."
  • "If you're not going through an agreement, it's very expensive."
  • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "Pricing for Cisco is expensive. There are additional costs for the licensing part, support, and even the hardware part. The device cost is very high. I would be very happy with an improvement on the price."
  • "The pricing was pretty comparable to other solutions when we purchased it."
  • "Cisco is cheaper than Check Point although it is not as cheap as Fortigate. But with the latest improvements in hardware and speed, the pricing is okay."
  • "The licensing package is good, but the licensing fee should be decreased."
  • "Once you know what the product is, it is not that bad. Yes, it is expensive. When you try to get a license, it is like, "Well, I don't know which one of these I need. And, if I don't buy it now, then I will probably be back later. Now, I have to justify the money." Typically, you end up just buying everything that you don't use most of the time. It is one of those solutions where you get what you pay for. If you don't know what you need, just buy everything. We have additional licenses that we don't use."
  • "The pricing is too high and the licensing is too confusing."
  • "It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this."
  • "I wish there was an easier way to license the product in closed environments. I have worked in a number of closed environments, then it is a lot of head scratching. I know that we could put servers in these networks and that would help with the licensing. I have never been in a situation where we connected multiple networks, i.e., having an external network as well as an internal network, as those kinds of solutions are not always the best. I think licensing is always a headache for everyone, and I don't know if there is a simple solution."
  • More Cisco Secure Firewall Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Cisco Security Portfolio solutions are best for your needs.
    745,775 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely… more »
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use Fortinet too.… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fortigate is very stable, reliable, and consistent. We like that we can manage the… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
    Ranking
    1st
    Views
    777
    Comparisons
    543
    Reviews
    81
    Average Words per Review
    740
    Rating
    8.4
    6th
    Views
    0
    Comparisons
    138
    Reviews
    99
    Average Words per Review
    706
    Rating
    8.4
    Comparisons
    Also Known As
    Cisco ISE
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    Cisco Secure Firewall, including Firepower, is a powerful perimeter security solution used for network security, data center protection, advanced malware protection, and site-to-site VPNs. Its most valuable features include NGIPS, application visibility and control, VLAN implementations, intrusion prevention, threat defense, and NAT. 

    The solution has helped organizations discover their environment, improve security, implement dynamic policies, reduce operational costs, and protect against threats from outside and within the data center. Overall, Cisco Secure Firewall is a valuable tool for securing organizations and providing visibility into threats.

    Offer
    Learn more about Cisco ISE (Identity Services Engine)
    Learn more about Cisco Secure Firewall
    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
    Top Industries
    REVIEWERS
    Financial Services Firm13%
    Government11%
    Comms Service Provider11%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Educational Organization22%
    Computer Software Company16%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm15%
    Comms Service Provider12%
    Computer Software Company12%
    Government8%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company16%
    Comms Service Provider9%
    Government7%
    Company Size
    REVIEWERS
    Small Business23%
    Midsize Enterprise21%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise31%
    Large Enterprise53%
    REVIEWERS
    Small Business35%
    Midsize Enterprise24%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise28%
    Large Enterprise46%
    Buyer's Guide
    Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall
    September 2023
    Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall and other solutions. Updated: September 2023.
    745,775 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Cisco Security Portfolio with 84 reviews while Cisco Secure Firewall is ranked 6th in Cisco Security Portfolio with 111 reviews. Cisco ISE (Identity Services Engine) is rated 8.4, while Cisco Secure Firewall is rated 8.4. The top reviewer of Cisco ISE (Identity Services Engine) writes "Offers rich contact sharing, many self-service features, and the ability to categorically list all the endpoints in the infrastructure". On the other hand, the top reviewer of Cisco Secure Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and F5 BIG-IP Access Policy Manager (APM), whereas Cisco Secure Firewall is most compared with Fortinet FortiGate, Meraki MX, Palo Alto Networks WildFire, Netgate pfSense and Sophos XG. See our Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall report.

    See our list of best Cisco Security Portfolio vendors.

    We monitor all Cisco Security Portfolio reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.