• Home
  • Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall

Cisco ISE (Identity Services Engine) vs Cisco Secure Firewall comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall
March 2024
Executive Summary

We performed a comparison between Cisco ISE (Identity Services Engine) and Cisco Secure Firewall based on real PeerSpot user reviews.

Find out in this report how the two Cisco Security Portfolio solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall Report (Updated: March 2024).
Download the complete report
770,765 professionals have used our research since 2012.
Featured Review
Anonymous User
Helps us determine real users on our network, protects our environment 100%, and has excellent support
Cisco ISE is a great solution. It helped us determine real users on our network. It's very useful. From a security standpoint, Cisco ISE has... Read more →
Anonymous User
The monitoring dashboard lets us see if the packets get from the source to the destination correctly
Being able to create and apply new policies to the firewall has been helpful. It is an object-oriented way of doing things that helps a lot because... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It's scalable.""I like that Cisco ISE is easy to use.""The interconnection with the ecosystem and the ability to force rules all over the network are the most important features.""The RADIUS Server holds the most value.""The most valuable feature is the integration with StealthWatch and DNA as one fabric.""I have found that all of the features are valuable. It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP.""The feature that I most like is that it can notify me whenever someone plugs in their device, which is not allowed. I get notifications for new laptop devices. I think the user interface looks good compared to previous versions.""Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities."

More Cisco ISE (Identity Services Engine) Pros →

"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""The user interface, the UI, is excellent on the solution.""Network segmentation is the most valuable feature.""Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.""It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world.""The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot.""For our very specific use case, for remote access for VPN, ASAs are very good.""It is a very user-friendly product."

More Cisco Secure Firewall Pros →

Cons
"A main issue is that the upgrade process, over time, is extraordinarily fragile. Repeatedly, over the past several years, when we've tried to upgrade our Cisco ISE implementation, the upgrade has broken it. Ultimately, we have then had to rebuild it because we need it.""The customer server was great but it would have been better for me if they had support in other languages such as Spanish.""Adding new devices was a little cumbersome. I haven't done it that many times, but I remember that adding new devices to the authentication piece of it was a little cumbersome. The way I was shown to do it, I thought it was odd because we had to go into the active device, copy the file down, export it, make some changes to it, and then reimport it as opposed to being able to click it and having a template to fill out.""The intuitiveness of the user interface could be improved.""I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it.""Cisco ISE has almost all the features we are looking for now, but sometimes the configuration, such as the conditions, is a little difficult to understand and not so easy to navigate.""There should be a single button that can be pressed to dismiss all of the alarms at once.""If I was going to improve anything, it would be the ease of migration. It's really difficult at the moment if you're looking to upgrade ISE 2.1 and you want to go to ISE 3.1 or 3.2, that whole upgrade path and, particularly, the licensing is quite a minefield to sort out."

More Cisco ISE (Identity Services Engine) Cons →

"I would like to see the inclusion of more advanced antivirus features in the next release of this solution.""In today's world, cyberattacks have become a common occurrence. However, so far, we have not faced any issues with our systems. I hope the situation remains the same in the future. If Cisco introduces even more advanced security measures, it would be beneficial.""I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies.""The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working.""Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.""The configuration is an area that needs improvement.""<p>If there is old hardware, or appliances, it does not necessarily work with the new Cisco generation firewalls.""They need to do an overhaul of the management console."

More Cisco Secure Firewall Cons →

Pricing and Cost Advice
  • "There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs."
  • "If you go directly with Cisco for the implementation it's very, very expensive."
  • "The SMARTnet technical support is available at an additional cost."
  • "For the Avast virus scan, we pay around USD $95 per machine for five years which includes all updates and technical support."
  • "The price for Cisco ISE is high."
  • "The price can be lower, especially for subscriptions. It should be a lot cheaper to have a wide range of customers. The price should be comparable to competitive products like Forescout or Fortinet FortiNAC. Forescout is cheaper for customers looking for a cloud solution."
  • "There are other cheaper options available."
  • "The price is okay."

    • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design."
  • "I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you."
  • "It has a great performance-to-price value, compared to competitive solutions."
  • "Spec the right hardware model and choose the right license for your needs."
  • "Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now."
  • "To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive."
  • "Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution."
  • "​Price point is too high for features and throughput available.​"

    • More Cisco Secure Firewall Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Cisco Security Portfolio solutions are best for your needs.
    See Recommendations
    770,765 professionals have used our research since 2012.
    Comparison Review
    Anonymous User
    Cisco ASA vs. Palo Alto Networks
    Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning the management options: How to add and rename objects. How to update a device. How to find log entries. Etc. Cisco ASA Fast Management Suite: The ASDM GUI is really fast. You do not have to wait for the next window if you click on a certain button. It simply appears directly. On the Palo, each entry to add, e.g., an application inside a security rule, takes a few seconds. Better “Preview CLI Commands”: I am always checking the CLI commands before I send them to the firewall. On the Cisco ASA, they are quite easy to understand. I know, Palo Alto also offers the “Preview Changes”, but it takes a bit more time to recognize all XML paths. Better CLI Commands at all: For Cisco admins it is very easy to parse a “show run” and to paste some commands into another device. This is not that easy on a Palo Alto firewall. First, you must change the config-output format, and second, you cannot simply paste many lines into another device, since the ordering of these lines is NOT correct by default. That is, it simply doesn’t work. ACL Hit Count: I like the hit counts per access list entry in the GUI. It quickly reveals which entries are used very often and which ones are never used. On the… Read more →
    Questions from the Community
    Which is better - Aruba Clearpass or Cisco ISE?
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely… more »
    What are the main differences between Cisco ISE and Forescout Platform?
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Read all 3 answers   →
    How does Cisco ISE compare with Fortinet FortiNAC?
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use Fortinet too.… more »
    Read all 3 answers   →
    Which is better - Fortinet FortiGate or Cisco ASA Firewall?
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fortigate is very stable, reliable, and consistent. We like that we can manage the… more »
    Read all 4 answers   →
    How does Cisco's ASA firewall compare with the Firepower NGFW?
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
    Ranking
    1st
    out of 13 in Cisco Security Portfolio
    Views
    1,081
    Comparisons
    731
    Reviews
    72
    Average Words per Review
    761
    Rating
    8.5
    4th
    out of 13 in Cisco Security Portfolio
    Views
    714
    Comparisons
    207
    Reviews
    99
    Average Words per Review
    698
    Rating
    8.4
    Comparisons
    Also Known As
    Cisco ISE
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    Cisco
    Cisco
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    Cisco Secure Firewall stands as a robust and adaptable security solution, catering to organizations of all sizes. It's designed to shield networks from a diverse array of cyber threats, such as ransomware, malware, and phishing attacks. Beyond mere protection, it also offers secure access to corporate resources, beneficial for employees, partners, and customers alike. One of its key functions includes network segmentation, which serves to isolate critical assets and minimize the risk of lateral movement within the network.

    The core features of Cisco Secure Firewall are multifaceted:

    • Advanced threat protection is achieved through a combination of intrusion prevention, malware detection, and URL filtering technologies.
    • For secure access, the firewall presents multiple options, including VPN, remote access, and single sign-on.
    • Its network segmentation capability is vital in creating barriers within the network to safeguard critical assets.
    • The firewall is scalable, effectively serving small businesses to large enterprises.
    • Management is streamlined through Cisco DNA Center, a central management system.

    The benefits of deploying Cisco Secure Firewall are substantial. It significantly reduces the risk of cyberattacks, thereby enhancing the security posture of an organization. This security also translates into increased productivity, as secure access means uninterrupted work. Compliance with industry regulations is another advantage, as secure access and network segmentation align with many regulatory standards. Additionally, it helps in reducing IT costs by automating security tasks and simplifying management processes.

    In practical scenarios, Cisco Secure Firewall finds diverse applications. It's instrumental in protecting branch offices from cyberattacks, securing remote access for various stakeholders, safeguarding cloud workloads, and segmenting networks to isolate sensitive areas.

    User reviews from PeerSpot reflect an overall positive experience with the Cisco Secure Firewall. Users appreciate its ease of configuration, good management capabilities, robust protection, user-friendly interface, and scalability. However, some areas for improvement include better integration capabilities with other vendors, maturity, control over bandwidth for end-users, and addressing software bugs.

    In summary, Cisco Secure Firewall is a comprehensive, versatile, and reliable security solution that effectively meets the security needs of various organizations. It offers a balance of advanced protection, user-friendly management, and scalability, making it a valuable asset in the realm of network security.

    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
    Top Industries
    REVIEWERS
    Financial Services Firm14%
    Government11%
    Comms Service Provider11%
    Computer Software Company11%
    VISITORS READING REVIEWS
    Educational Organization23%
    Computer Software Company16%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm15%
    Computer Software Company12%
    Comms Service Provider12%
    Government8%
    VISITORS READING REVIEWS
    Educational Organization21%
    Computer Software Company16%
    Comms Service Provider9%
    Government6%
    Company Size
    REVIEWERS
    Small Business25%
    Midsize Enterprise20%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise32%
    Large Enterprise52%
    REVIEWERS
    Small Business35%
    Midsize Enterprise24%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise31%
    Large Enterprise45%
    Buyer's Guide
    Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall
    March 2024
    Free Report: Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall
    Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    770,765 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Cisco Security Portfolio with 136 reviews while Cisco Secure Firewall is ranked 4th in Cisco Security Portfolio with 404 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while Cisco Secure Firewall is rated 8.2. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and Portnox CORE, whereas Cisco Secure Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Netgate pfSense, Meraki MX and Sophos XG. See our Cisco ISE (Identity Services Engine) vs. Cisco Secure Firewall report.

    See our list of best Cisco Security Portfolio vendors.

    We monitor all Cisco Security Portfolio reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.