Our primary use for this solution is for Internet access and firewall.
Our primary use for this solution is for Internet access and firewall.
The commitment to Cisco products based on their advice and knowing our model and what we wanted to accomplish did not put us in an optimal situation. I do not think this solution has improved our organization.
I don't particularly like the product. The decision to go with Cisco was made by the company. Now they made an expensive investment so they feel we have to keep this equipment.
The capacity of the equipment should be improved. Cisco sells expensive equipment, but it does not really have greater performance compared to the price paid for it. So, we're paying very high prices for medium — or low to medium — capacity equipment.
One thing that I would like to see is a more user-friendly dashboard. Really it generally needs easier capabilities to do basic management of the product and the system for users who are not Cisco employees or representatives.
Though it is not directly the product, their technical support services can be improved. We have not had many problems with the product, but we pay for support and they have not really solved the issues we submitted to our satisfaction. It is the same with Cisco iOS. We know that when we install the next version, we have come to expect that something will break. Testing upgrades should be improved as well.
Around 70 people are currently using the products. There are two administrative or technical employees dedicated to maintenance. The scalability seems limited by performance.
We have opened cases with the Cisco customer support. Early on we didn't really have many issues. For what we pay for the platinum support, I don't think that they are doing a great effort in working with us. In one instance where it seemed to me that Cisco didn't really understand the problem, they tried to push us to get the newest equipment. The same equipment was working fine for the same thing about two months before that. So, it doesn't make sense to have to upgrade the equipment when something has broken that was working. I think that something was wrong either with the licensed upgrade on the iOS that did it. I don't know. But I do know that Cisco was not able to pinpoint exactly what the problem was and the solution they offered did not make sense. If it was hardware that we have a warranty for or an upgrade that they introduced, they should be able to locate the problem for clients paying a premium for their services.
Reflecting on that incident, they seemed more interested in selling more equipment than to really dig deep and discover what the problem was.
Actually, it is the Cisco products we use now that we will be replaced with another solution. We did not move from something else to Cisco. We have plans to get rid of the equipment. We want to switch to another vendor which has more robust products for a lower cost. We pay too much for what we get in performance. The problem is not really in terms of capabilities but in terms of the capacity of the equipment. It makes no sense for us to have such expensive equipment where we can have router equipment with less complexity and then have proper firewalls behind it.
The features Cisco intends to include in their product are very limited due to the way the features affect the capacity of the equipment. For example, imagine that the equipment is capable of handling a hundred megabits of internet access without any additional features configured. After the additional features are enabled and configured to perform the job as advertised, the bandwidth and performance are reduced drastically. It makes no sense to have such expensive equipment if it does not do what is intended or if it does not do it as well as another configuration would using dedicated products. Cisco advertises all the things you can do, but then you get the overall capacity squeezed and it is not as great as advertised.
It is not exactly that the product does not do what it is advertised to do, but you lose the performance that you expected when going with this model. If we knew about this performance drawback before, then we would not have bought this expensive line of the product. We would have gone with something cheaper. It could even have been a different Cisco product, but we would configure the network in a different way. We would not do the firewall in JCL (Job Control Language) that's on the routers, but we would do it on a proper firewall. If we did not spend that much money on the gateway equipment, then we could get different equipment with a proper firewall using what we saved.
I thought that the initial setup was very complex. Cisco does not have a straightforward logic for the configuration of the equipment. You need to do a lot of extra things. For example, you have to open a specific port to the outside to allow traffic, you have to review the ACL (Access Control List), and you need to review firewall provisions. It's a bit complicated to manage compared to other equipment and in other firewalls where it is a much simpler process. I find it complex to manage this Cisco solution and I am sure it can be simplified.
Our deployment took about two to three months, at best, to tune it up to make all work properly. It was not done alone by me, but it was all done in house. I have a good team of people, but it took too long to get everything dialed in. Even after that time, we had only met most of the requirements that were outlined. There was still more to do.
We have a team and did our own implementation.
We don't have any licenses at this time. There were some compensating licenses that needed to be renewed every year, but then Cisco ended that practice. It was also sort of the local price break for the solution. Currently, we just pay for the hardware once and extra for the warranty extension. Besides those costs, there were no additional expenses. We did pay additional for a specific module. It was from another company embedded inside the Cisco product and we had to renew every year on that license. But then Cisco stopped promoting the use of that feature. When they did the product performed better because the module was taking up too much of the CPU usage.
On a scale from one to ten where one is the worst and ten is the best, I would rate Cisco Enterprise Routers poorly from the experience that I have had. I would say a three or possibly four. I wish we had gotten the correct information from Cisco when we talked to them back when we were considering the solution. We told them what we wanted them to do and they recommended this solution. I think there may have been a miscalculation of the sizing of the equipment. So, I give it three out of ten because I could do the same or have the same or better result with a different solution that was not as expensive as this equipment.
The company and products are good overall, but they still overprice the equipment compared to the competition.
My advice to others considering this solution would be not to do what we did. Don't go with the all-in-one solution. Buy a basic product that Cisco certifies is more than capable of routing the traffic that you expect on the network, then get a decent firewall behind the router to really take care of security, content filtering, ACL and all the rest that a firewall does. It could be a bit expensive, of course, because you're buying two products instead of one. But what you can get out of it is much more than we get now from this Cisco solution.
It's not by any chance that when ISPs all over the world deliver an internet access line, they don't give you the top of the line support equipment. They don't push you to buy Cisco because it is the best. They give you something really basic because it's not supposed to do anything else than routing traffic from and to the internet. They expect you to have a firewall behind that router to manage all the rest of what a firewall is supposed to handle. Those providers know exactly what they're doing.
What I have learned from my experience with this product is to do more to check for something else as alternatives and compare products without just accepting a reputation and advice from the vending company's experts. You might not need to buy something expensive to really accomplish what you need to do.