Cisco ISE (Identity Services Engine) Reviews

We use Cisco ISE for network management, user access for enterprise clients, and advanced firewall support. We use Cisco ISE on domains and clients jointly with other network software utilities.

We use Cisco ISE as our main controller for the management of clients that need to join our network.

The best feature of the Cisco ISE platform is that it is compatible with Microsoft products. 

Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. 

It needs a better solution for reduced complexity.

I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people.

The Cisco ISE platform is stable.

On our network, we use Cisco ISE as a platform utility to support three thousand users.

The initial setup of the Cisco ISE platform was complex and the deployment was also difficult.

On a scale from one to ten, I would rate Cisco ISE an eight because the server is so complex. Cisco needs to re-program or re-issue it and release a new version with more adequate sizing for small businesses. 

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.  

While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional.  Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.

By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.  

Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.  

We've had no issues with deployment.

We've had no issues with stability.

We've been able to scale it for our needs.

We use Cisco ISE to develop products for other people. We don't really use it in our system. We just buy it and implement it when our customers require ISE.

I like that Cisco ISE is easy to use.

Migration could be better. Right now, we back up with the new version, and it requires a lot of licensing and other things. Whenever we choose a product, it's very difficult because we have to meet the requirements of each feature. There is no standard feature, so the best system that we bought may not fit the solution. 

We have to look at every feature that the customer uses. If you compare it with other products like Aruba, it's not the same. With Cisco, I have to read all about the features on this version and the licensing required for the product. In Aruba, that thing is covered when you get one license because it covers almost everything. It could also be more scalable.

We have been using Cisco ISE for 20 to 30 years.

It could be more scalable. It's easy to scale initially, but it will become very difficult at a certain point. In the beginning, it's in the previous environment, and it's pretty easy. But after we integrate it, we need to do a couple more to scale the product, which is more difficult.

We have less than 300 people using it worldwide. We deal with an airline company, so people who come to use it aren't many, but it's available to everyone from everywhere around the world.

We deal with a local Cisco partner for technical support. I haven't dealt with Cisco directly in Bangkok. 

I think Cisco takes around six months to complete the migration from the old one to the new one. This is because we have compliance and a lot of other things here.

Our in-house team implements this solution. It takes about three people to maintain this solution.

It costs around 50,000 baht in the first year, but I'm unsure about the second year.

On a scale from one to ten, I would give Cisco ISE a seven.

My primary use case is network address translation and layer 4 filtering.

Without this product, we wouldn't be able to use our public ID the way we need to.

The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall.

I would like the product to include support for OSVS version three.

I've been using this solution for about five years.

This is a stable product.

The scalability is good - currently, we don't have an internet bandwidth greater than 10GB, so it's efficient for us.

The initial setup was straightforward, and deployment was done in one night.

I implemented using an in-house team.

This product has helped us protect our infrastructure.

I considered some open source solutions, but those are usually difficult to set up.

I would recommend this solution as it is very easy to set up and has a very easy user interface. I would rate this solution as eight out of ten.

We use this solution to authenticate the domain users and if someone is not the domain user to make them a guest.

Before, our port would be wide open, anyone could come to the network and put their laptop into the port or any device and they would be able to get the IP. Now, if someone tries to connect to our network through an IU port or internet, they will not be able to access it. Another way this solution has improved our organization is that when we integrate this with our OpenGate server we are able to identify and isolate the machine that is infected, or that is going to be infected.

Plus, we had control on which device we can block in real-time and white list, or according to the MAC address, we can send this device to get an assigned IP from a special VLAN.

The identification with McAfee DHL is the most valuable feature. It gives us full visibility to see if there's any malware or malicious activity going on in the network and will then isolate the device.

Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product.

Stability is very good. We haven't faced any issues and there aren't any bugs. 

We currently have around 400 users and we only need two staff members for maintenance. It is being used extensively because all of the users are dependent on it. If the ISE is down no one will be able to authenticate.

Technical support is very good because, on the user phase, it shows who was on the call with us and who helped us. 

The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total. 

We used an integrator. We had a good experience with them because we have already worked with them in the past couple of years

We researched this solution and found that it fulfills all of our requirements so we didn't look into any other solutions.

I would rate this solution a nine out of ten. 

I would advise someone considering this solution not to enable it with MAC. They are going to be in a very bad state after enabling this with MAC because if you do it is going to isolate so many devices which do not comply with the policy.

It can handle Radius and TACACS+.

Authorisation and Authentication Policy creation is easier. Access right limitation is pretty easy in ISE. Context exchange feature is present.

It is quite complex when it comes to troubleshooting.

2 years

Upgrade was quite a pain. It doesn't exactly go according to the document.

On TACACS side, we see some issues. The rest is all going well.

It's good.

Tech support is still lacking on TACACS troubleshooting on ISE.

We were using ACS and IAS servers for radius and TACACS. ISE is one stop shop for everything with more to offer.

Initially done with a Cisco consultant and started with Radius services. Expertise was excellent.

Smartnet is not so cheap depending on the deployment.

We have deployed this solution and we keep on exploring more and more. It can do wonders for authentication and limiting access with the network.

I am a reseller. We also implement solutions for our clients. Currently, we have a client who is doing a proof of concept with different clients of their own.

We sell this product to many different clients here in Mexico for both retail and manufacturing plants.

Our clients use Cisco ISE (Identity Services Engine) to secure the access of the users. It's a great tool for access control functions.

The profiling model included is the most valuable feature.

The user interface could be improved to make it more user-friendly.

I have been selling Cisco ISE (Identity Services Engine) for eight years.

Cisco ISE (Identity Services Engine) is very stable.

It is very scalable. Cisco ISE (Identity Services Engine) is a nice solution.

I have not had any contact with technical support.

The initial setup is easy.

It can take three days for a basic configuration.

As resellers, we frequently evaluate solutions for our customers.

After the deployment, I would recommend completing a proof of concept.

I would rate Cisco ISE (Identity Services Engine) a nine out often.

It's a network access manager.

After the product was installed, no one could access the secure connection network. In order for any laptop or any endpoint device to attach to my network, it needs to be authorized or be certified to be connected.

It has many valuable features. 

It has many complications from the administration perspective, it's not easy to learn. Not like other solutions that are very friendly and easy to go through. It needs to be more user-friendly. We'll see the same name on more than one tab so we need to realize why that name is there or why only the main tab is not like the other. I cannot believe that Cisco is the best case of security integration however it is easier to implement.

They are good at integration, I do not expect more from them in that regard. They could think about developing VXLAN. They have LDN switches, we need to get into contextual switches, not catalyst switches. Normal switches. I wish they could explore developing more VXLAN options.

Stability is not something absolute. 

Scalability is good. We have 60,000 users. 

Their technical support isn't good. 

The initial setup took four to six hours to do. The image between six, seven GB, is a huge image, huge process, and it takes too much time. If somebody has a solution of five, four pieces you need to re-image one or you need to incorporate the solution. It will take days to upgrade the solution. It's very complicated. The deployment will take an entire day. And if you have a complication it can take two days because of the complexity. 

We are a big organization and we can arrange for licenses because we are a big customer. We have an agreement for the security license. Licenses aren't an issue for us. We pay for licenses every five years or six years.

I would rate this solution a 7.5 out of ten. To make it a ten they should have more people on tech support. They need to invest more in the product. It's a good product. They should just work on tech support. More support for the customer. It's not that easy to get somebody to understand this product. I have had some issues with tech before for the solution. One of them brought the solution down due to some of his activity. They need to hugely invest in their tech support.