Cisco ISE (Identity Services Engine) vs Fortinet FortiToken comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco ISE (Identity Services Engine) and Fortinet FortiToken based on real PeerSpot user reviews.

Find out what your peers are saying about Cisco, HPE Aruba Networking, Forescout and others in Network Access Control (NAC).
To learn more, read our detailed Network Access Control (NAC) Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total.""The solution enables us to do everything from one interface.""Not having to trust devices and being able to set those levels of trust and more finely control our network is a benefit.""The features that do work, work well, and we use it on a daily basis.""Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy.""For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you.""It's keeping our company safe from rogue devices connecting to our network. From a security standpoint, there's peace of mind knowing that every device that connects is a good one.""Assisting a larger number of users in gaining access and guiding them through the process of getting on Cisco ISE has been seamless."

More Cisco ISE (Identity Services Engine) Pros →

"FortiToken is available in a soft or hard token factor, so there's some flexibility in that. Beyond that, I would say it is a stable solution that has worked for us.""The integrated Fortinet security with the app that allows you to easily do the two-factor authentication is most valuable.""The tool's support is the best.""I love the push-button authentication on FortiToken Mobile. It's also great that the soft token automatically reloads the OTP at intervals, so I always have a fresh code to enter.""I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose.""I would rate the overall solution an eight out of ten. The solution is a smart product that anyone can easily access and manage. The solution is a good product for multi-factor authentication and to secure remote authentication in the corporate environment.""Bangladesh is a price-sensitive market, and FortiToken is popular because it's more affordable than the Palo Alto and Cisco authentication solutions. Fortinet has a local director for Bangladesh, so they can deliver solutions to customers quickly.""I believe FortiToken is the simplest to implement."

More Fortinet FortiToken Pros →

Cons
"I'd like to see the logging be a bit more robust in terms of what it has baked in. If I want to do any in-depth searching, I have to export all the logs to an external platform like Elastic or LogRhythm and then parse through them myself. It would be nice if I could find what I want, when I want it, on the platform itself.""Documentation is probably the worst part of the software.""The upgrades could be better. Every time we try to do an upgrade, we have problems. It's a pain.""The intuitiveness of the user interface could be improved.""There are always some things that I would request.""I don't like the fact that we can see the logs only for 24 hours. Maybe that happens because of the way we set it up.""The one main thing that it can improve on is the GUI. As the newest addition to the team, I struggle a little bit to get around it just because it has so many features.""It would be helpful for us to know what needs to be deployed, configured, and what changes we need to make to our devices when we don't receive the specific login which is an indication of a lack of connection or incorrect configuration."

More Cisco ISE (Identity Services Engine) Cons →

"Fortinet support has some room for improvement. It has taken a long time to resolve some issues or find a workaround.""Support is a pain point in Bangladesh because there aren't many experienced Fortinet engineers in this country. It's easier to find one certified in Cisco, Palo Alto, or Juniper.""It needs a lot of coupling with their other Fortinet products. To implement FortiToken, I most probably need to couple it with FortiAuthenticator for full implementation. An RSA token can be used with many devices, whereas Fortinet FortiToken is always linked to only one FortiGate device. If I want to reuse the token across five or six FortiGates, I would have to get the FortiAuthenticator product. I can't use one token to connect to different FortiGates, and I need to get another product to enable this functionality. They should also improve the support for their mobile client. There should be a more detailed roadmap for the operating systems being supported. Some of our users were using an old iOS iPhone, and they were forced to get a newer phone because FortiToken didn't support that version of iOS. Similarly, there may be a version of Android that is not supported, so the users need to change the phone. This was one of the reasons why our deployment took longer.""You need your mobile just to enroll the tokens, and sometimes, it's difficult to use for someone who is not knowledgeable""The solution comes with two firewalls as a bundle. In that bundle, most of the individual users can be assigned to mobile users. However, in cases of technical difficulties, users may accidentally remove the mobile application. In normal scenarios, we get back to the activation key and assign it again.""Configuration can be confusing due to the lack of community and context-sensitive help. We've had to rely on technical support, which slows down the setup process.""We can only use the tool with the FortiToken Mobile app.""The problem is that our customers create budgets annually based on the figures at the beginning of the fiscal year. Our customers get annoyed when the price is adjusted in the middle of the year. I understand that it's a difficult time, and price increases make sense for hardware devices. However, FortiToken is a software product, so it shouldn't be affected by factors like chip shortages or supply chain issues. Software solutions should have more transparent and predictable pricing."

More Fortinet FortiToken Cons →

Pricing and Cost Advice
  • "There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs."
  • "If you go directly with Cisco for the implementation it's very, very expensive."
  • "The SMARTnet technical support is available at an additional cost."
  • "For the Avast virus scan, we pay around USD $95 per machine for five years which includes all updates and technical support."
  • "The price for Cisco ISE is high."
  • "The price can be lower, especially for subscriptions. It should be a lot cheaper to have a wide range of customers. The price should be comparable to competitive products like Forescout or Fortinet FortiNAC. Forescout is cheaper for customers looking for a cloud solution."
  • "There are other cheaper options available."
  • "The price is okay."
  • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "It is included as part of our firewall license."
  • "Overall, it's cheaper than other solutions. Of course, we evaluated it five years back, and I haven't checked to see its current market position, but one reason we adopted FortiToken is its lower cost of ownership relative to other solutions we evaluated."
  • "I would rate the pricing as an eight out of ten. We purchased the solution at a reasonable price in 2019."
  • "On a scale of one to ten, where one is the cheapest, and ten is the highest, I rate the pricing an eight."
  • "The solution’s price is good."
  • "Fortinet FortiToken is not an expensive solution."
  • "The pricing is not very high, so I'd rate it around six out of ten, where one is high and ten is low."
  • "From an Indian perspective, it's definitely costlier."
  • More Fortinet FortiToken Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely… more »
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    Top Answer:The token-based authentication is good and modern aspect.
    Top Answer:The management configuration seems a bit complex and could benefit from user guides or better support resources. It could be improved in terms of user-friendliness. Not like the other FortiGate… more »
    Top Answer:We're aiming to provide every user with mobile token-based two-factor authentication (2FA) to enhance security. It's for internal security.
    Ranking
    Views
    24,825
    Comparisons
    16,525
    Reviews
    74
    Average Words per Review
    756
    Rating
    8.5
    4th
    Views
    7,067
    Comparisons
    5,517
    Reviews
    11
    Average Words per Review
    464
    Rating
    8.3
    Comparisons
    Also Known As
    Cisco ISE
    Learn More
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    As we've seen, passwords alone don't keep unwanted guests out of your network. Password-only authentication has led to security breaches, malware infections, and policy violations. With two-factor authentication, a password is used along with a security token and authentication server to provide far better security.  Authorized employees can remotely access company resources safely using a variety of devices, ranging from lpatops to mobile phones.

    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data
    Top Industries
    REVIEWERS
    Financial Services Firm13%
    Comms Service Provider11%
    Government11%
    Computer Software Company11%
    VISITORS READING REVIEWS
    Educational Organization23%
    Computer Software Company16%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Comms Service Provider25%
    Financial Services Firm17%
    Computer Software Company17%
    Engineering Company8%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Comms Service Provider9%
    Government7%
    Financial Services Firm6%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise21%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise32%
    Large Enterprise52%
    REVIEWERS
    Small Business58%
    Midsize Enterprise21%
    Large Enterprise21%
    VISITORS READING REVIEWS
    Small Business33%
    Midsize Enterprise19%
    Large Enterprise48%
    Buyer's Guide
    Network Access Control (NAC)
    March 2024
    Find out what your peers are saying about Cisco, HPE Aruba Networking, Forescout and others in Network Access Control (NAC). Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while Fortinet FortiToken is ranked 4th in Authentication Systems with 19 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while Fortinet FortiToken is rated 8.2. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of Fortinet FortiToken writes "A stable and scalable solution that provides an affordable and perpetual license". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and Fortinet FortiAuthenticator, whereas Fortinet FortiToken is most compared with Fortinet FortiAuthenticator, Microsoft Entra ID, Cisco Duo, Yubico YubiKey and CyberArk Privileged Access Manager.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.