3 out of 5.0, Reviewed Oct 18, 2016
The product does the basic request, netwotk access control. But the complication comes in the amount of diverse endpoints, and patch management. We had to upgrade our UCCX environment to support PLUS licensing for profile policy management. We also had to upgrade our AnyConnect version to 4.3, which then required us to upgrade out Cisco ASA firewalls to 9.3.6. The sheer amount of Cisco interconnectivity and dependenices on IOS versions made the configuration and deployment more complicated and lenghty.
POC. Definitely try out the top 3, and see which one works with your enterprise architecture
The connection between Cisco ISE, FirePower, and AMP. Really helps connect our threat and vulnerability intelligence. Internally, and externally.
The requirements to upgrade all the IOS versions from network switches, to the ASA firewalls, the UCCX voice system, and the AnyConnect agent. Also, we purchased posture checking, and it really only checks if the service is running. Posture checking does not integrate with SCCM, instead only looks at Microsoft on-line directly.
Verified all the IOS versions in our environment will work well with the Cisco ISE 2.1 licenses and features.
I think we would have looked at the long term posture of Cisco ISE, and the maturity of our network appliances. the initial thought was how well Cisco works with Cisco... but in the end, after all the testing. I think ForeScout's more "agnostic" approach would have been more flexible. During our discovery, build, and all the way to go live... we as a financial institution migrated to more Wi-Fi, apple, and android based products. Cisco ISE excells as wired NAC, but in our more diverse architecture, it has driven up overhead and maintenance.
Professional services for implementation was spot on. Sometimes SmartNet TAC... can be a little underwhelming
5 out of 5.0, Reviewed Sep 28, 2016
Implementation is still easy on a complex product. It was able to support and integrate with current infrastructure. Ability to provide guest WiFi access to the users and having security controls in place. Cisco support was good.
Take some time to understand the product from documentation. It seems little complex however we found it easy once implemented.
Self generated passwords are complex to read MAC spoofing issues exist
Could have simplified the product somehow
Understand the product
We got our concerns addressed by support most of the time. There are no solutions for some issues
3 out of 5.0, Reviewed Aug 15, 2016
For each site, the NAC/ISE report will be used to identify the list of devices listened to but which require remediation - remediation is either a CERT that gets pushed to the device (OR) whitelisting the device if its a headless device.
focus on continual monitoring once implemented.
cisco brand - tried and trusted
more user-friendly product features.
provide DB level access to query the data with SELECT / OMIT clauses. The NAC/ISE report is huge, and manipulating the data extract via XL is tedious.
2 out of 5.0, Reviewed Aug 3, 2016
Product is not mature for a complex environment.
Test, test, test. The product may work on a very small scale or with very basic requirements but anything outside to the normal will have issues. Ongoing maintenance is difficult going forward as patches and new version breaks things that were working.
The idea of determining assets is important and critical for BYOD. As a result, with proper identification you have more flexibility with placement of devices within your network.
High amount of bugs. Cisco provides a base solution that again is just not mature.
Be more honest regarding what was being implemented. Be more honest regarding the immaturity of the product.
Wait for another product or more maturity from this product and delay implementation entirely.
Keep to the basics, it will do it. Otherwise, be prepared for a lenghty and problematic implementation.
5 out of 5.0, Reviewed May 31, 2016
The product worked as expected without any issues. The systems integrated with minimal impact to our users. Cisco Support was superb and always willing to help with any road blocks that were found with the product itself.
I cannot stress this enough. You must plan, and plan again. I would highly suggest a small Proof of Concept outlining all the features you require and any you might want to see as an enhancement and test them thoroughly. Then after you have tested with all hardware, backend switching gear, design the plan to roll this out. Once it is in and operational to your requirements and tested, it performs like a well-oiled machine.
It works very well and gives great insight into our environment as we roll out further.
Requires 3rd party implementation initially.
The vendor knew the actual product very well, but I would suggest choosing a vendor that has the knowledge of not only the product, but also the Wired and Wireless Infrastructure as well.
Assess all aspects of the system prior to choosing the features we implemented. There are so many different types of features that can be implemented. Knowing your own environment is paramount. You will need the desktop in tip top shape for certain features, but otherwise deployment went very well.
Tons of features, and tons more that can be used. I cannot stress this enough. Plan, plan, and plan again to sort out what your requirements are for the deployment. Do not allow any scope creep as that can foil the entire deployment. Once the plan is finalized, freeze it, then move on at a later date with any changes to the plan you need.
Cisco Support has been fantastic regarding the implementation and on going support of the environment. SMARTNet provides the venue to get problems resolved ASAP.
System deployed well, but desk side and other network related issues, which are attributed to 1.2 version issues, causes slowing of the deployment. We overcame the hurdles and deployed successfully.
3 out of 5.0, Reviewed Feb 25, 2016
Slow to deliver promised functionality. Requires numerous component upgrades to full integrate and utilize the tools capabilities.
Fully enroll sponsors on user experience changes and the total cost of implementation including network upgrades.
Versatility of the product and its potential for replacing other aging networking components in the environment.
Major version changes require other network devices to be upgraded before fully utilizing its capabilities.
Commit to the long-term viability of the solution and not changes product solutions every 5 years.