Cloudflare's Zero Trust Network Access (ZTNA) technologies create secure boundaries around applications. When resources are protected with ZTNA, users are only allowed to access resources after verifying the identity, context, and policy adherence of each specific request. Cloudflare's Zero-Trust-as-a-Service model enables users to deploy access controls on the company's instant-on cloud platform, backed by Cloudflare's global network.
It's well suited for the mobile task force we have at Engel for all the information workers, the salespersons, and the salespeople that are abroad and are not often on the Engel premises but are on customer premises. So for them, it's the only really good tool to connect to central IT resources. But when I look to the future way of utilizing cloud resources and having a hybrid approach and having SaaS services like Salesforce, which are running natively in the cloud, then AnyConnect might not be suitable for them because anyway, I have a direct connection via an HTTPS tunnel to run all my SAS applications. I would not see any benefit of using AnyConnect in this case. So the more a company runs in the cloud, the less it needs AnyConnect.
For example, Cloudflare is a very good solution for ZTNA implementation. Cloudflare has Warp for propagating Gateway rules and checking device posture. Browser Isolation gives you more abilities to use internet resources without any restrictions and at the same time not put the company at risk. For example, if there is no DLP solution in place blocking the printing function can partly protect the company's sensitive data from intentional or intentional leakage through the online forms. A similar approach protects the end-user device from Zero-day threats and malicious software code. Moreover, Remote Browser Isolation technology protects not only the user's device but also the user himself from possible phishing attacks - for example, even if the user enters his username and password on the phishing website, bank card issuers, or other personal or confidential data, data will not go beyond the isolated cloud environment. Cloudflare Access gives company administrators a great opportunity to implement role-based access policies and make effect segmentation and diversification of company network groups.
Cisco AnyConnect connects the machine with the VPN very smoothly in a few clicks also provides security with Multi-Factor Authentication.
It Provides the facility of creating Network groups such as Local and Project Network so that user can limit the connectivity options.
The System scan feature is so robust, it Scans the System every time we connect to a new network and remembers the older Network and does not Scans while we connect to usual Netwroks.
Manual Administrative Config: The Enrollment requires the user to enroll from their end and can't just be "Setup" for the user unless you act as the user. For things like SMS text, it would be nice just to put it in place and have it work without a "Setup/Enrollment" process. This does, however ensure the user understands the process.
Active Directory Sync and Azure Sync Did not automatically match up accounts and duplicate, so I had to do it manually, to be fair the account usernames do not match the Email Address which is used for Azure so it would be difficult.
Duo Support and Cisco Support seem to have not been integrated with each other well, most support tickets end up with a Duo expert and a Cisco Firewall Expert on at the same time, though this has improved dramatically.
They did not force my Admin to use an NTP Server off the bat, which would have fixed a few issues we had that persisted for a while until he started using one. (A bit old fashioned)
This is software is easy to use, easy to maintain, easy to support, cost effective, and extremely secure. We will continue to use it for all employees well into the future. We have already renewed our licenses for another 5 years - that's how confident we are that this software will remain a primary security solution for our firm.
Compared to other products that I have used, Cisco gives me more information and it is easy for me to understand what's happening from the application, which is Cisco AnyConnect, which other vendors don't. It's very hard for me if I have to work with other applications, I have to get support from the application owner vendor. But in Cisco, I myself can read through and get this thing. Now with that being very comfortable, I mean very, very useful. I would like to get to more detail in a more simplified way. There are plenty of things. It is also where there is something it gives me in a simplified way. This is what has happened that would help me in some cases. But always there is a scope for improvement in any product. I never rate any product to 10, even if it's better because there is always room for improvement. So I personally feel we can still make this better. It is a good product, but we can still make it better
Thus far, I have not encountered any outages to Cisco AnyConnect. Any firmware updates are completed infrequently and efficiently such that the users don’t experience noticeable downtime. I have not encountered any errors running the platform at any time of day or night , or from any geographical location. Provided a hard-wired or WiFi internet connection is available, expect Cisco AnyConnect to run without unexpected interruption.
Their support team is extraordinary and quick responding. All support team members have great product knowledge and takes very minimum time for query resolution. Support is available on phone, emails, etc. As per my experience with their support team, I will rate them with 10 stars here because it was truly exceptional.
We are quite satisfied with the deployment. We might extend our deployment. My suggestion to everyone will be utilizing Cisco cloud infra as well. As it will give you some nice features like cloud based firewall, DNS Security and threat intelligence. Threat intelligence was a key decision maker for us and people should not ignore it.
I have tried the above too. I have noticed that the consistency and reliability that connect provides are way better than theirs. Integration with 2-factor authentication apps is something extremely important, and I am not sure if this two software provide such functionality. Network stability and speed are also not as good as Cisco Anyconnect.
As long as all Cloudflare products and services rely on anycast technology, in a complex approach Cloudflare is faster and more relevant for cloud applications. The balance between security and performance is fully established. Also, Cloudflare has quite a good stack for API connection protection, like the API Shield example, which makes it more effective compared to F5 for example. Warp as a ZTNA agent gives better visibility and device posture information than FortiClient does.
We are able to seamlessly work on multiple clients daily, and it allows us to quickly handle more projects at the same time.
Cisco AnyConnect has allowed our own company's coworkers to remotely connect back to the corporate network, easily assisting work schedules and processes, during the COVID-19 pandemic. Being forced to work remotely, meant our processes still happened quickly and efficiently, by being able to leverage and use Cisco AnyConnect VPN.
Even prior to the COVID-19 pandemic, I have worked 100% remotely for a few years now. This was always due to the reliable connectivity and ease of use with Cisco AnyConnect VPN. I live 2+ hours from our nearest corporate office, and even further from some of my client locations, and I have always been able to connect to any of my multiple Cisco AnyConnect VPN connections, within seconds.
