Aruba ClearPass Reviews

We use the solution for basic user authentication, authorization, and accounting purposes.

The solution has the best-automated profiling feature. It helps us create granular policies based on device category. Also, its API-level integration with third-party systems works well compared to other vendors.

They should include features like Radius CoA for IoT and similar devices for the solution. Also, it would be great if they had SMP functionalities as well.

I have been using the solution since 2016.

The solution is highly stable. I rate its stability a ten.

The solution is highly scalable. I rate its scalability a ten. We can add as many subscribers as we require. We have at most ten solution users as our customers. They all are enterprise businesses.

The solution's GUI and configuration workflow could be clearer to understand. I rate its setup process a six. It involves analyzing customers' requirements and starting with a POC. Once it is done, we order equipment and a license. Next, we deploy the solution offline and integrate it with the production environment. The entire process takes around two to three months to complete.

The solution is costly. We have purchased its perpetual license. It is affordable for enterprise businesses. The medium-scale companies find it expensive. I rate its pricing an eight.

I recommend the solution to others. It is an excellent platform. I rate it as a nine.

1. To improve overall security by segmenting the Guest and Corporate Vlan.

2. To Manage BYOD in the organization. 

3. To provide visbility on my corporate network using one management dashboard   environment for the devices

Secure organization by completely segmenting the guest and corporate vlans SSID. 

Less management and support effort on the management of BYOD. 

Clear visibility on the LAN .

The most valuable features would be: 

• Wireless segregation
• Bandwidth segmentation
• Prioritization
• BYOD management
• Overall visibility.

I would like the area of managing wired technology to be improved. Wireless is very good but I'm still struggling a bit to do my end to end configurations in the wired technology area.

The Virtual Machine for the Clearpass sometimes has issues with loosing the management IP

This solution is stable. 

Scalability is fine because it's batched upon endpoint devices, and licensing. If you max out the endpoint devices that you want to manage, you just upgrade the license and get more scalability. The core server is running on virtualization, so you can expand the resources for you to be able to grow your server needs.

We previously used Cisco ISE. We switched because it was complex. Even the deployment was not straightforward. When I had Cisco ISE, it was still in the first version, 1.2. I heard people mention that version 2.2 is much more friendly, easy to deploy, and easy to use but I didn't get a chance to test that. I used Cisco ISE when it was what I would consider a very complex solution, difficult to install, and even understand. Even then, it was not meeting my requirements.

The initial setup was straightforward and the deployment took almost a month. 

Cisco ISE V1

I would rate this solution a nine. 

ClearPass is the best Network Access Control "Swiss army knife" out there right now. It can do 802.1x (WPA2-Enterprise) for WiFi and LAN. It also has one of the slickest guest captive portal experiences and workflows out there, along with an easy, drop-in BYOD application.

I have not had too much experience with OnGuard, the endpoint integrity feature, but it does that too. With all of the ClearPass integrations and RADIUS Change of Authorization (CoA), it is possible to login wired or wireless endpoints based on a variety of identity stores, then create and associate security policies, e.g., DACLs, based on a device. 

Dynamically provision VLAN assignments, i.e., no more "color-coded ports", write Palo Alto Networks (PAN) NGFW policies that are associated with a specific user (rather than IP address), and quarantine or drop an endpoint off the network in an automated manner if an incident is detected.

All of this, naturally, comes with a lot of details in implementation, but my experience was, like all things InfoSec, implementing the controls is easy if you already have a clear, documented, executive-supported policy that you are using as the control to enforce. Otherwise, the control gets blamed for what is really a lack of clarity and leadership regarding the underlying business policy.

It makes it easy to require robust user authentication for both wired and wireless endpoints, including BYODs.

Access Tracker is definitely the feature that I use the most. It is invaluable for troubleshooting access control incidents and quickly getting to the root cause.

It should be clearer in the pre-sales stage that clear, documented, executive-supported InfoSec policy is the key to success.

Our clients use Aruba ClearPass since it is a NAC solution.

The most valuable feature, I would say, is the cost-effectiveness of the solution when compared to others.

Regarding the improvement needed in the solution, I remember our technical team stating that the installation front of the solution was a bit difficult when compared to other solutions. So, some of the other solutions, when compared to Aruba ClearPass, are more user-friendly to install.

I have been working with Aruba ClearPass for almost five to six years. My company is a reseller of the solution. I am unsure about the version of the solution I am using since we also deal in other products.

It is a stable solution. I rate the solution's stability a nine out of ten.

It is a scalable solution. I rate the solution's scalability somewhere around seven to eight out of ten. Mostly, our organization deals with medium and enterprise-sized customers.

I rate the solution's technical support team a seven out of ten. There are no issues with the support we are receiving. I will probably have to check with the engineers who have dealt with the technical support team. Since I have never heard a complaint against the support team, I would reconsider my decision over the rating provided by me previously and rate the technical support an eight.

Positive

I rate the solution's initial setup a six on a scale where one is difficult and ten is easy. There are some difficulties when installing the solution. For our company, installation is not difficult since we are system integrators who are well-versed in Aruba ClearPass. However, one of our customers told us that it is difficult to manage the installation part of the solution.

The solutions deployment was quick because our company is well-versed in deployment. So, it took around twenty to thirty days. Usually, four L3 engineers from our company are involved in the deployment process. For the maintenance and deployment of the solution, we have a lot of people in our organization. So, our company has around 28 engineers, and we serve around 120 customers in UAE. Specifically speaking, two network engineers are handling the maintenance part of the solution.

On a scale of one to ten, where one is cheap, and ten is too expensive, I rate the solution's pricing a six out of ten. So, the price could be lower. The solution has a yearly based licensing cost attached to it.

I want to tell those planning to use the solution that it is a good solution where one needs to have a certain level of expertise to carry out the deployment phase. Overall, I rate the solution an eight out of ten.

I use this solution for securing company-wide logs.

I'm using the latest version. It's deployed on the public cloud. Microsoft Azure is the cloud provider.

Everyone in our organization uses this solution. It's about 300 people. There are four people who specifically operate the solution, do daily checks, check for errors, and help users who are having trouble with their login sessions.

I like that it's usable in both an on-premise and hybrid and cloud native environment. I like the integration options with a multitude of other vendors and Aruba applications.

The user interface could be more polished and modern. It would be useful to have more options for automation.

I would like to have more collaboration between different security platforms. For instance, the Fortinet portfolio, which we also use extensively.

I have used this solution for about one year.

It's very stable. We did have some issues with under provisioning the underlying resources, so that needs to be taken into account. If you do, then it is very stable.

The scalability is very high. You just need to add extra nodes. I would rate the scalability as eight out of ten.

Technical support is only approached by our third party network service provider.

Deployment took one day.

Implementation was done through a third party. We outsourced the deployment to our network vendor.

Maintenance is also outsourced. For the application itself, maintenance takes about four hours a month. For the actual usage of the applications on a day-to-day basis, we do that ourselves.

Compared to the functionality, the pricing is very favorable. It's affordable and provides good value for the money.

I would rate the pricing as three out of ten.

We evaluated other on-premises solutions, but they aren't very comparable to Aruba.

I would rate this solution as nine out of ten.

I would recommend Aruba ClearPass to others.

Our primary use case is for security.

The aspect of Aruba ClearPass that I like most is that it has a lot of options, it is very versatile.

One thing that could be improved in Aruba ClearPass is that we would like to have an option to recognize all the assets on the customer's site in one click. That is an easy way of recognizing all the assets on a customer site. We would like an easier way of recognizing the assets of the network so we could know in which VLAN we want to configure the port or the suite and which policies apply to that port. We'd like ClearPass do that automatically.

We first installed ClearPass about two years ago.

In terms of stability, it is quite stable.

One a scale of one to five, I would give the scalability a three. It is not scalable enough.

The technical support is good.

The initial setup was quite complex, it is not that easy.

It took maybe two weeks. It takes a long time because it depends on the customer's industry or location or on the user's computers. It's not that fast normally.

Aruba ClearPass is expensive.

On a scale of one to ten I would give Aruba ClearPass an eight.

It is a good solution for applying security to the network. I would recommend it.

We mainly use it for 802.1X authentication.

Our customers like its ability to authenticate using not just certificates but also MAC addresses is very helpful in mitigating unauthenticated access on networks and switches.

There is room for improvement in terms of scalability. 

I have experience with Aruba ClearPass for five to six years.

I would rate the stability a nine out of ten.

I would rate the scalability an eight out of ten. Our customers are mostly medium-sized businesses.

I have some years of experience with FortiGate, Fortinet Firewalls, and Fortinet switches. Mostly with FortiSwitch models 6450, 548, and 124F.

I didn't set it up myself. I'm involved in operating the system.

Overall, I would rate the solution an eight out of ten.

The primary use case of ClearPass is for network access control, wireless access and policy enforcement. We use it for authentication, verification and authorization, and then patch it to our users. We are system integrators. 

The advantage of Aruba is that it is open to any operating system or mobile app. The compatibility of Aruba ClearPass is a key valuable feature and makes it a stronger product than Cisco ISE in this area.

The cost of Aruba is very, very high. It's the biggest challenge we have with this product. It would be helpful if Aruba would integrate the SDN controller into the solution. Cisco is moving towards that in order to create one platform. 

We've been using this solution for 10 years. 

Scalability depends on the design policy. One device has a scalability provision of 20,000 but you might only use 5,000 licenses initially so it really depends on your needs.

The technical support is excellent. 

The initial setup is easy and there is no need to install anything whether you buy the virtual platform or the appliance. It's all very open and clear and a matter of configuring for policy enforcement. 

There are licensing options but this is a very expensive product. 

Forescout and ClearPass are both trying to build their system as an open platform for everyone which is why their reachability is very high. If you're using ClearPass or Forescout, you can use any open switches on the market. Cisco has a limited category that it has developed for its own products and infrastructure. If you use different switches and different Wi-Fi, it doesn't provide the pure solution inside. 

I rate this solution 10 out of 10.