Aruba ClearPass Reviews

ClearPass is the best Network Access Control "Swiss army knife" out there right now. It can do 802.1x (WPA2-Enterprise) for WiFi and LAN. It also has one of the slickest guest captive portal experiences and workflows out there, along with an easy, drop-in BYOD application.

I have not had too much experience with OnGuard, the endpoint integrity feature, but it does that too. With all of the ClearPass integrations and RADIUS Change of Authorization (CoA), it is possible to login wired or wireless endpoints based on a variety of identity stores, then create and associate security policies, e.g., DACLs, based on a device. 

Dynamically provision VLAN assignments, i.e., no more "color-coded ports", write Palo Alto Networks (PAN) NGFW policies that are associated with a specific user (rather than IP address), and quarantine or drop an endpoint off the network in an automated manner if an incident is detected.

All of this, naturally, comes with a lot of details in implementation, but my experience was, like all things InfoSec, implementing the controls is easy if you already have a clear, documented, executive-supported policy that you are using as the control to enforce. Otherwise, the control gets blamed for what is really a lack of clarity and leadership regarding the underlying business policy.

It makes it easy to require robust user authentication for both wired and wireless endpoints, including BYODs.

Access Tracker is definitely the feature that I use the most. It is invaluable for troubleshooting access control incidents and quickly getting to the root cause.

It should be clearer in the pre-sales stage that clear, documented, executive-supported InfoSec policy is the key to success.

We use the solution for basic user authentication, authorization, and accounting purposes.

The solution has the best-automated profiling feature. It helps us create granular policies based on device category. Also, its API-level integration with third-party systems works well compared to other vendors.

They should include features like Radius CoA for IoT and similar devices for the solution. Also, it would be great if they had SMP functionalities as well.

I have been using the solution since 2016.

The solution is highly stable. I rate its stability a ten.

The solution is highly scalable. I rate its scalability a ten. We can add as many subscribers as we require. We have at most ten solution users as our customers. They all are enterprise businesses.

The solution's GUI and configuration workflow could be clearer to understand. I rate its setup process a six. It involves analyzing customers' requirements and starting with a POC. Once it is done, we order equipment and a license. Next, we deploy the solution offline and integrate it with the production environment. The entire process takes around two to three months to complete.

The solution is costly. We have purchased its perpetual license. It is affordable for enterprise businesses. The medium-scale companies find it expensive. I rate its pricing an eight.

I recommend the solution to others. It is an excellent platform. I rate it as a nine.

We are using Aruba ClearPass for authentication purposes.

The solution has been working well.

The scalability could improve.

I have used Aruba ClearPass within the last 12 months.

Aruba ClearPass is a stable solution.

I rate the scalability of Aruba ClearPass a nine out of ten.

The initial setup of Aruba ClearPass was simple.

We did the deployment of the solution in-house.

I rate Aruba ClearPass an eight out of ten.

I have a few customers that are using Aruba ClearPass.

The most valuable feature of Aruba ClearPass is the ease of deployment and integration with other equipment in the network.

Aruba ClearPass could improve the complexity of the initial usage. It takes some time to be good at it. It's not simple to build and connect the rules to the network you want to deploy them on.

In a feature release of Aruba ClearPass, they should add a more graphical way to deploy the rules.

I have been using Aruba ClearPass for approximately two years.

Aruba ClearPass is stable.

I rate the stability of Aruba ClearPass a nine out of ten.

The scalability of Aruba ClearPass could improve. It is easy to make room but some aspects are difficult.

We have approximately 2,000 to 3,000 users that use Aruba ClearPass.

The response time and the knowledge of the support could improve from Aruba ClearPass.

I rate the support from Aruba ClearPass a three out of five.

Neutral

The initial setup of Aruba ClearPass is straightforward. When you need to activate the rules it becomes difficult.

We have one person that is needed to use to support Aruba ClearPass.

The price of Aruba ClearPass is expensive. However, Cisco ISE was as expensive when we were comparing.

We compared Cisco ISE before choosing Aruba ClearPass. Aruba ClearPass is better to use, especially if you have a mixed environment from different deployers or different hardware, it scales better.

I rate Aruba ClearPass a seven out of ten.

We use Aruba ClearPass for our authentication server and also integrate it with our active directory. We also use the endpoint function of the solution.

Aruba ClearPass has improved our organization because, through it, we have much better visibility in terms of who our users are in our network. We have more insight into the type of devices people are using and their roles. For guests, we can also gather some information from them, for example, their emails, so in most cases, Aruba ClearPass is pretty useful for us.

What I like most about Aruba ClearPass is its access tracker that serves as its monitoring feature. The access tracker is really helpful when you want to troubleshoot authentication failures.

What needs improvement in Aruba ClearPass is just the endpoint context server, in particular, the indication with the context server because sometimes the daily process isn't as smooth-sailing. Sometimes, the information isn't up-to-date. I'm not sure if that's a vendor limitation, but currently, it's the only tricky part of the current configuration.

What I'd like to see in the next release of Aruba ClearPass is a dashboard or a monitoring feature that would allow users to see the integration process with an external server because there's no visibility into that right now.

I've been using Aruba ClearPass for one and a half years.

Aruba ClearPass, in terms of stability, is good. We haven't experienced it shutting down in the last one and a half years of using it.

We've only used Aruba ClearPass for the last one and a half years, and we haven't had any need to scale it up, but it seems to be a scalable solution.

We haven't had any issues with Aruba ClearPass. It's been really quiet in the past year, so we haven't contacted their technical support team.

We used a different system before using Aruba ClearPass, but we heard that the licensing scheme for Aruba ClearPass is permanent. The solution offers a permanent license while our previous system had an annual license that we had to renew and repurchase yearly, so that was troublesome for us. With Aruba ClearPass, we don't have to repurchase or renew every year, so that's one of the main reasons we switched to it.

Installing Aruba ClearPass was quite easy. The deployment process for it was quite easy and quick. It took our partner less than two weeks to deploy the solution, so it was quite quick.

We used a third-party company for deploying Aruba ClearPass.

You can get ROI from Aruba ClearPass after two or three years.

I can't give the exact cost of Aruba ClearPass because that's handled by the purchasing team, but it's on the cheaper side, and on a scale of one to five, I'm rating the cost a four.

Initially, the pricing for the solution is expensive in terms of deployment, but in the long term, for example, after more than five to ten years, the operational cost incurred by the company is quite affordable because you don't have to renew the license. It's a one-time purchase.

My company only uses the standard license for Aruba ClearPass.

My company has eight hundred users of Aruba ClearPass in the IT security team, and about five or six people are required for the deployment and maintenance of the solution.

Currently, my company doesn't have any plans of increasing usage for Aruba ClearPass because it's been scaled up three times more than the current need when it was first purchased, so the solution is only being used at about 30% of its maximum capacity. It could take another four or five years before my company increases its usage.

Aruba ClearPass is a solution I would highly recommend to others looking into implementing it because, in my experience, it's really easy to manage. It has a low production cost, and even if the initial cost for the deployment is quite high, it becomes pretty cheap because you don't have to renew the license. If you need basic captive portal authentication, I would recommend Aruba ClearPass.

I'm rating Aruba ClearPass nine out of ten.

My company is a customer, not a partner of Aruba ClearPass.

We have Aruba ClearPass installed on a VM.

We are using Aruba ClearPass for our data needs, and authentication for local networks. We are adding some additional features to control clients using agents. We installed an agent for clients and it controls many things such as if the firewall is enabled or the antivirus is up-to-date.

The most valuable features of Aruba ClearPass are the GUI and its ease-to-do configuration. Additionally, we can troubleshoot many things in one window.

Aruba ClearPass could improve when it comes to troubleshooting, it can be difficult. Some advanced problems are difficult. 

The documentation could improve.

I have been using Aruba ClearPass for approximately five years.

The stability of Aruba ClearPass is good.

Aruba ClearPass is scalable. You can scale it in the same network, or you can scale the Aruba ClearPass server to another disaster recovery site.

We have over 10 customers using this solution. We have some large customers that have 300 companies and it's all linked. They have hundreds of users.

Aruba ClearPass has good support. The engineers are good, they solved every problem that we have.

The initial setup of Aruba ClearPass is simple. It is done through the CLI asking questions that need answers to be input. It takes approximately 20 minutes to complete.

Aruba ClearPass has permanent licenses. You purchase it one time and this license is yours. You don't need to refresh it for five years, et cetera. They have a couple of licenses for enabled features with not only one license.

I would recommend this solution to others.

I rate Aruba ClearPass an eight out of ten.

The most valuable features are planning and analytics.

It is simple to deploy.

It is transparent for the users to come in through ClearPass.

In the future, I would like to see plugins for AI and machine learning. If it did pattern analysis then it could help to determine our requirements automatically.

We have been using ClearPass for a couple of months. 

ClearPass has been very stable and there are no hiccups or any issues that we are experiencing.

It is modularly scalable and I don't see any issues with it.

I've got a lot of people connecting to my facility from outside of the organization, and they all connect through ClearPass. The combined external and internal user count is around 500.

The support that I have had from Aruba on this solution has been very nice. It's very easy to access support and the documentation is self-explanatory. You won't need much guidance from the Aruba team.

When it comes to the initial setup, as a customer, you need to prepare your own decision matrix. Once the matrices are in place, the rollout of ClearPass is seamless. It is easy. However, if you don't do your introspection and homework then it could be a challenge for an organization.

This is a solution that I would strongly recommend.

We are very happy with the support and the product overall. Although it meets our satisfaction and requirements 100%, you can never give a 100% mark. There is a little bit of room for improvement in all things.

I would rate this solution a nine out of ten.

The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.

Device profiling for basic/intermediate NAC is also highly useful.

Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.

Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.

• I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).
• Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.
• Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).

I've used it for just over three years.

I don't recall any issues with deployment.

I don't recall any issues with stability.

I don't recall any issues with scalability.

Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.

It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.

The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.

A local vendor was used.

Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.

If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.