Aruba ClearPass Reviews

Aruba ClearPass is used for enforcing certain security policies all around the organization, it covers certain security policies, which is in turn, is deducted from the business requirements. You start with a security policy, then you need technology to enforce it, this is where Aruba ClearPass is used.

A lot of the issues in Forescout are mitigated in Aruba ClearPass, it supports all the expected protocols.

Aruba ClearPass has fewer deployment scenarios and flexibility than Forescout.

I have been using Aruba ClearPass for five years.

Aruba ClearPass is reliable.

I have found Aruba ClearPass to be scalable.

I have approximately two clients with 400 users each, giving a total of 800 users using the solution.

Aruba ClearPass has a very good technical support team. Whenever we need the vendor to be involved, we find a good deal of technical support.

I have used Forescout and I would rate Aruba ClearPass second best.

The initial installation is simple. The deployment could be better since it has fewer capabilities than other solutions, it could be more flexible.

We have a dedicated engineer for Aruba ClearPass when it comes to deploying and support of the solution. One engineer is enough for my client's environment.

The licensing model is very straightforward. There are two types of licensing for Aruba ClearPass, a perpetual license, and a subscription. Both of them are straightforward. We don't need to read an ordering guide, it's very clear.

I would recommend this solution to others if they have a certain use case. If there is a lot of Cisco environments that need to be implied under the security policy, then ClearPass is the right solution for them. It supports a wide range of Cisco technologies and Cisco protocols.

I rate Aruba ClearPass an eight out of ten.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Ability to drill down on items like “System CPU Utilization” or “Device Family” stats from the dashboard. As of right now you need to pick up to 5 items listed on the Dashboard but they seem to be static.

The interface is a little confusing as is setting up some of the options but this is partially due to the flexibility of the product. There are wizards available to create policy which is helpful. We’re primarily using it for RADIUS based AAA for 802.1x Wireless.

One and a half years primarily using the Policy Manager module, and one year using the Guest module. No Onboarding use as of yet.

MS AD integration was a bit of a problem at the beginning until our SE realized that the ClearPass servers need to be joined to the domain before AD lookups can be done.

I haven't experienced any issues.

I haven't experienced any issues.

Mixed – our current SE does not seem to have much knowledge about configuration of ClearPass and I have been referred to their “ClearPass Expert” on a couple of occasions but I have yet to speak to him/her. Aruba TAC has been able to help the few times I’ve called.

Our existing wireless infrastructure is Aruba so it made sense to use their solution for AAA. We did a trial with Win Server 2012 RADIUS and that worked as well, however it does not offer as many options as ClearPass does.

Initial setup was fairly straightforward following the “Start Here” wizard. Our only real “snag” was the Active Directory integration, but that was remedied by our SE.

The licensing model wasn’t explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 Clearpass nodes to accommodate this.

The licensing model wasn't explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 ClearPass nodes to accommodate this.

Tread carefully when estimating the number of unique device nodes for licensing. If using Active Directory for MSCHAPv2 authentication make sure that you add Clearpass to the Windows Domain.

ClearPass has been the best NAC product and market leader for a decade. It is a robust product.

The pricing policy could be more flexible. Additionally, ClearPass can be integrated with the Aruba cloud solution because many companies are moving to the cloud.

We use Aruba ClearPass for authentication purposes.

I rate the product's stability an eight out of ten.

It is a very high-end product. Its scalability is an eight or nine out of ten.

I used Cisco before. ClearPass supports multi-vendor products. On the other hand, Cisco is limited to being designed, configured, and managed for a specific device. ClearPass configures any products for authentication, device sharing, security, etc.

The configuration was very complex. It is not a product that normal users can use. A bunch of technologies are involved. There are a lot of other policies, which also include device posturing and management. There are many features involved in this product, best used by experts.

If you implement all of the modules, deployment will be perfect. Otherwise, it is not possible because it is very complex. You need to understand the entire system. Since we are just starting with this product, we need to redirect our switching and wireless traffic to the NAC solution. We need to know the network controller features and infrastructure.

The product is very costly, starting at a minimum of 500 users. No small or medium-sized business can go with it as a standard organization has more than 500 users.

Overall, I rate Aruba ClearPass a nine out of ten.

I mainly use ClearPass to issue and authenticate certificates.

ClearPass has simplified our security as an automatic email is now sent to concerned users when something goes down. For example, if your AP or controller is down, a log is immediately generated stating what's happened, and we can use that to work with local engineers or OEM to resolve it. This reduces the impact on business and has simplified around 70% of our work.

ClearPass' best features are authentication, support for multiple devices, and monitoring.

ClearPass' GUI could be more user-friendly.

I've been using Aruba ClearPass for almost three years.

ClearPass is stable - we haven't had any issues since deployment.

ClearPass' scalability is up to the mark.

The initial setup was a bit complex and took a couple of days.

I implemented ClearPass myself.

I would rate ClearPass nine out of ten.

Our primary use case is for security.

The aspect of Aruba ClearPass that I like most is that it has a lot of options, it is very versatile.

One thing that could be improved in Aruba ClearPass is that we would like to have an option to recognize all the assets on the customer's site in one click. That is an easy way of recognizing all the assets on a customer site. We would like an easier way of recognizing the assets of the network so we could know in which VLAN we want to configure the port or the suite and which policies apply to that port. We'd like ClearPass do that automatically.

We first installed ClearPass about two years ago.

In terms of stability, it is quite stable.

One a scale of one to five, I would give the scalability a three. It is not scalable enough.

The technical support is good.

The initial setup was quite complex, it is not that easy.

It took maybe two weeks. It takes a long time because it depends on the customer's industry or location or on the user's computers. It's not that fast normally.

Aruba ClearPass is expensive.

On a scale of one to ten I would give Aruba ClearPass an eight.

It is a good solution for applying security to the network. I would recommend it.

My company uses Aruba ClearPass mainly for the initial goal we set during the initial setup of the solution, which includes Network Access Server (NAS) and backup. We use the application in our company with almost all the features it provides.

I have found all of the features of the solution to be valuable. One of the most important features of the solution is that you can have downloadable user roles for authentication in the solution, which I think is pretty good.

The initial setup phase of the solution was really very difficult, owing to which the setup phase can be considered as an area that can be improved.

I have been using Aruba ClearPass for three years. I am a customer of the solution.

It is a very stable solution. Stability-wise, I rate the solution a ten out of ten.

My organization has about 3,000 users of the solution.

I contacted the solution's technical support team since I had some questions related to the product and not due to any particular issues related to the solution.

My company has a huge infrastructure, because of which we have to deal with a multi-vendor environment that includes Arista, Cisco, Juniper, and Fortinet.

The initial setup of Aruba ClearPass was really very difficult.

The solution is deployed on-premises.

Aruba ClearPass' deployment process that involves the configuration from scratch can take up to a couple of weeks, especially if you are not familiar with the product.

Though I don't remember the pricing model of the solution, I can say that the package or licensing model offered for the solution is a permanent one.

I recommend those planning to use the solution to use it, but they need to consider that it comes across as a really complex solution. It is important to have some past experience with the solution.

I rate the overall product a ten out of ten.

The primary use case of ClearPass is for network access control, wireless access and policy enforcement. We use it for authentication, verification and authorization, and then patch it to our users. We are system integrators. 

The advantage of Aruba is that it is open to any operating system or mobile app. The compatibility of Aruba ClearPass is a key valuable feature and makes it a stronger product than Cisco ISE in this area.

The cost of Aruba is very, very high. It's the biggest challenge we have with this product. It would be helpful if Aruba would integrate the SDN controller into the solution. Cisco is moving towards that in order to create one platform. 

We've been using this solution for 10 years. 

Scalability depends on the design policy. One device has a scalability provision of 20,000 but you might only use 5,000 licenses initially so it really depends on your needs.

The technical support is excellent. 

The initial setup is easy and there is no need to install anything whether you buy the virtual platform or the appliance. It's all very open and clear and a matter of configuring for policy enforcement. 

There are licensing options but this is a very expensive product. 

Forescout and ClearPass are both trying to build their system as an open platform for everyone which is why their reachability is very high. If you're using ClearPass or Forescout, you can use any open switches on the market. Cisco has a limited category that it has developed for its own products and infrastructure. If you use different switches and different Wi-Fi, it doesn't provide the pure solution inside. 

I rate this solution 10 out of 10. 

A major feature that I deploy and all my customers enjoy is the On-boarding function. Once properly set-up, it is very easy to configure and maintain all on boarded devices and users associated with those devices.

The feature that I use the most is the Access Tracker. It displays all relevant information of each authentication request and troubleshooting is a breeze on how the data is displayed.

I have deployed ClearPass in a number of organizations that have been using any number of outdated and obsolete security protocols for their wireless security from WEP and PSKs to MAC based authentication and global user names and passwords. Deploying ClearPass allowed these organizations to move from weak security protocols to industry standard security protocols.

Every deployment of ClearPass I have run into a bug or a feature that is not as user friendly as it could be. This can be easily improved upon by providing documentation and guides of proper syntax inputs. I have gotten around these issues by purely trial and error.

I have used ClearPass for the past five years and have deployed all the features that ClearPass has to offer. I have deployed it in school districts, hospitals, government agencies and all major industry verticals.

It is not as user-friendly and intuitive when first using it as it takes some time to know were everything is.

I have deployed Clearpass in environments that require over 500,000 authentications per day and have not had any issues.

I have deployed Clearpass in environments that require over 500,000 authentications per day and have not had any issues

For 90% of troubleshooting and basic configuration the Technical Assistance Center has always been very good, once the issue becomes a unique case specific to the customer that’s when resolving issues may take longer the three hours. Overall, Aruba Networks is really good in supporting ClearPass.

The basic network set-up is straightforward to get it on the network. Activating the licenses and getting the subscription key for ClearPass is a bulky and compression process with very little guidance or documentation. If there is an issue with the license, the only solution to almost always call Aruba tech support. Once the licenses are sorted out an upgrade needs to happen and the size of the update is 1.4Gb or more and based on the customers network, may take a long time. Finally, after ClearPass is on-line and fully updated, the configuration and basic troubleshooting is pretty straightforward. If it’s the first time someone is looking at it there is defiantly a learning curve.

I am the system integrator if it would be done in-house. If the person that is deploying ClearPass has experience with radius servers, deploying it would take three to six times longer than to hire a system integrator. Unless the in-house IT team has the time and resources to learn to deploy and troubleshoot ClearPass out of the box, then I definitely recommend getting a systems integrator. They would know how the system works, what questions to ask and troubleshooting techniques.

There are a lot of questions need to be answered before answering the real ROI question correctly, the biggest questions are how secure is your current network? Does it meet the industry security standards? Can you afford to have your network infiltrated or have loss of data? And can you afford to lose data? If not then pricing and licensing can be worked out.

Before you buy licensing know how and way you are using clearpass. I cant count how many times a customer has perched the wrong license or to many or not enough.

It can easily handle all types of authentication methods and has a large amount of flexibility, which can cover all scenarios. However it is lacking in third party integrations and little to no documentation on customization. Aruba assumes that you have working knowledge of their CSS tags, JavaScript, REST API integration and others.

If you are looking for a NAC solution ClearPass is one of the best all in one solution it covers all authentication methods and has a large flexibility that can be easily customized to fit any scenario in any industry vertical.