Aruba ClearPass Reviews

We mainly use it for 802.1X authentication.

Our customers like its ability to authenticate using not just certificates but also MAC addresses is very helpful in mitigating unauthenticated access on networks and switches.

There is room for improvement in terms of scalability. 

I have experience with Aruba ClearPass for five to six years.

I would rate the stability a nine out of ten.

I would rate the scalability an eight out of ten. Our customers are mostly medium-sized businesses.

I have some years of experience with FortiGate, Fortinet Firewalls, and Fortinet switches. Mostly with FortiSwitch models 6450, 548, and 124F.

I didn't set it up myself. I'm involved in operating the system.

Overall, I would rate the solution an eight out of ten.

The primary use case of ClearPass is for network access control, wireless access and policy enforcement. We use it for authentication, verification and authorization, and then patch it to our users. We are system integrators. 

The advantage of Aruba is that it is open to any operating system or mobile app. The compatibility of Aruba ClearPass is a key valuable feature and makes it a stronger product than Cisco ISE in this area.

The cost of Aruba is very, very high. It's the biggest challenge we have with this product. It would be helpful if Aruba would integrate the SDN controller into the solution. Cisco is moving towards that in order to create one platform. 

We've been using this solution for 10 years. 

Scalability depends on the design policy. One device has a scalability provision of 20,000 but you might only use 5,000 licenses initially so it really depends on your needs.

The technical support is excellent. 

The initial setup is easy and there is no need to install anything whether you buy the virtual platform or the appliance. It's all very open and clear and a matter of configuring for policy enforcement. 

There are licensing options but this is a very expensive product. 

Forescout and ClearPass are both trying to build their system as an open platform for everyone which is why their reachability is very high. If you're using ClearPass or Forescout, you can use any open switches on the market. Cisco has a limited category that it has developed for its own products and infrastructure. If you use different switches and different Wi-Fi, it doesn't provide the pure solution inside. 

I rate this solution 10 out of 10. 

If for example, a user in my office received a particular VLAN for the USA and relocated to the UK, they will not get the same access. This is the challenge that we are trying to achieve through the CPPM. 

Document authentications allows us to decide which users can connect to an office VLAN and this has been the most valuable feature. It is dependent upon the policies that we have created on CPPM. If a domain laptop needs a Windows update, the device is updated. 

This solution could be improved by making it possible to use it across different territories. Currently, if a user moves from the US to the UK, their usage and access will be restricted. 

I have been using this solution for one year. 

This is a stable solution.

This is a scalable solution. 

The initial setup is straightforward. 

The suitability of this solution is dependent upon the requirements of the business. You need to consider if you want authentications for every network devices like switch, routers, firewalls and wireless. This can depend on the type of projects you are running. 

We needed the enterprise authentication because we needed the wifi dot certification. Using this, we can access network devices and policies. 

I would rate this solution a seven out of ten because the Aruba dashboard is quite simple compared to other solutions.

Aruba ClearPass is used for enforcing certain security policies all around the organization, it covers certain security policies, which is in turn, is deducted from the business requirements. You start with a security policy, then you need technology to enforce it, this is where Aruba ClearPass is used.

A lot of the issues in Forescout are mitigated in Aruba ClearPass, it supports all the expected protocols.

Aruba ClearPass has fewer deployment scenarios and flexibility than Forescout.

I have been using Aruba ClearPass for five years.

Aruba ClearPass is reliable.

I have found Aruba ClearPass to be scalable.

I have approximately two clients with 400 users each, giving a total of 800 users using the solution.

Aruba ClearPass has a very good technical support team. Whenever we need the vendor to be involved, we find a good deal of technical support.

I have used Forescout and I would rate Aruba ClearPass second best.

The initial installation is simple. The deployment could be better since it has fewer capabilities than other solutions, it could be more flexible.

We have a dedicated engineer for Aruba ClearPass when it comes to deploying and support of the solution. One engineer is enough for my client's environment.

The licensing model is very straightforward. There are two types of licensing for Aruba ClearPass, a perpetual license, and a subscription. Both of them are straightforward. We don't need to read an ordering guide, it's very clear.

I would recommend this solution to others if they have a certain use case. If there is a lot of Cisco environments that need to be implied under the security policy, then ClearPass is the right solution for them. It supports a wide range of Cisco technologies and Cisco protocols.

I rate Aruba ClearPass an eight out of ten.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Ability to drill down on items like “System CPU Utilization” or “Device Family” stats from the dashboard. As of right now you need to pick up to 5 items listed on the Dashboard but they seem to be static.

The interface is a little confusing as is setting up some of the options but this is partially due to the flexibility of the product. There are wizards available to create policy which is helpful. We’re primarily using it for RADIUS based AAA for 802.1x Wireless.

One and a half years primarily using the Policy Manager module, and one year using the Guest module. No Onboarding use as of yet.

MS AD integration was a bit of a problem at the beginning until our SE realized that the ClearPass servers need to be joined to the domain before AD lookups can be done.

I haven't experienced any issues.

I haven't experienced any issues.

Mixed – our current SE does not seem to have much knowledge about configuration of ClearPass and I have been referred to their “ClearPass Expert” on a couple of occasions but I have yet to speak to him/her. Aruba TAC has been able to help the few times I’ve called.

Our existing wireless infrastructure is Aruba so it made sense to use their solution for AAA. We did a trial with Win Server 2012 RADIUS and that worked as well, however it does not offer as many options as ClearPass does.

Initial setup was fairly straightforward following the “Start Here” wizard. Our only real “snag” was the Active Directory integration, but that was remedied by our SE.

The licensing model wasn’t explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 Clearpass nodes to accommodate this.

The licensing model wasn't explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 ClearPass nodes to accommodate this.

Tread carefully when estimating the number of unique device nodes for licensing. If using Active Directory for MSCHAPv2 authentication make sure that you add Clearpass to the Windows Domain.

My company uses Aruba ClearPass mainly for the initial goal we set during the initial setup of the solution, which includes Network Access Server (NAS) and backup. We use the application in our company with almost all the features it provides.

I have found all of the features of the solution to be valuable. One of the most important features of the solution is that you can have downloadable user roles for authentication in the solution, which I think is pretty good.

The initial setup phase of the solution was really very difficult, owing to which the setup phase can be considered as an area that can be improved.

I have been using Aruba ClearPass for three years. I am a customer of the solution.

It is a very stable solution. Stability-wise, I rate the solution a ten out of ten.

My organization has about 3,000 users of the solution.

I contacted the solution's technical support team since I had some questions related to the product and not due to any particular issues related to the solution.

My company has a huge infrastructure, because of which we have to deal with a multi-vendor environment that includes Arista, Cisco, Juniper, and Fortinet.

The initial setup of Aruba ClearPass was really very difficult.

The solution is deployed on-premises.

Aruba ClearPass' deployment process that involves the configuration from scratch can take up to a couple of weeks, especially if you are not familiar with the product.

Though I don't remember the pricing model of the solution, I can say that the package or licensing model offered for the solution is a permanent one.

I recommend those planning to use the solution to use it, but they need to consider that it comes across as a really complex solution. It is important to have some past experience with the solution.

I rate the overall product a ten out of ten.

We use the solution for basic user authentication, authorization, and accounting purposes.

The solution has the best-automated profiling feature. It helps us create granular policies based on device category. Also, its API-level integration with third-party systems works well compared to other vendors.

They should include features like Radius CoA for IoT and similar devices for the solution. Also, it would be great if they had SMP functionalities as well.

I have been using the solution since 2016.

The solution is highly stable. I rate its stability a ten.

The solution is highly scalable. I rate its scalability a ten. We can add as many subscribers as we require. We have at most ten solution users as our customers. They all are enterprise businesses.

The solution's GUI and configuration workflow could be clearer to understand. I rate its setup process a six. It involves analyzing customers' requirements and starting with a POC. Once it is done, we order equipment and a license. Next, we deploy the solution offline and integrate it with the production environment. The entire process takes around two to three months to complete.

The solution is costly. We have purchased its perpetual license. It is affordable for enterprise businesses. The medium-scale companies find it expensive. I rate its pricing an eight.

I recommend the solution to others. It is an excellent platform. I rate it as a nine.

I have a few customers that are using Aruba ClearPass.

The most valuable feature of Aruba ClearPass is the ease of deployment and integration with other equipment in the network.

Aruba ClearPass could improve the complexity of the initial usage. It takes some time to be good at it. It's not simple to build and connect the rules to the network you want to deploy them on.

In a feature release of Aruba ClearPass, they should add a more graphical way to deploy the rules.

I have been using Aruba ClearPass for approximately two years.

Aruba ClearPass is stable.

I rate the stability of Aruba ClearPass a nine out of ten.

The scalability of Aruba ClearPass could improve. It is easy to make room but some aspects are difficult.

We have approximately 2,000 to 3,000 users that use Aruba ClearPass.

The response time and the knowledge of the support could improve from Aruba ClearPass.

I rate the support from Aruba ClearPass a three out of five.

Neutral

The initial setup of Aruba ClearPass is straightforward. When you need to activate the rules it becomes difficult.

We have one person that is needed to use to support Aruba ClearPass.

The price of Aruba ClearPass is expensive. However, Cisco ISE was as expensive when we were comparing.

We compared Cisco ISE before choosing Aruba ClearPass. Aruba ClearPass is better to use, especially if you have a mixed environment from different deployers or different hardware, it scales better.

I rate Aruba ClearPass a seven out of ten.