It is best suited for larger companies with lots of remote workers that need complex access management. We've barely scratched the surface on what Appgate can do via its API.
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
Live logging in the client. Currently you have to "download" the logs into a zip file and then open that zipfile to look at the logs. There's no logfile to tail or watch.
Load balancing between controllers could be better. Currently relies on round robin DNS and sometimes a browser will pick a different IP than previous and you'll get a big "LOST CONNECTION TO CONTROLLER" message.
Aruba Clearpass is straight forward in terms of day to day use for monitoring and basic user connectivity issues. The system is very robust on the back end, therefore some larger configuration changes may not be the most intuitive. System upgrades and license management are not the most intuitive either.
The company has been supportive overall of our needs and desired features. I have not personally called the support services, but I've heard no direct complaints either.
We had some issues with ClearPass integration with AirGroup on Aruba Controller Clusters. Basically, it was tough to get coordinated between the controller support and the ClearPass support.
The existing system was FortiGate. The management of the system was a hassle. Because IT personnel had to manually create VPN accounts, user passwords were known to who created them and the end user did not have a way to change them. This created a security issue in the event an IT engineer left the company.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
Set and forget. It made a positive contribution in terms of labor and cost without needing much technical support. Since NAC and TACACS features come together, you can meet your needs with a single license.
The number of supporting companies may be limited in the country you are affiliated with. Therefore, agreements with third-party companies are expensive and your support requests may take a long time.
