FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
N/A
HPE Aruba Networking ClearPass Policy Manager
Score 8.8 out of 10
N/A
The HPE Aruba Networking ClearPass Policy Manager provides role- and device-based network access control for employees, contractors and guests across multi-vendor wired, wireless and VPN infrastructures.
N/A
Pricing
FireMon
HPE Aruba Networking ClearPass Policy Manager
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
FireMon
HPE Aruba Networking ClearPass Policy Manager
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
Yes
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
FireMon
HPE Aruba Networking ClearPass Policy Manager
Considered Both Products
FireMon
Verified User
Administrator
Chose FireMon
We have only used firemon and there hasn't been a need to consider other products as we are satisfied with what Firemon can do.
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.
Though Aruba ClearPass offers a lot of insight and features, it is not the easiest to navigate. A lot of other systems can be figured out as you go, but Aruba ClearPass often requires a lot of research in order to set something up correctly. It's not always easy to find what you're looking for. Once you learn the basics, it becomes a lot more manageable, but it's definitely worth investing in some sort of training.
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
This product has consistently provided the results needed from it and when issues arose, Aruba TAC was able to provide support effectively. In the previous question, I stated that Aruba Wireless is used as well. With those systems in place with ClearPass troubleshooting becomes much easier. I am sure other issues may arise if calling support while using another vendor for wireless such as Cisco, Juniper, etc.
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
ClearPass has streamlined everything so we don't have to have as many people managing our device auth systems.
Our Security team loves that ClearPass can deny unauthorized users and devices from the network. This alone has probably saved us a lot of money and headaches.
