Call a Specialist Today! 844-356-5141 | Free Shipping! Free Shipping!


Aruba ClearPass Policy Manager For Secure Network Access
The most advanced Secure NAC platform available




Related products

Aruba ClearPass is a vendor agnostic solution that works seamlessly with Aruba and third-party network devices.

 

 

Simplify network access and security with ClearPass products


Aruba Clear Pass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement. Its highly interoperability feature helps customers to leverage their investment in earlier security products.

Read ClearPass Policy Manager data sheet (PDF)

With ClearPass Onboard, easily create and deploy BYOD workflows to authorize employees and contractors to use their devices on secure networks.

ClearPass OnGuard’s Advanced endpoint posture assessments can automatically remediate or quarantine endpoints that violate corporate security and compliance policies.

Read ClearPass Onboard data sheet (PDF)
Read ClearPass OnGuard data sheet (PDF)

It’s easy to implement secure guest access and create a customized web portal using your own brand. Leverage unique features such as sponsor approval, credential delivery or usage policies via email or text.

Learn about our Portal Design Service (PDF)

Make sure you secure those Ethernet ports behind IP desk phones and in conference rooms that are not using secure 802.1X.

Read the solution brief (PDF)

CPPM Product features

Implement reliable network access control based on Zero Trust Security.


AI-powered visibility

ClearPass Policy Manager has built in device discovery and profiling features that can be complemented with AI-powered ClearPass Device Insight or Aruba Central Client Insights.

Robust authentication

ClearPass authenticates the user or device identity against a wide variety of identity sources such as Microsoft AD, LDAP, ODBC-compliant SQL database, token servers, and internal databases.

Secure authorization

ClearPass provides authorization based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time of day.


Reliable policy enforcement

When a security compromised is detected ClearPass can be signaled to take a response action from a wide range of security, network and IT sources.

Powerful integrations

ClearPass is a vendor agnostic solution and seamlessly integrates with more than 140 security-based partner solutions to provide robust authorization and enforcement.

SSO support

Single sign-on (SSO) support works with Ping, Okta, and other identity management tools to improve user experience of SAML 2.0-based applications.

Details and specifications for Aruba ClearPass Policy Manager

Appliances ClearPass is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, CentOS KVM, Amazon EC2 & Microsoft Azure.
  • VMware ESXi up to 7.0
  • Microsoft Hyper-V 2016/2019 R2/2019 and Windows 2016 R2 Enterprise
  • KVM on CentOS 7.7 and Ubuntu 18.04 LTS
  • Amazon AWS (EC2)
  • KVM on CentOS 7.7. Ubuntu 18.04, and Ubuntu 20.04
  • Amazon AWS (EC2)
  • Microsoft Azure
Platform
  • Deployment templates for any network type, identity store and endpoint
  • 802.1X, MAC authentication and captive portal support
  • ClearPass OnConnect for SNMP-based enforcement on wired switches
  • Advanced reporting, analytics and troubleshooting tools
  • Interactive policy simulation and monitor mode utilities
  • Multiple device registration portals – Guest, Aruba AirGroup, BYOD, and un-managed devices
  • Admin/operator access security via CAC and TLS certificates
Framework and protocol support
  • RADIUS, RADIUS Dynamic Authorization, TACACS+, web authentication, SAML v2.0
  • RadSec (TLS encoded RADIUS)
  • 802.1X-2010, 802.1X-2020
  • TEAP (Tunneled EAP)
  • EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
  • PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAPPublic, EAP-PWD)
  • TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP)
  • EAP-TLS
  • PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
  • OAuth2
  • WPA3
  • Windows machine authentication
  • SMB v2/v3
  • Online Certificate Status Protocol (OCSP)
  • SNMP generic MIB, SNMP private MIB
  • Common Event Format (CEF), Log Event Extended Format (LEEF), and RFC5424
Supported identity stores
  • Microsoft Active Directory
  • RADIUS
  • Any LDAP compliant directory
  • MySQL, Microsoft SQL, PostGRES and Oracle 11g ODBC-compliant SQL server
  • Token servers
  • Built-in SQL store, static hosts list
  • Kerberos
  • Microsoft Azure Active Directory
  • Google G Suite
RFC standards 2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302, 4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176, 5216, 5246, 5280, 5281, 5282, 5424, 5755, 5759, 6614, 6818, 6960, 7030, 7170, 7296, 7321, 7468, 7748, 7815, 8031, 8032, 8247, 8446, 8709, 8894, 8908
Internet drafts Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST.
Profiling methods
  • Active: Nmap, WMI, SSH, SNMP
  • Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX, sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
  • ClearPass Device Insight
  • Integrated & 3rd Party: Onboard, OnGuard, ArubaOS, EMM/MDM, Cisco device sensor
IPv6 Support
  • RADIUS and RadSec
  • TACACS+
  • Clustering (intra-node communication)
  • Web and CLI based management
  • IPv6 addressed authentication & authorization servers
  • IPv6 accounting proxy
  • IPv6 addressed endpoint context servers
  • Syslog, DNS, NTP, IPsec IPv6 targets
  • IPv6 Virtual IP for high availability
  • HTTP Proxy
  • Ingress Event Engine Syslog sources
  • Onboard, OnGuard
Certifications
  • FIPS 140-2 – Certificate #2577
  • Common Criteria NDcPP + Authentication Server (ClearPass)
  • USGv6 approved


Questions? We're here to help.

From offering expert advice to solving complex problems, we've got you covered. Get in touch with a Aruba Networks Solutions Specialist today to learn more!