Aruba ClearPass

Why do you need network access control?

70% of organizations don’t know what devices are connected to their network. Without visibility and control, every IoT device, guest laptop, or employee’s personal phone is a potential threat. Traditional “trust the network” approach doesn’t work in the Zero Trust era.

Aruba ClearPass Policy Manager is the leading NAC (Network Access Control) platform that automatically profiles over 70,000 device types and enforces access policies in real-time. Recognized as a leader in NAC segment by Gartner and Forrester.

How does it work?

Device Profiling

Automatic identification of every device:

• 70,000+ devices in signature database
• Machine learning for unknown devices
• Continuous profiling - not just at connection
• Threat intelligence integration

Policy Engine

Centralized access policy management:

• Role-based access per user/device/location
• Dynamic Segmentation on switches and APs
• Automatic non-compliance remediation
• Context-aware policies (time, location, posture)

Zero Trust Enforcement

Least privilege principle enforcement:

• Network traffic microsegmentation
• Continuous verification - not just at login
• Automatic isolation of suspicious devices
• Integration with firewalls and SIEM

Main Features

Authentication

• 802.1X with EAP-TLS, PEAP, EAP-TTLS
• RADIUS server for all devices
• TACACS+ for network devices
• MAC Authentication Bypass for IoT

Endpoint Posture

• OnGuard agent for Windows/macOS
• Agentless assessment via network
• AV, patch, configuration checking
• Auto-remediation or quarantine

Guest & BYOD

• Self-service portal for guests
• Employee-sponsored access
• BYOD onboarding with certificates
• Customizable branding and workflow

Integrations

• 150+ technology partners
• Firewalls (Fortinet, Check Point)
• MDM (Intune, Jamf, Workspace ONE)
• SIEM (Splunk, QRadar, Sentinel)

Architecture

Policy Manager: Central policy and RADIUS server

Device Insight: Cloud-based device profiling with AI

OnGuard: Posture assessment agent

Guest: Portal for guests and BYOD

OnBoard: Automatic certificate issuance

Who is it for?

• Organizations implementing Zero Trust Network Access
• Enterprises with BYOD policies
• Environments with large number of IoT devices (healthcare, manufacturing)
• Regulated industries requiring access audit (finance, public sector)

Benefits

For IT: Automatic onboarding, fewer help desk tickets, full device visibility

For security: Zero Trust without network redesign, threat isolation, compliance ready

For business: Secure BYOD, risk-free guest access, regulatory compliance

Specifications

Deployment	Hardware appliance, VM, cloud
High Availability	Active/standby clustering
Device database	70,000+ profiles
Integrations	150+ ecosystem partners

FAQ

Does ClearPass require Aruba devices? No. ClearPass works with switches and APs from any vendor supporting RADIUS.

How many devices can be profiled? Database contains 70,000+ profiles. Unknown devices are classified by ML.

How does licensing work? Per endpoint. Access (basic) or OnGuard (with posture assessment) licenses.

Does ClearPass replace Active Directory? No. Integrates with AD/LDAP as identity and authorization source.

How does BYOD onboarding work? User connects to portal, downloads profile/certificate, and device is automatically configured.

Can I check endpoint security state? Yes. OnGuard checks AV, firewall, patches and can block or fix non-compliance.

How does firewall integration work? ClearPass sends context (user, device, role) to firewall via API or syslog.

Is cloud version available? ClearPass is on-premises. Device Insight (profiling) is in cloud.

What security certifications? Common Criteria, FIPS 140-2, GDPR, HIPAA, PCI DSS compliance.

What about support? HPE Foundation Care. nFlo as a partner provides deployment, integrations, and training.