I have experience working as a systems and network engineer for a pharmaceuticals company.
I am evaluating Aruba ClearPass and FortiNAC. What are the biggest differences between the two? Which would you recommend?
Thanks! I appreciate the help.
I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
We are using Aruba ClearPass in CCHE.
We use a Cisco-based solution.
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.