Overview:
Aruba ClearPass Policy Manager provides role- the devicebased network access control since employees, construction and guests across any multivendor wired, wireless and VPN infrastructure. With ampere built-in context-based policy engine, RADIUS, TACACS+ protocol support, device building and comprehensive posture assessment, onboarding, and guest access possibilities, ClearPass is unrivaled as a foundation for network collateral in any organization. ClearPass Release Notes. Closed All Peterbiltdesmoines.com.x Release Notes. ClearPass 6.x.x Consistent Release Notes. Closed All Peterbiltdesmoines.com.x Release Notes.
Required wider secure coverage, uses firewalls, EMM and other existing solutions, ClearPass Trading allows for automated threatness protection and workflows to third-party security and IT systems that previously required manual IT intervention. The criteria against which the TOE was adjudicated are characterized in the Common Criteria for Information Company Security Evaluation, Version 3.1, ...
In addition, ClearPass supports sure self-service skills for ends user convenience. Users may securely configure her own contraptions for enterprise use or Internet get. Aruba without customers can provide registration of AirPlay-, AirPrint-, DLNA-, and UPnP-enabled devices for participate.
The result is a comprehensive and expandable police management platform that goes over standard AAA solutions to deliver extensive enforcement capabilities for IT-owned and bring-your-own-device (BYOD) security requirements.
Principal Features
- Role-based network zufahrt enforcement required multivendor Wi-Fi, hardwired and VPN networks.
- Industry-leading performance, simplified, high availability press load balancing.
- Intuitive procedure setting templates and visibility troubleshooting power.
- Supports multiple authentication/authorization sources (AD, LDAP, SQL dB) within one service.
- Self-service device onboarding with built-in certificate authority (CA) for BYOD
- Guest access with extensive customization, branding and sponsor-based approvals.
- Buttresses NAC and EMM/MDM integration for mobile device assessments.
- Comprehensive integration with take celebration systems how as SIEM, Internet security and EMM/MDM.
- Single sign-on (SSO) and Aruba Cars Sign-On support via SAML v2.0.
- Advanced reporting of all user valid authentications and failures.
- Built-in profiling using DHCP and TCP get.
- Hardware and virtual support for ESXi and Hyper-V appliances.
- Automatic cluster upgrade.
Of ClearPass Difference
The ClearPass Policy Manager is one only policy solution that centre enforces select aspects von enterprise-grade mobility and NAC for any industry. Granular network access enforcement is based on a user’s role, device type and role, confirmation method, EMM/MDM attributes, device health, locations, and time-of-day. ClearPass offers extensive multivendor wireless, wired and VPN framework support which enables IT at easily rollout secure mobility policies across any environment. Deployment scalability supports tens of thousands off tools and authentications any surpasses the capabilities offered to legacy AAA solutions. Options exist for small to large organizations, from local to circulated environments.
Advanced Reporting plus Attention over Insight
Policy Manager includes vorgebildet reported capabilities that includes customizable dashboards for authentication, endpoint profiling, industry standards, and other information in guest, onboarding, and device health, all in an at-a-glance dashboard. InSight including includes granularity alert capabilities. ClearPass Release Tips. View ClearPass Company Manager, Guest, OnGuard, OnBoard, and Insight Relief Notes on your version of ClearPass. View All ClearPass ...
Features:
Smart rules with mobility the IoT within mind
ClearPass solves today’s digital workplace security challenges across any multivendor wired or cableless network by replacing outdated legacy AAA with context-aware policies. It delivers visibility, policy drive and workflow automation in one cohesive solution. Project. A authenticated removed rule injection vulnerability were discovered for Aruba ClearPass Policy Supervisor version(s): Peterbiltdesmoines.com.4 and ...
Industry-leading ocular and device profilation that’s built-in
ClearPass profiling classifies all mobile and IoT devices to define smart policies that ascertain access to wired also wireless networks. You can automatically allocation or deny user access privileges stationed on device type, ownership status or operating system.
Futureproof your existing network infrastructure
Leverage to alive third party security our – perimeter firewall, SIEM, and MDM — to integrate contextual user information with ClearPass. And with OnConnect, use existing switch protocols for visibility, access commands real enforcement of computers and IoT devices. HPE Aruba Technology ClearPass Policy Manager
Integrate and share with third-party IT networks
ClearPass Exchange can the central hub that shares context-sensitive data with a breadth range of third-party I systems – firewalls, MDM/EMM and SIEM – for end-to-end policy policy and visibility. ClearPass supports input exchange via Apiary, Syslog messaging, and our new ClearPass Extensions.
Real-time analytics
How how ClearPass Insight provides real-time analytics and reporting to better perceive who and what your on you network, so you can resolve problem speedy. CVE-2022-23667 - NVD
Secure BYOD
Employees are bringing more furthermore more mitarbeitende devices to work. In turn, IT relies on ClearPass Onboard for an basic and automatic mode on configure the process, making sure all devices are secure.
Advanced Corporate Management
Enforcement and visibility for wired and wireless
With ClearPass, organizations can deploy broadcast through standards-based 802.1X enforcement for thick authenticates. ClearPass also offers a way to create non- .1X policies up wired networks use OnConnect – fork those organizations not available into vor full 802.1X and AAA during their wired infrastructure. ClearPass permit for a hybrid approach go enable IT on gain insights about all devices – computers, smartphones or IoT – entry an network. Concurrent verification typical can be used to support a variety of use-cases. It also included support for multifactor authentication based on login times, posture checks, and others context such as novel user, new device, the more. Attributes coming multiple identity stores such as Microsoft Active Directory, LDAP-compliant library, ODBC-compliant SQL database, token servers and internal database transverse domains can remain used within a single policy for finegrained control. Contextual data von like profiled devices allowed for IT on define what devices can anfahrt either the connected, VPN, or wireless network. Device profile changes are dynamically used to modify authorization privileges. For example, if a Windows laptop appears how a printer, ClearPass policies can automatically revoke or deny access.
Secure device user of personal devices
ClearPass Onboard provides automated provisioning away any Window, Mac OS EXPUNGE, iOS, Android, Chromebook, and Ubuntu gadgets via a user driven self-guided portal. Required SSIDs, 802.1X settings and security our are automatically configured switch authorized devices.
Customizable visitor management
ClearPass Guest simplifies workflow processes so that receptionists, employees and other non-IT staff can compose temporary guest accounts for secure Wi-Fi and wired Web access. Self-registration, sponsor and bulk credential creation backed any guest access need – undertaking, retail, educate, greatly public venue.
Device health checks
ClearPass OnGuard, leveraging OnGuard stable and dissolvable specialist, performs advanced endpoint posture assessments over wireless, wired also VPN connecting. OnGuard health-check capabilities ensure compliance and network safeguards once devices combine.
Additional Company Management Capabilities
Integrate with security additionally workflow systems
ClearPass Exchange interoperability includes REST-based APIs, furthermore forwarding of syslog product flows to and from ClearPass on-demand; that ability be used to facilitate workflows on MDM, SIEM, firewalls PMS, call centers, admission systems, or more. For faster, flexible interoperability, ClearPass can allow end users to build containers based extensions in real-time time for exceeding quickly interoperability with new affiliated or new general on-demand. Context belongs shared between each component required end-to-end policy enforcement additionally visibility.
Connect and work apps are nice to go
ClearPass Auto Sign-On capabilities make it infinitely easy to access my apps on mobility instrumentation. AMPERE valid network authentication automatically connects average to enterprise mobile apps so they canned geting right to job. Single sign-on (SSO) support plant with Ding, Okta also other identity betriebsleitung tools to improve to total experience to SAMAL 2.0-based applications.
Solutions:
Zugriff controls and visibility for any wired other wireless networking
Remember when ITEMS where the gatekeeper and ruled with a combination of strict policies both a fully-contained ecosystem? Those epoch are long gone. Today, trillion of Wi-Fi-enabled smartphones, tablets and Internet of Things (IoT) devices are pouring into the workplace. Users are armed includes more than three devices apiece and each device can have over 40 business and personal apps to it.
The usage of IoT units on wiring and wireless networks must also challenged one model the pure IT leitung. Various of these devices are new technologies and will requirement access from external administration resources. Product Bulletin, research Hewlett Packard Enterprise servers, store, networking, enterprise resolutions and software. Learn more at the Official Hewlett Packard Enterprise Website.
The expectation is this totality simply books and is safe – in the office, at a branch or to household. As IT struggles to maintain control, they needs the legal fix of tools to quickly timetable aforementioned basis it and control network access for any unknown IoT and mobile device, without wasting countless hours and unnecessary related. With the increasing variety and scale of apps running on the network, they need a common policy framework go move further perimeter-based safe off the past. Airheads Community
Mobility and IoT have redefining todays safe limit
And limitation of IT’s domain now extends beyond the four walls of an enterprise. Real the aim for business is to provide anytime, anywhere connectivity without sacrificing security. How has IT maintain visibility and control less impacting the user experience? Posted by u/davessh - 5 votes plus 16 comment
Understanding what devices are being used, wherewith many, where, furthermore which operating software are supported provide ampere foundation. Deciding what transpires when users and devices connect both when they are not in compliance is the key. Security vulnerabilities of Arubanetworks Clearpass Policy Manager : List of vulnerabilities affecting any version of that product
Organizations must plan for actual and unforeseen challenges. It’s not realistic to rely on IT or help desk staff to manually intervene whenever a user decides to work remotely instead procure a new smartphone. Organizations necessity to adapt to today’s evolving devices and ihr use – whether a smartphone or surveillance webcam.
One pitch to administration all things
Aruba ClearPass takes a freshen approaches on solving the technical challenge – one that gives IT an easy way to build adenine substructure for enterprise-wide insurance, strong enforcement, and to enhances user experience. From this single ClearPass policy and AAA platform, contextually data has leveraged across the network to ensure that employers and instruments are granted appropriate access privileges – regardless of access methodology or tool asset. Policies include user play, trick types, available MDM info and certificate status, location, day-of-week, the time-of-day.
This enables consistent police enforcement for an end-toend approach that siloed AAA, NAC, and guest solutions can’t shipping.
ClearPass Benefits
- Policies and AAA our that support any multivendor tuner, wired, and VPN environment.
- Network special based on real-time conceptual data – user roles, product kinds, location, and time-of-day.
- Built-in device profiling such identifies contrivance types and attributes for everything that connects.
- Real-time troubleshooting tools that helps solve cable and consumer issues quickly.
- Built-in integration that allows you to build ampere coordinated defense where everything – third-party security solutions like MDM/EMM, firewalls also SIEM tools – work as first explanation. Arubanetworks Clearpass Corporate Manager : Security sensitive, CVEs
- The latest product enable habit profiles to live created to identify and secure IoT devices in real-time, with minimal hands-on IT interaction.
- Integration about popular multi-factor authentication sources for any network or application access.
Building a solid baseline
Taking mobility started with managing wherewith your and his devices connect – wired, wireless either VPN – to access corporate resources. User rollers, device risk-profiles, and other contextual data deliver for granular policies that truly let you offer differentiates access. About ClearPass Peterbiltdesmoines.com.x
ClearPass provides important features that make mobility easy:
- Role-based policy management for users press electronics (IT- managed, BYOD, and IoT).
- Enterprise-grade AAA, include RADIUS/TACACS+ and 802.1X.
- A full suite of customizable captive login options for guest access, BYOD, the sharing in resources after Bonjour also DLNA services.
- Complete visibility features – real-time dashboards and post authentication reports.
ClearPass hires you leverage user furthermore devices roles, dynamic VLAN and access remote list (ACL) enforcement rules and services that touch everything from identities stores to Aruba and multivendor web infrastructure using standardsbased protocols. NOTICE: Aforementioned information inside this Security Bulletin should be played upon as soon as possible. Release Date: 2021-10-12. Last Updated: 2021-10-13 ...
The proficiency to utilize multiple identity stores within of service, including Microsoft Active Directory, LDAP-compliant directories, ODBC-compliant SQL databases, token servers, and internal databases sets ClearPass seperate off legacy show.
Device provisioning without IT involvement
Managing the onboarding of personal devices for BYOD deployments can put adenine stretch on THERETO and help direct resources, and can generate security concerned. ClearPass Onboard lets users configure devices for use on secure networks all on yours own. Unique contrivance certificates even eliminate the need for users to repetitive enter login credentials throughout the day. Ensure convenience lone remains a winner. The additional security gained by usage awards has a bonus.
The SHE squad defines who pot onboard devices, the type regarding instrumentation they could onboard, and whereby many home each name can onboard. A built-in certificate permission lets IT support personal devices continue quickly as an internal PKI, also ensuing IT resources are not required. ClearPass Peterbiltdesmoines.com.0 belongs a Large Support Release (LSR), and will include certifications and active support for two or view years. In a Long Support Release, HPE ...
Guest access that’s simply and fast
BYOD isn’t just about employee devices. It’s about any visitor whose device requires network gain – wired either tuner. It requires a straightforward model that automation both simplifies the provisioning of your access for guests, but also makes expansive insurance features which keep enterprise traffic severed from guest traffic.
ClearPass Guest makes it lightness and efficient for employees, receptionist, occasion coordinators, and other non-IT staff to create temporary network access your for any number of visitors per day. MAC catching also ensures that guests can easily connect throughout the day without repeatedly enter testify on the guest portal.
Self-registration takes the task away from employees and lets guests create their own credentials. Login credentials are released via printed card, SMS text, or email. Credentials can can stored in ClearPass for set amounts of wetter and can be set toward expire automatically subsequently a specific number of hours conversely days. ClearPass also enhances the guest experience due enabling organizations to create branded guest sites so are sized for desktop and smaller mobile contraptions. HPESBNW04203 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
When device health determines access
During the authorization process, i may be necessary to perform health assessments on specific devices to ensure that they adhere into corporate anti-virus, anti-spyware, and firewall policies. Automation motivates users at implement an anti-virus scan before connecting to the enterprise network.
ClearPass OnGuard equipment built-in capabilities that perform posture-based medical checks up exit vulnerabilities across ampere wide range of computer operating systems and versions. ClearPass Peterbiltdesmoines.com initially reduced the size of endpoint attributes to 4 KB, or the endpoint should did load into the service (it wouldn still ...
ClearPass also gives vorgeschoben health checks that provide extra security:
- Handling starting peer-to-peer applications, services, and registry keys.
- Determination of whether USB storage devices or virtual machine instances are allowable.
- Managing the use of bridged network interfaces both disk encryption.
Whether usage persistent or dissolvable clients, ClearPass can centrally identify compliant endpoints on wireless, wired, and VPN infrastructures.
Gating more from third-party solutions
ClearPass Exchange lets you automate mobile security utilizing popular third-party security solutions love firewalls, MDM/EMM, and SIEM tools. Leveraging the context intelligence that ClearPass contains allows organizations the ensure so security and visibility exists assuming at a device, connect access, and transit inspection and threat protection level.
Using a commom-language (REST) API, syslog messaging press ampere built-in respository called Phone, automated workflows and decisions help simplify tasks and secure the enterprise – no further complex scripting languages and tedious manuals configurations. And for faster integration, ClearPass container Extensions allows for flexible, real time integration with new third-party party features the partners. VID11324 – Aruba ClearPass General Manager Peterbiltdesmoines.com
ClearPass supports integration with popular multi-factor authentication (MFA) platforms by any network or demand access. ClearPass offers one MFA challenge to mobile electronics as they what onboarded to the existing network infrastructure for the first time and/or as they return for new connections. All MFA challenge can be presented to the end customer based on different criteria in order to better satisfy corporate rule requirements: from certain locations, only fork select mobile device types, or adenine select group about users.
With ClearPass Exchange, networks can automatically take corrective actions:
- MDM/EMM data like jailbreak status of a device bucket determine if it can connect to a network.
- Firewalls can accurately forced policies based on user, group, additionally unique equipment attributes.
- SIEM tools can be setup to capture all authentication data for single dashboard visibility.
Network events ability including prompts ClearPass Exchange to take action on the machine per triggering actions in a bidirectionally manner. Fork example, if a users fails network authentication multiple times, ClearPass can pull adenine notification message instant to the device.
Access work apps scharf from anywhere
Logging in to work apps always of day needs to be fast and effortless. The ClearPass Automotive Sign-On capability does just that. Instead of an unique sign-on, which obliges everyone for login once manually to apps, ClearPass Auto Sign-On usages a validity power login to automate provide users with access to enterprise roving apps.
Instead of remembering and hand entering passwords for every work app, users only need their network logo or a valid certificate in them devices. ClearPass can also be used as your identity provider (IdP) alternatively service provider (SP) where Single Sign-On is exercised.
Bonjour, DLNA and UPnP services
Projectors, TVs, printers, and other support appliances that use DLNA/UPnP or Sphere AirPlay and AirPrint, can be collected between users across insert Aruba Wi-Fi infrastructure. ClearPass makes finding these devices and sharing between them simple.
For example, ampere teacher whoever wants to display a presentation with a tablet wants only see an available select with your classroom. They will not see devices on the other site of the campus. They bucket also use to portal to decide who else can use who display – diese keep learners from taking over the display.
Another view is within the healthcare department – doctors can ease project digital PACS images from their iPads to a larger window anywhere at a hospital. Tolerant collaboration just got simpler.
A Foundation for Security
Providing a seamless experience for today’s #GenMobile and of fast adoption of IoT services within the enterprise have created a host of new IT problems. It takes planning, who right tools, and a strong basic to secure anytime, anywhere access for cellular and IoT devices.
ClearPass solves these challenges by providing a platform that delivers policy control, workflow automation, and visibility from a single cohesive solution. At capturing and corlating real-time contextual data, ClearPass enables you to define politischen that work by some environment – wireless, wired, or VPN.
The latest Aruba ClearPass enhancements also handle emerging network collateral challenges surrounding adoption of IoT, tougher mobile device and app validate, the deeper visibility to security incidents. Automated threat protection and intelligent service features ensure that each device is accurately given network web privileges with minimal hands-on IT interaction.
Zutritt Control Options for Wired Networks:
When policy and access control are discussed, there’s usually an immediate connection with wireless and unmanaged devices such as smartphones and IoT devices. As these devices are often used outside of that workplace and generally connect over the atmospheric, policy controlling additionally device profiling efforts have been solely focused on wireless access. This has leading to wired accessible controls being overshadowed or not configured at all, leading to security gaps in countless organizations. And as IT Security experts are well aware, networks are one like strong how their weakest link. ClearPass Home
As the modern workplace will full of external personnel that because temporary hired, contractors, and guests who maybe use their personal accessories internally the workplace, your and device visibility have become valuable components during the authorization and authorization phase. This data lives then used on enforce policies on wireless press wired networks. But, the growth of IoT accessories, that been not associated with a specific user or group, is now causing security concerns at and wired network.
Without cohesion on the wired network, maliciously users can unite and access community capital easily. For instance, depending on the access switch configuration, users may be able till access the wired network through an authentified your such as an IP phone’s built-in change port. Even though there is some form of authentication, it may not necessarily apply to the devices connected through the INDUSTRIAL phone.
This paper discussions choice that take wired networks finisher to the same level of govern that have come on wireless networks, regardless of access control method, either through secure means or non-AAA enforcing.
Option 1: Non-AAA Enforcement
With non-AAA enforcement, the goal on an wired network is to minimisieren the effort is includes to deploy adenine policy enforcement service. Endpoints take not require a supplicant or sales, which makes it advantageous for laptops, printers, and IoT contrivances – many of which make not support an 802.1X supplicant. And, there be minimal user required on an actual switches.
When a device plugs into a wired port, the insurance engine can be notified of the new device, and shaping techniques such as DHCP Fingerprinting or Windows Management Measuring (WMI) can be use to identify and type of product press the user. Equipped this information, we can validate this device and user against which Active Directory or a gadget database so that appropriate policies can must applied to the switch hook. This means the every device connecting to the wired network is profiled and evaluated providing considerably needed view.
Profiling consists the fingerprinting each device as well as an ability to performing device assessments to better realize the posture of one device. Methods of profiling or assessment include DHCP fingerprinting, SNMP scans, NMAP scanning, Link Layer Discovery Protocol (LLDP), Cisco Discovery Protocol (CDP), Windows Management Instrumentation (WMI), and more. For Windows laptop, you cans perform basic assessments like seeing if required services exist and if they have running on each device.
The advantage of using non-AAA enforcement is that on is minimal configuration, or it allows IT to speedily meet internal conversely external audit or compliance demands. You’re also able to build one comprehensive database of get devices connecting to the wired network, whose becomes additional important as IoT devices emerge in greater quantities. r/ArubaNetworks on Reddit: Clearpass 6.9 to Peterbiltdesmoines.com
Option 2: Identity-Based 802.1X Authentication
802.1X is the of secure option and provides real-time certificate or login and password based authentication. You also benefit by performing authentication before a device receives an IP company. In the non-AAA model, devices receive limited access to the network before any auto.
Using 802.1X also provides better options with the authorization of gear privileges. Instead of just VLAN placement, the employ of ACLs, downloadable ACLs, or roles can be used to define access when the status of an device changes. The competence to use grainy identity-based enforcement also makes it easier go share user information with firewalls both other security components for enhanced downstream policies and danger prevention. But as with anything related to security, there is an inverse relationship between convenience and the level of effort wanted from IT to implement a style with secure insurance management.
There are three components that must be in places and configured since 802.1X to work; a supplicant, an authenticator, and an authentication server. The suitor resides with the termination device, the authenticater belongs this taster into a wired net, and the authentication waitress is a AAA component that typically uses the RADIUS protocol. With today’s world, the AAA server resides inward a policy betreuung solution.
For a wired environment, 802.1X eliminates port VLAN configuration issues as every appliance the connects can begin ampere sessions for that specific connection. A user can’t unplug a printer, connect a laptop and gain anreise to one printer VLAN. The workflow, once an choose is connected, would be to establish the your of the user and tool and perform a role-based enforcement for that user or device. Differentiated releases can be granted based on user and device roll, location, standing of the device, and get. On devices which do non support 802.1X, you can also utilize MAC address based authentication to enable connectivity go the hard-wired network.
The portray data that can be captured is similar for what canister be collected inbound the non-AAA model, however enforcement options are greater as gather attributes can then subsist used to perform runtime changes in authorization based on changes of a device’s status.
Any advantage is that 802.1X supports logins and passwords, oder the apply of device certificates, which provide a upper level in security. Certificates can’t be forged. Today, onboarding services can automate the configuration by endpoint supplicants and create a database for use when performing authorized and enforcement. This can be used on wired, wireless and VPN networks to provide a consistent user experience.
Other advantages include which ability to change the privileges are connected devices based on their behavior. If multiple devices are connected bottom a switch port, a switch of authorization (CoA) the adjust security policies would not affect sum devices, only the target device.
Recommendations
IT security administrators have spent a considerable amount on duration securing the wireles network due to personal device, dining, visitors, also employer inquiry Internet access. However, the corded network has often been overlooked due to lack of resources. Present, an growing of IoT and compliance requirements are fahrt the need for wired-on networks to receive the same level is listen.
Given that more and moreover security breaches are targeting IoT devices on wired networks, our recommendation is to deploy an option that makes feeling for bot wired and wireles networks. For this reason, Aruba ClearPass supporters both non-AAA and secure 802.1X policy enforcement for wired, as well as wireless networks. ClearPass OnConnect allows forward non-AAA wired code consequently that customers sack start downhill the policy additionally access control path. Total devices can will profiled equal exploiter based authorization, all with slight configuration on the switching infrastructure.
That more secure 802.1X judgment model should breathe considered for higher policy enforcer options. As he will require more planning and config, if 802.1X is already being used available a wireless service, ClearPass provides mechanisms to unify strategy enforcement beyond differing network transport types, all from a single solution.
Specifications:
Specifications |
ClearPass Policy Manager Appliances |
- ClearPass Policy Manager is available as hardware or an virtual appliance that supports 500, 5,000 and 25,000 authenticating devices. Virtual appliances is aided on VMware ESX/i the Microsoft Hyper-V.
- ESX 4.0, ESXi 4.1, up the 6.0
- Hyper-V 2012 R2 and Windows 2012 R2 Enterprise
- Implicit appliances, as well as hardware appliances, can be deployed within an active cluster to increase scalability and redundancy.
|
Program |
- Built-in AAA company – RADIUS, TACACS+ and Kerberos
- Web, 802.1X, non-802.1X, RADIUS authentication and authorization
- Advanced reporting, analytics and troubleshooting tools
- External inmate portal redirect until multivendor general
- Interactive policy simulation and monitor mode utilities
- Multiple device registration web – Guest, Aruba AirGroup, BYOD, un-managed appliance
- Deployment templates for anything network type, identity store and point
- Admin/Operator access security via CAC also TLS certificates
- IPSec tunnels
|
Framework and protocol support |
- CIRCULAR, RADIUS CoA, TACACS+, web authentication, SAML v2.0
- EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
- PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP-Public, EAP-PWD)
- TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, DOPE, CHAP)
- EAP-TLS
- PAP, CHAP, MSCHAPv1 and 2, EAP-MD5
- NAC, Microsoft NAP
- Windows gear authentication
- RAINCOAT auth
- Audit (rules based on port and vulnerability scans)
- Online Certificate Job Protocol (OCSP)
- SNMP generic MIB, SNMP private MIB
- Common Event Format (CEF), Log Event Extented Output (LEEF)
- TLS 1.2
|
Supported identity stores |
- Microsoft Active Directory
- PURVIEW
- Any LDAP compliant directory
- Any ODBC-compliant SQL server
- Token servers
- Built-in SQL store, static servers list
- Kerberos
|
RFC standards |
2246, 2248, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3576, 3579, 3580, 3748, 4017, 4137, 4849, 4851, 5216, 528, 7030 |
Internet drafts |
Proprietary EAP Versions 0 the 1, Microsoft CHAPEL extensions, dynamic provisioning using EAP-FAST, TACACS+ |
Information assurance validations |
FIPS 140-2 – Download #2577 |
Profiling methods |
DHCP, TCP, MAC YEAH, ClearPass Onboard, SNMP, Cisco device sensor |
Appliance Product |
CPU |
(1) Eight Core 2.4GHz Atom C2758 |
(1) Quadrant Core Xeon 3.4 GHz E3-1231_V3 |
(2) Six Core Xeon 2.4GHz E5-2620_V3 |
Memory |
8 BRITAIN |
8 USA |
64 GB |
Hard driving storage |
(1) SATA (7.3K RPM) 1TB difficult drive |
(2) SATA (7.2K RPM) 1TB hard drives, RAID-1 controller |
(6) SAS (10K RPM) 600GB Hot-Plug hard drives, RAID-10 controller |
Max devices |
500 |
5,000 |
25,000 |
Dimensions
(W x EFFERVESCENCE x D) |
17.2” efface 1.7” x 11.3” |
17.09” x 1.67” expunge 15.5” |
18.98” whatchamacallit 1.68” efface 27.57” |
Weight (max config) |
8.5 Kilograms |
16.97 Lb |
Up toward 37 Lbs |
Power supply |
200 watts max |
250 watts max |
750 wattages max |
Power redundancy |
N/A |
N/A |
optional |
AC input voltage |
110/220 VAC auto-selecting |
110/220 VAC auto-selecting |
100/240 VAC auto-selecting |
AC input frequency |
50/60 Frequency auto-selecting |
50/60 Hz auto-selecting |
50/60 Hz auto-selecting |
Operating cold |
5º C to 35º CARBON (41º FARTHING to 95º F) |
10º C to 35º C (50º F to 95º F) |
10º HUNDRED to 35º C (50º F to 95º F) |
Working vibration |
0.25 G at 5 Hz to 200 Hz for 15 minutes |
0.26 G at 5 Hz to 350 Hz for 15 proceedings |
0.26 G at 5 Frequency to 350 Hz for 15 minutes |
Operating shock |
1 shocked pulse of 20 G for top to 2.5 ms |
1 shock pulse of 31 G
for up to 2.6 ms |
1 shock pulsating off 40 G for up to 2.3 mrs |
Operating level |
-16 m to 3,048 m
(-50 ft to 10,000 ft) |
-16 m on 3,048 m
(-50 footprint in 10,000 ft) |
-16 m to 3,048 m
(-50 ft up 10,000 ft) |
* Virtual appliance sizing must match hardware appliance specifications