Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.
N/A
Cisco Meraki MX
Score 8.8 out of 10
N/A
Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
We have quite a few visitors to our campus and we don't want to have a set PSK for the wireless so we have configured a guest network where visitors can create an account and gain access to the internet and we don't have to "manage" it since the accounts will expire after a certain time. We have RF scanners in our warehouses and we want them to be allowed on the network and be put into its own VLAN. ClearPass can do this flawlessly by keying off of the MAC address when it comes online and putting it into the correct VLAN. This makes it so we don't have to add each device individually to the system. The only time ClearPass would not be appropriate is in a small deployment where the cost to value wouldn't make sense.
The MX platform is definitely suited. It seems to be best at the branch locations under a thousand users or so. And then at the data centers, it's been a little bit of a complicated process involving the full stack of the Meraki switches firewall security appliances. It gets a little more difficult within the data centers because the routing protocols aren't built out fully. They're working on, they're adding new features to that. But right now we're still struggling with a little bit of the features that are available within our data centers.
I'm very happy with their analytics now with the tie in with Thousandeyes, it's been really great insight. We now are SD wan, so insight's been really good. So as you know, everyone blames the network and having that kind of analytics from a single pane glass has been wonderful.
So I think that what we've noticed is the template, and I don't actually configure the Meraki, so that's done by our network team that works under me. But what I'm getting from some of the feedback is that with the Meraki we're a little bit limited into the template as to what we can set up for each template individually. And I'm kind of getting that it has to be based on region, it's not really what we want. So we end up with different templates that we have right now that aren't quite meeting our needs. I don't know if a newer version of Meraki might have that issue addressed already, but I find the template isn't as diverse as what I would like it to be.
As we have it in place now, we will continue to keep it at our remote sites. Future expansion is something we are reviewing, and may well start with some of the larger switches as they seem to offer good performance and management at a reasonable price. Wireless is also something we're investing in and their devices are great for that.
Aruba Clearpass is straight forward in terms of day to day use for monitoring and basic user connectivity issues. The system is very robust on the back end, therefore some larger configuration changes may not be the most intuitive. System upgrades and license management are not the most intuitive either.
The Cisco Meraki MX series is very easy to use. Setting up user VPN access, site to site VPN to tie multiple locations together and managing all your devices. You can even download the latest firmware and install without ever leaving the dashboard. Meraki is the very definition of easy to use
We had some issues with ClearPass integration with AirGroup on Aruba Controller Clusters. Basically, it was tough to get coordinated between the controller support and the ClearPass support.
I haven't ever had a bad experience with Meraki support. On the few occasions where I wasn't understanding the UI or needed some clarification about what a setting actually would do, I contacted them and they were very quickly able to provide help. Returns are simple and fast, too. We had to return a defective device one time and they shipped the replacement before we had even un-racked the one that was faulty. Unlike many other vendors, they didn't ask use to a do long list of scripted diagnostics, they just took my word for it that the device was broken and sent out a replacement immediately
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
We're really using the Meraki more and more, everything from the wireless. We started doing some work with the cameras and security. Meraki has been a great product for our company so far. We use it for a lot of our outer campuses as the VPN Tunneling primary with SD wan. So it's working out very well for us.
The Cisco Meraki MX is basically a good product, but not perfect. If you compare the Cisco Meraki MX with a Fortigate or Cisco Firepower, you quickly realize that this system can do less than the reference product. The Cisco Meraki MX can be used in small environments, but in large environments you have to check carefully whether it really makes sense to use it.