Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎09-20-2016

Similar Aruba product as Cisco AnyConnect agent ?

Hi everyone,

 

Quick question : Does someone know if Aruba has a similar solution as the Cisco agent called AnyConnect ? My customer would like to know if it's possible to replace 802.1x Windows supplicant by an Aruba agent (similar to Cisco AnyConnect) ?

Initial purpose of this agent was to shorten client assessment and compliance check process. But primary goal for customer is to overcome 802.1x Windows supplicant limitation.

 

If such an agent exist, can it also replace the Machine Authentication feature provided by Windows ?

 

Thank you for your consideration.

 

Best regards,

 

Simon

 

Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: Similar Aruba product as Cisco AnyConnect agent ?

The equivalent would be ClearPass Onguard:  http://www.arubanetworks.com/products/security/network-access-control/clearpass-onguard/



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,169
Registered: ‎09-08-2010

Re: Similar Aruba product as Cisco AnyConnect agent ?

What limitations of the Windows supplicant are you trying to overcome?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 6
Registered: ‎09-20-2016

Re: Similar Aruba product as Cisco AnyConnect agent ?

Hi all,

 

Thank you for your reply.

 

@CJoseph : That's right that OnGuard is a similar agent, but from my understanding (not much experience with it) it is only for compliance/health check. Customer is not looking just for compliance check but also for replacing the Windows embedded 802.1x feature by an agent. They have both Clearpass and Cisco ISE implemented in their network, apparently Cisco is providing this agent called AnyConnect to replace Windows 802.1x supplicant (first time I hear about it) in order to improve authentication process.

 

@Cappalli : Basically customer wish to have more flexibility, simplicity and client control.

For instance being able to check authentication logs from the agent (without using the switch debug tool), being able to manually send reauthentication request directly to 802.1x supplicant from Clearpass and not from switch (we are in a wired environment). Aslo being able to send information messages to clients (possible with OnGuard if I remember well).

Lastly add more flexibility on start/logon process sequence, they meet security issues with processing GPOs along with Machine and User authentication. The 802.1x SSO feature isn't enough and revealed itself not working properly on laptop with an endpoint encryption agent.

 

Note that there is no good or bad answer, Clearpass implementation is successful. Onguard implementation is planned in near future. It is only for curiosity and maybe mid term improvement of the current Clearpass implementation. 

 

Thank you very much.

 

Br,

 

Simon

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: