Enterasys Network Access Control v3.3
Strengths: Good enterprise class product. Fully featured
Weaknesses: Guest access compliance. No appliance setup wizard
Verdict: Great offering for the price, provides everything you would need in a NAC solution
Enterasys Network Access Control version 3.3 provides standards-based, inline or out-of-band pre-authorisation and post-authorisation control for wired, wireless LAN and VPN. We reviewed the out-of-band appliance option for this review. There is also a virtual appliance available for deployment on your own hardware platform.
Setup is through a command line style interface and requires editing multiple default files to initially configure the appliance to connect to the network. This process will take some time and skill to set up. It is managed via Enterasys NMS NAC Manager.
Enterasys delivers centralised, policy-based control with guest access included. Policies permit, deny, prioritise, rate-limit, tag, re-direct and audit traffic based on user identity, time, location, device type and other variables. It supports homogeneous policy configuration across multiple switch and wireless access point vendors, plus RFC 3580 port and VLAN-based quarantine, with additional isolation policies on Enterasys switches and inline appliances.
Enterasys NAC integrates with identity sources such as LDAP and Active Directory to manage users centrally. User management can be automated with LDAP and Radius integration. Multiple agent-based options are available and include dissolvable, persistent or persistent as a service. Guest access can also be provided via an agentless option, but no scans are done and no policy can be validated using this approach.
Authentication options include 802.1X, Mac, IP, hostname, web and Kerberos snooping. It can interface with network equipment using Radius.
Assessment is agent-based and/or agentless. Detailed configuration capabilities control access based on risk level presented. The product provides multiple notification methods and web-based data views for reporting. The notification engine (alerting) was strong and provided numerous options.
The dashboard and reporting capabilities were very strong and the user interface for configuration was acceptable. There are built in wizards to assist with various configuration tasks. We liked the graphical representations with easy to use, drilldown, sorting and filtering capabilities.
Basic support is available during the one-year warranty period and various upgraded options are available up to four-hour onsite options ranging from 20 to 25 per cent of the purchase price.