SOLUTION BRIEF
Fortinet Fabric Connector
Integration with Aruba ClearPass
Executive Summary
From Internet of Things (IoT) to an always-on mobile workforce, organizations are Joint Solution Benefits
more exposed to attacks than ever before. The rise in the number of IoT and other nnLeverage Fortinet’s award-
connected devices increases the vulnerabilities inside the business—adding to the
winning FortiGate next-generation
operational burden.
firewall for unparalleled network
Identifying who and what connects to the network is the first step to securing an security protection.
organization. Control through the automated application of wired and wireless policy nnDynamically synchronize user/
enforcement is also needed, to ensure that only authorized and authenticated users device information in Aruba
and devices are allowed to connect to the network. At the same time, real-time attack ClearPass with the FortiGate
response and threat protection is required to secure and meet internal and external next-generation firewall and
audit and compliance requirements. automatically apply associated
security policies.
The Fortinet Fabric Connector integration with Aruba ClearPass addresses the
above needs. Aruba ClearPass provides agentless visibility and dynamic role-based nnUtilize customer-defined intent
access control for network access control across wired and wireless networks. policies configured in ClearPass
The integration of Aruba ClearPass with Fortinet’s award-winning FortiGate Policy Manager (CPPM) and
next-generation firewall (NGFW) and FortiManager management application is dynamically implement them on
accomplished via the Fortinet Fabric Connector for Aruba ClearPass, which enables the FortiGate firewall via the API
dynamic synchronization across these systems. integration.
nnReduce operational complexity
The solution enables organizations to centrally manage access control and user
and eliminate errors arising
information using Aruba ClearPass, and enables security protection profiles assigned
from manual configuration
to each user or device to be automatically applied and associated security polices to
via automated and dynamic
be automatically enforced using the FortiGate firewalls. As user or device information
synchronization of user and
changes over time, the information is dynamically updated and security policies are device information with the
automatically applied and enforced via the FortiGate firewalls. FortiGate firewall.
Solution Description
Fortinet Fabric Connectors deliver turnkey, open, and deep integration into partner
technologies and platforms in multivendor ecosystems, enabling security automation and
simplified management. By integrating with customers’ multivendor ecosystems, Fortinet
Fabric Connectors synchronize security with dynamic operational changes, automate
security tasks, and support DevOps processes and time-to-market needs, while ensuring
coverage of the entire attack surface from IoT devices to the cloud.
The integration of Aruba ClearPass with Fortinet’s award-winning FortiGate NGFW and FortiManager management application is
accomplished via the Fortinet Fabric Connector for Aruba ClearPass, which enables dynamic synchronization across these systems.
FortiManager integrates with ClearPass Policy Manager using the Fortinet Fabric Connector. It receives information pertaining to user roles,
and this information is used to map roles to Fortinet Single Sign-On (FSSO) user groups used in policy configuration. It also receives real-
time user logon and logoff events from ClearPass, and pushes security policy configurations to the FortiGate firewall automatically, including
address group and user group information. FortiManager also pushes FSSO events to FortiGate, including ClearPass logon and logoff
events mapped to FortiGate/FortiManager user groups.
As a result, the solution enables organizations to centrally manage access control and user information using Aruba ClearPass, and enables
security protection profiles assigned to each user or device to be automatically applied and associated security polices to be automatically
enforced using the FortiGate firewalls.
1
�SOLUTION BRIEF | Fortinet Fabric Connector Integration with Aruba ClearPass
Due to dynamic synchronization capabilities of the solution, as user or device information changes over time, the information is dynamically
updated and security policies automatically applied and enforced via the FortiGate firewalls. This eliminates the need for error-prone manual
actions to synchronize information across the systems and enforce security policies, improving security for users. The solution also greatly
reduces complexity and simplifies operational management for IT organizations.
The functionality of the joint solution is summarized in the illustration below.
Dynamically share Logon/Logoff
Radius and 802.1X events, including ROLE information
Authentication and
Accounting CLEARPASS
Information of Logon/
Logoff sent to one or
more FortiGates
Aruba FortiManager
ClearPass
Dynamically learned
information in used on
NGFW policies
FortiGate(s)
Figure 1: Fortinet-Aruba ClearPass integration: how it works—an example using RADIUS.
An Example Use Case
The IT department of an enterprise could utilize the integration to implement network security policies in the firewall based on user
information and/or device information managed in Aruba ClearPass. Aruba CPPM maps user and device information into roles (for example,
operating system, device category, etc.). As a result of the solution integration, this information is automatically propagated to FortiManager
via the Fortinet Fabric Connector. FortiManager can then automatically push the security protection profiles assigned to each user or device
to the FortiGate firewalls for security policy enforcement. This eliminates the need for IT staff to manually map user/device/role information
from Aruba to security policies for implementing in the firewall for policy enforcement, greatly reducing IT operational burden.
Summary
The Fortinet Fabric Connector integration with Aruba ClearPass provides automatic and dynamic synchronization of user, device, and role
information across Aruba ClearPass and Fortinet FortiManager and FortiGate, thereby improving security for users, reducing complexity and
simplifying operational management for IT organizations.
About Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company, is a leading provider of secure, intelligent networks that enable customers to thrive and
deliver amazing digital experiences in the mobile, IoT and cloud era. We are changing the rules of networking to make it simple for IT and
organizations to bridge the physical and digital worlds at the Edge. To learn more, visit Aruba at http://www.arubanetworks.com.
www.fortinet.com
Copyright © 2020 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. March 27, 2020 7:02 AM
629632-0-0-EN D:\Fortinet\Solution Briefs\grey solution briefs\Aruba ClearPass\sb-FA-fortinet-fabric-connector-integration-with-aruba-3272020
