Client is looking for a solution(s) to better secure their LAN, WLAN, and VPN networks. Below are some of the features they would like to implement, but it basically boils down to Device Identification and Authentication:
- Allow controlled network access for guests/vendors
- AAA for network devices
- Device authentication
- Enforce endpoint compliance and device quarantine for non-compliant devices
- Identity-based network access (VLAN assignments and access controls) based on location, device type, user profile/groups, and possibly certificates
The team would like to know which solutions on the market are the most mature today. Cisco ISE seems to be the logical choice, but others may be better suited for us.
Additional details: Client would like to get some feedback as to what players on the market are strong. ISE may well suit all of their needs, and is currently their prime contender, but they'd like to hear some more about any other players to consider, and any pitfalls they may run into during implementation.
Client does have a broad selection of endpoints, such as windows, mac, linux, chrome books, and then various specialized devices in their warehouses, such as printers, wearables, etc. Not all of them may be suitable to install a client agent. Specific to ISE, pricing is pretty high, but it IS the most obvious choice for them right now.