QuickSpecs
HPE Aruba Networking ClearPass OnGuard Software QuickSpecs
Table of Contents
Enterprise-class endpoint protection, posture assessments and health checks
HPE Aruba Networking ClearPass OnGuard Software agents perform advanced endpoint posture assessments on leading computer operating systems to ensure compliance is met before devices connect.
Running on the HPE Aruba Networking ClearPass OnGuard Software, the advanced network access control (NAC) framework in HPE Aruba Networking ClearPass OnGuard Software offers exceptional safeguards against vulnerabilities.
-
The following operating systems and versions are supported:
- – Microsoft - Support for Windows 7 and above.
- Can be run as a service.
- – Apple - Support for macOS X 10.10 and above.
- – Linux - Support for Red Hat Enterprise Linux 5 and above, Ubuntu 14.x LTS and 16.x LTS, Community Enterprise Operating System (CentOS) 5 and above, Fedora Core 24 and above, and SUSE Linux 12.x.
Supported agents:
| | OnGuard Persistent Agent | OnGuard Dissolvable Agent | Microsoft’s NAP Agent |
|---|---|---|---|
| Microsoft | X | X | X |
| Apple | X | X | |
| Linux | X* | X | |
Notes:
– Auto-remediation only supported by persistent agents
– * Persistent agent supported on Ubuntu endpoints running 14.x LTS or 16.x LTS
Key Features
- – Enhanced capabilities for endpoint compliance and control
- – Supports Microsoft, Apple, and Linux operating systems
- – Anti-virus, firewall checks and more
- – Optional auto-remediation and quarantine capabilities
- – System-wide endpoint messaging, notifications and session control
- – Centrally view the online status of all devices from the ClearPass Policy Manager platform
-
The ClearPass Advantage
In addition to anti-virus, anti-spyware and personal firewall audits performed by traditional NAC products, OnGuard agents can perform more granular posture and health checks to ensure a greater level of endpoint compliance and network authorization.
Persistent and dissolvable agents
The difference between the two is that the persistent agent provides nonstop monitoring and automatic remediation and control. When running persistent OnGuard agents, ClearPass Policy Manager can centrally send system-wide notifications and alerts and allow or deny network access based on real-time changes on the endpoint. The persistent agent also supports auto and manual remediation.
Alternatively, the web-based dissolvable agent is ideal for personal, non-IT issued devices that connect via a captive portal and do not allow agents to be permanently installed. A one-time check at login ensures policy compliance. Devices that do not meet compliance can be redirected to a captive portal for manual remediation.
Automatic remediation
If unhealthy endpoints do not meet compliance requirements, the user receives a message about the endpoint status and instructions on how to achieve compliance if auto-remediation is not used.
Messages can include reasons for remediation, links to helpful URLs and helpdesk contact information. ClearPass persistent agents provide the same message and remediation capabilities for 802.1X and combined environments.
IT-managed and BYOD endpoint compliance
OnGuard's persistent and dissolvable agents can be used together in environments where endpoints are owned by the organization, employees and visitors. This ensures that all devices are assessed and granted proper privileges before accessing the network.
Complete endpoint visibility
To simplify troubleshooting, endpoint control and compliance reporting, ClearPass Policy Manager allows IT to centrally manage health-check settings and policies. IT also has the ability to view endpoint activity, including user and device data for each device that connects using OnGuard agents.
Real-time endpoint compliance
Depending on the operating system type OnGuard performs the following level of posture and health checks.
| | Windows | Mac OS X | Linux |
|---|---|---|---|
| Installed Applications | X | X | |
| AntiVirus | X | X | X |
| Firewall | X | X | |
| Disk Encryption | X | X | |
| Network Connections | X | X | |
| Processes | X | X | |
| Patch Management | X | X | |
| Peer to Peer | X | X | |
| Services | X | X | X |
| Virtual Machines | X | X | |
| Windows Hotfixes | X | | |
| USB Devices | X | X | |
| File Check | X | X | |
Notes:
– Chart represents ClearPass version 6.7 functionality.
– Disclaimer: Not all checks are supported across operating systems and agent type.
-
Ordering Guidance
HPE Aruba Networking ClearPass OnGuard Software can be ordered via persistent licenses where support is separate or by subscription licenses that include HPE Aruba Networking Care support.
Ordering HPE Aruba Networking ClearPass OnGuard Software involves the following steps:
- 1. Determine the number of unique computer endpoints that will have posture/health checks performed prior to network access within your environment.
- 2. Select the total number of OnGuard licenses.
Additional HPE Aruba Networking ClearPass OnGuard Software capacity can be purchased at any time to meet growth demands. ClearPass OnGuard is licensed on a per endpoint basis.
Ordering Information | |
| Description | SKU |
| Perpetual Licenses | |
| HPE Aruba Networking ClearPass - OnGuard License 100 Users E-LTU | JZ472AAE |
| HPE Aruba Networking ClearPass - OnGuard License 500 Users E-LTU | JZ473AAE |
| HPE Aruba Networking ClearPass - OnGuard License 1K Users E-LTU | JZ474AAE |
| HPE Aruba Networking ClearPass - OnGuard License 2500 Users E-LTU | JZ475AAE |
| HPE Aruba Networking ClearPass - OnGuard License 5K Users E-LTU | JZ476AAE |
| HPE Aruba Networking ClearPass - OnGuard License 10K Users E-LTU | JZ477AAE |
| Perpetual Licenses Warranty | |
| 90 days | |
| Subscription Licenses | |
| HPE Aruba Networking ClearPass - OnGuard License 100 Users 1-year Subscription E-STU | JZ481AAE |
| HPE Aruba Networking ClearPass - OnGuard License 500 Users 1-year Subscription E-STU | JZ482AAE |
| HPE Aruba Networking ClearPass - OnGuard License 1K Users 1-year Subscription E-STU | JZ483AAE |
| HPE Aruba Networking ClearPass - OnGuard License 2500 Users 1-year Subscription E-STU | JZ484AAE |
| HPE Aruba Networking ClearPass - OnGuard License 5K Users 1-year Subscription E-STU | JZ485AAE |
| HPE Aruba Networking ClearPass - OnGuard License 10K Users 1-year Subscription E-STU | JZ486AAE |
| HPE Aruba Networking ClearPass - OnGuard License 100 Users 3-year Subscription E-STU | JZ490AAE |
| HPE Aruba Networking ClearPass - OnGuard License 500 Users 3-year Subscription E-STU | JZ491AAE |
| HPE Aruba Networking ClearPass - OnGuard License 1K Users 3-year Subscription E-STU | JZ492AAE |
| HPE Aruba Networking ClearPass - OnGuard License 2500 Users 3-year Subscription E-STU | JZ493AAE |
| HPE Aruba Networking ClearPass - OnGuard License 5K Users 3-year Subscription E-STU | JZ494AAE |
| HPE Aruba Networking ClearPass - OnGuard License 10K Users 3-year Subscription E-STU | JZ495AAE |
Notes:
– Subscription and enterprise licenses can be purchased in 1- or 3--year increments for 100, 500, 1,000, 2,500, 5,000, and 10,000 endpoints
– Extended with support contract
| Date | Version History | Action | Description of Change |
|---|---|---|---|
| 27-Feb-2026 | Changed | Rebranding update applied to QuickSpecs | |
| 16-Dec-2024 | Changed | Configuration Information section was updated- | |
| 22-Jan-2024 | Changed | Series name was updated. | |
| 18-Dec-2017 | Changed | Minor edit on Configuration section | |
| 04-Dec-2017 | Changed | SKUs added: JZ472AAE, JZ473AAE, JZ474AAE, JZ475AAE, JZ476AAE, JZ477AAE, JZ481AAE, JZ482AAE, JZ483AAE, JZ484AAE, JZ485AAE, JZ486AAE, JZ490AAE, JZ491AAE, JZ492AAE, JZ493AAE, JZ494AAE, JZ495AAE All document sections updated | |
| 16-Oct-2017 | Changed | HPE Aruba Networking information updated | |
| 01-Nov-2016 | Created | Document creation. |
© Copyright 2026 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
To learn more, visit: http://www.hpe.com/networking
c05272682, - 15700 - Worldwide - V7 - 27-February-2026