The ForeScout Counter-ACT appliance is an out-of-band, agentless network access control device. It accesses network devices by using service-level authentication credentials to scan against the assigned policies put in place by the network administrator. This appliance can also use either a persistent or dissolvable agent to manage and scan guest devices on the network.
We found the setup and initial configuration of the Counter-ACT appliance to be quite straightforward. Once the appliance is connected to the network and booted, we had to configure a couple of network parameters via a console connection and then we were able to connect to the appliance via the management application and run the setup wizard. This wizard quickly guided us through the general network setup, including basic lightweight directory access protocol (LDAP) and switch configurations. After initial setup is complete, management is done using the management console application. We found this application to be slightly overwhelming and awkward to use at first, but it became easier to use after browsing around a little while.
CounterACT has a lot to offer on the performance side. The appliance features a solid policy engine and administrators can automate a lot of the policy tasks for simplicity and ease of use. This product also features a fullscale IPS policy that can isolate hosts from scanning or attacking the network from inside.
In-depth installation instructions come as a PDF. The two guides included many screen shots, step-by-step instructions and configuration examples.
ForeScout provides two levels of support as part of a maintenance contract.
At a price of just under $5,000, this product is a good value for the money. The CounterACT appliance provides a lot of control features with some extra capability at a fairly low price.