A profile can make use of existing firewall, wireless client role, and WIPS policies and apply them to the profile‘s configuration. This affords each profile a truly unique combination of data protection policies for best meeting the data protection requirements of the profile it supports. However, as deployment requirements arise, an individual device may need some or all of its general security configuration overridden from the profile‘s settings.
To configure a profile‘s security settings and overrides:
Note
A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.| Firewall Policy |
Select an existing Firewall policy to use as an additional security mechanism with a profile. All devices using this profile must meet the requirements of the firewall policy to access the network. A firewall is a mechanism enforcing access control, and is considered a first line of defense in protecting proprietary information within the network. The means by which this is accomplished varies, but in principle, a firewall can be thought of as mechanisms that both block and permit data traffic within the network. If an existing firewall policy does not meet your requirements, click the Create icon to create a new firewall policy that can be applied to this profile. An existing policy can also be selected and overridden as needed using the Edit icon. |
| Wireless Client Role Policy | Select a client role policy used to strategically filter client connections based on a pre-defined set of filter rules and connection criteria. If an existing Wireless Client Role policy does not meet your requirements, click the Create icon to create a new firewall policy that can be applied to this profile. An existing policy can also be selected and overridden as needed using the Edit icon. |
| WEP Shared Key Authentication | Select this option to require devices to use a WEP key to access the network using this profile. The controller or service platform uses the key algorithm to convert an ASCII string to the same hexadecimal number. Clients without adapters need to use WEP keys manually configured as hexadecimal numbers. This option is disabled by default. |
| Client Identity Group |
Select the client identity group to apply to this device profile. Client identity is a set of unique fingerprints used to identify a class of devices. A client identity group is a set of client attributes that identify devices and apply specific permissions and restrictions on them.The information is used to configure permissions and access rules for that device class and can assist administrators by applying permissions and rules to multiple devices simultaneously. |
| CMP Policy |
Use the drop down-menu to assign a CMP policy to allow a device to communicate to a CMP supported CA server, initiate a certificate request and download the required certificates from the CA server. CMP supports multiple request options through for device communicating to a CMP supported CA server. The device can initiate a request for getting the certificates from the server. It can also auto update the certificates which are about to expire. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB