Defining Profile Security Settings

About this task

A profile can make use of existing firewall, wireless client role, and WIPS policies and apply them to the profile‘s configuration. This affords each profile a truly unique combination of data protection policies for best meeting the data protection requirements of the profile it supports. However, as deployment requirements arise, an individual device may need some or all of its general security configuration overridden from the profile‘s settings.

To configure a profile‘s security settings and overrides:

Procedure

  1. Select Configuration → Devices → System Profile from the web UI.
  2. Expand the Security menu and select Settings.
    Click to expand in new window
    Profile Security - Settings screen
    GUID-5F31C6BC-2308-4305-956C-0CC5D7219FAA-low.png
  3. Select a firewall policy from the Firewall Policy drop-down menu. All devices using this profile must meet the requirements of the firewall policy to access the network. A firewall is a mechanism enforcing access control, and is considered a first line of defense in protecting proprietary information within the network. The means by which this is accomplished varies, but in principle, a firewall can be thought of as mechanisms both blocking and permitting data traffic within the network. If an existing Firewall policy does not meet your requirements, select the Create icon to create a new firewall policy that can be applied to this profile. An existing policy can also be selected and edited as needed using the Edit icon.
  4. Select the WEP Shared Key Authentication option to require profile supported devices to use a WEP key to access the network using this profile. The access point, other proprietary routers, and our clients use the key algorithm to convert an ASCII string to the same hexadecimal number. Clients without our adapters need to use WEP keys manually configured as hexadecimal numbers. This option is disabled by default.
  5. Client Identity is a set of unique fingerprints used to identify a class of devices. This information is used to configure permissions and access rules for devices classes in the network. A client identity group is a collection of client identities that identify devices and applies specific permissions and restrictions on these devices. From the drop-down menu select the Client Identity Group to use with this device profile. For more information, see Device Fingerprinting.
  6. Use the CMP Policy drop-down menu to apply a CMP policy. CMP (Certificate Management Protocol) is an Internet protocol to obtain and manage digital certificates in a PKI (Public Key Infrastructure) network. A CA (Certificate Authority) issues the certificates using the defined CMP.
  7. Use the URL Filter drop-down menu to select or override the URL Filter configuration applied to this virtual interface.
    URL filtering is used to restrict access to resources on the internet.
  8. Click OK to save the changes or overrides.
    Click Reset to revert to the last saved configuration.
9036315-02 REV AA