Profile Security Configuration

An access point profile can have its own firewall policy, wireless client role policy, WEP shared key authentication and NAT policy applied.

Before defining a profile‘s security configuration, refer to the following deployment guidelines to ensure the profile configuration is optimally effective:
  • Ensure the contents of the certificate revocation list are periodically audited to ensure revoked certificates remained quarantined or validated certificates are reinstated.
  • NAT alone does not provide a firewall. If deploying NAT on a profile, add a firewall on the profile to block undesirable traffic from being routed. For outbound Internet access, a stateful firewall can be configured to deny all traffic. If port address translation is required, a stateful firewall should be configured to only permit the TCP or UDP ports being translated.

For more information, refer to the following: