Defining Security Settings

A profile can leverage existing firewall, wireless client role and WIPS policies and apply them to the profile‘s configuration. This affords each profile a truly unique combination of data protection policies best meeting the data protection requirements of the profile‘s supported controller, service platform or access point device model and its unique data protection requirements.

To define a profile‘s security settings:

  1. Select the Configuration tab from the Web UI.

  2. Got to Profiles → Manage Profilesfrom the Configuration tab.

  3. Select Security → Settings

    Click to expand in new window
  4. Refer to the General field to assign or create the following security policy‘s to the profile:

    Firewall Policy

    Use the drop-down menu to select an existing Firewall Policy to use as an additional security mechanism with this profile. All devices using this profile must meet the requirements of the firewall policy to access the network. A firewall is a mechanism enforcing access control, and is considered a first line of defense in protecting proprietary information within the network. The means by which this is accomplished varies, but in principle, a firewall can be thought of as mechanisms both denying and permitting data traffic within the network. If an existing Firewall policy does not meet your requirements, select the Create icon to create a new firewall policy that can be applied to this profile. An existing policy can also be selected and edited as needed using the Edit icon.

    Wireless Client Role Policy

    Use the drop-down menu to select a client role policy used to strategically filter client connections based on a pre-defined set of filter rules and connection criteria. If an existing Wireless Client Role policy does not meet your requirements, select the Create icon to create a new configuration that can be applied to this profile. An existing policy can also be selected and edited as needed using the Edit icon.

    WEP Shared Key Authentication

    Select this option to require devices to use a WEP key to access the network using this profile. Controllers, service platforms and access points, other proprietary routers, and clients use the key algorithm to convert an ASCII string to the same hexadecimal number. Clients without adapters need to use WEP keys manually configured as hexadecimal numbers. This option is disabled by default.

    Client Identity Group

    Client Identity is a set of unique fingerprints used to identify a class of devices. This information is then used to configure the permissions and access rules for the class of devices in the network. Client Identity Group is a collection of client identities that identifies devices and apply specific permissions and restrictions on these devices. From the drop-down select the client identity group to use with this device profile. For more information, see Configuring Client Identity.

    Note:

    An Advanced WIPS Policy is only supported on controllers and service platforms and requires a dedicated WIPS sensor, but does not require a sensor license. Standard WIPS is available on all RF Domain managers and supports on channel, off channel and dedicated sensor scanning modes.

  5. Select an Advanced WIPS Policy from the drop-down menu. Define an advanced WIPS configuration to optionally remove (terminate) unwanted device connections, and sanction (allow) or unsanaction (disallow) specific events within the network.

    If an existing Advanced WIPS policy does not meet the profile‘s data protection requirements, select the Create icon to create a new configuration that can be applied to the profile. An existing policy can also be selected and edited as needed using the Edit icon.

  6. Select OK to save the changes made within the Settings screen. Select Reset to revert to the last saved configuration.