Application Note Secure Enterprise Guest Access August 2004

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Application Note Secure Enterprise Guest Access August 2004"

Transcription

1 Application Note Secure Enterprise Guest Access August 2004 Introduction More and more enterprises recognize the need to provide easy, hassle-free high speed internet access to people visiting their offices, without decreasing the security of their own Local Area Network. Examples of guests in need for a broadband Internet connection are Suppliers, Consultants, Sales managers and Employees from other branch offices. Guests want to send and check their s, load the latest information from their file servers or search in their databases for order intake and delivery, thus making their time at your office more productive. This requires enterprise networks to provide a new class of access called Enterprise Guest Access. Enterprise Guest Access Networks present unique problems and the family of Nomadix Access Gateways provide excellent solutions to these problems, making provisioning of enterprise guest access simple and secure. Enterprise Guest Access Networks are similar to Public Access Networks in places like coffee shops in that they face the same technological challenges as are faced by public access networks. Unlike Public Access Networks however, Enterprise Guest Access Networks require unprecedented security. Enterprise networks that provide guest access to visiting customers and partners are exposed to an ever-changing user base that is typically unknown by the network administrator. Without the Nomadix gateways, provisioning access may require reconfiguring the PC s settings to match the LAN IP and proxy settings. This raises a concern about unwanted attacks, which makes network security a concern for all users on the network and the network administrator. Depending upon the size of the area and the number of simultaneous guests expected; Nomadix provides the NSE on a complete family of Access Gateways. For larger deployments Universal Subscriber Gateway (USG II) For mid-sized deployments HotSpot Gateway (HSG) For SME size deployments AG-2000w (Gateway + Access Point) Up to 2000 users Up to 150 users Up to 50 users Page 1 of 10

2 This document presents an overview of Guest Access Networks in an enterprise environment. It details the Nomadix advantage in such deployments. It suggests sample architectures for deployment of Guest Access Networks using a Nomadix Access Gateway and common technologies like virtual LANs and access control lists while keeping the corporate network secure. Overview While guests like to get connected during their visit to your corporate facilities there are many reasons why network administrators and IT managers do not want to enable guests to access their networks. Their main concerns are: It consumes a lot of valuable IT resources for configuring visitor notebooks for access, configuring access points or switches, configuring firewalls etc It can be a security risk since a guest can compromise confidential corporate data even without knowing it or can infect the network with a virus/worm. There could be legal issues as a guest can download or post illegal content without you knowing it. There could be bandwidth issues as a visiting user can consume a big chunk of the bandwidth available there by denying access to your internal resources. There could be connectivity problems associated with configurations on the visitor s computer. These could be the SMTP setting to send s, DNS and proxy server settings etc. All of these concerns can be solved by using the Nomadix Access Gateways. These gateways are the brains behind offering a corporate guest access service and take care of everything from security, service provisioning, subscriber management and safeguarding your native networks. The following sections explain how IT managers can provision a Guest Access Network without reducing the overall security of their private corporate LAN. It also explains how guest s notebook PCs can be connected to the internet without a need to change their configurations like IP settings or web proxy settings. With guests connected to high speed internet they can be productive while visiting your offices. This note is also suited to build Hot-Spot sites where the local staff wants to use the broadband connection in a secure way for corporate use in addition to providing public access. Examples of Hot-Spot sites that can benefit are Hotels, Internet Cafes and Restaurants. The Nomadix Experience In a Nomadix enabled network, once connected to the Guest Access Network, the user starts the browser and is redirected to a Portal Page using the Nomadix Home Page Redirection functionality. On this portal page, the user can enter his/her Username/password provided by the enterprise (using the Hot-Spot Manager) or by a roaming partner (like PicoPoint). With the patented Dynamic Address Translation and Transparent Proxy features, Nomadix gateways support true plug and play. This guarantees that any client computer Page 2 of 10

3 with any configuration gets access to the network without having to reconfigure the IP, DNS, Gateway and Proxy settings. With these features even client computers with statically configured IP addresses are provisioned access on to the network. Nomadix gateways support different methods to authenticate users in an automatic fashion. UAM, 802.1x and Smart Clients can be used seamlessly. UAM Universal Access Method (Web Based authentications) Username and Password (local or RADIUS based) Credit Card XML 802.1x Using the different EAP standards. (RADIUS based) EAP (Extensible Authentication Protocol) Methods o EAP-MD5 UN/PW based authentication o EAP-SIM SIM card based authentication (such as used by GSM carriers) o EAP-TLS Certificate based authentication (such as used by SSL) EAP-TTLS Tunneled TLS supports mutual authentication and UN/PW passed authentication inside of TLS tunnel o PEAP Protected EAP, layered on EAP to provide Mutual Authentication and guard against Man-In-The-Middle attacks using TLS Smart clients Gric, Boingo, IPass After Authentication, customers can connect securely to the internet using the Nomadix features like bandwidth management per user, IP packet forwarding, inat and Session Rate Limitation. These Nomadix features are developed for access in the enterprise environment and public spaces. Nomadix Bandwidth control Up and Down The Bandwidth Management feature enables network administrators to limit bandwidth usage on a per device (MAC Address/User) basis. This ensures every user has a quality experience by placing a bandwidth ceiling (limit) on each device accessing the network. The bandwidth for each device can be defined asymmetrically for both upstream and downstream data transmissions. The Nomadix platform can also manage the WAN Link traffic providing complete bandwidth management through the edge of the network. The Bandwidth Management feature shapes traffic going through the WAN interface of the gateway to prevent its over-utilization. Using this feature the bandwidth available for public guest can be limited thereby ensuring that the corporate network always has enough bandwidth. Nomadix Session Rate limitation (SRL) Session Rate Limiting (SRL) allows administrators to throttle the number of sessions any one user can form over a given time period. If the computer exceeds this limit, all the traffic generated from that computer is dropped until the configured time interval is reached. Most of the computers infected by viruses generally try to form a large number of sessions. With this feature, the gateway essentially safeguards the network by limiting the number of sessions that can be created per user. This feature can be further enhanced by automating the process of inserting up to a certain number of violating MAC addresses into the MAC filtering table thereby blacklisting destructive clients and preventing any more drain on valuable system resources. Page 3 of 10

4 Nomadix SMTP Redirection Many people have referred to as the killer application of the Internet. Most people connect to the internet to send and receive s. In an increasingly mobile business climate, using over broadband connections while travelling can be problematic due to the SMTP settings on the client computers. The SMTP redirection feature of the NSE recognizes attempts to send SMTP mail and redirects the outgoing mail to an available SMTP server maintained by the local ISP. Since the request to send the outgoing mail now comes from a local address, the local SMTP server allows the mail to be sent. Guest network users can send using the local SMTP server, even though their normal mail server would reject their requests. The recipient of the message is unaware that a surrogate SMTP server was utilized. To the recipient, the message looks completely normal and it can be responded to like any other message. Nomadix inat- VPN Plug and Play The benefits of inat can be summarized as follows: Dramatically increases the reusability of costly public IP addresses while forming concurrent VPN connections. Improves the success rate of VPN connectivity by mis-configured users, thus reducing customer support costs and boosting customer satisfaction. Maintains the security benefits of traditional address-translation technologies while enabling secure VPN connections for mobile workers to access corporate resources from a Public-access location. Dynamically adjusts the mode of address translation during the user s session depending on the packet type. Supports users with static private (e.g x.x) or public (different subnet) IP addresses without any client IP setting changes. Packet Filter Blocks traffic based on a specific Web address (DNS or IP address). In the future this will also be able to block traffic based on type of application ( , FTP, Web browser, etc.), which is specified by port number thereby acting like a screening router. A Nomadix gateway is the ideal solution for all these scenarios and creates the ideal work environment for all guests who want easy to use and secure access to the internet without putting a burden on your own IT staff. Page 4 of 10

5 Sample Network Architectures The following section provides details on how technologies such as Virtual LANs (VLANs) and Firewalls are used to ensure security when used in conjunction with a Nomadix Access Gateways. Set-up #1 Guest access to the Public Internet Access in lobby/meeting room of the Enterprise sharing the existing Internet Connection The following diagram shows an example of the enterprise network architecture that could be deployed where the Nomadix gateway is connected to an available (unused) Ethernet interface of the internet router in order to separate the traffic of the guests from the closed enterprise network data. This separation can be done via VLAN s, access lists or firewall implementations. Most of the currently shipping Cisco routers do support all of these security implementations. Access list support is also included in the various ADSL and broadband routers as supplied by D-Link, Linksys, Allied Telesyn and Zyxel. Solution 1: The easy to deploy solution would be to use the Nomadix AG2000w (+) connected to the router. Access to the enterprise network from the guest access is prohibited using access control lists on the router. Figure 1 Page 5 of 10

6 Solution 2: The Nomadix AG2000w (+) uses a predefined VLAN to connect directly to the existing router. By using a VLAN switch, segregation of the traffic can be done at layer 2 and this gives a higher degree of security. Guest and enterprise traffic are on separate VLAN s and broadcast domains. Figure 2 Page 6 of 10

7 Solution 3: Another possibility is to connect the router to an available (not used) trunk port of a VLAN switch. The Nomadix Gateway is then also connected to the switch. The Nomadix gateway and the enterprise LAN are on separate VLAN s. In this setup traffic from the enterprise LAN is secured in an effective way at Layer 2. Figure 3 Page 7 of 10

8 Set-up #2 Guest access to the Public Internet Access in lobby/meeting room of the Enterprise using a separate Internet Connection In this scenario, the Nomadix Gateway is connected to the Internet using separate WAN connections. VLANS can be used on the subscriber side to segregate traffic. Again, in this setup traffic from the enterprise LAN is secured in an effective way at Layer 2. Figure 4 Page 8 of 10

9 Set-up #3 Public Internet Access in many locations of the Enterprise Third scenario is the combination of the Nomadix HSG/USG Gateway and third party access points that support VLANs in combination with multiple SSID s. A combination of public and private wireless VLANs are supported on the same network. Figure 5 The enterprise wireless users can transparently use 802.1x authentication in addition to UAM (Universal Access Method) for the guest users. Page 9 of 10

10 Guest User Experience Step 1: Guest selects the SSID of the Guest Access Network. Step 2: Guest opens browser and is redirected to the configured Portal Page. Step 3: Guest logs in by entering the username and password provided by the enterprise or the roaming partner. Step 4: Guest is connected to the internet. Summary Enterprises can provide secure Guest Access in an easy to use, transparent way that does not take up valuable IT time and resources by using the Nomadix Gateways. The network can be protected by the use of VLANs and their ability to logically separate traffic within that network. In addition, the local guest network is protected from external attacks by the use of Plug And Play (DAT), Session Rate Limitation and Bandwidth Control. With features like SMTP Redirect and inat (VPN plug and Play) the Nomadix Access Gateways guarantee a seamless and complete experience to the guest user. Page 10 of 10

White Paper 230-1040-001. Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

White Paper 230-1040-001. Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012 Nomadix Service Engine Enterprise Guest Access Application Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012 30851 Agoura Road Suite 102 Agoura Hills, CA 91301 USA www.nomadix.com

More information

Copyright 2011 Nomadix, Inc. All Rights Reserved. 30851 Agoura Road Suite 102 Agoura Hills, CA 91301 USA www.nomadix.com. White Paper 230-1039-001

Copyright 2011 Nomadix, Inc. All Rights Reserved. 30851 Agoura Road Suite 102 Agoura Hills, CA 91301 USA www.nomadix.com. White Paper 230-1039-001 Nomadix Service Engine Hospitality Application Copyright 2011 Nomadix, Inc. All Rights Reserved. 30851 Agoura Road Suite 102 Agoura Hills, CA 91301 USA www.nomadix.com 230-1039-001 Sheet 2 of 5 Introduction

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

Edgewater Routers User Guide

Edgewater Routers User Guide Edgewater Routers User Guide For use with 8x8 Service Version 1.0, March 2011 Table of Contents EdgeMarc 200AE1-10 Router Overview...3 EdgeMarc 4550-15 Router Overview...4 Basic Setup of the 200AE1 and

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Edgewater Routers User Guide

Edgewater Routers User Guide Edgewater Routers User Guide For use with 8x8 Service May 2012 Table of Contents EdgeMarc 250w Router Overview.... 3 EdgeMarc 4550-15 Router Overview... 4 Basic Setup of the 250w, 200AE1 and 4550... 5

More information

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet

More information

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port 1. VLAN Overview 2. VLAN Trunk 3. Why use VLANs? 4. LAN to LAN communication 5. Management port 6. Applications 6.1. Application 1 6.2. Application 2 6.3. Application 3 6.4. Application 4 6.5. Application

More information

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

WiNG5 CAPTIVE PORTAL DESIGN GUIDE WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0 How to set up the HotSpot module with SmartConnect Panda GateDefender 5.0 Content Introduction... 3 Minimum requirements to enable the hotspot module... 4 Hotspot settings... 6 General settings....6 Configuring

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Network Configuration Settings

Network Configuration Settings Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices

More information

Using a VPN with Niagara Systems. v0.3 6, July 2013

Using a VPN with Niagara Systems. v0.3 6, July 2013 v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel

More information

Installation of the On Site Server (OSS)

Installation of the On Site Server (OSS) Installation of the On Site Server (OSS) rev 1.1 Step #1 - Initial Connection to the OSS Having plugged in power and an ethernet cable in the eth0 interface (see diagram below) you can connect to the unit

More information

Protecting the Home Network (Firewall)

Protecting the Home Network (Firewall) Protecting the Home Network (Firewall) Basic Tab Setup Tab DHCP Tab Advanced Tab Options Tab Port Forwarding Tab Port Triggers Tab DMZ Host Tab Firewall Tab Event Log Tab Status Tab Software Tab Connection

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

SSL VPN Technical Primer

SSL VPN Technical Primer 4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses

More information

Best Practices: Pass-Through w/bypass (Bridge Mode)

Best Practices: Pass-Through w/bypass (Bridge Mode) Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Chapter 9 Monitoring System Performance

Chapter 9 Monitoring System Performance Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important

More information

Controller Management

Controller Management Controller Management - Setup & Provisioning - 1 PRONTO SERVICE CONTROLLER (PN-CPP-A-1422) 2 PSC Key Features Fully interoperable with IEEE802.11b/g compliant products External AP support and management

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

For extra services running behind your router. What to do after IP change

For extra services running behind your router. What to do after IP change For extra services running behind your router. What to do after IP change This guide is for customers who meet the following conditions: - Customers who have moved from a TPG Layer 3 plan to a TPG Layer

More information

ZyWALL USG ZLD 3.0 Support Notes

ZyWALL USG ZLD 3.0 Support Notes 2012 ZyWALL USG ZLD 3.0 Support Notes CSO ZyXEL 2/1/2012 Scenario 1 - Reserving Highest Bandwidth Management Priority for VoIP Traffic 1.1 Application scenario In an enterprise network, there are various

More information

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May 2014. 2014 Far South Networks

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May 2014. 2014 Far South Networks Com.X Router/Firewall Module Use Cases White Paper Version 1.0, 21 May 2014 2014 Far South Networks Document History Version Date Description of Changes 1.0 2014/05/21 Preliminary 2014 Far South Networks

More information

Using a VPN with CentraLine AX Systems

Using a VPN with CentraLine AX Systems Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2

More information

Figure 41-1 IP Filter Rules

Figure 41-1 IP Filter Rules 41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1

More information

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation UAG Series Unified Access Gateway Version 4.00 Edition 1, 04/2014 Application Note Copyright 2014 ZyXEL Communications Corporation Table of Contents Scenario 1 How to Activate a Paid Access Hotspot...

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

Multi-Homing Security Gateway

Multi-Homing Security Gateway Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000

More information

Automatic Hotspot Logon

Automatic Hotspot Logon WHITE PAPER: for VPN Setup Features of the integrated, dynamic NCP Personal Firewall Solution Table of Contents 1. Insecure mobile computing via Wi-Fi networks (hotspots)...1 1.1 Basic hotspot functionality...

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under

More information

White Paper. Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

White Paper. Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012 Choosing the Right Partners for Your Metro HotZone Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012 30851 Agoura Road Suite 102 Agoura Hills, CA 91301 USA www.nomadix.com Sheet

More information

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router VPN Configuration Guide Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router 2014 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied, in whole or in

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Cisco AnyConnect Secure Mobility Solution Guide

Cisco AnyConnect Secure Mobility Solution Guide Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page

More information

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Copyright 2005, Meru Networks, Inc. This document is an unpublished work protected by the United States copyright laws and

More information

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Hosting more than one FortiOS instance on. VLANs. 1. Network topology Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of

More information

Chapter 4 Managing Your Network

Chapter 4 Managing Your Network Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration

More information

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda Peplink Balance Pepwave MAX Features

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia

More information

University of Hawaii at Manoa Professor: Kazuo Sugihara

University of Hawaii at Manoa Professor: Kazuo Sugihara University of Hawaii at Manoa Professor: Kazuo Sugihara Assignment 2 (ICS426) Network Setup Tutorials By: Yu Fong Okoji (yokoji@hawaii.edu) 10/27/2009 Tutorial on Home Network Setup INTRODUCTION In this

More information

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router 1. Installation and configuration guidelines for the router replacement This guideline served as a reference for schools which plan to replace the existing WebSAMS router by the recommended router, and

More information

Step-by-Step Configuration

Step-by-Step Configuration Step-by-Step Configuration Kerio Technologies Kerio Technologies. All Rights Reserved. Printing Date: August 15, 2007 This guide provides detailed description on configuration of the local network which

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Niagara IT Manager s Guide

Niagara IT Manager s Guide 3951 Westerre Parkway, Suite 350 Richmond, VA 23233 804.747.4771 Phone 804.747.5204 FAX Niagara IT Manager s Guide A White Paper An IT Manager s Guide to Niagara This document addresses some of the common

More information

Seamless Roaming in a Remote Access VPN Environment

Seamless Roaming in a Remote Access VPN Environment Always on If we look just a few years into the future, the office warrior who works exclusively onsite will be a scarce phenomenon. Instead, these busy professionals will use PCs, smartphones, and tablets

More information

Palo Alto Networks User-ID Services. Unified Visitor Management

Palo Alto Networks User-ID Services. Unified Visitor Management Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax Wireless-N Gigabit Router WNR3500. You can access these features by selecting the items

More information

DSL-2600U. User Manual V 1.0

DSL-2600U. User Manual V 1.0 DSL-2600U User Manual V 1.0 CONTENTS 1. OVERVIEW...3 1.1 ABOUT ADSL...3 1.2 ABOUT ADSL2/2+...3 1.3 FEATURES...3 2 SPECIFICATION...4 2.1 INDICATOR AND INTERFACE...4 2.2 HARDWARE CONNECTION...4 2.3 LED STATUS

More information

The Use of Mikrotik Router Boards With Radius Server for ISPs.

The Use of Mikrotik Router Boards With Radius Server for ISPs. The Use of Mikrotik Router Boards With Radius Server for ISPs. By Zaza Zviadadze, Irakli Nozadze. Intellcom Group, Georgia. RouterOS features for ISP s RouterOS reach features gives possibilities to ISP

More information

your Gateway Windows network installationguide 802.11b wireless series Router model WBR-100 Configuring Installing

your Gateway Windows network installationguide 802.11b wireless series Router model WBR-100 Configuring Installing your Gateway Windows network installationguide 802.11b wireless series Router model WBR-100 Installing Configuring Contents 1 Introduction...................................................... 1 Features...........................................................

More information

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1 Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

Innominate mguard Version 6

Innominate mguard Version 6 Innominate mguard Version 6 Configuration Examples mguard smart mguard PCI mguard blade mguard industrial RS EAGLE mguard mguard delta Innominate Security Technologies AG Albert-Einstein-Str. 14 12489

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

User Manual. Page 2 of 38

User Manual. Page 2 of 38 DSL1215FUN(L) Page 2 of 38 Contents About the Device...4 Minimum System Requirements...5 Package Contents...5 Device Overview...6 Front Panel...6 Side Panel...6 Back Panel...7 Hardware Setup Diagram...8

More information

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server 2012 Aradial This document contains proprietary and confidential information of Aradial and Spotngo and shall not be reproduced

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings . Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It

More information

On-boarding and Provisioning with Cisco Identity Services Engine

On-boarding and Provisioning with Cisco Identity Services Engine On-boarding and Provisioning with Cisco Identity Services Engine Secure Access How-To Guide Series Date: April 2012 Author: Imran Bashir Table of Contents Overview... 3 Scenario Overview... 4 Dual SSID

More information

Configuring Routers and Their Settings

Configuring Routers and Their Settings Configuring Routers and Their Settings When installing a router on your home network the routers settings are usually defaulted to automatically protect your home, and simplify setup. This is done because

More information

D-Link Central WiFiManager Configuration Guide

D-Link Central WiFiManager Configuration Guide Table of Contents D-Link Central WiFiManager Configuration Guide Introduction... 3 System Requirements... 3 Access Point Requirement... 3 Latest CWM Modules... 3 Scenario 1 - Basic Setup... 4 1.1. Install

More information

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview Configuration Guide How to Configure SSL VPN Features in DSR Series Overview This document describes how to configure D-Link DSR-500N to enable SSL VPN feature. An SSL VPN is a form of VPN that can be

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client Make sure your DI-804HV or DI-808HV is running firmware ver.1.40 August 12 or later. You can check firmware version

More information

Particularities of security design for wireless networks in small and medium business (SMB)

Particularities of security design for wireless networks in small and medium business (SMB) Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro

More information

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks UCOPIA White Paper October 2008 TABLE OF CONTENT 1 Introduction... 4 2 UCOPIA

More information

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement

More information

Cisco TrustSec How-To Guide: Guest Services

Cisco TrustSec How-To Guide: Guest Services Cisco TrustSec How-To Guide: Guest Services For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...

More information

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface. Quick Note 53 Ethernet to W-WAN failover with logical Ethernet interface. Digi Support August 2015 1 Contents 1 Introduction... 2 1.1 Introduction... 2 1.2 Assumptions... 3 1.3 Corrections... 3 2 Version...

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Internet and Intranet Calling with Polycom PVX 8.0.1

Internet and Intranet Calling with Polycom PVX 8.0.1 Internet and Intranet Calling with Polycom PVX 8.0.1 An Application Note Polycom PVX is an advanced conferencing software application that delivers Polycom's premium quality audio, video, and content sharing

More information

Chapter 2 Connecting the FVX538 to the Internet

Chapter 2 Connecting the FVX538 to the Internet Chapter 2 Connecting the FVX538 to the Internet Typically, six steps are required to complete the basic connection of your firewall. Setting up VPN tunnels are covered in Chapter 5, Virtual Private Networking.

More information

Connecting an Android to a FortiGate with SSL VPN

Connecting an Android to a FortiGate with SSL VPN Connecting an Android to a FortiGate with SSL VPN This recipe describes how to provide a group of remote Android users with secure, encrypted access to the network using FortiClient and SSL VPN. You must

More information

WAN Failover Scenarios Using Digi Wireless WAN Routers

WAN Failover Scenarios Using Digi Wireless WAN Routers WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another

More information

Chapter 1 Configuring Internet Connectivity

Chapter 1 Configuring Internet Connectivity Chapter 1 Configuring Internet Connectivity This chapter describes the settings for your Internet connection and your wireless local area network (LAN) connection. When you perform the initial configuration

More information

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Basic Network Configuration

Basic Network Configuration Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the

More information

Chapter 15: Advanced Networks

Chapter 15: Advanced Networks Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical

More information

9243060 Issue 1 EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

9243060 Issue 1 EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation 9243060 Issue 1 EN Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation Nokia 9300i Configuring connection settings Nokia 9300i Configuring connection settings Legal Notice

More information

Network Services Internet VPN

Network Services Internet VPN Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

UAG4100 Support Notes

UAG4100 Support Notes 2013 UAG4100 Support Notes CSO ZyXEL 2013/07/29 Table of Contents Scenario 1 Activate a Paid Access Hotspot... 2 Print ticket to access the Internet... 3 Pay with PayPal payment service to access the Internet...

More information

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server

More information

Routing Security Server failure detection and recovery Protocol support Redundancy

Routing Security Server failure detection and recovery Protocol support Redundancy Cisco IOS SLB and Exchange Director Server Load Balancing for Cisco Mobile SEF The Cisco IOS SLB and Exchange Director software features provide a rich set of server load balancing (SLB) functions supporting

More information

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats

More information

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Licenses are not interchangeable between the ISRs and NGX Series ISRs. Q&A Cisco IOS SSL VPN Q. What is Cisco IOS SSL VPN or SSL VPN? A. Secure Sockets Layer (SSL)-based VPN is an emerging technology that provides remote-access connectivity from almost any Internet-enabled

More information

Firewall Security. Presented by: Daminda Perera

Firewall Security. Presented by: Daminda Perera Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

How to configure your Thomson SpeedTouch 780WL for ADSL2+

How to configure your Thomson SpeedTouch 780WL for ADSL2+ How to configure your Thomson SpeedTouch 780WL for ADSL2+ Connecting up your router This guide assumes that you have successfully: unpacked your router connected it up to your phone socket using the DSL

More information