Policies and Profiles
Network policies and profiles are a set of rules that identify, authenticate, authorize, monitor, and account for network-connected devices and users. Policies and profiles can be created and used to configure network rules for handling network security and traffic.
The following processes are automated
using the Policies & Profiles feature.
- Authenticate users and devices.
- Authorize user and device access.
- Maintain user and device activity records.
- Manage network traffic from connected devices.
- Identify user violations and unauthorized connected devices.
The following are the benefits of
creating policies and profiles:
- You can monitor network performance and traffic.
- Network violations are detected more efficiently.
- Threats are detected and contained more quickly.
- Identify the users and devices that show security risk.
The following Policies and Profiles can be applied to all network devices, users, applications, and Operating Systems (OS):
| RADIUS Server | Authenticates the user request, identifies if the user is authorized to access the network, and provides the necessary authorization. Once the user accesses the network server, it maintains a record of the user's activities on the network server. |
| Access Control | Identifies, authenticates, and authorizes the devices, OS, and applications requesting network server access. |
| Client Isolation | Prevents wireless devices connected to the same network from communicating with each other. |
| Wi-Fi Operator | Provides a Wi-Fi network comprising guest access APs using a Hotspot 2.0 service. |
| Identity Provider | Provides the necessary authentication and accounting services that enable guest users to gain access to a Wi-Fi network using a Hotspot 2.0 service. |
| MAC Registration List | Creates MAC address lists to enable device access to wireless networks. |
| Rogue AP Detection | Identifies unauthorized wired or wireless access points connected to the network server. |
| Syslog Server | Specifies the Syslog server address, which allows network connected devices to submit log messages to the specified Syslog server. |
| VLAN Pools | Creates a VLAN pool by grouping together many wireless controller VLANs and reducing network traffic. |
| SNMP Agent | Creates an SNMP Agent Profile with widely accepted protocols to manage and monitor network devices. |
| Tunnel Profile | It provides IP addresses to end-devices. |
| Adaptive Policy | Creates an Adaptive Policy that configures a destination network to authenticate, authorize, and account for the clients attempting to connect to the network server. |
| Location Based Service Server | Creates a Location Based Service (LBS) Server profile that is linked to multiple venues, allowing for efficient tracking and management of location-specific information. |
| Certificate Template | Creates certificates to establish temporary communication and verify the identity of entities in a network. |
| HQoS Bandwidth | Hierarchical Quality of Service (HQoS) bandwidth refers to the allocation and management of network bandwidth using a hierarchical approach. |
| SoftGRE | Soft Generic Routing Encapsulation (SoftGRE) is a tunneling method that lets an AP send traffic to a SoftGRE gateway without needing specific settings for each AP. |
| Directory Server | A Directory Server uses Active Directory or Light Directory Access Protocol (LDAP) to manage directory information, such as user profiles, authentication credentials, and network resource information. |