Escolar Documentos
Profissional Documentos
Cultura Documentos
Schedule
Setup Dates:
Days: 1 - 2 days for setup and configuration, with 1 day show and tell and hand-over.
Wireless LAN
2. Will customer provide VMware infrastructure to host CGX Access virtual appliance?
Minimum Requirements: Dual Core CPU, 2GB RAM, 10GB HD space
We have an existing VMWare infrastructure to host the virtual appliance (see below for the
specs of the server)
3. Does the VM infrastructure have access to each of the VLANs to be tested? Yes.
4. Can the customer provide a VLAN trunk with the VLANs to be tested? Yes.
5. Does the customer have an Active Directory Server? Desirable: a) AD integration can be
configured so managed devices are given full access by default b) Device registration
The test environment segment has an AD server.
6. Does the customer use Symantec, Sophos, McAfee, or Trend Micro Anti-Virus? Is AV
integration desired?
I think we can skip over this feature since we use Microsoft Forefront as our AV .
Subnets to be tested
Network Segment Location\ Info Use Case VLAN ID \ IP Ranges
Test Environment Datacenter Will host VM VLAN 1000
Segment appliance and
captive portal 172.17.100.1 –
172.17.100.254
Test Environment HQ – end-user segment Company owned VLAN 1000
Segment devices only 172.17.100.1 –
172.17.100.254
Staff SSID HQ - Uses pre-shared key, BYOD, no corporate VLAN 1000
want users to register their owned, no guests 172.17.100.1 –
devices with AD account 172.17.100.254
Guest SSID HQ - Guest must register Guests only with VLAN 49
for access account expiration 192.168.49.1-
192.168.49.254
Configuration details
Setup required Purpose Customer provided info
Processor: 4
Logical Processors: 16
RAM: 16GB
VMware networking CGX Access must have access Host Server is configure to be
to each of the subnets to be trunked and virtual NICs can
Virtual Adapters and\ or trunk tested on. be configured for VLAN
ports? assignment.
POC Results
User Type Compliance with Access Rights
Policy
Managed PC that is Yes Full Access
compliant with all
security requirements
Managed PC that is not No Limited Access with Remediation Access
compliant with critical i.e, AV updates
security requirements
White-listed Device NA Full Access
Unknown device NA Restricted Access
BYOD device NA BYOD Access
Guest device NA Guest Access
Unknown devices cannot send traffic to whitelisted devices or servers on other network
segments. Pings fail. Note: Can be configured so protection is extended to all full access
devices.
Audit Capabilities:
Guest \ BYOD:
Policies can be set to limited who bring devices and the type of BYOD devices allowed
Employee (sponsors) should be able to create guest accounts for their visitors
Employee (sponsors) should allow their guest to create their own guest accounts
Guest accounts should expire automatically with predefine support for several predefined
values
Should allow for guests to be promoted to Consultants with greater network access
Visibility Reporting: