Configuring Roles and Policies on IAPs for User Access Control

Instant Access Points (IAPs) support identity-based access control to enforce application-layer security, prioritization, traffic forwarding, and network performance policies for wired and wireless networks. Using the IAP firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies, you can enforce network access policies to define access to the network, areas of the network that the user may access, and the performance thresholds of various applications.

IAPs supports a role-based stateful firewall. In other words, Instant firewall can recognize flows in a network and keep track of the state of sessions. The firewall logs on the IAPs are generated as syslog messages. The firewall feature also supports ALG Application Layer Gateway. ALG is a security component that manages application layer protocols such as SIP, FTP and so on. functions such as SIP Session Initiation Protocol. SIP is used for signaling and controlling multimedia communication session such as voice and video calls. , Vocera, Alcatel NOE New Office Environment. NOE is a proprietary VoIP protocol designed by Alcatel-Lucent Enterprise., and Cisco Skinny protocols.

ACL Rules

You can use ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. rules to either permit or deny data packets passing through the IAP. You can also limit packets or bandwidth available to a set of user roles by defining access rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses.

You can create access rules to allow or block data packets that match the criteria defined in an access rule. You can create rules for either inbound traffic or outbound traffic. Inbound rules explicitly allow or block the inbound network traffic that matches the criteria in the rule. Outbound rules explicitly allow or block the network traffic that matches the criteria in the rule. For example, you can configure a rule to explicitly block outbound traffic to an IP address through the firewall.

The IAP clients are associated with user roles, which determine the client’s network privileges and the frequency at which clients re-authenticate. IAP supports the following types of ACLs:

• ACLs that permit or deny traffic based on the source IP address of the packet.
• ACLs that permit or deny traffic based on source or destination IP address, or source or destination port number.

Configuring Network Address Translation Rules

NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. is the process of modifying network address information when packets pass through a routing device. The routing device acts as an agent between the public (the Internet) and private (local network), which allows translation of private network IP addresses to a public address space.

IAP supports the NAT mechanism to allow a routing device to use the translation tables to map the private addresses into a single IP address and packets are sent from this address, so that they appear to originate from the routing device. Similarly, if the packets are sent to the private IP address, the destination address is translated as per the information stored in the translation tables of the routing device.

See Also:

• Configuring Network Service ACLs
• Configuring ACLs for Deep Packet Inspection
• Configuring User Roles for IAP Clients
• Configuring Role Derivation Rules for IAP Clients
• Configuring Firewall Parameters for Inbound Traffic