Fortress Technologies ecure Wireless Access Bridge, User Manual, Page: 13 / 144

Share

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
116 pages after

Page: 13 / 144

Fortress Technologies ecure Wireless Access Bridge User Manual Download Page 13

Fortress Bridge: Introduction

3

3)

User authentication

requires the user of a connecting

device to enter a recognized user name and valid creden-
tials, a password, for example, or a digital certificate. The
Fortress Security System can authenticate users locally or
through existing user-authentication provisions.

1.3.2

Strong Encryption at the MAC Layer

Fortress ensures network privacy at the Media Access Control
(MAC) sublayer, within the Data Link Layer (Layer 2) of the
Open System Interconnection (OSI) networking model. This
allows a transmission’s entire contents, including the IP
address and any broadcast messages, to be encrypted.
Additionally, Fortress supports the FIPS-validated encryption
algorithm: AES-128/192/256.

1.3.3

System Components

The Fortress Security System comprises three components:

A Fortress controller device (Gateway/Controller/Bridge)
provides internal network security by bridging encrypted
wired or wireless communications to the wired LAN or by
remotely bridging point-to-point or -multipoint LAN and
WLAN connections.

The Fortress Secure Client provides device security and
secure wireless connectivity for mobile devices connected
to networks protected by a Fortress controller device.

Fortress Management and Policy Server (MaPS™)
provides centralized management of network devices and
resources, as well as rules-based access control and
network, device and user authentication, by itself or
integrated with back-end corporate authentication servers.

1.3.4

Operating Modes

The Fortress Security System can be operated in either of two,
mutually exclusive modes.

1.3.4.1

Normal Operating Mode

In

Normal

operating mode, the Fortress Security System

provides the highest available level of network security, without
the additional safeguards Federally mandated for some
government networks.

Normal

mode of operation is generally

more than adequate for even the most stringent security and
privacy requirements in unregulated environments.

1.3.4.2

FIPS Operating Mode

In

FIPS

mode, the Fortress Security System complies fully with

the Federal Information Processing Standards (FIPS) 140-2
standard for cryptographic products. Because of its added
administrative complexities, however,

FIPS

mode is

recommended only for networks that explicitly require FIPS
compliance.

«
...
11
12
13
14
15
...
»

Summary of Contents for ecure Wireless Access Bridge

Page 1: ...Fortress Security System Secure Wireless Access Bridge User Guide www fortresstech com 2006 Fortress Technologies ...

Page 2: ......

Page 3: ...ess This product uses the Abyss Web Server Copyright 2000 Moez Mahfoudh moez bigfoot com All rights reserved This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Copyright 1995 1998 Eric Young eay cryptsoft com All rights reserved This package is an SSL implementation written by Eric Young eay cr...

Page 4: ...cument are the property of their respective owners FCC EMISSIONS COMPLIANCE STATEMENT THIS EQUIPMENT HAS BEEN TESTED AND FOUND TO COMPLY WITH THE LIMITS FOR A CLASS A DIGITAL DEVICE PURSUANT TO PART 15 OF THE FCC RULES THESE LIMITS ARE DESIGNED TO PROVIDE REASONABLE PROTECTION AGAINST HARMFUL INTERFERENCE WHEN THE EQUIPMENT IS OPERATED IN A COMMERCIAL ENVIRONMENT THIS EQUIPMENT GENERATES USES AND ...

Page 5: ...ity System 2 Multi factor Authentication 2 Strong Encryption at the MAC Layer 3 System Components 3 Operating Modes 3 Normal Operating Mode 3 FIPS Operating Mode 3 Deployment Options 4 This Document 5 Document Conventions 5 Related Documents 5 2 Installation 6 Introduction 6 System Requirements 6 Compatibility 7 Preparation 7 Shipped and Optional Parts 7 Preparing the Network 8 Port Locations 8 Sa...

Page 6: ...Accounts 21 Accessing the GUI 21 Logging Off 22 LAN Settings 22 Spanning Tree Protocol 23 WAN Port Encryption 23 Radio Settings 24 Radio State Band and Mode Settings 25 Radio State 25 Radio Band 25 Radio Mode 25 Bridge Mode 25 Radio Transmission and Reception Settings 26 Channel 26 Transmit Power 26 Distance 27 Preamble 27 Beacon Interval 28 Multicasting 28 Received Signal Strength Indicator 29 Co...

Page 7: ...tings 46 Default Device Authentication Settings 46 Blackout Mode 47 System Date and Time 48 Restoring Default Settings 48 Front Panel Operation 49 Mode Selection from the Front Panel 49 Toggling the Bridge Mode Setting on Radio 2 49 Toggling the Blackout Mode setting 50 Rebooting the Bridge from the Front Panel 51 Restoring Defaults from the Front Panel 51 4 Administration 52 Device Authentication...

Page 8: ...65 Upgrading Bridge Software 65 Rebooting the Bridge 67 5 Monitoring and Diagnostics 68 Statistics 68 Traffic Statistics 69 Interface Statistics 69 Radio Statistics 70 Tracking 70 AP Associations 72 View Log 73 Diagnostics 75 Pinging a Device 75 Tracing a Packet Route 75 Flushing the Host MAC Database 76 Generating a Diagnostics File 76 Front Panel Indicators 77 System LEDs 77 Radio LEDs 78 Port L...

Page 9: ...Default Settings in the CLI 95 Non 802 1X Authentication Settings in the CLI 95 Non 802 1X Authentication Server Settings 95 Non 802 1X EAP Retry Interval Setting 96 802 1X Authentication Settings in the CLI 97 802 1X Authentication Server Settings 97 Internal LAN Switch Port 802 1X Settings 99 Administration in the Bridge CLI 99 Trusted Devices in the CLI 99 Adding Trusted Devices in the CLI 100 ...

Page 10: ...Network Bridges 106 Reconfiguring Network Settings with SAC 109 Adding and Deleting Network Bridges with SAC 111 Adding a New SAC Network Bridge 111 Deleting a Bridge from a SAC Network 113 7 Specifications 114 Hardware Specifications 114 Performance 114 Physical 114 Environmental 114 Compliance 115 Logical Interfaces 115 RJ 45 to DB9 Console Port Adapter 115 8 Troubleshooting 117 Index 119 Glossa...

Page 11: ... every device The Bridge can be quickly and transparently integrated into an existing network It can be powered with standard AC current or as an Ethernet powered device PD through its WAN port which supports power over Ethernet PoE Once it is installed and configured operation is automatic requiring no administrator intervention as it protects data transmitted on WLANs and between WLAN devices an...

Page 12: ...applied to determine what on the network the authenticated user or device can access when and with what permissions Privacy or confidentiality implementations prevent information from being derived from intercepted network traffic through the use of data encryption and guard against network tampering by checking the integrity of transmitted data 1 3 The Fortress Security System The Fortress Securi...

Page 13: ...ons The Fortress Secure Client provides device security and secure wireless connectivity for mobile devices connected to networks protected by a Fortress controller device Fortress Management and Policy Server MaPS provides centralized management of network devices and resources as well as rules based access control and network device and user authentication by itself or integrated with back end c...

Page 14: ...tress Bridge Introduction 4 1 3 5 Deployment Options The Fortress Security System is flexible and expandable Figure 1 1 Example Point to Multipoint Deployment of the Fortress Secure Wireless Access Bridge ...

Page 15: ...ver rather than verbatim repetition Introductory matter before numbered steps will generally contain information necessary to the successful completion of the task Descriptive matter below a stepped procedure may add to your understanding but is not essential to the task NOTE may assist you in executing the task e g a conve nient software feature or notice of something to keep in mind Side notes t...

Page 16: ... It can function as a wireless access point AP providing secure WLAN connectivity to wireless devices within range or as a wireless bridge in a point to point or point to multipoint network 2 Radio 2 is fixed on the 802 11a band As the higher powered of the two radios it would normally be the first choice for the bridging function in a mixed AP wireless bridge deployment but it can equally functio...

Page 17: ...anel cover plate one RJ 45 connector boot assembly six pieces one antenna port cap ES520 Mast Mounting Kit including one mast mounting bracket two 4 long fully threaded 1 4 20 hex bolts two 1 4 split lock washers Optionally you can purchase from Fortress Technologies 5 x GHz 9dBi omnidirectional antenna with an N type male direct connector 2 4 2 485 GHz 9dBi omnidirectional antenna with an integra...

Page 18: ......

Page 19: ...Front Panel Cover Plate included provides the necessary water and dust resistance to environmentally protect the unit In addition the three Front Panel Cover Plate thumbscrews must be hand tightened taking care not to over tighten to prevent the operator access area USB Console Ethernet ports and power inlets from being exposed The Bridge should not be used outside a home school or other public ar...

Page 20: ...cordance with NEC Article 725 and 800 and all requirements must be met in relationship to clearances with power lines and lighting conductors All cabling must be category 5e per TIA EIA 568 B 2 WARNING If the Bridge connects to outside mounted anten nas failure to provide a low resistive earth ground can result in mi gration of voltage from lightning or line surges onto the premises wir ing which ...

Page 21: ...evices within range and it will transmit and receive on channel 1 Radio 2 will be used for bridging in a point to point or point to multipoint deployment of multiple Fortress Bridges and it will transmit and receive on channel 149 with a distance setting of 1 mile STP Spanning Tree Protocol is enabled on the Bridge and Multicast is enabled on the non root Bridge s In indoor deployments the Bridge ...

Page 22: ...tors are only 5 apart Avoid directly mounting two antennas to the Bridge s rear panel connectors 4 Connect the Bridge s WAN port to an external 802 3af PSE PoE Power Sourcing Equipment Power over Ethernet source which if the WAN port will connect to a satellite link or a DSL or cable modem provides an in line connection to the necessary network device Outdoor Bridge installations require a PoE sou...

Page 23: ...In LAN IP address enter a network address for the Fortress Bridge s management interface the address to be used for all subsequent administrative access to the Bridge In LAN Subnet mask enter the correct subnet mask for the Bridge s IP address In Default gateway enter the IP address of the default gateway or router for the network on which you are installing the Bridge NOTE For infor mation about ...

Page 24: ...ield re enter the new Access ID to ensure against entry errors Click Apply CAUTION The Bridge is not se cure until you have changed the default Ac cess ID and wireless SSIDs and reset both GUI passwords and the CLI password to a mini mum of eight mixed al phanumeric upper and lowercase characters 6 From the main menu on the left choose BRIDGE PASSWORD and on the BRIDGE PASSWORD screen Leave User N...

Page 25: ...in the point to point multipoint deployment choose RADIO SETTINGS from the main menu and in Bridge Mode setting for Radio 2 choose Non Root and click Apply 9 From the main menu on the left choose SYSTEM OPTIONS and on the SYSTEM OPTIONS screen in the SET SYSTEM TIME section enter the correct date and time in the fields provided using two digit values hh mm MM DD YY and click Apply NOTE The SYSTEM ...

Page 26: ... Do not assemble the con nector boot without first referring to these in structions Several as sembly steps are irreversible Incorrectly assembled connector boots are unusable and cannot be disassem bled 2 4 3 Weatherizing the Bridge All front panel ports must be disconnected before you can install the Weatherizing Kit To install the Weatherizing Kit 1 Install the RJ 45 connector boot assembly on ...

Page 27: ... other and squeeze the two halves of the connector collar together until they snap into place NOTE Plugging the connector boot into the WAN port is de scribed in Step 4 of Sec tion 2 4 5 Align the primary key tab on the inner ring of the connector boot with the cable connector s locking tab Maintaining this alignment fit the RJ 45 connector collar assembly into the boot through the boot s threaded...

Page 28: ...g holes in the underside of the Bridge 5 Tighten the bolts securely until the split lock washers are flattened between the bolt heads and the mounting bracket Figure 2 4 Attaching the Mast Mounting Bracket and Grounding Stud 2 4 5 Reconnecting the Bridge for Outdoor Operation WARNING To comply with FCC rules antennas must be professionally installed Improperly grounded outdoor antennas pose a part...

Page 29: ...r ring of the connector boot clockwise until the channels in the ring align with the locking studs on the Bridge s WAN port casing Continue twisting the boot s outer ring clockwise until the locking channels are fully engaged and the boot is flush with the port casing A distinct click in the final turn of the boot s outer ring indicates that connector and boot are securely plugged into the Bridge ...

Page 30: ...nnected the exter nal 48V power supply is automatically selected as the Bridge s primary power source and or Connect the Bridge s WAN port to an external 802 3af PSE PoE Power Sourcing Equipment Power over Ethernet source If the WAN port will connect the Bridge to a satellite link or a DSL or cable modem ensure the PSE PoE source is in line with the necessary network device 5 Connect up to eight w...

Page 31: ... GUI functions used to reconfigure the Bridge and the network it secures are not displayed or when displayed are grayed out 3 1 2 Accessing the GUI You can access the Bridge GUI from any computer with access to the Bridge any computer in the Bridge secured network s unencrypted zone as well as any computer in the encrypted zone and running the Fortress Secure Client NOTE The default IP address is ...

Page 32: ...ill automatically be logged off If you are using Firefox s tabbed browsing you will only be logged off when you close the active browser instance completely Closing only the Bridge GUI s active tab in the browser will not log you off 3 2 LAN Settings LAN settings are those that configure network access to the Bridge s management interface its network host name IP address subnet mask and default ga...

Page 33: ...he only radio to which multicasting applies is one with a Radio Mode setting of Bridge and a Bridge Mode setting of Non Root If you disable STP on the LAN SETTINGS screen the Multicast field on the RADIO SETTINGS screen of any radio so configured will be enabled giving you the option of turning multicasting off for that radio Refer to Section 3 3 2 6 for more detail on the multicast function of Br...

Page 34: ...N Port configures the WAN port to reside in either the encrypted zone of the Bridge secured network or in the unencrypted zone NOTE If you are using Firefox s tabbed browsing you must close the active browser instance com pletely not just Bridge GUI s active tab in the browser Click Apply 3 Click OK on the system prompt that instructs you to reboot 4 Follow the instructions in Section 4 7 to reboo...

Page 35: ...r of two modes AP A radio in AP mode functions exclusively as a wireless access point allowing connections only from wireless devices It does not permit connections to or from other Fortress Bridges Bridge A radio in Bridge mode functions as network bridge in a point to point multipoint network of other Fortress Bridges and it allows connections from wireless devices In Bridge mode then a radio ca...

Page 36: ...er radio with a Radio Mode setting of Bridge and a Bridge Mode setting of Non Root The channels available for a radio in AP Radio Mode or in Root Bridge Mode are a function of the frequency band it uses On Radio 2 and Radio 1 when it is configured to use the 802 11a band you can select channels 36 40 44 48 52 56 60 64 149 153 157 or 161 On Radio 1 when it is configured to use the 802 11g band you ...

Page 37: ...the Distance setting would be 3 miles the longest distance in the network between two Bridges without another Bridge between them Propagation delay is not a concern at distances of one mile and under at which you should leave the setting at 1 mile the default for both radios Additional radio configuration can be done through the Bridge CLI refer to Section 6 7 3 3 2 4 Preamble The short preamble i...

Page 38: ...e Bridge is serving as a repeater for an outlying Bridge that is an intended receiver it passes the packet along this route or If the Bridge is neither an intended receiver nor the repeater for an intended receiver it drops the packet Non root Bridges on which Multicast is disabled will drop all multicast packets The Multicast function applies exclusively to non root Bridges and so can only be Ena...

Page 39: ...n to the Bridge GUI admin account and select RADIO SETTINGS from the menu on the left 2 On the RADIO SETTINGS screen in the column that corresponds to the radio you want to configure enter new values into the relevant fields described in sections 3 3 1 and 3 3 2 NOTE When you change TxPower from Auto to another value the change takes effect immediately When you change the setting from another valu...

Page 40: ...hrough 3 3 4 5 describe the fields available through the Edit buttons in the VIRTUAL ACCESS POINTS frame Section 3 3 4 6 provides step by step instructions to configure them 3 3 4 1 SSID CAUTION The net work is not fully secure until the radio SSIDs have been changed from their de fault settings The service set identifier associated with each VAP is a unique string of up to 32 characters included ...

Page 41: ... 2 5 is configured on the RADIO SETTINGS screen The DTIM Period determines the number of beacons in the countdown between transmitting the initial DTIM and sending the buffered messages Whole values from 1 to 255 inclusive are accepted the default is 1 3 3 4 4 RTS and Fragmentation Thresholds The RTS Threshold allows you to configure the maximum size of the frames the VAP sends without using the R...

Page 42: ...Bridge GUI or in the Bridge CLI When the Radio Mode is Bridge whether in Root or Non Root mode you must select Fortress as the Security Suite setting for that radio s single VAP A Security Suite setting of Fortress requires no further configuration in the SECURITY SUITE SETTINGS frame Open WEP and Shared WEP Open WEP Wired Equivalent Privacy and Shared WEP both use static keys for data encryption ...

Page 43: ...d and exchanged automatically at user specified intervals This interval is the only additional setting required for 802 1X security Specify the interval in seconds in the 802 1X Rekey Period field Whole numbers between 0 and 99999 inclusive are allowed A value of 0 zero disables the rekeying function the keys used by connecting devices will remain unchanged for the duration of their sessions WPA W...

Page 44: ...ting WPA Mixed PSK depending on the WPA PSK type in use by the connecting device Like enterprise mode WPA WPA PSK and WPA2 PSK generate encryption keys dynamically and exchange keys automatically with connected devices at user specified intervals Specify the interval in seconds in the WPA Rekey Period field Whole numbers between 0 and 99999 inclusive are allowed A value of 0 zero disables the reke...

Page 45: ...URI TY SETTINGS screen in the AUTHENTICATION SET TINGS section and on the INTERFACES screen in the 802 1X AUTHENTICATION SERVER frame In order to support 802 1X authentication whether for wireless 802 1X Security in Section 3 3 4 5 or wired devices Section 3 4 2 the Bridge must be configured to use an external 802 1X authentication server Certain other VAP Security Suite settings specifically thos...

Page 46: ...gured for the Bridge Section 3 4 1 Configure this function in the LAN PORT 802 1X SETTINGS frame of the INTERFACES screen where the port numbers shown in the GUI correspond to the numbered ports 1 8 as labeled on the Bridge s front panel shown in Figure 2 1 1 Log on to the Bridge GUI admin account and select INTERFACES from the menu on the left 2 In the LAN PORT 801 1X SETTINGS frame use the dropd...

Page 47: ...Fortress Bridge Configuration 37 NOTE For security ...

Page 48: ...xt signal indicates that the Bridge is in Bypass Mode BPM FIPS operating mode is necessary for deployments and applications that are required to comply with the Federal Information Processing Standards FIPS for cryptographic modules The high levels of security that can be implemented in the Fortress Security System s Normal operating mode meet or exceed the needs of virtually all unregulated netwo...

Page 49: ...s the Bridge CLI from a network connection to the Bridge s management interface Secure Shell SSH must be enabled When SSH is disabled you can access the Bridge CLI exclusively through a direct connection to its Console port Secure Shell SSH is disabled on the Bridge by default To configure SSH access to the Bridge CLI 1 Log on to the Bridge GUI admin account and select SECURITY SETTINGS from the m...

Page 50: ...o recover three sets of keys from the Bridge in addition to the keys generated by connecting devices re keying behaviors quickly enough to use them before the next re key the possibility of which is vanishingly remote To change the Bridge s re keying interval 1 Log on to the Bridge GUI admin account and select SECURITY SETTINGS from the menu on the left 2 On the RE KEYING INTERVAL section of the S...

Page 51: ...ribes the settings that select and configure 802 1X authentication for wireless devices Section 3 4 covers 802 1X Server and LAN Port Settings NOTE To support smart cards au thenticated through PKI Public Key Infrastruc ture the Bridge must be configured to use an External RADIUS server that supports EAP TLS authentication Refer to your RADIUS docu mentation for guidance on configuring the ser vic...

Page 52: ...le all authentication 1 Log on to the Bridge GUI admin account and select SECURITY SETTINGS from the menu on the left 2 In the AUTHENTICATION SETTINGS frame in the Mode field select one of Disabled disables authentication the default Local enables authentication through the Bridge s internal RADIUS server and enables local configuration of authentication settings External enables authentication th...

Page 53: ...sabled when External authentication is selected These settings are configured on the external authentication server NOTE If you are using both RADI US and 802 1X authenti cation services they can run on the same exter nal server but you must enter the server s set tings both on the SECURI TY SETTINGS screen in the AUTHENTICATION SET TINGS section and on the INTERFACES screen in the 802 1X AUTHENTI...

Page 54: ...ed device authentication skip this step or If you enabled device authentication determine the default user authentication setting for new devices NOTE You can change the user authentication setting for devices individual ly on the DEVICE AU THENTICATION screen described in Section 4 1 2 check the box beside with User Auth by default to enable user authentication by default for new devices auto pop...

Page 55: ...ge that handles traffic from the device Users who exceed the maximum allowable retry attempts to log on to the Bridge secured network are locked out until you reset their sessions 3 6 6 6 Restart Session Login Prompt When the Restart Session Login Prompt is enabled on the Bridge the sessions of users whose traffic is passed by that Bridge timeout at the configured interval forcing these users devi...

Page 56: ...Log on to the Bridge GUI admin account and select SECURITY SETTINGS from the menu on the left 2 In the AUTHENTICATION SETTINGS frame in Auth Mode ensure that Local authentication is enabled 3 Under AUTHENTICATION DEFAULTS In User Idle Timeout enter the number of whole minutes between 1 and 9999 that a user s device can be idle on the network before it must renegotiate keys with the Bridge Enter ze...

Page 57: ...disable user authentication for new devices by default 4 Under AUTHENTICATION DEFAULTS in the Device State field select one of Allow the device will be allowed to connect Pending connection requires administrator action explicitly changing the device s Auth State to Allow Deny the device is not allowed on the network 5 Click Apply at the bottom of the screen NOTE When the Bridge is in black out mo...

Page 58: ...ount and select SYSTEM OPTIONS from the menu on the left 2 At the top of the SYSTEM OPTIONS screen under SET SYSTEM TIME enter the time and date using two digit values according to the format hh mm MM DD YY 3 Click Apply at the bottom of the SET SYSTEM TIME frame 3 9 Restoring Default Settings The Fortress Bridge s factory default configuration settings can be restored in their entirety through th...

Page 59: ...s 3 10 1 1 Toggling the Bridge Mode Setting on Radio 2 Radio 2 is in Bridge Radio Mode by default and its default Bridge Mode setting is Root If this setting is still at its default value the procedure below will change the Bridge Mode setting to Non Root If the setting is currently Non Root the procedure will return the setting to Root NOTE You can also change the Bridge Mode setting in the Bridg...

Page 60: ...LEDs If the Bridge is already in blackout mode the procedure will disable it turn the front panel LEDs back on NOTE You can also change the BLACKOUT MODE setting in the Bridge GUI Section 3 7 or in the Bridge CLI Section 6 4 5 9 1 Press SW1 and hold it down for five seconds just until the upper Radio LEDs go out then immediately release it The Stat1 LED should be flashing slowly green 2 While Stat...

Page 61: ... You can also restore the Bridge s factory default settings from the Bridge CLI Section 6 4 7 1 Press and hold SW1 2 Still holding SW1 press and hold SW2 for 10 seconds All LEDs will flash fast green to indicate that factory default settings will be restored 3 Hold both switches down for another 10 seconds until all LEDs light solid green If you release the switches before the LEDs light solid gre...

Page 62: ...ecting Disabled Local or External on the AUTHENTICATION SETTINGS frame of the SECURITY SETTINGS screen Device authentication can be enabled only when Local authentication is selected NOTE Refer to Section 3 6 6 1 for instructions on globally enabling authentication and to Section 3 6 6 4 for instructions on globally enabling device authen tication and configur ing devices default user authenticati...

Page 63: ...t device state and user authentication option settings for new devices Another default setting in the AUTHENTICATION SETTINGS frame determines whether user authentication is included by default for devices auto populating the DEVICE AUTHENTICATION screen Whatever default settings you choose for authenticating devices you can change the initial Device State and AUTHENTICATION OPTIONS settings indiv...

Page 64: ... authentication while leaving the settings under AUTHENTICATION OPTIONS Section 3 6 6 8 at their defaults devices auto populate the AUTHORIZED DEVICES list with the user authentication option Auth State configures the initial state of the device s connection to the encrypted zone Allow the device will be allowed to connect Pending connection requires administrator action Change the device s Auth S...

Page 65: ...elete column for the device s you want to delete or click Check All below the column to select all devices for deletion 3 Click Delete All Checked Devices The device s you selected will be removed from the AUTHORIZED DEVICES display NOTE The Bridge supports 802 1X authentication through separate and unrelated configuration settings These are described in 802 1X Security for wireless devices and in...

Page 66: ...hentication settings While idle timeout and session timeout settings can be individually configured for each user the default values for these settings are determined by the AUTHENTICATION DEFAULTS set in the AUTHENTICATION SETTINGS frame of the SECURITY SETTINGS screen 4 2 2 Individual User Authentication Settings User authentication on the Fortress Bridge requires the usual settings to identify ...

Page 67: ...value in the ADD USER frame will be at 720 minutes Active enables disables user access to the account A check in the box enables the account the default clearing the checkbox disables it 4 2 2 1 Adding a User New user accounts can only be created on the Bridge when Local authentication is globally enabled refer to Section 4 2 above To add a user 1 Log on to the Bridge GUI admin account and choose ...

Page 68: ...eflects your changes 4 2 2 3 Deleting a User Account You can delete a user account at any time Alternatively you can edit a user account to be temporarily inactive by clearing the Active checkbox reactivating the account at a later date refer to Section 4 2 2 2 above To delete a user account 1 Log on to the Bridge GUI admin account and choose USER AUTHENTICATION from the menu on the left 2 On the ...

Page 69: ...server CAUTION Specify ing that any port can access a TD can pose a significant secu rity risk MAC Address establishes the device s MAC address Port Number s specifies the port numbers through which the Trusted Device can access the encrypted zone or by entering the word any configures access for the device through any port For reference the screen displays commonly used port numbers to the right ...

Page 70: ...tifier To edit a Trusted Device 1 Log on to the Bridge GUI admin account and choose TRUSTED DEVICES from the menu on the left 2 On the TRUSTED DEVICES screen under MANAGED TRUSTED DEVICES click the TD Identifier of the device for which you want to change the settings 3 In the resulting EDIT TRUSTED DEVICE dialog enter valid values into the relevant fields described above 4 Click OK to save the new...

Page 71: ...re managed no differently from other Trusted Devices 4 4 SNMP Settings NOTE You cannot configure SNMP monitoring on a For tress Bridge in FIPS op erating mode the default Refer to Sec tion 3 6 1 for more infor mation about Bridge operating modes and to Section 6 4 5 5 for de tails on changing it The Fortress Bridge can be configured for monitoring through SNMP Simple Network Management Protocol ve...

Page 72: ... so will be restored from a backup file NOTE The Bridge Mode setting which determines whether a Fortress Bridge in bridge mode will act a root or a non root node is not backed up Because recording them could pose a security risk no passwords are backed up In order to maintain network security after restoring from a backup file all passwords must be reset for each of the Bridge s password protected...

Page 73: ... 1 8 802 1X off on VAP Security Suite settings security Access IDa a The Access ID and encryption algorithm are not backed up for a Bridge in FIPS operating mode encryption algorithma re keying interval operating mode FIPS Normal blackout mode enable disable encrypted zone cleartext enable disable data compression enable disable SSH access on off non 802 1X authentication global authentication ena...

Page 74: ...rom a Backup File Keep in mind that the restore operation restores only those settings present in the backup file as described in Section 4 5 1 Log on to the Bridge GUI admin account and choose SYSTEM OPTIONS from the menu on the left 2 On the SYSTEM OPTIONS screen under RESTORE SYSTEM SETTINGS click Next 3 On the resulting screen CAUTION Restor ing from a backup file causes all passwords to rever...

Page 75: ...ion The version of the firmware currently running on the Fortress Bridge is displayed on the DIAGNOSTICS screen as well as on every help screen To view the current software version 1 Log on to the Bridge GUI admin account and choose HELP from the menu on the left 2 Observe the version information at the top of the screen Alternatively 1 Log on to the Bridge GUI admin account and choose DIAGNOSTICS...

Page 76: ...ading file with crawling dots to indicate system activity then changes to the Performing upgrade status display which presents a series of progress messages When the process completes the frame displays DONE and a system dialog prompts you to reboot the Bridge 5 Click OK on the system prompt 6 Follow the instructions in Section 4 7 below ...

Page 77: ...alog click OK again or Cancel the reboot The Bridge emits a short chirp and its front panel LEDs light briefly and then go briefly dark as the Bridge begins the boot process Stat1 LED exhibits a slow green flash when the LEDs come back on Then the Bridge running the upgraded firmware returns to normal operation the Stat1 LED lights solid green You can reboot the Bridge from the front panel describ...

Page 78: ...Diagnostics 5 1 Statistics The statistics screen displays statistics for overall encrypted zone traffic each of the Bridge s logical interfaces including physical Ethernet ports and all configured virtual radio interfaces as well as for each of the Bridge s internal radios ...

Page 79: ...h as version incompatibility or a failed hash check 5 1 2 Interface Statistics The DIAGNOSTICS screen displays a MAC address and statistics for each of the Bridge s physical and virtual interfaces The lan1 8 interfaces correspond to the ports of the internal LAN switch The wan1 interface identifies the Bridge s WAN port Radio 1 is the Bridge s internal tri band 802 11a b g radio the primary interf...

Page 80: ...her Fortress Bridges any configured Trusted Devices and Secure Clients NOTE The Bridge s Tracking screen does not display the Device ID and IP ad dresses of devices on a LAN secured by anoth er Fortress controller device All such devices display the IP address and Device ID of the controller device secur ing them The MAC ad dresses of these devices display accurately The TRACKING screen displays M...

Page 81: ...Fortress Bridge Monitoring and Diagnostics 71 Idle Since the number of hours minutes and seconds since the device was last active on the network ...

Page 82: ...hich of the radio s virtual access point VAP interfaces the device is associated with by number If the radio through which the device is connected has a Radio Mode of Bridge VAP displays WDS wireless distribution system to indicate that the connected device is another Fortress Bridge in a point to point multipoint deployment Refer to Section 3 3 1 3 for more information on the Bridge s Radio Mode ...

Page 83: ...ication required for the device as determined by the Security Suite setting of the associated VAP and illustrated in Table 5 2 NOTE WPA and WPA2 use the 802 1X authentication protocol In PSK mode however the pre shared key obviates the need for an actual 802 1X au thentication server 802 11 Encryption displays the type of data encryption in effect for the device as determined by the Security Suite...

Page 84: ...ration changes when cryptographic processing is restarted system and communication errors The log is allocated 500 Kbytes of memory and can contain a maximum of approximately 16 000 log messages approximate because record sizes vary somewhat When the log is full the oldest records are overwritten as new messages are added to the log ...

Page 85: ...cation Refer to Section 4 1 for more information about Device IDs 5 5 1 Pinging a Device 1 Log on to the Bridge GUI admin or operator account and choose DIAGNOSTICS from the menu on the left 2 On the DIAGNOSTICS screen under UTILITIES in Ping IP Address enter the IP address of the device you want to ping 3 Click GO The Bridge will ping the target IP five times and display the PING RESULTS 5 5 2 Tr...

Page 86: ...firmation system dialog The Bridge resets all connections to the unencrypted zone 5 5 4 Generating a Diagnostics File To assist in diagnosing a problem with your Bridge the Customer Support team at Fortress Technologies may request that you generate a diagnostics file Diagnostics files encrypt the information collected from the Bridge so the file can be securely sent to Fortress Support as an e ma...

Page 87: ......

Page 88: ...d lower LED When the radio s LED RSSI Monitor is Disabled the default the Radio1 and Radio2 LEDs behave as shown below The LED RSSI Monitor and associated LED behaviors are described in Section 3 3 2 7 The upper LED can exhibit intermittent green flash The radio is passing traffic The lower LED can exhibit solid green The meaning depends upon the radio s mode settings In AP or Root Bridge modes Th...

Page 89: ... Lnk Act link activity LEDs are located in the upper left corner of each LAN switch port and to the left of the WAN port They indicate when a link has been established for the port solid green and show data activity on the link irregular flashing green The POE LED in the upper right corner of each LAN switch port does not apply to version 2 6 x of the Fortress Bridge firmware It is reserved for fu...

Page 90: ... right arrow keys navigate the current command line The Home key moves the cursor to the beginning of the command line the End key moves the cursor to the end of the line If your terminal keyboard is not equipped with arrow keys you can use these keyboard equivalents The Tab key auto completes partial commands that are sufficient to uniquely identify the command The clear command clears the curren...

Page 91: ...nnect the serial Con sole port to a DB9 termi nal connection Pin outs for these adapters are given in Table 7 1 on page 116 1 Using a standard Ethernet cable and the RJ 45 to DB9 adapter that came with the Bridge connect the Fortress Bridge s Console port to a serial port on a computer 2 Start your serial application and if it is not already at these settings configure it to use bits per second 96...

Page 92: ...es of inactivity and you must log back in to regain access This behavior is not user configurable 6 2 Getting Help in the CLI Use the help command or its synonym without arguments to obtain the list of valid commands for the current administrative mode You can obtain a usage example and list the command s valid options with their valid arguments for the current administrative mode by entering a ba...

Page 93: ...ithout arguments GW set accessid Description Sets Access ID from a HEX string Usage set accessid default hexString default set to all 0 s string of 16 HEX characters ex 0A0B0C0D0E0F2345 6 3 Command Syntax In this document command line text supplied by the CLI is set in plain non bold non italic type All user input is indicated by bold typeface The template for the CLI command syntax is shown below...

Page 94: ... LAN Settings in the CLI View network properties with the show network command GW show network Hostname FTIPegasus DefaultGateway 192 168 254 1 IP Private 192 168 254 254 Netmask Private 255 255 255 0 NOTE The For tress Bridge s de fault IP address is 192 168 254 254 Configurable parameters assign the Bridge s host name and its management interface IP and subnet addresses and identify the default ...

Page 95: ...run set network non interactively with valid switches and arguments in any order and combination GW set network h BridgeName ip BridgeIP nm BridgeSubnet gw DFLTgatewayIP 0 Regardless of the method you use to reconfigure these settings you must reboot the Bridge in order for the change to any network setting other than host name to take effect To do so simply strike Enter at the prompt Y is the def...

Page 96: ...number 1 or 2 AP show radio 1 RADIO 1 Radio State On Radio Band 802 11g Radio Mode AP Channel 1 Tx Power Auto Distance 1 Beacon Interval 100 Preamble Short Multicast On RSSI Monitor Off NOTE If you are deploying multi ple Fortress Bridges in a point to point multi point network they must be correctly con figured for their net work roles typically with one serving as the root node and the rest conf...

Page 97: ...e multicast option will be presented for a non root bridging radio In root bridge and AP radios the channels available for selection depend on the 802 11 band used by the radio channels 36 40 44 48 52 56 60 64 149 153 157 or 161 are available for 802 11a radios channels 1 11 inclusive are available for Radio 1 when it is configured to use the 802 11g band Configuration settings for Radio 2 omit th...

Page 98: ...y the radio associated with the virtual interface s you want to configure with the vapcfg command the CLI will prompt you for a radio number if you do not enter it with the command AP vapcfg radio 1 VAP The command prompt VAP reflects the fact that you are in VAP configuration mode The vapcfg command is valid only in AP mode So in order to access the VAP command set for the other radio you must re...

Page 99: ...ommand interactively to configure the same parameters for new VAPs Entering a dot at the SSID prompt clears the SSID string The Security Suite field will accept any of eleven possible entries and the differing parameters required for each are presented interactively once you have entered your selection The CLI provides a list of possible Security Suite options when a question mark is entered for t...

Page 100: ... SSID on RTS Threshold off Frag Threshold off Only 11g off Security Suite wpa Rekey period 300 You can clear the settings for VAPs 2 through 4 effectively deleting them from the radio configuration VAP clear vap 2 Committing changes Reboot is required Y N Radio 1 and Radio 2 each require a VAP 1 to be configured at all times So while you can edit VAP 1 on either radio with the set command you cann...

Page 101: ...word as follows GW set passwd cli sysadm Changing password for sysadm Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password newpassword Re enter new password newpassword Password changed The default CLI password is sysadm The set passwd command is valid only in GW gateway mode refer to Section 6 1 1 for m...

Page 102: ... the encryption algorithm in effect on the Bridge with show crypto GW show crypto CryptoEngine AES256 ReKeyInterval 4 The show crypto command is valid only in GW gateway mode refer to Section 6 1 1 for more detail The re keying interval in effect between the Fortress Bridge and its Clients is set in values between 1 and 24 hours with set crypto command as follows GW set crypto t hrs The default re...

Page 103: ...n the CLI The Fortress Bridge can be operated in either of two modes Normal the default or FIPS You can view the current operating mode on the Bridge with show fips GW show fips On Change operating modes with the set fips command To set the operating mode to FIPS GW set fips on Return the Fortress Bridge to Normal operating mode the default with GW set fips off The show fips and set fips commands ...

Page 104: ...how ssh and set ssh commands are valid only in GW gateway mode refer to Section 6 1 1 for more detail 6 4 5 8 Disabling the Bridge GUI in the CLI Bridge GUI access is enabled on the Fortress Bridge by default You can view the current GUI access setting with show gui GW show gui On If you want to limit access to the Fortress Bridge exclusively to the CLI you can disable the Bridge GUI as follows GW...

Page 105: ... 6 1 1 for more detail 6 4 7 Restoring Default Settings in the CLI Return all of the Fortress Bridge s configuration settings to their factory default values with reset confirming your intention at the query as follows NOTE The reset command ends all active sessions on the Fortress Bridge GW reset Warning Reset to the default configuration Y N y Reboot is required Y N As shown in the example outpu...

Page 106: ...me for EAP Extensible Authentication Protocol packets being sent to the server and the EAP clients for which the Bridge is acting as the authenticator View the Bridge s EAP retry interval the show command GW show eapretryint EAP retry interval in seconds 18 The Bridge s EAP retry mechanism has a fixed six second cycle but the number of cycles allowed to elapse between EAP retries is configurable C...

Page 107: ...e Bridge CLI s GW Gateway mode or its AP access point mode Although the two modes use different command arguments to access 802 1X server settings they apply to the same 802 1X service Refer to Section 6 1 1 for more detail on Bridge CLI user modes In AP mode use the radius argument with the show command to view the server settings AP show radius RADIUS Info Server IP 127 0 0 1 Server Port 1812 Se...

Page 108: ...nged and go on to the next field GW set 8021X lan1 on off off lan2 on off off lan3 on off off lan4 on off off lan5 on off off lan6 on off off lan7 on off off lan8 on off off AuthServerIP 123 45 6 78 OK AuthServerPort 1812 AuthServerSharedKey drowssaPw3n OK Reboot is required Y N The last three input prompts present the current 802 1X server settings The LAN port setting prompts are described in th...

Page 109: ...eractively The Bridge CLI presents one field at a time and you can either backspace over the existing value for a given field and enter a new value or strike Enter to leave the value unchanged and go on to the next field Alternatively you can use the set 8021X command with valid arguments to change 802 1X LAN port settings GW set 8021X lan1 2 3 4 5 6 7 8 on off Changing LAN port settings requires ...

Page 110: ...ce when you add it to the Bridge configuration You can leave out p port sets argument to establish default values for these settings Trusted Devices have no ports open by default 6 5 1 2 Deleting Trusted Devices in the CLI Delete a single Trusted Device or all Trusted Devices from Fortress Bridge management with the del td command as follows GW del td name all 6 5 2 SNMP Settings in the CLI View t...

Page 111: ...ateway mode refer to Section 6 1 1 for more detail 6 5 4 Restarting the Bridge in the CLI The reboot command does not power cycle the Bridge Restart the Fortress Bridge s cryptographic processor with reboot confirming your intention at the query as follows NOTE The reboot command ends all active sessions on the Fortress Bridge GW reboot Confirm Reboot device now Y N y The system is going down NOW ...

Page 112: ...age here is obsolete 00 14 8C 08 21 40 1379ECAF24002154 03 0 172 19 179 20 0 996 00 14 8C 08 21 42 1379ECAF24002154 03 0 172 19 179 20 0 2104 6 6 4 Host Tracking in the CLI View the MAC addresses of devices in the Bridges unencrypted zone as well as the MAC addresses of each of the Bridge s physical and virtual interfaces with show clients GW show clients Start of ClientMacDB List Client1 s mac 00...

Page 113: ...d channel through which the associated device is connected are given as well dynamic readings of the connection s data rate in megabits per second and signal level in decibels referenced to milliwatts In addition you can view the Security Suite setting configured for the associated device s VAP with its 802 11 authentication and encryption types The show associations command is valid only in AP ac...

Page 114: ...ls The Bridge CLI calls a select set of Linux Wireless Extension Tools for WLAN configuration beyond the basic radio settings configured through the Bridge s native set radio command described in Section 6 4 3 WARNING Some of the Linux Wire less Extension Tools available through the Bridge CLI can if used improperly damage your network configu ration and even render the Bridge temporarily inoperab...

Page 115: ...ommands iwpriv iwconfig args you want to run at boot time The script command with the x argument executes the command s in the script AP script x The script command returns no output when it successfully executes but an error message will result if it fails Linux Wireless Extension Tools scripts commands can only be executed in AP access point mode refer to Section 6 1 1 for more detail You can vi...

Page 116: ...ork directly to the serial terminal of the computer you will use to preconfigure the network 6 8 1 2 Automatically Preconfiguring Network Bridges NOTE The SAC master Bridge must be the root Bridge in the network If you change its Bridge Mode setting to Non Root you will no longer be able to successfully execute SAC commands from the SAC master Bridge The Bridge through which you invoke the initial...

Page 117: ...l ipnw IPaddr resIPnw NOTE You can ob serve SAC events in the master Bridge s system log at any point in the SAC process with show log Strike the Ctrl c key to return to the GW command prompt The first line above shows security setting switches and arguments The a switch configures the Access ID for which you must enter a 16 digit hexadecimal value Use the e switch to enter one of the valid encryp...

Page 118: ...r As each slave non root Bridge receives the SAC parameters its Stat1 and Stat2 LEDs flash amber in unison 4 Check the status of the SAC process with the show sac command GW show sac SwabSerialNum 24656196 SwabConfigID 19082 SwabSACRole SAC_MASTER SwabSACState SAC_STOP_4SWAB SwabSACVer SAC_VER_PEGASUS_ARCH1 SACPeerInformation SeriallNum IpAddress CfgID PeerNum PeerSACStatus PeerSACState PeerSACVer...

Page 119: ...he matching configuration IDs ConfigID CfgID 19082 above indicate that the networked Bridges are all members of the same SAC group 10 Confirm that all SAC group members are present on the network with show partners GW show partners MAC DeviceId State Username SessionID IP vlanID computerName activityCount 02 14 8C 08 24 82 E4106192950F2494 01 0 172 24 0 4 0 56 00 14 8C 08 2C C2 557C81E5D6072CD4 01...

Page 120: ...tomatically generates any of the SAC configurable network settings as shown in Table 6 1 that you do not explicitly specify in the command After the first invocation of set sac start Section 6 8 1 the default autogen setting is no which causes only those network parameters that you specify to be changed from their current settings When you set allow all allowall to yes the master root Bridge broad...

Page 121: ...s Bridge to the network 1 Position the new Bridge so that it operates only within its safe temperature range 14º 122º F 10º 50º C 2 Connect an 802 11a capable antenna to antenna port 2 ANT2 of the new Bridge 3 Connect the WAN port of the new Bridge to the WAN port of any node in the SAC network 4 Connect the new Bridge s external 48V DC power supply to its front panel 48V DC power inlet and plug t...

Page 122: ...e s serial number to the master Bridge s SAC Peer list with the add command GW add sp 24743196 OK If you are adding multiple Bridges enter their serial numbers separated by commas without spaces 12 Execute the set sac start command GW set sac start OK Started SAC process successfully When the SAC process starts you can observe the master root Bridge s front panel Stat1 LED flash amber and its Stat...

Page 123: ...u can determine the serial number of a particular SAC Peer by executing show sac from the CLI of the Bridge in question GW show sac SwabSerialNum 24773196 SwabConfigID 16284 SwabSACRole SAC_SLAVE SwabSACState SAC_INIT4SWAB SwabSACVer SAC_VER_PEGASUS_ARCH1 Use the del command from the master root Bridge s CLI to delete a Bridge from the master root Bridge s SAC Peer list and from the SAC network GW...

Page 124: ...rts female ANT1 radio configured as 802 11a b g tri band port ANT2 radio configured as high gain 802 11a port 5 7 5 8 GHz power supply external 48V AC to DC adapter or WAN port power over Ethernet PoE system indicators eight front panel system LEDs G Y Status1 Stat1 Status 2 Stat2 Cleartext Clr Failover Fail two LEDs for wireless Radio2 two LEDs for wireless Radio1 nine pairs integrated port link ...

Page 125: ... 10 100 Mbps Ethernet ports two N type antenna ports female ANT1 radio configured as 802 11a b g tri band port ANT2 radio configured as high gain 802 11a port 5 7 5 8 GHz data output nine RJ 45 10 100 Mbps Ethernet ports two N type antenna ports female ANT1 radio configured as 802 11a b g tri band port ANT2 radio configured as high gain 802 11a port 5 7 5 8 GHz control input nine RJ 45 10 100 Mbps...

Page 126: ...pins are numbered from right to left top to bottom Figure 7 1 RJ 45 and DB9 Pin Numbering Table 7 1 shows the adapter pin outs Table 7 1 RJ 45 to DBP Adapter Pin Outs RJ 45 pin DB9 pin standard color 1 grey 2 4 brown 3 3 yellow 4 green 5 5 red 6 2 black 7 6 orange 8 8 blue ...

Page 127: ...are using the correct IP address and subnet mask to connect the default is 192 168 254 254 subnet mask 255 255 255 0 if you just changed Bridge s IP address you have closed the browser window you last used to access the Bridge GUI and opened a new browser window to access its new address Verify the Bridge GUI s accessibility the Bridge GUI has not been disabled in the Bridge CLI no one is logged o...

Page 128: ... as the Bridge Reset connections clear the Secure Client database on the Bridge If this does not resolve the problem restart reboot the Bridge s crypto graphic processor Reset connections on the Secure Client refer to your Fortress Secure Client user guide for instruction In devices using a NIC to communicate with the WLAN through a Cisco AP verify that Cisco AP packet encapsulation mode on the AP...

Page 129: ...dios AP associations in Bridge CLI 103 in Bridge GUI 72 archive settings 62 64 authentication 802 1X authentication 33 35 36 default shared key 802 1X server 36 non 802 1X server 43 96 device authentication 2 52 55 default settings 46 47 53 deleting devices 55 editing devices 54 55 enabling disabling 44 individual device settings 53 55 maximum retries 52 53 see also Device ID enabling disabling 80...

Page 130: ... 103 show auth command 95 show blackout command 94 show clients command 102 103 show clock command 95 show compression command 92 more Bridge CLI continued show crypto command 92 show device command 102 show eapretryint command 96 show fips command 93 show gui command 94 show log command 103 show network command 84 show partners command 102 109 show radios command 86 show radius command 97 show sa...

Page 131: ...100 user authentication settings 56 57 configuring 46 default gateway see network properties deleting devices from device authentication 55 Trusted Devices in Bridge CLI 100 in Bridge GUI 61 user authentication accounts 58 device authentication 2 52 55 default settings 53 configuring 46 47 user authentication 44 47 deleting devices 55 device state configuring default 47 configuring per device 54 5...

Page 132: ... in CLI 94 changing in GUI 48 default 47 50 94 monitoring 77 79 front panel operation 49 51 fuse 10 G grounding 4 10 18 19 guest access 61 GUI see Bridge GUI H hardware specifications 114 help Bridge CLI 82 83 Bridge GUI 21 host MAC database in Bridge CLI 102 103 in Bridge GUI 76 host name configuring at installation 13 configuring in Bridge CLI 84 configuring in Bridge GUI 24 see also network pro...

Page 133: ...ing 45 device 52 53 user 56 MIB 2 61 monitor resolution 6 monitoring encrypted zone 70 72 front panel LEDs 77 79 in Bridge CLI 101 103 interface statistics 69 70 sessions 70 72 traffic statistics 68 69 unencrypted zone in Bridge CLI 102 103 in Bridge GUI 69 70 uptime 102 see also system log multicasting 28 29 bridge mode setting 28 STP setting 23 28 Multi factor Authentication 2 N netmask see netw...

Page 134: ... 12 16 R radio settings 25 34 beacon interval 28 bridge mode 25 26 channel settings 26 configuring in Bridge CLI 86 88 configuring in Bridge GUI 29 configuring with SAC 106 111 configuring in Bridge CLI 85 88 in Bridge GUI 24 29 distance setting 27 Linux wireless extension tools 104 105 multicasting 28 29 preamble 27 radio band 25 radio mode 25 radio state 25 received signal strength indicator 29 ...

Page 135: ... 34 802 1X 33 cleartext 32 Fortress 32 WEP 32 33 WPA and WPA2 33 34 serial settings 81 sessions managing 47 54 55 monitoring 70 72 timeout login prompt 45 46 troubleshooting 118 SNMP 2 61 62 configuring in Bridge CLI 100 101 in Bridge GUI 62 MIB 2 61 support 2 61 software upgrades 65 66 troubleshooting 118 software version displaying current in Bridge CLI 101 in Bridge GUI 65 spanning tree protoco...

Page 136: ... defaults 44 47 default settings 56 57 configuring 46 deleting a user account 58 more user authentication continued editing a user account 57 58 enabling disabling authentication 42 individual account settings 56 58 maximum retries 56 configuring 45 restart session login prompt 45 46 user name 56 configuring 57 58 on Tracking screen 70 user interface see Bridge GUI Bridge CLI SNMP V VAP settings 2...

Page 137: ... 127 weatherizing 10 16 17 cover plate 17 requirements 8 11 18 RJ 45 connector boot 16 17 Weatherizing Kit 7 installation 16 17 WEP 32 33 WLAN command line utility 104 105 WLAN settings see radio settings WPA and WPA2 33 34 ...

Page 138: ...nd wireless devices within a defined area Multiple APs increase the coverage area as devices move out of range of one AP they automatically connect to a neighboring AP AES Advanced Encryption Standard a FIPS approved NIST standard for 128 192 256 bit data encryption for protecting sensitive unclassified U S government and related data also referred to as the Rijndael algorithm NIST FIPS approved A...

Page 139: ...ulti factor Authentication Device ID In Fortress Technologies products a 16 digit hexadecimal value generated for and unique to each Fortress controller device and Secure Client device on the Fortress secured network Device IDs are used for device authentication and are neither modifi able nor transferable DHCP Dynamic Host Configuration Protocol an Internet protocol describing a method for flexib...

Page 140: ...barcode scanners and portable terminals Fortress Secure Client Bridge Also Fortress SCB or SCB a hardware device for providing wireless connectivity and securing network communications on wired devices such as portable medical equip ment and point of sale POS terminals Fortress Security Controller Sometimes Fortress Controller A network device for securing at Layer 2 of the OSI Model communication...

Page 141: ...an intrusion detection system IPsec Internet Protocol security a set of protocols developed by the IETF to support secure exchange of packets at the IP layer deployed widely to implement VPNs ISO International Organization for Standardization formerly the International Standards Organization ISO still refers to standards ex ISO 9000 the whole name refers to the organization sometimes appending the...

Page 142: ... Fortress secured network one of the factors in Fortress s Multi factor Authentication network resource In Fortress s MaPS one of a special class of MaPS object on the wired LAN that provides a service or function such as e mail or printing to devices and users on the WLAN NIAP National Information Assurance Partnership a collaboration between NIST and the National Security Agency NSA in response ...

Page 143: ... respond with data about themselves stored in MIBs SNMP agent Any network device running the SNMP daemon and storing a MIB a client of the SNMP server SSH Secure Shell sometimes Secure Socket Shell a protocol developed by SSH Com munication Security for providing authenticated and encrypted logon file transfer and remote command execution over a network state In Fortress Technologies products the ...

Page 144: ...one lines WEP Wired Equivalent Privacy security protocol for WLANs defined in the 802 11b standard but subsequently found to be vulnerable to attack WPA is intended to supplant WEP in current and future 802 11 standards Wi Fi Wireless Fidelity used generically to refer to any type of 802 11 network referred originally to the narrower 802 11b specification for WLANs WiMAX Worldwide Interoperability...

Reviews:

No comments