Specifications
Defining a Role
BlueSecure™ Controller Setup and Administration Guide 8-9
routes all tagged traffic to the protected-side VLAN and is useful if you want to limit the
access of VLAN members to certain network assets defined for the role.
To use the VLAN tagging functionality, you must first set up a protected-side VLAN. See
“Creating a VLAN on the Protected Side (Optional)” on page 4-5 for more information.
Alternatively, as with network services, destinations, schedules, locations, and groups,
you can select the Create… option in the drop-down list to define a new VLAN.
BlueProtect
Endpoint
Scanning
Optional. If you have purchased the BlueProtect Scanning functionality for the BSC, then
you should configure at what frequency user devices are scanned for users who are
authenticated into the role.
Enable BlueProtect scanning for the role by specifying the frequency at which a user
authenticated into the role will have his or her device scanned by selecting an option from
the BlueProtect Scanning drop-down menu. Possible scan frequency settings are:
• Disabled
• Once a day
• Once a week
• Once a month
• Every 45 days
• Every 90 days
)
Note: In the unregistered role, the only valid options are Every time and Disabled.
This means that the user will be scanned every time they authenticate to an AP, before
they enter their login or credit card information.
)
Note: If BlueProtect is disabled, the only option available in the drop-down is
Disabled.
Choose a BlueProtect Policy to scan a user against. This allows an administrator to have a
different policy for students than for teachers.
Proxy Redirect (Optional) If you want to redirect web traffic to your existing web proxy server without
forcing users to enter proxy information in their web browser setup, you can do this by
entering data in the Proxy Server and Http ports fields. You must configure your proxy
server to support Transparent Proxy. Not all proxy servers support this capability, so
please consult your proxy server documentation on transparent proxy setup.
Proxy Server: Enter the IP address and port of the HTTP proxy server to which to redirect
traffic. For example, 191.168.10.2:8080, would be a valid entry.
Http ports: Enter a comma separated list of http ports from which the BSC is to redirect
traffic via the specified proxy server. Typically, port 80 is used; note that HTTPS (port
443) is an encrypted protocol and
cannot
be transparently proxied.
Perform transparent proxy request translation: Check this checkbox to enable the internal
transparent proxy to intercept normal web traffic (port 80) and convert it to a proxy
packet destined for the customer’s existing proxy server (Microsoft ISA for example). This
feature allows administrators to force wireless traffic through their proxy servers without
making configuration changes to each user’s web browser or changing their existing
proxy server.
Post login URL Redirect (Optional): To redirect any wireless user assigned to this role to a specific
URL after login, enter the URL.
Note that there are two other places in the UI in which redirection can be specified. The
user is redirected to one of the following URLs in the order of precedence listed: