Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

431

432

433

434

435

436

437

438

439

440

About SODA Endpoint Security

20-2 Configuring SODA Endpoint Security for a RoamAbout Switch

• CacheCleaner–EnsuresthatWebbrowserinformation,suchascookies,history,auto‐

completiondata,storedpasswords,andtemporaryfilesareerasedorremovedupon

terminationoftheuser’ssession,inactivitytimeout, orclosing ofthebrowser.

• Connection Control–ControlsnetworkconnectionsbasedonDomain,IPaddress,Port,and

Service.Forexample,ConnectionControlcanpreventaTrojanfromsendingouta

confidentialdocument,downloadedlegitimatelythroughanSSLVPNtunnel,toamalicious

e‐mailserver(SMTP)usingasecondnetworktunnel.

• AdaptivePolicies –Sensethetypeandlocationofdeviceandadjustsaccessbasedon

endpointparameters

suchasIPrange,registrykeys,andDNSsettings

TheSODAendpointsecuritymodulesareconfiguredthroughSygateOn‐DemandManager(SODA

Manager),aWindowsapplication.SODAManagerisusedtocreateaSODAagent,whichisaJava

appletthatisdownloadedbyclientdeviceswhentheyat temptto

gainaccesstothenetwork.Once

downloaded,theSODAagentrunsaseriesofsecuritycheckstoenforceendpointsecurityonthe

clientdevice.

SODA Endpoint Security Support on RoamAbout Switches

RoamAboutSwitchessupportSODAendpointsecurityfunctionalityinthefollowingways:

•SODAagentappletscanbeuploadedtoaRoamAboutSwitch,storedthere,anddownloaded

byclientsattemptingtoconnecttothenetwork.

•TheRoamAboutSwitchcanensurethatclientsruntheSODAagentsecuritychecks

successfullypriortoallowingthemaccess

tothenetwork.

•Differentsetsofsecuritycheckscanbedownloadedandrun,basedontheSSIDbeingusedby

theclient.

•Ifthesecuritychecksfail,theRoamAboutSwitchcandenytheclientaccesstothenetwork,or

granttheclientlimitedaccessbasedonaconfiguredsecurityACL.

•Whenthe

clientclosestheVirtualDesktop,theRoamAboutSwitchcanoptionallydisconnect

theclientfromthenetwork.

How SODA Functionality Works on RoamAbout Switches

ThissectiondescribeshowtheSODAfunctionalityisconfiguredtoworkwithaRoamAbout

Switch,andtheprocedurethattakesplacewhenauserattemptstoconnecttoanSSIDwherethe

SODAfunctionalityisenabled.

Notethatinthecurrentrelease,theSODAfunctionalityworksonlyinconjunctionwiththe

Web

PortalWebAAAfeature.

SODAfunctionalityonaRoamAboutSwitchisconfiguredasfollows:

1. UsingSODAManager,anetworkadministratorcreatesaSODAagentbasedonthesecurity

needsofthenetwork.

2. Thenetworkadministratorexportsthe SODAagentfilesfromSODAManager,andsaves

themasa.zipfile.

3. TheSODAagent

.zipfileisuploadedtotheRoamAboutSwitchusingTFTP.

4. TheSODAagentfilesareinstalledontheRoamAboutSwitchusingaCLIcommandthat

extractsthefilesfromthe.zipfileandplacesthemintoaspecifieddirectory.