User Manual Part 1
Table Of Contents
- Check Point Safe@Office User Guide 8.0
- Copyright & Trademarks
- Contents
- About This Guide
- Introduction
- About Your Check Point Safe@Office Appliance
- Safe@Office 500 Product Family
- Product Features
- Wireless Features
- Optional Security Services
- Software Requirements
- Getting to Know Your Safe@Office 500 Appliance
- Getting to Know Your Safe@Office 500W Appliance
- Getting to Know Your Safe@Office 500 ADSL Appliance
- Getting to Know Your Safe@Office 500W ADSL Appliance
- Contacting Technical Support
- Safe@Office Security
- Installing and Setting Up Safe@Office
- Getting Started
- Configuring the Internet Connection
- Managing Your Network
- Using Bridges
- Configuring High Availability
- Using Traffic Shaper
- Working with Wireless Networks
- Viewing Reports
- Viewing Logs
- Setting Your Security Policy
Using Port-Based Security
Chapter 13: Setting Your Security Policy 375
accessing sensitive company resources. You can also configure Traffic Shaper to grant
members of the Quarantine network a lower amount of bandwidth than authorized users.
You can choose to exclude specific network objects from 802.1x port-based security
enforcement. Excluded network objects will be able to connect to the Safe@Office
appliance's ports and access the network without authenticating. For information on
excluding network objects from 802.1x port-based security enforcement, see Using
Network Objects on page 185.
Configuring Port-Based Security
To configure 802.1x port-based security for a port
1. Do one of the following:
• To use the Safe@Office EAP authenticator for authenticating clients, follow
the workflow Using the Safe@Office EAP Authenticator for Authentication
of Wired Clients on page 396.
You will be re
ferred back to this procedure at the appropriate stage in the
workflow, at which point you can continue from the next step.
• To use a RADIUS server for authenticating clients, do the following:
1) Configure a RADIUS server.
See Using RADIUS Authentication on page 650.
2) Configure the
clients for 80
2.1x authentication.
For information, refer to your RADIUS server documentation.
2. To configure dynamic VLAN assignment, do the following:
a. Add port-based VLAN networks as needed.
See Adding and Editing Port-Based VLANs on page 178.
b. Configure R
ADIUS option 81 [
Tunnel-Private-Group-ID] on the
RADIUS server.
For information, refer to your RADIUS server documentation.