Arista Networks SS300AT 802.11 a/b/g/n Access Point User Manual

AirTight Networks, Inc. 802.11 a/b/g/n Access Point

User Manual

Download: Arista Networks SS300AT 802.11 a/b/g/n Access Point User Manual
Mirror Download [FCC.gov]Arista Networks SS300AT 802.11 a/b/g/n Access Point User Manual
Document ID1025916
Application IDkjENrcYdRZjgG//p2lIReA==
Document DescriptionUser Manual
Short Term ConfidentialNo
Permanent ConfidentialNo
SupercedeNo
Document TypeUser Manual
Display FormatAdobe Acrobat PDF - pdf
Filesize202.98kB (2537225 bits)
Date Submitted2008-11-05 00:00:00
Date Available2008-11-05 00:00:00
Creation Date2008-10-27 11:12:17
Producing SoftwareAcrobat Distiller 7.0 (Windows)
Document Lastmod2008-10-30 10:48:52
Document TitleMicrosoft Word - SpectraGuard Enterprise_Installation Guide_5.7.doc
Document Author: Jatin

Installation Guide
ȱ
SpectraGuard ® Enterprise
An AirTight® Product
ȱ
Wireless Vulnerability Management and Intrusion Prevention
Version 5.7
ȱ
ȱ
®
AirTight Networks, Inc., 339 N. Bernardo Avenue, # 200, Mountain View, CA 94043
https://www.airtightnetworks.com
Product documentation is being enhanced continuously based on customer feedback. To obtain a latest copy of this document, visit
www.airtightnetworks.com/home/support.html
ȱ
ȱ
Thisȱpageȱhasȱbeenȱintentionallyȱleftȱblank.
ȱ
ȱ
SpectraGuard® Enterprise
InstallationȱGuideȱ
Disclaimerȱ
THEȱINFORMATIONȱINȱTHISȱGUIDEȱISȱSUBJECTȱTOȱCHANGEȱWITHOUTȱANYȱPRIORȱNOTICE.ȱ
AIRTIGHT®ȱNETWORKS,ȱINC.ȱISȱNOTȱLIABLEȱFORȱANYȱSPECIAL,ȱINCIDENTAL,ȱINDIRECT,ȱORȱCONSEQUENTIALȱ
DAMAGESȱWHATSOEVERȱ(INCLUDING,ȱWITHOUTȱLIMITATION,ȱDAMAGESȱFORȱLOSSȱOFȱBUSINESSȱPROFITS,ȱ
BUSINESSȱINTERRUPTION,ȱLOSSȱOFȱBUSINESSȱINFORMATION,ȱORȱANYȱOTHERȱPECUNIARYȱLOSS)ȱARISINGȱOUTȱOFȱ
THEȱUSEȱOFȱORȱINABILITYȱTOȱUSEȱTHISȱPRODUCT.ȱ
THISȱPRODUCTȱHASȱTHEȱCAPABILITYȱTOȱBLOCKȱWIRELESSȱTRANSMISSIONSȱFORȱTHEȱPURPOSEȱOFȱPROTECTINGȱ
YOURȱNETWORKȱFROMȱMALICIOUSȱWIRELESSȱACTIVITY.ȱBASEDȱONȱTHEȱPOLICYȱSETTINGS,ȱYOUȱHAVEȱTHEȱ
ABILITYȱTOȱSELECTȱWHICHȱWIRELESSȱTRANSMISSIONSȱAREȱBLOCKEDȱAND,ȱTHEREFORE,ȱTHEȱCAPABILITYȱTOȱ
BLOCKȱANȱEXTERNALȱWIRELESSȱTRANSMISSION.ȱIFȱIMPROPERLYȱUSED,ȱYOURȱUSAGEȱOFȱTHISȱPRODUCTȱMAYȱ
VIOLATEȱUSȱFCCȱPARTȱ15ȱANDȱOTHERȱLAWS.ȱBUYERȱACKNOWLEDGESȱTHEȱLEGALȱRESTRICTIONSȱONȱUSAGEȱANDȱ
UNDERSTANDSȱANDȱWILLȱCOMPLYȱWITHȱUSȱFCCȱRESTRICTIONSȱASȱWELLȱASȱOTHERȱGOVERNMENTȱ
REGULATIONS.ȱAIRTIGHTȱISȱNOTȱRESPONSIBLEȱFORȱANYȱWIRELESSȱINTERFERENCEȱCAUSEDȱBYȱYOURȱUSEȱOFȱ
THEȱPRODUCT.ȱAIRTIGHTȱANDȱITSȱAUTHORIZEDȱRESELLERSȱORȱDISTRIBUTORSȱWILLȱASSUMEȱNOȱLIABILITYȱFORȱ
ANYȱDAMAGEȱORȱVIOLATIONȱOFȱGOVERNMENTȱREGULATIONSȱARISINGȱFROMȱYOURȱUSAGEȱOFȱTHEȱPRODUCT,ȱ
EXPECTȱASȱEXPRESSLYȱDEFINEDȱINȱTHEȱINDEMNITYȱSECTIONȱOFȱTHISȱDOCUMENT.ȱ
LIMITATIONȱOFȱLIABILITYȱ
AirTightȱwillȱnotȱbeȱliableȱtoȱcustomerȱorȱanyȱotherȱpartyȱforȱanyȱindirect,ȱincidental,ȱspecial,ȱconsequential,ȱexemplary,ȱorȱ
relianceȱdamagesȱarisingȱoutȱofȱorȱrelatedȱtoȱtheȱuseȱofȱSpectraGuard®ȱEnterpriseȱunderȱanyȱlegalȱtheory,ȱincludingȱbutȱnotȱ
limitedȱtoȱlostȱprofits,ȱlostȱdata,ȱorȱbusinessȱinterruption,ȱevenȱifȱAirTightȱknowsȱofȱorȱshouldȱhaveȱknownȱofȱtheȱpossibilityȱofȱ
suchȱdamages.ȱRegardlessȱofȱtheȱcauseȱofȱactionȱorȱtheȱformȱofȱaction,ȱAirTight’sȱtotalȱcumulativeȱliabilityȱforȱactualȱdamagesȱ
arisingȱoutȱofȱorȱrelatedȱtoȱtheȱuseȱofȱSpectraGuard®ȱEnterpriseȱwillȱnotȱexceedȱtheȱpriceȱpaidȱforȱSpectraGuard®ȱEnterprise.ȱ
Copyrightȱ©ȱ2003–2008ȱAirTight®ȱNetworks,ȱInc.ȱAllȱRightsȱReserved.ȱ
AirTight®ȱNetworks,ȱTheȱAirTightȱlogo,ȱandȱSpectraGuard®ȱareȱregisteredȱtrademarksȱofȱAirTight®ȱNetworks.ȱAllȱotherȱ
productsȱandȱservicesȱareȱtrademarks,ȱregisteredȱtrademarks,ȱandȱserviceȱmarksȱorȱregisteredȱserviceȱmarksȱofȱtheirȱrespectiveȱ
owners.ȱ
ThisȱproductȱcontainsȱcomponentsȱfromȱOpenȱSourceȱsoftware.ȱTheseȱcomponentsȱareȱgovernedȱbyȱtheȱtermsȱandȱconditionsȱ
ofȱtheȱGNUȱPublicȱLicense.ȱToȱreadȱtheseȱtermsȱandȱconditionsȱvisitȱhttp://www.gnu.org/copyleft/gpl.html.ȱ
ThisȱproductȱisȱprotectedȱbyȱoneȱorȱmoreȱofȱU.S.ȱpatentȱNos.ȱ7,002,943,ȱ7,154,874,ȱ7,216,365,ȱ7,333,800,ȱ7,333,481,ȱ7,339,914,ȱ
7,406,320,ȱAustralianȱpatentȱNo.ȱ200429804ȱandȱanyȱothersȱlistedȱatȱwww.airtightnetworks.com/patents.ȱMoreȱpatentsȱpending.ȱ
ȱ
FederalȱCommunicationȱCommissionȱInterferenceȱStatementȱ
ThisȱequipmentȱhasȱbeenȱtestedȱandȱfoundȱtoȱcomplyȱwithȱtheȱlimitsȱforȱaȱClassȱBȱdigitalȱdevice,ȱpursuantȱtoȱPartȱ15ȱofȱtheȱ
FCCȱRules.ȱTheseȱlimitsȱareȱdesignedȱtoȱprovideȱreasonableȱprotectionȱagainstȱharmfulȱinterferenceȱinȱaȱresidentialȱ
installation.ȱThisȱequipmentȱgeneratesȱusesȱandȱcanȱradiateȱradioȱfrequencyȱenergyȱand,ȱifȱnotȱinstalledȱandȱusedȱinȱ
accordanceȱwithȱtheȱinstructions,ȱmayȱcauseȱharmfulȱinterferenceȱtoȱradioȱcommunications.ȱ
However,ȱthereȱisȱnoȱguaranteeȱthatȱinterferenceȱwillȱnotȱoccurȱinȱaȱparticularȱinstallation.ȱIfȱthisȱequipmentȱdoesȱcauseȱ
harmfulȱinterferenceȱtoȱradioȱorȱtelevisionȱreception,ȱwhichȱcanȱbeȱdeterminedȱbyȱturningȱtheȱequipmentȱoffȱandȱon,ȱtheȱuserȱ
isȱencouragedȱtoȱtryȱtoȱcorrectȱtheȱinterferenceȱbyȱoneȱofȱtheȱfollowingȱmeasures:ȱ
Reorientȱorȱrelocateȱtheȱreceivingȱantenna.ȱ
Increaseȱtheȱseparationȱbetweenȱtheȱequipmentȱandȱreceiver.ȱ
Connectȱtheȱequipmentȱintoȱanȱoutletȱonȱaȱcircuitȱdifferentȱfromȱthatȱtoȱwhichȱtheȱreceiverȱisȱconnected.ȱ
Consultȱtheȱdealerȱorȱanȱexperiencedȱradio/TVȱtechnicianȱforȱhelp.ȱ
ThisȱdeviceȱcompliesȱwithȱPartȱ15ȱofȱtheȱFCCȱRules.ȱOperationȱisȱsubjectȱtoȱtheȱfollowingȱtwoȱconditions:ȱ(1)ȱThisȱdeviceȱmayȱ
notȱcauseȱharmfulȱinterference,ȱandȱ(2)ȱthisȱdeviceȱmustȱacceptȱanyȱinterferenceȱreceived,ȱincludingȱinterferenceȱthatȱmayȱ
causeȱundesiredȱoperation.ȱ
FCCȱCaution:ȱAnyȱchangesȱorȱmodificationsȱnotȱexpresslyȱapprovedȱbyȱtheȱpartyȱresponsibleȱforȱcomplianceȱcouldȱvoidȱtheȱ
userȇsȱauthorityȱtoȱoperateȱthisȱequipment.ȱ
IMPORTANTȱNOTE:ȱ
iiȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
Disclaimerȱ
FCCȱRadiationȱExposureȱStatement:ȱ
ThisȱequipmentȱcompliesȱwithȱFCCȱradiationȱexposureȱlimitsȱsetȱforthȱforȱanȱuncontrolledȱenvironment.ȱThisȱequipmentȱ
shouldȱbeȱinstalledȱandȱoperatedȱwithȱminimumȱdistanceȱ20ȱcmȱbetweenȱtheȱradiatorȱ&ȱyourȱbody.ȱ
Ifȱthisȱdeviceȱisȱgoingȱtoȱbeȱoperatedȱinȱ5.15ȱ~ȱ5.25ȱGHzȱfrequencyȱrange,ȱthenȱitȱisȱrestrictedȱinȱindoorȱenvironmentȱonly.ȱ
ThisȱtransmitterȱmustȱnotȱbeȱcoȬlocatedȱorȱoperatingȱinȱconjunctionȱwithȱanyȱotherȱantennaȱorȱtransmitter.ȱ
This product must be installed by a professional technician/installer.
iii
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
EndȱUserȱLicenseȱAgreementȱ
EndȱUserȱLicenseȱAgreementȱ
BEFOREȱYOUȱCLICKȱ“IȱHAVEȱREADȱANDȱAGREEȱTOȱTHEȱLICENSINGȱAGREEMENTȱABOVE”ȱORȱOTHERWISEȱUSEȱORȱ
ACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS,ȱREADȱTHISȱAGREEMENTȱCAREFULLY.ȱȱITȱISȱAȱLEGALLYȱBINDINGȱ
AGREEMENTȱANDȱCONTROLSȱYOURȱANDȱYOURȱCOMPANY’SȱUSEȱOFȱTHEȱAIRTIGHTȱPRODUCTS.ȱ
WHENȱYOUȱCLICKȱȈIȱHAVEȱREADȱANDȱAGREEȱTOȱTHEȱLICENSINGȱAGREEMENTȱABOVEȈȱORȱOTHERWISEȱ
DOWNLOAD,ȱUSEȱORȱACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS,ȱTHISȱAGREEMENTȱGOVERNSȱYOURȱUSE.ȱȱTHISȱ
AGREEMENTȱISȱENFORCEABLEȱAGAINSTȱYOUȱANDȱANYȱENTITYȱTHATȱOBTAINSȱORȱUSESȱTHEȱAIRTIGHTȱ
PRODUCTSȱTHROUGHȱYOUȱONȱTHEIRȱBEHALF.ȱȱIFȱYOUȱORȱANYȱENTITYȱTHATȱYOUȱREPRESENTȱDOESȱNOTȱAGREEȱ
TOȱALLȱOFȱTHEȱTERMSȱOFȱTHISȱAGREEMENT,ȱCLICKȱTHEȱBOXȱTHATȱSAYSȱ“IȱDOȱNOTȱAGREEȱTOȱTHEȱLICENSINGȱ
AGREEMENTȱABOVE”ȱANDȱDOȱNOTȱOTHERWISEȱDOWNLOAD,ȱINSTALLȱORȱACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS.ȱȱ
IFȱYOUȱPAIDȱFORȱTHEȱAIRTIGHTȱPRODUCT(S)ȱANDȱDIDȱNOTȱHAVEȱANȱOPPORTUNITYȱTOȱREVIEWȱTHISȱ
AGREEMENTȱPRIORȱTOȱPURCHASINGȱITȱANDȱDOȱNOTȱAGREEȱTOȱTHISȱAGREEMENT,ȱCONTACTȱYOURȱPLACEȱOFȱ
PURCHASEȱTOȱRETURNȱTHEȱPRODUCTȱFORȱAȱREFUNDȱINȱACCORDANCEȱWITHȱITSȱREFUNDȱPOLICIES.ȱ
SEEȱSECTIONȱ11ȱREGARDINGȱYOURȱCONSENTȱTOȱAIRTIGHT’SȱUSEȱOFȱCERTAINȱCOLLECTEDȱDATA.ȱ
1.
DEFINITIONSȱ
1.1ȱ
“You”ȱorȱ“Your”ȱshallȱmeanȱanyȱperson,ȱentityȱorȱorganizationȱthatȱusesȱAirTightȱproducts.ȱ
1.2ȱ
“AirTight,”ȱshallȱmeanȱAirTightȱNetworks,ȱInc.ȱ
1.3ȱ
“AirTightȱCompetitor”ȱaȱpersonȱorȱentityȱinȱtheȱbusinessȱofȱwirelessȱsecurityȱproductsȱorȱservicesȱsubstantiallyȱ
similarȱtoȱAirTight’sȱproductsȱorȱservices.ȱ
1.4ȱ
“YourȱCustomers”ȱmeansȱyourȱcurrentȱorȱpotentialȱcustomersȱexcludingȱanyȱAirTightȱCompetitor.ȱ
1.5ȱ
“Documentation”ȱshallȱmeanȱtheȱendȬuserȱtechnicalȱdocumentationȱthatȱAirTightȱsuppliesȱwithȱtheȱHardwareȱ(ifȱ
any)ȱandȱSoftware.ȱȱAdvertisingȱandȱmarketingȱmaterialsȱareȱnotȱDocumentation.ȱ
1.6ȱ
“Error”ȱshallȱmeanȱaȱreproducibleȱfailureȱofȱtheȱSoftwareȱorȱHardwareȱtoȱperformȱinȱsubstantialȱconformityȱwithȱitsȱ
Documentation.ȱ
1.7ȱ
“Hardware”ȱshallȱmeanȱtheȱhardwareȱcontainingȱAirTightȱsoftware.ȱNotȱallȱAirTightȱProductsȱcomeȱwithȱhardware.ȱ
1.8ȱ
“IntellectualȱPropertyȱRights”ȱshallȱmeanȱcopyrights,ȱtrademarks,ȱserviceȱmarks,ȱtradeȱsecrets,ȱpatents,ȱpatentȱ
applications,ȱmoralȱrights,ȱcontractualȱrightsȱofȱnonȬdisclosureȱorȱanyȱotherȱintellectualȱpropertyȱorȱproprietaryȱrights,ȱ
howeverȱarising,ȱthroughoutȱtheȱworld.ȱȱ
1.9ȱ
“Release”ȱshallȱmeanȱanyȱUpdateȱorȱUpgradeȱifȱandȱwhenȱtheseȱareȱmadeȱavailableȱbyȱAirTight.ȱȱInȱtheȱeventȱofȱaȱ
disputeȱasȱtoȱwhetherȱaȱparticularȱReleaseȱisȱanȱUpdateȱorȱanȱUpgrade,ȱAirTightȇsȱpublishedȱdesignationȱwillȱbeȱfinal.ȱ
1.10ȱ
“Software”ȱshallȱmeanȱtheȱsoftwareȱ(inȱobjectȱcodeȱformat)ȱcreatedȱorȱlicensedȱbyȱAirTightȱandȱlicensedȱtoȱyouȱeitherȱ
asȱaȱstandȱaloneȱproductȱorȱloadedȱonȱAirTightȱHardware,ȱandȱanyȱReleaseȱthereto.ȱ
1.11ȱ
“Update”ȱshallȱmean,ȱifȱandȱwhenȱavailable,ȱanyȱerrorȱcorrections,ȱfixes,ȱworkaroundsȱorȱotherȱmaintenanceȱreleasesȱ
withȱrespectȱtoȱtheȱSoftwareȱprovidedȱbyȱAirTightȱthatȱdoȱnotȱaddȱfunctionalityȱtoȱtheȱSoftware.ȱ
1.12ȱ
“Upgrade”ȱshallȱmean,ȱifȱandȱwhenȱavailable,ȱnewȱreleasesȱorȱversionsȱofȱtheȱSoftwareȱthatȱmateriallyȱimproveȱtheȱ
functionalityȱof,ȱorȱaddȱmaterialȱfunctionalȱcapabilitiesȱto,ȱtheȱSoftware.ȱAirTightȱmayȱchargeȱadditionalȱlicenseȱfeesȱforȱ
Upgrades.ȱ
ivȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
EndȱUserȱLicenseȱAgreementȱ
2.
CONTROLLINGȱAGREEMENT:ȱThisȱelectronicȱAgreementȱisȱtheȱentireȱagreementȱbetweenȱyouȱandȱAirTightȱandȱ
supersedesȱallȱpriorȱorȱcontemporaneousȱagreements,ȱunderstandings,ȱandȱcommunications,ȱwhetherȱwrittenȱorȱoralȱ
unlessȱsuchȱagreementȱisȱexecutedȱbyȱanȱofficerȱofȱAirTight.ȱȱInȱsuchȱevent,ȱthatȱagreementȱshallȱonlyȱsupersedeȱthisȱ
AgreementȱtoȱtheȱextentȱsuchȱagreementȱconflictsȱwithȱthisȱAgreement.ȱȱAnyȱtermsȱandȱconditionsȱinȱyourȱpaperȱorȱ
electronicȱpurchaseȱorder,ȱrequestȱforȱproposalȱorȱquotation,ȱorȱaȱresponseȱtoȱthoseȱdocumentsȱareȱsupersededȱbyȱthisȱ
electronicȱAgreement.ȱȱIfȱaȱthirdȱpartyȱresellerȱacceptsȱyourȱpurchaseȱorderȱandȱanȱofficerȱofȱAirTightȱdoesȱnotȱsignȱitȱandȱ
returnȱitȱtoȱyou,ȱAirTightȱisȱnotȱacceptingȱitsȱtermsȱandȱconditions.ȱȱAirTightȱisȱnotȱobligatedȱunderȱanyȱreseller’sȱ
agreementȱwithȱyouȱunlessȱanȱofficerȱofȱAirTightȱsignsȱtheȱagreement.ȱCertainȱthirdȱpartyȱsoftwareȱmayȱbeȱnecessaryȱtoȱ
operateȱorȱrunȱtheȱSoftware,ȱyouȱareȱresponsibleȱforȱobtainingȱandȱlicensingȱsuchȱthirdȱpartyȱsoftware.ȱThirdȱpartyȱ
softwareȱisȱgovernedȱbyȱtheȱlicenseȱagreementȱprovidedȱbyȱthatȱthirdȱparty.ȱ
3.
LICENSEȱGRANTȱ
3.1ȱ
LimitedȱLicense.ȱAllȱSoftwareȱisȱlicensed,ȱnotȱsoldȱandȱsubjectȱtoȱthisȱAgreement.ȱȱAllȱHardwareȱisȱsoldȱsubjectȱtoȱtheȱ
licenseȱgrantedȱinȱthisȱAgreement.ȱȱForȱeachȱunitȱofȱHardwareȱand/orȱSoftwareȱthatȱyouȱpurchase,ȱAirTightȱgrantsȱyouȱaȱnonȬ
exclusive,ȱnonȬtransferableȱ(exceptȱasȱprovidedȱinȱtheȱSectionȱentitledȱAssignment),ȱnonȬsublicensableȱlicenseȱduringȱtheȱtermȱ
ofȱthisȱAgreement,ȱtoȱinstallȱandȱexecuteȱsuchȱSoftwareȱandȱHardware.ȱTheȱSoftwareȱandȱHardwareȱareȱlicensedȱforȱyourȱownȱ
internalȱbusinessȱpurposesȱunlessȱyouȱhaveȱpurchasedȱorȱbeenȱgivenȱaȱdemonstrationȱversionȱorȱauditȱversionȱofȱtheȱSoftware.ȱ
IfȱyouȱhaveȱaȱdemonstrationȱversionȱofȱtheȱSoftware,ȱyouȱmayȱuseȱtheȱSoftwareȱsolelyȱtoȱprovideȱdemonstrationsȱtoȱYourȱ
Customers.ȱIfȱyouȱhaveȱanȱauditȱversionȱofȱtheȱSoftware,ȱyouȱmayȱuseȱitȱtoȱprovideȱservicesȱtoȱYourȱCustomers.ȱYouȱmayȱ
makeȱandȱretainȱoneȱcopyȱofȱtheȱSoftwareȱforȱbackȬupȱandȱdisasterȱrecoveryȱpurposesȱsoȱlongȱasȱyouȱclearlyȱmarkȱitȱasȱaȱ
“backȬup”ȱorȱsimilarȱlanguage.ȱ
3.2ȱ
RestrictionsȱonȱUse.ȱExceptȱasȱexpresslyȱprovidedȱforȱinȱthisȱAgreement,ȱyouȱshallȱnot:ȱ(a)ȱadapt,ȱalter,ȱpubliclyȱ
display,ȱpubliclyȱperform,ȱtranslate,ȱcreateȱderivativeȱworksȱofȱorȱotherwiseȱmodifyȱtheȱSoftware;ȱ(b)ȱsublicense,ȱlease,ȱrent,ȱ
loan,ȱdistributeȱorȱotherwiseȱtransferȱtheȱSoftwareȱtoȱanyȱthirdȱpartyȱ(exceptȱasȱprovidedȱinȱtheȱSectionȱentitledȱAssignment);ȱ(c)ȱ
allowȱthirdȱpartiesȱtoȱaccessȱorȱuseȱtheȱSoftwareȱorȱHardware,ȱincludingȱbutȱnotȱlimitedȱtoȱASP,ȱOEM,ȱorȱtimeȬsharingȱ
arrangements.ȱYouȱshallȱnotȱreverseȱengineer,ȱdecompile,ȱdisassembleȱorȱotherwiseȱattemptȱtoȱderiveȱtheȱsourceȱcodeȱforȱtheȱ
SoftwareȱexceptȱtoȱtheȱextentȱexpresslyȱpermittedȱbyȱapplicableȱlawȱtoȱobtainȱinformationȱnecessaryȱtoȱrenderȱtheȱSoftwareȱ
interoperableȱwithȱotherȱsoftware;ȱprovided,ȱhowever,ȱthatȱyouȱmustȱfirstȱrequestȱsuchȱinformationȱfromȱAirTightȱandȱ
AirTightȱmay,ȱinȱitsȱdiscretion,ȱeitherȱprovideȱsuchȱinformationȱtoȱyouȱorȱimposeȱreasonableȱconditions,ȱincludingȱaȱ
reasonableȱfee,ȱonȱsuchȱuseȱofȱtheȱsourceȱcodeȱforȱtheȱSoftwareȱtoȱensureȱthatȱAirTightȇsȱandȱitsȱsuppliersȇȱproprietaryȱrightsȱinȱ
theȱsourceȱcodeȱforȱtheȱSoftwareȱareȱprotected;ȱYouȱshallȱnotȱremove,ȱalterȱorȱobscureȱanyȱproprietaryȱnoticesȱonȱtheȱSoftwareȱ
orȱDocumentation.ȱUnderȱnoȱcircumstancesȱmayȱyouȱinstallȱorȱexecuteȱtheȱSoftwareȱonȱmoreȱthanȱoneȱcomputerȱatȱtheȱsameȱ
time.ȱExceptȱtoȱtheȱextentȱnecessaryȱtoȱprovideȱaȱdemonstrationȱorȱservicesȱtoȱYourȱCustomerȱwhenȱyouȱhaveȱpurchasedȱorȱ
beenȱgivenȱtheȱdemonstrationȱversionȱorȱauditȱversionȱofȱtheȱSoftware,ȱrespectively,ȱyouȱshallȱnotȱcaptureȱscreenshotsȱofȱtheȱ
SoftwareȱandȱshareȱitȱwithȱotherȱpeopleȱwithoutȱAirTight’sȱwrittenȱconsent.ȱ
3.3ȱ
Installation.ȱYouȱareȱresponsibleȱforȱinstallingȱtheȱSoftwareȱandȱHardwareȱ(ifȱany)ȱunlessȱyouȱpurchaseȱinstallationȱ
servicesȱfromȱAirTightȱorȱaȱthirdȱpartyȱpursuantȱtoȱaȱseparateȱagreement.ȱ
4.
PROPRIETARYȱRIGHTS.ȱYouȱacknowledgeȱandȱagreeȱthatȱtheȱSoftwareȱandȱHardware,ȱincludingȱbutȱnotȱlimitedȱtoȱtheirȱ
sequence,ȱstructure,ȱorganizationȱandȱsourceȱcode,ȱcontainsȱIntellectualȱPropertyȱRightsȱofȱAirTightȱandȱitsȱsuppliers.ȱȱTheȱ
Softwareȱisȱlicensedȱandȱnotȱsoldȱtoȱyou,ȱandȱnoȱtitleȱorȱownershipȱtoȱsuchȱSoftwareȱorȱtheȱIntellectualȱPropertyȱRightsȱ
embodiedȱthereinȱpassesȱasȱaȱresultȱofȱthisȱAgreementȱorȱanyȱactȱpursuantȱtoȱthisȱAgreement.ȱȱTheȱSoftwareȱ(andȱallȱ
IntellectualȱPropertyȱRightsȱtherein)ȱisȱtheȱexclusiveȱpropertyȱofȱAirTightȱandȱitsȱsuppliers,ȱandȱallȱrightsȱinȱandȱtoȱtheȱ
SoftwareȱnotȱexpresslyȱgrantedȱtoȱyouȱinȱthisȱAgreement,ȱareȱreserved.ȱȱAirTightȱownsȱallȱcopiesȱofȱtheȱSoftware,ȱhoweverȱ
made.ȱTheȱSoftware,ȱHardwareȱandȱrelatedȱmaterialsȱcontainȱtradeȱsecretsȱofȱAirTightȱandȱyouȱshallȱnotȱprovideȱtheȱ
Software,ȱHardware,ȱDocumentation,ȱorȱdetailsȱregardingȱtheȱoperationȱofȱtheȱSoftwareȱand/orȱHardware,ȱorȱanyȱotherȱ
AirTightȱconfidentialȱand/orȱproprietaryȱinformationȱtoȱanyȱthirdȱparty.ȱ
5.
LIMITEDȱWARRANTYȱ
5.1ȱ
Warranty.ȱForȱaȱperiodȱofȱoneȱyearȱfromȱyourȱreceiptȱofȱtheȱHardwareȱand/orȱSoftwareȱ(theȱ“WarrantyȱPeriod”),ȱ
AirTightȱwarrantsȱtoȱyouȱandȱforȱyourȱsoleȱbenefitȱthat,ȱsubjectȱtoȱtheȱSectionȱentitledȱExclusions,ȱtheȱSoftwareȱandȱHardwareȱ
whenȱusedȱasȱpermittedȱunderȱthisȱAgreementȱandȱinȱaccordanceȱwithȱtheȱinstructionsȱinȱtheȱDocumentation,ȱwillȱoperateȱ
substantiallyȱwithoutȱError.ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
EndȱUserȱLicenseȱAgreementȱ
5.2ȱ
Exclusions.ȱAirTightȱwillȱhaveȱnoȱobligationȱtoȱcorrect,ȱandȱAirTightȱmakesȱnoȱwarrantyȱwithȱrespectȱto,ȱErrorsȱ
causedȱby:ȱ(a)ȱimproperȱinstallationȱofȱtheȱSoftwareȱorȱHardware;ȱ(b)ȱchangesȱthatȱyouȱhaveȱmadeȱtoȱtheȱSoftwareȱorȱ
Hardware;ȱ(c)ȱuseȱofȱtheȱSoftwareȱorȱHardwareȱinȱaȱmannerȱinconsistentȱwithȱtheȱDocumentation;ȱ(d)ȱtheȱcombinationȱofȱtheȱ
SoftwareȱorȱHardwareȱwithȱhardwareȱorȱsoftwareȱnotȱprovidedȱbyȱAirTight;ȱ(e)ȱmalfunction,ȱmodificationȱorȱrelocationȱofȱ
yourȱservers;ȱorȱ(f)ȱyourȱfailureȱtoȱmakeȱreasonableȱbackups.ȱ
5.3ȱ
RemedyȱforȱErrors.ȱForȱErrorsȱreportedȱtoȱAirTightȱduringȱtheȱWarrantyȱPeriod,ȱyourȱexclusiveȱremedyȱandȱ
AirTightȇsȱsoleȱliabilityȱforȱbreachȱofȱthisȱwarrantyȱisȱthatȱAirTightȱshall,ȱatȱitsȱownȱexpense,ȱ(a)ȱuseȱcommerciallyȱreasonableȱ
effortsȱtoȱmakeȱavailableȱtoȱyou,ȱbyȱInternetȱdownload,ȱUpdatesȱthatȱareȱintendedȱtoȱcorrectȱsuchȱErrorsȱandȱthatȱAirTightȱ
makesȱgenerallyȱavailable;ȱ(b)ȱatȱitsȱelection,ȱrepairȱorȱreplaceȱanyȱdefectiveȱHardwareȱreturnedȱtoȱAirTightȱwithinȱtheȱ
WarrantyȱPeriod.ȱȱAnyȱremedyȱprovidedȱunderȱthisȱSectionȱ5.3ȱwillȱnotȱextendȱtheȱoriginalȱWarrantyȱPeriod.ȱȱAirTightȱshallȱ
haveȱnoȱobligationȱregardingȱErrorsȱreported,ȱorȱreturnsȱmade,ȱafterȱtheȱWarrantyȱPeriod.ȱȱ
5.4ȱ
Disclaimer.ȱEXCEPTȱFORȱTHEȱEXPRESSȱWARRANTYȱINȱSECTIONȱ5.1,ȱAIRTIGHTȱANDȱITSȱAFFILIATESȱ
DISCLAIMȱALLȱOTHERȱWARRANTIES,ȱWHETHERȱEXPRESS,ȱIMPLIEDȱORȱSTATUTORY,ȱINCLUDINGȱBUTȱNOTȱ
LIMITEDȱTOȱTHEȱIMPLIEDȱWARRANTIESȱOFȱMERCHANTABILITY,ȱFITNESSȱFORȱAȱPARTICULARȱPURPOSE,ȱ
ACCURACY,ȱRESULT,ȱEFFORT,ȱTITLEȱANDȱNONȬINFRINGEMENT.ȱȱTHEREȱISȱNOȱWARRANTYȱTHATȱTHEȱSOFTWAREȱ
WILLȱBEȱERRORȱFREE,ȱORȱTHATȱTHEȱSOFTWAREȱORȱHARDWAREȱWILLȱOPERATEȱWITHOUTȱINTERRUPTIONȱORȱ
WILLȱFULFILLȱANYȱOFȱYOURȱPARTICULARȱPURPOSESȱORȱNEEDS.ȱAIRTIGHTȱPROVIDESȱNOȱWARRANTYȱFORȱANYȱ
THIRDȱPARTYȱSOFTWARE.ȱ
6.
LIMITATIONȱOFȱLIABILITY.ȱTOȱTHEȱMAXIMUMȱEXTENTȱPERMITTEDȱBYȱAPPLICABLEȱLAW:ȱȱAIRTIGHT,ȱITSȱ
AFFILIATES,ȱSUPPLIERSȱANDȱMANUFACTURERSȱSHALLȱNOTȱBEȱLIABLEȱTOȱYOUȱORȱANYȱOTHERȱPARTYȱFORȱ
ANYȱINDIRECT,ȱINCIDENTAL,ȱSPECIAL,ȱCONSEQUENTIAL,ȱEXEMPLARYȱORȱRELIANCEȱDAMAGESȱARISINGȱ
OUTȱOFȱORȱRELATEDȱTOȱTHISȱAGREEMENT,ȱTHEȱHARDWAREȱORȱTHEȱSOFTWARE,ȱUNDERȱANYȱLEGALȱ
THEORY,ȱINCLUDINGȱBUTȱNOTȱLIMITEDȱTOȱLOSTȱPROFITS,ȱLOSTȱDATA,ȱBUSINESSȱINTERRUPTION,ȱPERSONALȱ
INJURY,ȱFORȱLOSSȱOFȱPRIVACY,ȱNEGLIGENCE,ȱANDȱFORȱANYȱOTHERȱPECUNIARYȱORȱOTHERȱLOSSȱ
WHATSOEVER,ȱEVENȱIFȱAIRTIGHTȱKNOWSȱOFȱORȱSHOULDȱHAVEȱKNOWNȱOFȱTHEȱPOSSIBILITYȱOFȱSUCHȱ
DAMAGES.ȱȱ
EXCEPTȱFORȱAIRTIGHTȇSȱOBLIGATIONSȱUNDERȱTHEȱSECTIONȱENTITLEDȱINDEMNIFICATION,ȱAIRTIGHTȇS,ȱITSȱ
AFFILIATES’,ȱSUPPLIERS’ȱANDȱMANUFACTURERS’ȱTOTALȱCUMULATIVEȱLIABILITYȱFORȱACTUALȱDAMAGESȱ
ARISINGȱOUTȱOFȱORȱRELATEDȱTOȱTHISȱAGREEMENT,ȱTHEȱHARDWARE,ȱORȱTHEȱSOFTWARE,ȱSHALLȱNOTȱEXCEEDȱ
THEȱPRICEȱAIRTIGHTȱRECEIVEDȱFORȱSUCHȱHARDWAREȱORȱSOFTWARE,ȱREGARDLESSȱOFȱTHEȱCAUSEȱORȱFORMȱ
OFȱACTION.ȱTHISȱSECTIONȱSHALLȱAPPLYȱEVENȱIFȱYOURȱEXCLUSIVEȱREMEDYȱHASȱFAILEDȱOFȱITSȱESSENTIALȱ
PURPOSE.ȱYOUȱACKNOWLEDGEȱANDȱAGREEȱTHATȱTHEȱPRICESȱANDȱFEESȱREFLECTȱTHEȱALLOCATIONȱOFȱRISKȱ
SETȱFORTHȱINȱTHISȱAGREEMENTȱANDȱTHATȱAIRTIGHTȱWOULDȱNOTȱENTERȱINTOȱTHISȱAGREEMENTȱWITHOUTȱ
THESEȱLIMITATIONSȱONȱITSȱLIABILITY.ȱ
7.
INFRINGEMENTȱINDEMNIFICATIONȱ
7.1ȱ
AirTight’sȱObligation.ȱSubjectȱtoȱtheȱSectionsȱentitledȱConditionsȱandȱExclusions,ȱifȱaȱthirdȱpartyȱmakesȱaȱclaimȱagainstȱ
youȱallegingȱthatȱtheȱHardwareȱorȱSoftwareȱinfringesȱanyȱU.S.ȱpatentȱorȱcopyrightȱregisteredȱorȱissuedȱasȱofȱtheȱStartȱDate,ȱ
AirTightȱshall:ȱ(a)ȱpayȱallȱreasonableȱcostsȱtoȱdefendȱyou;ȱandȱ(b)ȱpayȱanyȱdamagesȱassessedȱagainstȱyouȱinȱaȱfinalȱjudgmentȱbyȱ
aȱcourtȱofȱcompetentȱjurisdictionȱorȱanyȱsettlementȱthatȱAirTightȱhasȱagreedȱuponȱwithȱsuchȱthirdȱparty.ȱ
7.2ȱ
Conditions.ȱAirTightȱshallȱbeȱobligatedȱtoȱpayȱtheseȱcostsȱonlyȱifȱyou:ȱ(a)ȱnotifyȱAirTightȱpromptlyȱinȱwritingȱofȱanyȱ
suchȱclaim;ȱ(b)ȱgiveȱAirTightȱfullȱinformationȱandȱassistanceȱinȱsettlingȱand/orȱdefendingȱtheȱclaim;ȱandȱ(c)ȱgiveȱAirTightȱfullȱ
authorityȱandȱcontrolȱofȱtheȱdefenseȱandȱsettlementȱofȱanyȱsuchȱclaim.ȱYouȱmayȱalsoȱparticipateȱinȱtheȱdefenseȱatȱyourȱownȱ
expense.ȱ
7.3ȱ
Exclusions.ȱAirTightȱshallȱnotȱbeȱliableȱfor:ȱ(a)ȱanyȱcostsȱorȱexpensesȱincurredȱbyȱyouȱwithoutȱAirTight’sȱpriorȱwrittenȱ
authorization;ȱ(b)ȱanyȱuseȱofȱtheȱHardwareȱorȱSoftwareȱnotȱinȱaccordanceȱwithȱthisȱAgreementȱorȱtheȱDocumentation;ȱ(c)ȱforȱ
anyȱclaimȱbasedȱonȱtheȱuseȱorȱaȱcombinationȱofȱtheȱHardwareȱorȱSoftwareȱwithȱanyȱotherȱsoftware,ȱfirmware,ȱhardwareȱorȱ
dataȱnotȱprovidedȱorȱapprovedȱbyȱAirTight;ȱ(d)ȱuseȱofȱanyȱReleaseȱofȱtheȱSoftwareȱotherȱthanȱtheȱmostȱcurrentȱReleaseȱmadeȱ
availableȱtoȱyou;ȱorȱ(e)ȱanyȱalterationsȱorȱmodificationȱofȱtheȱHardwareȱorȱSoftwareȱbyȱanyȱpersonȱotherȱthanȱAirTightȱorȱitsȱ
authorizedȱagents.ȱ
7.4.ȱ
Cure.ȱInȱtheȱeventȱAirTightȱisȱrequired,ȱorȱinȱAirTight’sȱsoleȱopinionȱisȱlikelyȱtoȱbeȱrequired,ȱtoȱindemnifyȱyouȱunderȱ
viȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
EndȱUserȱLicenseȱAgreementȱ
theȱSectionȱentitledȱAirTight’sȱObligation,ȱAirTightȱshallȱdoȱoneȱofȱtheȱfollowing:ȱ(a)ȱobtainȱtheȱrightȱforȱyouȱtoȱcontinueȱusingȱ
theȱHardwareȱorȱSoftware;ȱ(b)ȱreplaceȱorȱmodifyȱtheȱHardwareȱorȱSoftwareȱwithȱaȱfunctionalȱequivalentȱthatȱisȱnonȬinfringing;ȱ
orȱ(c)ȱterminateȱthisȱAgreementȱandȱrefundȱanyȱfeeȱAirTightȱreceived,ȱproratedȱoverȱ3ȱyears,ȱorȱtheȱperiodȱofȱyourȱlicenseȱifȱ
shorterȱthanȱ3ȱyears.ȱ
8.
RISKSȱANDȱYOURȱOBLIGATIONS.ȱAirTightȱproductsȱmayȱbeȱcapableȱofȱoperatingȱatȱfrequenciesȱbeyondȱthoseȱallowedȱ
inȱyourȱregionȱandȱlocatingȱandȱdisablingȱtargetedȱwirelessȱdevicesȱandȱcomputers.ȱYOUȱUSEȱAIRTIGHTȱPRODUCTSȱATȱ
YOURȱOWNȱRISK.ȱIfȱaȱthirdȱpartyȱmakesȱaȱclaimȱagainstȱAirTightȱarisingȱoutȱofȱyourȱuseȱofȱtheȱAirTightȱproductsȱorȱyourȱ
breachȱofȱthisȱAgreement,ȱyouȱshall:ȱ(a)ȱpayȱallȱcostsȱtoȱdefendȱAirTight;ȱandȱ(b)ȱpayȱanyȱdamagesȱassessedȱagainstȱ
AirTightȱinȱaȱfinalȱjudgmentȱbyȱaȱcourtȱofȱcompetentȱjurisdictionȱorȱanyȱsettlementȱthatȱyouȱagreedȱuponȱwithȱsuchȱthirdȱ
party.ȱIfȱyouȱfailȱtoȱmeetȱyourȱobligationsȱunderȱthisȱSection,ȱAirTightȱshallȱhaveȱfullȱauthorityȱandȱcontrolȱofȱtheȱdefenseȱ
and/orȱsettlementȱofȱanyȱsuchȱclaimȱatȱyourȱexpense.ȱȱ
9.
EXPORTȱRESTRICTIONS.ȱYouȱacknowledgeȱthatȱtheȱSoftwareȱisȱsubjectȱtoȱU.S.ȱexportȱjurisdiction.ȱYouȱagreeȱtoȱcomplyȱ
withȱallȱapplicableȱinternationalȱandȱnationalȱlawsȱthatȱapplyȱtoȱtheȱSoftware,ȱincludingȱtheȱU.S.ȱExportȱAdministrationȱ
Regulations,ȱasȱwellȱasȱendȬuser,ȱendȬuse,ȱandȱdestinationȱrestrictionsȱissuedȱbyȱU.S.ȱandȱotherȱgovernments.ȱYouȱassumeȱ
soleȱresponsibilityȱforȱanyȱrequiredȱexportȱapprovalȱand/orȱlicensesȱandȱallȱrelatedȱcosts.ȱYouȱshallȱnotȱacquire,ȱship,ȱ
transferȱorȱreȬexport,ȱdirectlyȱorȱindirectly,ȱtheȱHardwareȱand/orȱSoftwareȱtoȱproscribed,ȱembargoed,ȱorȱprohibitedȱ
countriesȱorȱtheirȱnationals,ȱdeniedȱdestinations,ȱnorȱuseȱitȱforȱnuclearȱactivities,ȱchemicalȱbiologicalȱweaponsȱorȱmissileȱ
projects.ȱProscribedȱcountries,ȱdestinations,ȱandȱpeopleȱareȱsetȱforthȱinȱtheȱUnitedȱStatesȱExportȱAdministrationȱ
Regulations,ȱandȱtheȱOfficeȱofȱForeignȱAssetȱControl’sȱSpeciallyȱDesignatedȱNationalsȱlist,ȱandȱareȱsubjectȱtoȱchangeȱ
withoutȱfurtherȱnoticeȱfromȱAirTight.ȱ
10. U.S.ȱGOVERNMENTȱENDȱUSERS.ȱTheȱSoftwareȱcoveredȱunderȱthisȱAgreement,ȱisȱaȱ“commercialȱitem”ȱasȱthatȱtermȱisȱ
definedȱatȱ48ȱC.F.R.ȱ2.101,ȱconsistingȱofȱ“commercialȱcomputerȱsoftware”ȱandȱ“commercialȱcomputerȱsoftwareȱ
documentation”ȱasȱsuchȱtermsȱareȱusedȱinȱ48ȱC.F.R.ȱ12.212.ȱConsistentȱwithȱ48ȱC.F.R.ȱ12.212ȱandȱ48ȱC.F.R.ȱ227.7202Ȭ1ȱ
throughȱ227.7202Ȭ4,ȱallȱU.S.ȱGovernmentȱendȱusersȱacquireȱtheȱSoftwareȱandȱanyȱotherȱsoftwareȱandȱdocumentationȱ
coveredȱunderȱthisȱAgreementȱwithȱonlyȱthoseȱrightsȱsetȱforthȱtherein.ȱȱ
11. CONSENTȱTOȱUSEȱOFȱDATA.ȱYouȱagreeȱthatȱAirTightȱandȱitsȱaffiliatesȱmayȱcollectȱandȱuseȱinformationȱthatȱisȱpersonallyȱ
identifiableȱtoȱyou.ȱWeȱcollectȱtwoȱtypesȱofȱinformation.ȱȱ
TechnicalȱInformationȱregardingȱtheȱAirTightȱproductsȱandȱyourȱhardwareȱorȱsoftware,ȱincluding,ȱbutȱnotȱlimitedȱto,ȱ
serverȱinstallationȱandȱactivationȱinformation,ȱlicenseȱkeyȱexpiration,ȱserverȱlogs,ȱMediaȱAccessȱControlȱ(MAC)ȱ
addresses,ȱInternetȱProtocolȱ(IP)ȱaddresses,ȱwirelessȱnetworkȱ(WLAN)ȱinformationȱandȱsensorȱdetails.ȱTheȱproductȱ
featuresȱallowingȱusȱtoȱcollectȱTechnicalȱInformationȱareȱenabledȱbyȱdefaultȱtoȱconnectȱviaȱtheȱInternetȱtoȱAirTight’sȱ
and/orȱitsȱaffiliates’ȱcomputerȱsystemsȱautomatically,ȱandȱmayȱoccurȱwithoutȱseparateȱnoticeȱtoȱyou.ȱYouȱconsentȱtoȱ
theȱoperationȱofȱtheseȱfeatures.ȱYouȱmayȱchooseȱnotȱtoȱgiveȱusȱthisȱinformationȱbyȱnotȱactivatingȱorȱinstallingȱtheȱ
product.ȱ
ȱ
PersonalȱInformationȱ(name,ȱaddress,ȱtelephoneȱnumber,ȱcompanyȱnameȱandȱemailȱaddress),ȱcollected,ȱforȱexample,ȱ
asȱpartȱofȱshipping,ȱservicingȱorȱregisteringȱaȱproduct.ȱIfȱweȱcollectȱPersonalȱInformationȱweȱwillȱexpresslyȱaskȱyouȱ
forȱit.ȱYouȱmayȱchooseȱnotȱtoȱgiveȱusȱthisȱinformationȱatȱtheȱtimeȱweȱrequestȱit,ȱbutȱitȱmayȱpreventȱusȱfromȱshippingȱ
orȱservicingȱtheȱproduct.ȱ
ȱ
AirTightȱandȱitsȱaffiliatesȱmayȱuseȱTechnicalȱandȱPersonalȱInformationȱsolelyȱtoȱimproveȱourȱproductsȱorȱtoȱprovideȱ
customizedȱservicesȱorȱtechnologiesȱtoȱyou.ȱAirTightȱwillȱnotȱdiscloseȱthisȱinformationȱinȱaȱformȱthatȱpersonallyȱidentifiesȱyouȱ
exceptȱtoȱthirdȱpartyȱprovidersȱthatȱweȱutilizeȱtoȱserviceȱorȱshipȱtheȱproducts.ȱWeȱmayȱdiscloseȱtheȱcollectedȱinformationȱifȱ
requiredȱtoȱbyȱlawȱorȱcourtȱorder.ȱInformationȱthatȱisȱcollectedȱbyȱorȱsentȱtoȱAirTightȱmayȱbeȱstoredȱandȱprocessedȱinȱtheȱ
UnitedȱStates,ȱIndiaȱorȱanyȱotherȱcountryȱinȱwhichȱAirTight,ȱitsȱaffiliates,ȱsubsidiariesȱorȱagentsȱmaintainȱfacilities.ȱYouȱmayȱ
contactȱusȱregardingȱtheȱcollectionȱandȱuseȱofȱTechnicalȱandȱPersonalȱInformationȱorȱthisȱprovisionȱatȱ
support@airtightnetworks.comȱorȱbyȱwritingȱusȱatȱ339ȱNo.ȱBernardoȱAvenue,ȱSuiteȱ200,ȱMountainȱView,ȱCAȱ94043ȱUSA.ȱ
12. GENERALȱ
12.1ȱ
Term.ȱThisȱAgreementȱshallȱstartȱonȱtheȱdateȱyouȱclickȱ“Iȱhaveȱreadȱandȱagreeȱtoȱtheȱlicensingȱtermsȱabove,”ȱ“Iȱ
Agree”ȱorȱotherwiseȱinstallȱorȱactivateȱtheȱSoftwareȱorȱHardwareȱ(theȱ“StartȱDate”)ȱandȱshallȱcontinueȱinȱfullȱforceȱandȱeffectȱ
untilȱitȱexpiresȱpursuantȱtoȱtheȱperiodȱofȱuseȱthatȱyouȱpurchasedȱorȱunlessȱearlierȱterminatedȱasȱdescribedȱinȱtheȱSectionȱ
vii
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
EndȱUserȱLicenseȱAgreementȱ
entitledȱTermination.ȱ
12.2ȱ
Termination.ȱWithoutȱprejudiceȱtoȱanyȱotherȱrights,ȱAirTightȱmayȱterminateȱthisȱAgreementȱifȱyouȱdoȱnotȱcomplyȱ
withȱit.ȱYouȱmayȱterminateȱthisȱAgreementȱatȱanytime.ȱUponȱterminationȱofȱthisȱAgreementȱforȱanyȱreason:ȱ(a)ȱallȱlicenseȱ
rightsȱgrantedȱinȱthisȱAgreementȱwillȱimmediatelyȱterminateȱandȱyouȱmustȱpromptlyȱstopȱallȱuseȱofȱtheȱSoftware;ȱ(b)ȱ
AirTightȇsȱobligationȱtoȱprovideȱservicesȱunderȱanyȱserviceȱagreementȱterminates;ȱ(c)ȱyouȱmustȱeraseȱallȱcopiesȱofȱtheȱSoftwareȱ
fromȱyourȱcomputers,ȱandȱdestroyȱallȱcopiesȱofȱtheȱSoftwareȱandȱDocumentationȱonȱtangibleȱmediaȱinȱyourȱpossessionȱorȱ
control.ȱTerminationȱofȱthisȱAgreementȱwillȱnotȱaffectȱyourȱrightȱtoȱotherwiseȱuseȱorȱtransferȱtheȱHardwareȱpurchasedȱfromȱ
AirTightȱonceȱtheȱSoftwareȱisȱremoved.ȱ
12.3ȱ
Survival.ȱTheȱSectionsȱentitledȱControllingȱAgreement,ȱProprietaryȱRights,ȱLimitedȱWarranty,ȱLimitationȱofȱLiability,ȱRisksȱ
andȱYourȱObligations,ȱExportȱRestrictions,ȱTermination,ȱGoverningȱLawȱandȱVenueȱandȱSeverabilityȱshallȱsurviveȱtheȱexpirationȱorȱ
terminationȱofȱthisȱAgreement.ȱAirTight’sȱobligationsȱunderȱtheȱSectionȱentitledȱInfringementȱIndemnificationȱshallȱsurviveȱonlyȱ
forȱclaimsȱbasedȱonȱuseȱofȱtheȱHardwareȱorȱSoftwareȱduringȱtheȱlicensedȱterm.ȱȱ
12.4ȱ
Assignment.ȱYouȱmayȱnotȱassignȱorȱtransfer,ȱbyȱoperationȱofȱlaw,ȱmergerȱorȱotherwise,ȱanyȱofȱyourȱrightsȱorȱdelegateȱ
anyȱofȱyourȱdutiesȱunderȱthisȱAgreementȱ(includingȱwithoutȱlimitation,ȱtheȱlicensesȱwithȱrespectȱtoȱtheȱSoftware)ȱtoȱanyȱthirdȱ
partyȱwithoutȱAirTight’sȱpriorȱwrittenȱconsent.ȱAnyȱattemptedȱassignmentȱorȱtransferȱinȱviolationȱofȱtheȱforegoingȱwillȱbeȱ
void.ȱAirTightȱmayȱassignȱitsȱrightsȱorȱdelegateȱitsȱobligationsȱunderȱthisȱAgreement.ȱ
12.5ȱ
GoverningȱLawȱandȱVenue.ȱThisȱAgreementȱwillȱbeȱgovernedȱbyȱtheȱlawsȱofȱtheȱStateȱofȱCalifornia.ȱTheȱUnitedȱ
NationsȱConventionȱonȱContractsȱforȱtheȱInternationalȱSaleȱofȱGoodsȱdoesȱnotȱapplyȱtoȱthisȱAgreement.ȱAnyȱactionȱorȱ
proceedingȱarisingȱfromȱorȱrelatingȱtoȱthisȱAgreementȱmustȱbeȱbroughtȱexclusivelyȱinȱaȱfederalȱorȱstateȱcourtȱseatedȱinȱSantaȱ
Clara,ȱCalifornia,ȱandȱinȱnoȱotherȱvenue.ȱEachȱpartyȱirrevocablyȱconsentsȱtoȱtheȱpersonalȱjurisdictionȱandȱvenueȱin,ȱandȱagreesȱ
toȱserviceȱofȱprocessȱissuedȱby,ȱanyȱsuchȱcourt.ȱNotwithstandingȱtheȱforegoing,ȱAirTightȱreservesȱtheȱrightȱtoȱfileȱaȱsuitȱorȱ
actionȱinȱanyȱcourtȱofȱcompetentȱjurisdictionȱasȱAirTightȱdeemsȱnecessaryȱtoȱprotectȱitsȱintellectualȱpropertyȱandȱproprietaryȱ
rights.ȱ
12.6ȱ
EquitableȱRelief.ȱYouȱagreeȱthatȱtheȱSoftwareȱandȱHardwareȱcontainsȱAirTight’sȱvaluableȱtradeȱsecretsȱandȱ
proprietaryȱinformationȱandȱthatȱanyȱactualȱorȱthreatenedȱdisclosureȱorȱmisappropriationȱofȱsuchȱinformationȱwouldȱ
constituteȱimmediate,ȱirreparableȱharmȱtoȱAirTightȱforȱwhichȱmonetaryȱdamagesȱwouldȱbeȱanȱinadequateȱremedy.ȱTherefore,ȱ
inȱadditionȱtoȱanyȱotherȱrightsȱandȱremediesȱwhichȱmayȱbeȱavailableȱtoȱAirTightȱatȱlawȱorȱinȱequity,ȱanyȱsuchȱactualȱorȱ
threatenedȱdisclosureȱmayȱbeȱstoppedȱthroughȱinjunctiveȱproceedingsȱwithoutȱtheȱpostingȱofȱaȱbond.ȱ
12.7ȱ
WaiversȱandȱAmendments.ȱAllȱwaiversȱmustȱbeȱinȱwriting.ȱAnyȱwaiverȱorȱfailureȱtoȱenforceȱanyȱprovisionȱofȱthisȱ
Agreementȱonȱoneȱoccasionȱwillȱnotȱbeȱdeemedȱaȱwaiverȱofȱanyȱotherȱprovisionȱorȱofȱsuchȱprovisionȱonȱanyȱotherȱoccasion.ȱ
ThisȱAgreementȱmayȱbeȱamendedȱonlyȱbyȱaȱwrittenȱdocumentȱsignedȱbyȱyouȱandȱAirTight.ȱ
12.8ȱ
Severability.ȱIfȱanyȱprovisionȱofȱthisȱAgreementȱisȱheldȱtoȱbeȱvoid,ȱinvalid,ȱunenforceableȱorȱillegal,ȱtheȱotherȱ
provisionsȱshallȱcontinueȱinȱfullȱforceȱandȱeffect.ȱ
ȱ
viiiȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
TableȱofȱContentsȱ
TableȱofȱContentsȱ
CHAPTER 1
1.1
1.2
1.3
GETTING STARTED...................................................................................................................................1
BEFORE YOU BEGIN .......................................................................................................................................................1
HOW TO GET MORE INFORMATION ..................................................................................................................................1
CONTACT INFORMATION .................................................................................................................................................1
CHAPTER 2
PACKAGE CONTENTS ..............................................................................................................................2
CHAPTER 3
SERVER AND SENSOR OVERVIEW .......................................................................................................4
3.1 FRONT PANEL OF THE SERVER ........................................................................................................................................4
3.2 REAR PANEL OF THE SERVER ..........................................................................................................................................5
3.3 FRONT PANEL OF SENSOR ...............................................................................................................................................6
3.3.1
Sensor SS-200-AT...................................................................................................................................................6
3.3.2
Sensor SS-300-AT...................................................................................................................................................7
3.4 REAR PANEL OF SENSOR SS-200-AT..............................................................................................................................8
3.5 REAR AND SIDE PANELS OF SENSOR SS-300-AT ............................................................................................................9
CHAPTER 4
INSTALLING THE SERVER......................................................................................................................9
4.1 CONNECTING THE SERVER..............................................................................................................................................9
4.1.1
Mount the Server Appliance ...................................................................................................................................9
4.1.2
Power up the Server ...............................................................................................................................................9
4.1.3
Connect the Server to the Network.......................................................................................................................10
4.2 ACCESSING THE SERVER...............................................................................................................................................10
4.2.1
Accessing the Server using SSH (Recommended) ................................................................................................ 11
4.2.2
Accessing the Server using a Serial Cable ........................................................................................................... 11
4.3 ACCESSING THE SERVER INITIALIZATION AND SETUP WIZARD .....................................................................................14
4.3.1
Configure the Backspace Key...............................................................................................................................14
4.3.2
Step 1: Change Config Shell Password ................................................................................................................14
4.3.3
Step 2: Change Network Settings .........................................................................................................................15
4.3.4
Step 3: Set Server Time Zone, Date and Time Settings .........................................................................................16
4.3.5
Step 4: Set Server ID Settings...............................................................................................................................19
4.3.6
Set up the Server DNS Entry ................................................................................................................................21
4.4 LAUNCHING THE SYSTEM CONSOLE (GUI) ..................................................................................................................21
4.4.1
System Requirements ............................................................................................................................................21
4.5 ACTIVATING THE LICENSE ............................................................................................................................................24
CHAPTER 5
INSTALLING THE SENSOR....................................................................................................................25
5.1 ZERO CONFIGURATION OF SENSORS .............................................................................................................................25
5.2 CONNECTING THE SENSOR ...........................................................................................................................................25
5.2.1
Mount the SS-200-AT Sensor................................................................................................................................25
5.2.1.1
5.2.1.2
5.2.2
Ceiling Mounting ............................................................................................................................................................ 25
Flat Surface Installation .................................................................................................................................................. 27
Mount the SS-300-AT Sensor................................................................................................................................28
5.2.2.1
5.2.2.2
5.2.3
5.2.4
Ceiling/Wall Mounting.................................................................................................................................................... 28
Flat Surface Installation .................................................................................................................................................. 28
Power up the Sensor.............................................................................................................................................29
Connect the Sensor to the Network ......................................................................................................................30
CHAPTER 6
MANUALLY CONFIGURING THE SENSOR........................................................................................30
6.1 INTRODUCTION.............................................................................................................................................................30
6.2 CONFIGURING SENSOR THROUGH CONFIG SHELL ........................................................................................................30
6.2.1
Invoke HyperTerminal (or minicom) ....................................................................................................................30
6.2.1.1
6.2.1.2
6.2.1.3
Launching HyperTerminal .............................................................................................................................................. 30
Defining a New HyperTerminal Connection................................................................................................................... 31
Specifying HyperTerminal Connection Details............................................................................................................... 32
ix
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
TableȱofȱContentsȱ
6.2.1.4
6.2.2
6.2.3
6.2.4
6.2.5
Editing Serial Port Settings ............................................................................................................................................. 32
Log in and Change the Default Password............................................................................................................33
Set Server Discovery ............................................................................................................................................33
Set Sensor Mode ...................................................................................................................................................33
Configure Network Settings..................................................................................................................................34
CHAPTER 7
SETTING UP THE SERVER CONSOLE ................................................................................................35
7.1 LOGGING INTO THE CONSOLE .......................................................................................................................................35
7.1.1
Step 1: Starting the Setup Wizard .........................................................................................................................35
7.1.2
Step 2: Changing your Account Password ...........................................................................................................36
7.1.3
Step 3: Preparing your System for Configuration ................................................................................................37
7.1.4
Step 4: Configuring Notification Settings.............................................................................................................40
7.1.5
Step 5: Setting up Locations and Sensors.............................................................................................................45
7.1.5.1
7.1.5.2
7.1.5.3
7.1.5.4
7.1.6
Adding a New Location .................................................................................................................................................. 46
Attaching an image ......................................................................................................................................................... 59
Placing Locations on a Location Folder with an Attached Image ................................................................................... 59
Importing a Planner file into a Location Node ................................................................................................................ 60
Step 6: Classifying APs ........................................................................................................................................60
7.1.6.1
7.1.6.2
7.1.6.3
7.1.7
7.1.8
Specify Authorized SSIDs............................................................................................................................................... 61
Select Wi-Fi Networks .................................................................................................................................................... 64
RSSI based Classification ............................................................................................................................................... 64
Step 7: Classifying Clients....................................................................................................................................69
Step 8: Configuring Intrusion Prevention Policy .................................................................................................72
7.1.8.1
7.1.8.2
7.1.9
Intrusion Prevention Policy............................................................................................................................................. 72
Intrusion Prevention Level .............................................................................................................................................. 74
Step 9: Configuring Events and Reports ..............................................................................................................75
7.1.9.1
7.1.9.2
7.1.9.3
7.1.9.4
7.1.9.5
7.1.10
7.1.11
7.1.12
CHAPTER 8
8.1
8.2
Step 10: Calibrating Location Tracking ...........................................................................................................85
Step 11: Locking the System Configuration ......................................................................................................87
Step 12: Completion of Setup Wizard................................................................................................................89
CONFIG SHELL COMMANDS................................................................................................................91
SERVER CONFIG SHELL COMMANDS ............................................................................................................................91
SENSOR CONFIG SHELL COMMANDS ............................................................................................................................95
CHAPTER 9
9.1
9.2
Security ........................................................................................................................................................................... 75
Monitoring ...................................................................................................................................................................... 75
Adding a Report .............................................................................................................................................................. 78
Adding a Section to a Report .......................................................................................................................................... 81
Creating a Report Schedule............................................................................................................................................. 83
TROUBLESHOOTING .............................................................................................................................97
SERVER TROUBLESHOOTING ........................................................................................................................................97
SENSOR TROUBLESHOOTING ........................................................................................................................................99
ȱ
ȱ
xȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
TableȱofȱFiguresȱ
TableȱofȱFiguresȱ
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
SERVER PACKAGE CONTENTS ..................................................................................................................................................... 2
SENSOR SS-200-AT PACKAGE CONTENTS ................................................................................................................................... 3
FRONT PANEL OF THE SERVER ..................................................................................................................................................... 4
REAR PANEL OF THE SERVER....................................................................................................................................................... 5
FRONT PANEL OF SENSOR SS-200-AT......................................................................................................................................... 6
FRONT VIEW OF SENSOR SS-300-AT .......................................................................................................................................... 7
REAR PANEL OF SENSOR ............................................................................................................................................................. 8
REAR PANEL OF SENSOR SS-300-AT .......................................................................................................................................... 9
SIDE PANEL OF SENSOR SS-300-AT .......................................................................................................................................... 10
MOUNT THE SERVER ................................................................................................................................................................... 9
POWER UP THE SERVER ............................................................................................................................................................. 10
CONNECT THE SERVER TO THE NETWORK ................................................................................................................................. 10
OPEN SSH ............................................................................................................................................................................... 11
CONNECT THE SERVER TO YOUR COMPUTER USING A SERIAL CABLE ......................................................................................... 11
LAUNCH HYPERTERMINAL APPLICATION .................................................................................................................................. 12
DEFINE A NEW HYPERTERMINAL CONNECTION FOR THE SYSTEM .............................................................................................. 12
SPECIFY HYPERTERMINAL CONNECTION DETAILS ..................................................................................................................... 13
EDIT SERIAL PORT SETTINGS .................................................................................................................................................... 13
MAP THE BACKSPACE KEY ........................................................................................................................................................ 14
SERVER INITIALIZATION AND SETUP WIZARD SCREEN ............................................................................................................... 14
CHANGE CONFIG SHELL PASSWORD .......................................................................................................................................... 15
CHANGE NETWORK SETTINGS .................................................................................................................................................. 16
CONFIRM NETWORK SETTINGS CHANGES ................................................................................................................................. 16
SPECIFY CONTINENT AND COUNTRY FOR TIME ZONE SETTINGS ................................................................................................. 17
SELECT TIME ZONE REGION ..................................................................................................................................................... 18
SPECIFY IP ADDRESS OF NTP SERVER FOR SYNCHRONIZATION .................................................................................................. 18
SPECIFY TIME ZONE USING POSIX TZ FORMAT .......................................................................................................................... 19
SPECIFY DATE AND TIME .......................................................................................................................................................... 19
SET SERVER ID......................................................................................................................................................................... 20
SERVER SETUP COMPLETION SCREEN ....................................................................................................................................... 20
GENERATING CERTIFICATE FOR WEB SERVER ............................................................................................................................ 21
WEB SITE CERTIFICATE VERIFICATION ...................................................................................................................................... 22
INSTALLING JRE....................................................................................................................................................................... 22
POP-UP BLOCKER MESSAGE ..................................................................................................................................................... 22
DETECTING JAVA RUNTIME ENVIRONMENT (JRE) ..................................................................................................................... 23
WEB SITE CERTIFICATE WARNING ............................................................................................................................................ 23
HOSTNAME MISMATCH WARNING ............................................................................................................................................. 23
DIGITAL SIGNATURE VERIFIED .................................................................................................................................................. 24
ACTIVATE LICENSE ................................................................................................................................................................... 24
ALIGNING THE SENSOR AND MOUNT SLOTS .............................................................................................................................. 26
FIXING THE MOUNTING BRACKET TO THE SENSOR .................................................................................................................... 26
TAB ORIENTATIONS FOR US INSTALLATIONS .............................................................................................................................. 26
PRESSING THE MOUNT AGAINST THE T-BAR .............................................................................................................................. 27
INITIAL TWISTING OF THE MOUNT ............................................................................................................................................ 27
FINAL TWISTING OF THE MOUNT WITH THE US TAB SUPPORTING THE MOUNT ............................................................................ 27
FLAT SURFACE INSTALLATION ................................................................................................................................................... 28
HOLES FOR INSERTING SCREWS ................................................................................................................................................. 28
INSERTING TABS ON THE TABLE STAND....................................................................................................................................... 29
LOCKING THE STAND TO THE SENSOR ....................................................................................................................................... 29
SENSOR MOUNT ON A TABLE .................................................................................................................................................... 29
POWER UP THE SENSOR ............................................................................................................................................................. 30
CONNECT THE SENSOR TO THE NETWORK ................................................................................................................................. 30
CONNECTING THE SENSOR TO YOUR COMPUTER USING A SERIAL CABLE .................................................................................... 30
OPENING HYPERTERMINAL ...................................................................................................................................................... 31
DEFINE A NEW HYPERTERMINAL CONNECTION FOR SENSOR ..................................................................................................... 31
SPECIFY HYPERTERMINAL CONNECTION DETAILS ..................................................................................................................... 32
EDIT SERIAL PORT SETTINGS .................................................................................................................................................... 32
SET SERVER DISCOVERY COMMAND ........................................................................................................................................... 33
SET SENSOR MODE COMMAND ................................................................................................................................................... 34
xi
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
TableȱofȱFiguresȱ
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
FIGURE
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
CONSOLE LOGIN SCREEN.......................................................................................................................................................... 35
END USER LICENSE AGREEMENT SCREEN ................................................................................................................................. 35
SYSTEM SETUP WIZARD WELCOME SCREEN ............................................................................................................................. 36
CHANGE PASSWORD ................................................................................................................................................................. 37
EVENT DE-ACTIVATION............................................................................................................................................................. 38
INTRUSION PREVENTION DE-ACTIVATION .................................................................................................................................. 39
DEVICE LIST UNLOCKING ......................................................................................................................................................... 40
SMTP CONFIGURATION ............................................................................................................................................................ 41
SYSLOG CONFIGURATION ......................................................................................................................................................... 42
SYSLOG CONFIGURATION DIALOG ............................................................................................................................................ 43
SNMP CONFIGURATION ........................................................................................................................................................... 44
SNMP CONFIGURATION DIALOG .............................................................................................................................................. 45
LOCATIONS SCREEN.................................................................................................................................................................. 46
ADDING A NEW LOCATION ........................................................................................................................................................ 47
SPECIFYING LOCATION PROPERTIES .......................................................................................................................................... 47
SENSOR CONFIGURATION.......................................................................................................................................................... 48
CHANNEL SETTINGS TAB .......................................................................................................................................................... 49
CHANNEL FREQUENCY TABLE ................................................................................................................................................... 50
ANTENNA PORT ASSIGNMENT TAB ............................................................................................................................................ 51
SENSOR PASSWORD CONFIGURATION TAB ................................................................................................................................. 52
OFFLINE SENSOR CONFIGURATION TAB..................................................................................................................................... 53
OFFLINE SENSOR CONFIGURATION: DEVICE CLASSIFICATION POLICY TAB................................................................................. 54
OFFLINE SENSOR CONFIGURATION: INTRUSION PREVENTION POLICY TAB ................................................................................. 55
IMPORT DEVICES - SENSORS ..................................................................................................................................................... 56
IMPORT SENSOR LIST ................................................................................................................................................................ 57
DEVICES SCREEN – SENSORS .................................................................................................................................................... 58
LOCATIONS SCREEN.................................................................................................................................................................. 59
PLACING SENSORS ON THE FLOORMAP ...................................................................................................................................... 60
AUTHORIZED WLAN SETUP..................................................................................................................................................... 61
CREATING A CONFIGURATION TEMPLATE FOR AN AUTHORIZED SSID ........................................................................................ 62
NO-WI-FI NETWORKS .............................................................................................................................................................. 64
RSSI BASED CLASSIFICATION ................................................................................................................................................... 65
AP AUTO-CLASSIFICATION POLICY ........................................................................................................................................... 66
IMPORT DEVICES – APS ............................................................................................................................................................ 67
IMPORT AUTHORIZED AP LIST .................................................................................................................................................. 68
DEVICES SCREEN – APS ........................................................................................................................................................... 68
LOCATIONS SCREEN.................................................................................................................................................................. 69
CLIENT AUTO-CLASSIFICATION POLICY .................................................................................................................................... 70
IMPORT DEVICES – CLIENTS ..................................................................................................................................................... 71
DEVICES SCREEN – CLIENTS ..................................................................................................................................................... 72
INTRUSION PREVENTION POLICY .......................................................................................................................................... 73
INTRUSION PREVENTION LEVEL ............................................................................................................................................ 74
EVENT CONFIGURATION – SECURITY .................................................................................................................................... 75
EVENT CONFIGURATION – MONITORING ............................................................................................................................... 76
EVENT ADVANCED SETTINGS ................................................................................................................................................ 77
EMAIL NOTIFICATION ........................................................................................................................................................... 77
EMAIL CONFIGURATION DIALOG ........................................................................................................................................... 78
REPORTS SCREEN ................................................................................................................................................................. 78
REPORT DETAILS SCREEN ..................................................................................................................................................... 79
REPORT DETAILS SCREEN SHOWING REPORT SUMMARY TAB ................................................................................................. 80
REPORT DETAILS SCREEN SHOWING REPORT SECTIONS TAB .................................................................................................. 81
ADDING A SECTION TO A REPORT .......................................................................................................................................... 82
SCHEDULING A REPORT FOR ONE TIME DELIVERY ................................................................................................................. 83
SCHEDULING A REPORT FOR RECURRING GENERATION .......................................................................................................... 84
SPECIFYING ADDITIONAL EMAIL ADDRESSES FOR REPORT DELIVERY .................................................................................... 85
LOCATIONS SCREEN – CALIBRATION ..................................................................................................................................... 85
RF CALIBRATION DIALOG .................................................................................................................................................... 86
EVENT ACTIVATION .............................................................................................................................................................. 87
INTRUSION PREVENTION ACTIVATION ................................................................................................................................... 88
DEVICE LIST LOCKING ......................................................................................................................................................... 89
DASHBOARD SCREEN ........................................................................................................................................................... 90
ȱ
xiiȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
GettingȱStartedȱ
Chapterȱ1
1.1
GettingȱStartedȱ
BeforeȱYouȱBeginȱ
ThankȱyouȱforȱpurchasingȱSpectraGuardȱEnterpriseȱ(referredȱtoȱasȱ‘system’ȱhereafterȱinȱthisȱdocument)ȱfromȱAirTight®ȱ
Networks,ȱInc.ȱTheȱsystemȱassistsȱyouȱtoȱeffectivelyȱmonitor,ȱtroubleshoot,ȱadminister,ȱandȱprotectȱyourȱwirelessȱnetwork.ȱ
PleaseȱreadȱtheȱEULAȱbeforeȱinstallingȱtheȱServer.ȱInstallingȱtheȱServerȱconstitutesȱyourȱacceptanceȱofȱtheȱtermsȱandȱ
conditionsȱofȱtheȱEULAȱmentionedȱaboveȱinȱthisȱdocument.ȱThisȱproductȱcannotȱbeȱrentedȱorȱleased–youȱareȱtheȱsoleȱownerȱofȱ
theȱproduct.ȱ
ThisȱinstallationȱguideȱgivesȱanȱoverviewȱofȱtheȱpowerȱconnectorȱandȱportsȱonȱtheȱServerȱandȱexplainsȱhowȱtoȱconfigureȱit.ȱ
Thisȱguideȱcontainsȱtheȱfollowingȱchapters:ȱ
1.2
PackageȱContents:ȱListsȱtheȱcomponentsȱincludedȱinȱtheȱsystemȱpackage.ȱ
ServerȱandȱSensorȱ(Sensor)ȱOverview:ȱProvidesȱanȱoverviewȱofȱtheȱServerȱandȱSensor.ȱ
ConfiguringȱtheȱServer:ȱDescribesȱhowȱtoȱpowerȱtheȱServer,ȱconnectȱtheȱServerȱtoȱtheȱnetworkȱandȱyourȱcomputer,ȱ
andȱconfigureȱtheȱServer.ȱ
InstallingȱtheȱSensor:ȱDescribesȱhowȱtoȱconnectȱandȱinstallȱtheȱSensor.ȱ
ManualȱConfigurationȱofȱSensor:ȱDescribesȱhowȱtoȱconfigureȱtheȱSensorȱthroughȱtheȱConfigȱShell.ȱ
SettingȱupȱtheȱSystem:ȱDescribesȱhowȱtheȱsystemȱConsoleȱisȱlaunchedȱandȱsetup.ȱ
ConfigȱShellȱCommands:ȱListsȱaȱpreȬdefinedȱsetȱofȱcommandsȱthatȱallowȱyouȱtoȱconfigureȱandȱviewȱtheȱstatusȱofȱtheȱ
ServerȱandȱSensors.ȱ
Troubleshooting:ȱProvidesȱtroubleshootingȱtipsȱwhileȱinstallingȱtheȱServerȱandȱSensor.ȱ
Howȱtoȱgetȱmoreȱinformationȱ
Toȱreceiveȱimportantȱnewsȱonȱproductȱupdates,ȱpleaseȱvisitȱourȱwebsiteȱatȱsupport@airtightnetworks.com.ȱ
1.3
ContactȱInformationȱ
AirTight®ȱNetworks,ȱInc.ȱ
339ȱN,ȱBernardoȱAvenue,ȱSuiteȱ#200,ȱ
MountainȱView,ȱCAȱ94043ȱ
Tel:ȱ(650)ȱ961Ȭ1111ȱ
Fax:ȱ(650)ȱ963Ȭ3388ȱ
Forȱtechnicalȱsupportȱsendȱanȱemailȱtoȱsupport@airtightnetworks.com.ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
PackageȱContentsȱ
Chapterȱ2
PackageȱContentsȱ
ThisȱchapterȱlistsȱtheȱcomponentsȱincludedȱinȱtheȱServerȱandȱSensorȱ(bothȱ802.11ȱa/b/gȱorȱ802.11ȱa/b/g/n)ȱpackages.ȱ
Note:ȱTheȱconventionsȱtoȱbeȱfollowedȱinȱtheȱGuideȱare:ȱ1>ȱ802.11ȱa/b/g:ȱSSȬ200ȬATandȱ2>ȱ802.11ȱa/b/g/n:ȱSSȬ300ȬAT.ȱ
PleaseȱensureȱthatȱtheȱfollowingȱitemsȱareȱincludedȱinȱtheȱServerȱpackage.ȱIfȱtheȱpackageȱisȱnotȱcomplete,ȱpleaseȱcontactȱ
AirTight®ȱNetworks,ȱInc.ȱTechnicalȱSupportȱatȱsupport@airtightnetworks.com,ȱorȱreturnȱtheȱpackageȱtoȱtheȱvendorȱorȱdealerȱ
whereȱyouȱpurchasedȱtheȱproduct.ȱ
ServerȱwithȱSoftwareȱ
SystemȱDocumentationȱCDȬROMȱcontaining:ȱ
¾ SpectraGuardȱEnterpriseȱUserȱGuideȱ
¾ SpectraGuardȱEnterpriseȱInstallationȱGuideȱ
¾ SpectraGuardȱEnterpriseȱQuickȱSetupȱGuideȱ
¾ SpectraGuardȱEnterpriseȱReportsȱ
¾ SpectraGuardȱEnterpriseȱReleaseȱNotesȱ
¾ UpgradeȱInstructionsȱforȱSpectraGuardȱEnterpriseȱ
¾ HighȱAvailabilityȱConfigurationȱforȱSpectraGuardȱEnterpriseȱ
¾ NetworkȱDetectorȱConfigurationȱforȱSpectraGuardȱEnterpriseȱ
PowerȱCordȱ
NetworkȱInterfaceȱ(Ethernet)ȱCableȱ
SerialȱCableȱ
RackȱMountingȱAccessoriesȱ
ȱ
Figure 1.
Server Package Contents
Theȱcontentsȱofȱtheȱa/b/gȱSensorȱpackageȱareȱasȱfollows:ȱ
Sensorȱ
EthernetȱCableȱ
WallȱMountingȱAccessoriesȱ
2ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
PackageȱContentsȱ
ȱ
Figure 2.
Sensor SS-200-AT Package Contents
Note:ȱTheȱMACȱaddressȱofȱtheȱSensorȱisȱshownȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproductȱandȱtheȱpackagingȱboxȱ
3ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ServerȱandȱSensorȱOverviewȱ
Chapterȱ3
ServerȱandȱSensorȱOverviewȱ
ThisȱchapterȱprovidesȱanȱoverviewȱofȱtheȱServerȱandȱSensorȱandȱdescribesȱinȱdetailȱaboutȱtheȱfollowing.ȱ
FrontȱPanelȱofȱtheȱServerȱandȱSensorȱ
RearȱPanelȱofȱtheȱServerȱandȱSensorȱ
3.1
FrontȱPanelȱofȱtheȱServerȱ
TheȱfrontȱpanelȱofȱtheȱServerȱhasȱaȱPowerȱswitchȱandȱLEDsȱthatȱindicateȱitsȱstate.ȱTheȱfollowingȱfigureȱshowsȱtheȱlocationȱofȱ
theȱPowerȱswitchȱandȱLEDsȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ
ȱ
Figure 3.
Front Panel of the Server
TheȱfollowingȱtableȱdescribesȱtheȱbehaviorȱofȱtheȱPowerȱswitch.ȱ
Table 1.
Behavior of Power Switch
Action
System Behavior
Recommended User Action
Push Power
switch for two
seconds
Graceful shutdown of the
Server (similar to restarting
the Server)
No action is required as the Server
restarts automatically.
Push Power
switch for
more than
three seconds
Hard shutdown of the Server
(similar to disconnecting the
power cable)
Press the Power switch again to power
on the Server. Do not press the Power
switch for a longer time as this may
cause damage to the hard disk and
thereby cause severe data loss.
ȱ
TheȱfollowingȱtableȱdescribesȱtheȱstatusȱLEDsȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ
4ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ServerȱandȱSensorȱOverviewȱ
Table 2.
Front Panel LEDs
LED
LED Color
Solid Green
Power
Off
Hard Disk
Network Interface
Card
High Availability
Interface
Blinking
Green
Off
Blinking
Green
Off
Blinking
Green
Off
Meaning of LED
Indicates that the Server is powered on and working
normally
Indicates that the Server is not powered on or not
receiving power
Indicates that the hard disk drive is being accessed
Indicates that the hard disk drive is not being accessed
Indicates that the Server is connected to the network
Indicates that the Server is not connected to the
network
Indicates that the Server is a part of a high availability
cluster
Indicates that the Server is not a part of a high
availability cluster
ȱ
3.2
RearȱPanelȱofȱtheȱServerȱ
TheȱrearȱpanelȱofȱtheȱServerȱhasȱaȱpowerȱconnectorȱandȱportsȱthatȱenableȱyouȱtoȱpowerȱupȱtheȱServerȱandȱconnectȱitȱtoȱtheȱ
networkȱandȱaȱcomputer.ȱ
Note:ȱOtherȱconnectorsȱsuchȱasȱparallelȱport,ȱ25ȬȱpinȱSerialȱport,ȱkeyboardȱconnector,ȱsoundȱcard,ȱandȱsoȱonȱareȱshownȱinȱtheȱfollowingȱ
figure.ȱHowever,ȱtheseȱconnectorsȱareȱdisabledȱandȱcannotȱbeȱused.ȱ
ȱ
Figure 4.
Rear Panel of the Server
TheȱrearȱpanelȱofȱtheȱServerȱhasȱaȱSerialȱ(RSȱ232ȱFȬF)ȱport,ȱaȱNetworkȱInterfaceȱportȱ(RJȬ45ȱ10/100/1000ȱEthernet),ȱaȱHighȱ
Availabilityȱ(HA)ȱportȱ(RJȬ45ȱ10/100/1000ȱEthernet),ȱandȱaȱPowerȱconnector.ȱTheȱPowerȱconnectorȱisȱusedȱtoȱpowerȱtheȱServerȱ
usingȱ110Ȭ240Vȱ50/60ȱHzȱACȱinput.ȱTheȱfollowingȱtableȱdescribesȱtheȱSerial,ȱNetworkȱInterface,ȱandȱHighȱAvailabilityȱports.ȱ
Table 3.
Rear Panel Ports
Port
Description
Serial
Enables a serial (RS-232)
connection to establish terminal
sessions using terminal emulation
programs such as HyperTerminal
for Windows or minicom for Linux
Connector
Type
Settings/Protocol
DB-9
Settings:
Bits per second: 9600
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
Protocol: RS-232
5ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ServerȱandȱSensorȱOverviewȱ
High
Availability
Interface
Used to connect the Server to a
high availability cluster
RJ-45
Settings: 10/100/1000
Mbps
Protocol: Ethernet
Network
Interface
Used to connect the Server to the
wired LAN through a hub or a
switch
Allows the Server to talk to
Sensors
RJ-45
Settings: 10/100/1000
Mbps
Protocol: Ethernet
ȱ
3.3
3.3.1
FrontȱPanelȱofȱSensorȱ
SensorȱSSȬ200ȬATȱ
TheȱfrontȱpanelȱofȱtheȱSensorȱhasȱLEDsȱthatȱindicateȱtheȱworkingȱofȱtheȱSensor.ȱ
ȱ
Figure 5.
Front Panel of Sensor SS-200-AT
TheseȱLEDsȱareȱdescribedȱinȱtheȱfollowingȱtable.ȱ
Table 4.
LED details for Sensor SS-200-AT and SS-300-AT
LED1 or
Power
LED2 or
LAN
LED3 or
802.11a
LED4 or
802.11
b/g
Description
Solid
Green
Solid
Green
Solid
Green
Solid
Green
The Sensor is receiving power and is
working normally. The Sensor is
connected to the Server.
Solid
Green
Solid
Green
Solid
Green
Fast Blink
The Sensor is performing Troubleshooting
on 802.11b/g.
Solid
Green
Solid
Green
Solid
Green
Slow Blink
The Sensor is performing Intrusion
Prevention on 802.11b/g.
Solid
Green
Solid
Green
Fast Blink
Solid
Green
The Sensor is performing Troubleshooting
on 802.11a.
Solid
Green
Solid
Green
Fast Blink
Fast Blink
Solid
Green
Solid
Green
Fast Blink
Slow Blink
Solid
Green
Solid
Green
Slow
Blink
Solid
Green
The Sensor is performing Intrusion
Prevention on 802.11a.
Solid
Green
Solid
Green
Slow
Blink
Fast Blink
The Sensor is performing Intrusion
Prevention on 802.11a and
Troubleshooting on 802.11b/g.
Solid
Green
Solid
Green
Slow
Blink
Slow Blink
The Sensor is performing Intrusion
Prevention on 802.11a and 802.11b/g.
Solid
Green
Slow Blink
Slow
Blink
Slow Blink
The Sensor upgrade is in progress.
The Sensor is performing Troubleshooting
on 802.11a and 802.11b/g.
The Sensor is performing Troubleshooting
on 802.11a and Intrusion Prevention on
802.11b/g.
6ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ServerȱandȱSensorȱOverviewȱ
Solid
Orange
Solid
Green
Any
Any
The Sensor is unable to get Ethernet link.
Solid
Orange
Fast Blink
Any
Any
The Sensor did not receive a valid IP
address via the DHCP.
Solid
Orange
Slow Blink
Any
Any
The Sensor is unable to connect to the
Server.
Any
Solid
Green
Any
Any
Any
Solid
Green
Off
Off
Off
Solid
Orange
Solid
Orange
Off
There is an error on 802.11a/b/g
interfaces.
The Sensor is experiencing a software
error.
The Sensor is not powered on or it is in
the process of starting up.
ȱ
3.3.2
SensorȱSSȬ300ȬATȱ
TheȱfrontȱpanelȱofȱtheȱSensorȱhasȱLEDsȱthatȱindicateȱtheȱworkingȱofȱtheȱSensorȱ
ȱ
Figure 6.
Table 5.
Front View of Sensor SS-300-AT
LED Details for Sensor SS-300-AT
LED1 or
Power
LED2 or
LAN
LED3 or
802.11an
LED4 or
802.11
b/gn
Description
Solid
Green
Solid
Green
Solid
Green
Solid
Green
The Sensor is receiving power and is
working normally. The Sensor is
connected to the Server.
Solid
Green
Solid
Green
Solid
Green
Fast Blink
The Sensor is performing Troubleshooting
on 802.11b/g/n.
Solid
Green
Solid
Green
Solid
Green
Slow Blink
The Sensor is performing Intrusion
Prevention on 802.11b/g/n.
Solid
Green
Solid
Green
Fast Blink
Solid
Green
The Sensor is performing Troubleshooting
on 802.11a/n.
Solid
Green
Solid
Green
Fast Blink
Fast Blink
Solid
Green
Solid
Green
Fast Blink
Slow Blink
Solid
Green
Solid
Green
Slow Blink
Solid
Green
Solid
Green
Solid
Green
Slow Blink
Fast Blink
Solid
Green
Solid
Green
Slow Blink
Slow Blink
The Sensor is performing Troubleshooting
on 802.11a/n and 802.11b/g/n.
The Sensor is performing Troubleshooting
on 802.11a/n and Intrusion Prevention
on 802.11b/g/n.
The Sensor is performing Intrusion
Prevention on 802.11a/n.
The Sensor is performing Intrusion
Prevention on 802.11a/n and
Troubleshooting on 802.11b/g/n.
The Sensor is performing Intrusion
Prevention on 802.11a/n and
802.11b/g/n.
7ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ServerȱandȱSensorȱOverviewȱ
Solid
Green
Solid
Orange
Slow Blink
Slow Blink
Slow Blink
The Sensor upgrade is in progress.
Solid
Green
Any
Any
The Sensor is unable to get Ethernet link.
Solid
Orange
Fast Blink
Any
Any
The Sensor did not receive a valid IP
address via the DHCP.
Solid
Orange
Slow Blink
Any
Any
The Sensor is unable to connect to the
Server.
Any
Solid
Green
Any
Any
Any
Solid
Green
Off
Off
Off
Solid
Orange
Solid
Orange
Off
There is an error on 802.11a/b/g/n
interfaces.
The Sensor is experiencing a software
error.
The Sensor is not powered on or it is in
the process of starting up.
ȱ
3.4
RearȱPanelȱofȱSensorȱSSȬ200ȬATȱ
TheȱrearȱpanelȱofȱtheȱSensorȱSSȬ200ȬATȱhasȱaȱpowerȱconnectorȱandȱportsȱthatȱenableȱyouȱtoȱpowerȱupȱtheȱdeviceȱandȱconnectȱitȱ
toȱtheȱnetworkȱorȱaȱcomputer.ȱ
ȱ
Figure 7.
Rear Panel of Sensor
TheȱSensorȱhasȱtheȱfollowingȱports:ȱ
Serialȱport:ȱConnectsȱtheȱSensorȱtoȱserialȱterminalȱemulationȱprogramsȱsuchȱasȱHyperȱTerminalȱforȱWindowsȱorȱ
minicomȱforȱLinux.ȱ
Ethernetȱport:ȱConnectsȱtheȱSensorȱtoȱtheȱnetwork.ȱ
Resetȱswitch:ȱResetsȱtheȱSensorȱtoȱfactoryȱdefaults.ȱToȱresetȱtheȱSensor,ȱpressȱtheȱResetȱswitchȱandȱpowerȱcycleȱ
(removeȱtheȱpowerȱcableȱonceȱandȱconnectȱitȱbackȱagain)ȱtheȱSensorȱtillȱallȱLEDsȱblinkȱgreen.ȱPressingȱȱwhileȱ
theȱSensorȱisȱrunningȱwillȱnotȱhaveȱanyȱeffect.ȱTheȱfollowingȱsettingsȱareȱreset:ȱ
¾ ConfigȱShellȱPasswordȱisȱresetȱtoȱconfig.ȱ
¾ ServerȱDiscoveryȱvalueȱisȱerasedȱandȱchangedȱtoȱtheȱdefault,ȱwifiȬsecurityȬserver.ȱ
¾ AllȱtheȱVLANȱconfigurationsȱareȱlost.ȱ
¾ SensorȱmodeȱisȱchangedȱtoȱSensorȱOnly.ȱ
¾ IfȱstaticȱIPȱwasȱconfiguredȱonȱtheȱSensor,ȱtheȱIPȱisȱerasedȱandȱDHCPȱmodeȱisȱset.ȱ
Afterȱreset,ȱallȱtheȱLEDsȱwillȱblinkȱonce,ȱimplyingȱthatȱtheȱresetȱisȱsuccessful.ȱ
8ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ServerȱandȱSensorȱOverviewȱ
Table 6.
Port
Serial
Rear Panel Port Settings for SS-200-AT
Description
Connector Type
Enables a serial connection to
establish terminal sessions;
used for launching Config Shell
sessions
Speed/Protocol
Settings:
Bits per second: 9600
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
DB-9
Protocol: RS-232
Ethernet
Enables the device to be
connected to the wired LAN
through a switch or a hub. This
connection allows the Sensor to
communicate with the Server
Settings:
10/100 Mbps
RJ-45
Protocol:
Ethernet
ȱ
Note:ȱTheȱSpeed/ProtocolȱsettingsȱmentionedȱinȱtheȱaboveȱtableȱareȱtheȱsameȱforȱHypeȱTerminalȱandȱminicom.ȱ
3.5
RearȱandȱSideȱPanelsȱofȱSensorȱSSȬ300ȬATȱ
TheȱrearȱpanelȱofȱtheȱSensorȱSSȬ300ȬATȱhasȱanȱEthernetȱportȱthatȱenablesȱtheȱdeviceȱtoȱbeȱconnectedȱtoȱtheȱwiredȱLANȱthroughȱ
aȱswitchȱorȱaȱhubȱandȱalsoȱprovidesȱtheȱpowerȱforȱtheȱdeviceȱusingȱ802.3afȱstandard.ȱȱ
ȱ
Figure 8.
Rear Panel of Sensor SS-300-AT
TheȱSensorȱhasȱtheȱfollowingȱports:ȱ
Ethernetȱport:ȱConnectsȱtheȱSensorȱtoȱtheȱnetworkȱandȱalsoȱprovidesȱtheȱpower.ȱ
Table 7.
Rear Panel Port Settings for SS-300-AT
Port
Description
Connector Type
Speed/Protocol
Ethernet
This enables the device to be
connected to the wired LAN
through a switch or a hub. This
connection allows the
SpectraGuard Sensor to
communicate with the
SpectraGuard Enterprise®
Server.
This port also provides the
power for the device using
802.3af standard
RJ-45
10/100/1000 Mbps
Ethernet
Power over Ethernet
ȱ
Note:ȱTheȱSpeed/ProtocolȱsettingsȱmentionedȱinȱtheȱaboveȱtableȱareȱtheȱsameȱforȱHypeȱTerminalȱandȱminicom.ȱ
9ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ServerȱandȱSensorȱOverviewȱ
ȱ
TheȱsideȱpanelȱofȱtheȱSensorȱSSȬ300ȬATȱhasȱaȱResetȱSwitchȱandȱaȱSerialȱPort.ȱȱ
ȱ
Figure 9.
Side Panel of Sensor SS-300-AT
Theȱsideȱpanelȱhasȱtheȱfollowingȱports:ȱ
Serialȱport:ȱConnectsȱtheȱSensorȱtoȱserialȱterminalȱemulationȱprogramsȱsuchȱasȱHyperȱTerminalȱforȱWindowsȱorȱ
minicomȱforȱLinuxȱ
Resetȱswitch:ȱResetsȱtheȱSensorȱtoȱfactoryȱdefaults.ȱToȱresetȱtheȱSensor,ȱpressȱtheȱResetȱswitchȱandȱpowerȱcycleȱ
(removeȱtheȱpowerȱcableȱonceȱandȱconnectȱitȱbackȱagain)ȱtheȱSensorȱtillȱallȱLEDsȱblinkȱgreen.ȱPressingȱȱwhileȱ
theȱSensorȱisȱrunningȱwillȱnotȱhaveȱanyȱeffect.ȱTheȱfollowingȱsettingsȱareȱreset:ȱ
¾ ConfigȱShellȱPasswordȱisȱresetȱtoȱconfig.ȱ
¾ ServerȱDiscoveryȱvalueȱisȱerasedȱandȱchangedȱtoȱtheȱdefault,ȱwifiȬsecurityȬserver.ȱ
¾ AllȱtheȱVLANȱconfigurationsȱareȱlost.ȱ
¾ SensorȱmodeȱisȱchangedȱtoȱSensorȱOnly.ȱ
¾ IfȱstaticȱIPȱwasȱconfiguredȱonȱtheȱSensor,ȱtheȱIPȱisȱerasedȱandȱDHCPȱmodeȱisȱset.ȱ
Afterȱreset,ȱallȱtheȱLEDsȱwillȱblinkȱonce,ȱimplyingȱthatȱtheȱresetȱisȱsuccessful.ȱ
Table 8.
Side Panel Port Settings for SS-300-AT
Port
Description
Connector Type
Speed/Protocol
Reset
Allows resetting of
SpectraGuard Sensor™ to
factory settings.
Pin-hole
push-button
Hold down and power
cycle the Sensor to
reset
Console
Enables a serial connection to
establish terminal sessions.
Used for launching Config Shell
sessions.
RJ-45
RS 232 Serial
Bits per second:
115200
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
10ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
Chapterȱ4
InstallingȱtheȱServerȱ
YouȱneedȱtoȱsetȱupȱtheȱServerȱbeforeȱusingȱitȱtoȱmonitorȱandȱprotectȱyourȱnetwork.ȱThisȱchapterȱexplainsȱhowȱtoȱconnectȱandȱ
configureȱtheȱServer.ȱ
4.1
ConnectingȱtheȱServerȱ
ThisȱinvolvesȱmountingȱtheȱServerȱappliance,ȱpoweringȱitȱup,ȱandȱconnectingȱitȱtoȱtheȱnetwork.ȱ
4.1.1
MountȱtheȱServerȱApplianceȱ
PlaceȱtheȱServerȱonȱtheȱrackȱandȱmountȱitȱusingȱtheȱrackȱmountingȱaccessories.ȱ
ȱ
Figure 10.
4.1.2
Mount the Server
PowerȱupȱtheȱServerȱ
TheȱServerȱapplianceȱrunsȱatȱ110Ȭ240V,ȱ3Ȭ5A,ȱ50Ȭ60ȱHzȱACȱpower.ȱAirTight®ȱNetworksȱrecommendsȱthatȱyouȱprovideȱsurgeȬ
freeȱstableȱpowerȱtoȱtheȱServer.ȱ
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
ȱ
Figure 11.
Power up the Server
ToȱpowerȱupȱtheȱServer,ȱperformȱtheȱfollowingȱsteps:ȱ
1. ConnectȱoneȱendȱofȱtheȱPowerȱcableȱtoȱtheȱPowerȱsocketȱonȱtheȱrearȱpanelȱofȱtheȱServer.ȱ
2. ConnectȱtheȱotherȱendȱofȱtheȱPowerȱcableȱtoȱaȱ110Ȭ240V,ȱ50/60ȱHzȱACȱpowerȱsource.ȱ
3. PressȱtheȱPowerȱswitchȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ
Note:ȱOnȱconnectingȱtheȱPowerȱcable,ȱtheȱPowerȱLEDȱshouldȱturnȱsolidȱgreen.ȱ
4.1.3
ConnectȱtheȱServerȱtoȱtheȱNetworkȱ
ConnectȱtheȱServerȱtoȱtheȱdesiredȱnetworkȱsegmentȱ(subnet).ȱTheȱServerȱshouldȱbeȱableȱtoȱcommunicateȱwithȱallȱtheȱnetworkȱ
segmentsȱthatȱitȱtriesȱtoȱprotect.ȱ
Warning!ȱTheȱdefaultȱIPȱaddressȱofȱtheȱServerȱisȱ192.168.1.246.ȱPleaseȱensureȱthatȱnoȱotherȱdeviceȱonȱyourȱnetworkȱusesȱtheȱsameȱIPȱ
addressȱasȱtheȱServer.ȱConnectȱtheȱNetworkȱInterfaceȱPortȱonȱtheȱServerȱtoȱtheȱdesiredȱsubnetȱusingȱtheȱEthernetȱcableȱprovidedȱtoȱyouȱasȱ
shownȱinȱtheȱfollowing.ȱDoȱnotȱconnectȱtheȱHighȱAvailabilityȱ(HA)ȱInterfaceȱPortȱtoȱtheȱsubnet.ȱ
ȱ
Figure 12.
Connect the Server to the Network
ToȱconnectȱtheȱServerȱtoȱtheȱnetwork,ȱperformȱtheȱfollowingȱsteps:ȱ
1. ConnectȱoneȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱtheȱNetworkȱInterfaceȱportȱonȱtheȱrearȱpanelȱofȱtheȱServer.ȱ
2. ConnectȱtheȱotherȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱtheȱNetworkȱInterfaceȱjackȱlocatedȱonȱtheȱwall.ȱ
Note:ȱOnȱconnectingȱtheȱNetworkȱInterfaceȱcable,ȱtheȱNetworkȱInterfaceȱCardȱLEDȱshouldȱturnȱsolidȱgreen.ȱ
4.2
AccessingȱtheȱServerȱ
YouȱcanȱaccessȱtheȱServerȱinȱtwoȱways:ȱ
UsingȱSSHȱSecureȱShellȱ(SSH)ȱClientȱtoȱaccessȱtheȱServerȱ(Recommended)ȱ
UsingȱaȱSerialȱRSȬ232ȱcableȱ
10ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
4.2.1 AccessingȱtheȱServerȱusingȱSSHȱ(Recommended)ȱ
ToȱaccessȱtheȱServerȱusingȱSSH,ȱperformȱtheȱfollowingȱsteps:ȱ
1. ConnectȱyourȱcomputerȱtoȱtheȱsameȱsubnetȱwhereȱtheȱServerȱisȱconnected.ȱ
Note:ȱTheȱdefaultȱIPȱaddressȱofȱtheȱServerȱisȱ192.168.1.246.ȱ
2.
3.
4.
Changeȱyourȱcomputer’sȱIPȱaddressȱtoȱ192.168.1.XXX,ȱforȱexample,ȱ192.168.1.244.ȱ
OpenȱSSHȱonȱyourȱcomputerȱandȱpressȱȱorȱȱonȱtheȱSSHȱSecureȱShellȱdialog.ȱ
AccessȱtheȱdefaultȱServerȱIPȱaddress,ȱ192.168.1.246ȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
ȱ
Figure 13.
5.
Open SSH
LoginȱusingȱtheȱUsername:ȱconfigȱandȱPassword:ȱconfig.ȱ
4.2.2 AccessingȱtheȱServerȱusingȱaȱSerialȱCableȱ
Alternatively,ȱyouȱcanȱaccessȱtheȱServerȱusingȱaȱSerialȱRSȬ232ȱcableȱasȱshownȱinȱtheȱfollowingȱfigureȱandȱthenȱfollowingȱtheȱ
stepsȱlistedȱbelowȱtheȱfigure.ȱ
ȱ
Figure 14.
Connect the Server to your Computer using a Serial Cable
11
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
1.
ForȱWindowsȱXP,ȱlaunchȱtheȱHyperTerminalȱapplicationȱbyȱclickingȱStartÆȱProgramsÆȱAccessoriesÆȱ
CommunicationsÆȱHyperTerminalȱonȱyourȱdesktop.ȱ
ȱ
ȱ
Figure 15.
2.
Launch HyperTerminal Application
DefineȱaȱnewȱHyperTerminalȱconnection.ȱ
Selectȱanȱiconȱtoȱidentifyȱtheȱnewȱconnection.ȱ
TypeȱtheȱuserȱdefinedȱnameȱforȱtheȱHyperTerminalȱconnectionȱinȱtheȱNameȱfieldȱ
ClickȱȱonȱtheȱConnectionȱDescriptionȱdialog.ȱ
ȱ
Figure 16.
3.
Define a New HyperTerminal Connection for the system
SpecifyȱtheȱHyperTerminalȱconnectionȱdetailsȱbyȱselectingȱorȱenteringȱtheȱappropriateȱconnectionȱdetailsȱandȱclickingȱ
ȱonȱtheȱConnectȱToȱdialog.ȱ
12ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
ȱ
Figure 17.
4.
Specify HyperTerminal Connection Details
EditȱtheȱserialȱportȱsettingsȱasȱfollowsȱorȱclickȱȱtoȱensureȱproperȱcommunicationȱbetweenȱtheȱServerȱ
andȱyourȱcomputer.ȱ
Bitsȱperȱsecond:ȱ9600ȱ
Dataȱbits:ȱ8ȱ
Parity:ȱNoneȱ
Stopȱbits:ȱ1ȱ
Flowȱcontrol:ȱNoneȱ
ȱ
Figure 18.
5.
6.
7.
Edit Serial Port Settings
ClickȱȱonȱtheȱCOMȱPropertiesȱdialog.ȱ
PressȱȱorȱȱonȱtheȱHyperTerminalȱscreen.ȱTheȱloginȱpromptȱappears.ȱ
LoginȱusingȱtheȱUsername:ȱconfigȱandȱPassword:ȱconfig.ȱ
13
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
Important:ȱIfȱyouȱareȱconfiguringȱtheȱServerȱforȱHAȱmode,ȱyouȱcanȱskipȱtheȱServerȱInitializationȱandȱSetupȱwizardȱandȱgoȱtoȱtheȱconfigȱ
prompt.ȱChangeȱtheȱconfigȱshellȱpassword,ȱsetȱtheȱtimeȱzone,ȱdateȱandȱtime,ȱsetȱtheȱServerȱID,ȱandȱthenȱuseȱtheȱsetȱhaȱcommandȱtoȱ
configureȱtheȱServerȱinȱHAȱmode.ȱ
4.3
AccessingȱtheȱServerȱInitializationȱandȱSetupȱWizardȱ
TheȱsimpleȱandȱintuitiveȱServerȱInitializationȱandȱSetupȱWizardȱallowsȱyouȱtoȱmapȱtheȱBackspaceȱkey,ȱchangeȱtheȱ
configurationȱpassword,ȱsetȱtheȱdateȱandȱtimeȱandȱtheȱtimeȱzone,ȱchangeȱtheȱnetworkȱsettings,ȱandȱsetȱtheȱServerȱIDȱofȱtheȱ
Server.ȱYouȱcanȱretainȱtheȱdefaultȱvaluesȱatȱeachȱstepȱbyȱpressingȱ.ȱJustȱfollowȱtheȱinstructionsȱinȱtheȱInitializationȱandȱ
SetupȱWizardȱtoȱconfigureȱtheȱServer.ȱTheȱwizardȱguidesȱyouȱthroughȱtheȱrestȱofȱtheȱsetupȱofȱtheȱServer.ȱ
4.3.1 ConfigureȱtheȱBackspaceȱKeyȱ
MapȱtheȱBackspaceȱkeyȱtoȱworkȱproperlyȱusingȱtheȱsetȱeraseȱcommandȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
ȱ
Figure 19.
Map the Backspace key
TheȱServerȱInitializationȱandȱSetupȱWizardȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
ȱ
Figure 20.
4.3.2
Server Initialization and Setup Wizard Screen
Stepȱ1:ȱChangeȱConfigȱShellȱPasswordȱ
Forȱsecurityȱreasons,ȱAirTightȱrecommendsȱthatȱyouȱchangeȱtheȱconfigȱshellȱpassword.ȱTheȱServerȱdeliberatelyȱavoidsȱstrongȱ
passwordȱcheckingȱbecauseȱitȱdoesȱnotȱwantȱtoȱforceȱpasswordsȱthatȱareȱdifficultȱtoȱremember.ȱ
Theȱfollowingȱfigureȱshowsȱhowȱtoȱchangeȱtheȱconfigȱshellȱpassword.ȱ
ȱ
14ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
Figure 21.
4.3.3
Change Config Shell Password
Stepȱ2:ȱChangeȱNetworkȱSettingsȱ
TheȱnetworkȱsettingsȱofȱtheȱServerȱspecifyȱitsȱuniqueȱIPȱaddressȱonȱtheȱnetwork.ȱSensorsȱuseȱthisȱIPȱaddressȱtoȱidentifyȱtheȱ
Server.ȱTheȱdefaultȱIPȱaddressȱassignedȱtoȱtheȱServerȱisȱ192.168.1.246.ȱ
Important:ȱNoteȱtheȱnetworkȱsettingsȱonȱpaper.ȱIfȱyouȱforgetȱtheȱnetworkȱsettings,ȱyouȱcanȱnoȱlongerȱaccessȱtheȱServerȱoverȱtheȱnetworkȱ
afterȱitȱisȱrebooted.ȱUseȱtheȱSerialȱcableȱtoȱaccessȱtheȱServerȱandȱchangeȱitsȱnetworkȱsettings.ȱ
Toȱchangeȱtheȱnetworkȱsettings,ȱprovideȱtheȱfollowingȱinput.ȱ
IPȱAddress:ȱChooseȱanȱIPȱaddressȱthatȱisȱcompatibleȱwithȱtheȱnetworkȱsegmentȱonȱwhichȱtheȱServerȱisȱtoȱbeȱ
connected.ȱTheȱServerȱshouldȱbelongȱtoȱtheȱsameȱsubnet.ȱ
SubnetȱMask:ȱEnterȱtheȱmaskȱofȱtheȱnetworkȱsegmentȱtoȱwhichȱtheȱServerȱisȱtoȱbeȱconnected.ȱ
GatewayȱIPȱAddress:ȱEnterȱtheȱIPȱaddressȱofȱtheȱgateway,ȱforȱtheȱsubnetȱonȱwhichȱthisȱServerȱisȱtoȱbeȱconnected.ȱ
Ethernetȱtrafficȱfromȱtheȱsubnetȱisȱforwardedȱtoȱanotherȱnetworkȱthroughȱtheȱgateway.ȱ
PrimaryȱDNSȱIPȱAddress:ȱSpecifyȱtheȱIPȱaddressȱofȱtheȱprimaryȱDNSȱServerȱusedȱbyȱtheȱenterpriseȱserverȱtoȱresolveȱ
DNSȱentries.ȱ
SecondaryȱDNSȱIPȱAddress:ȱSpecifyȱtheȱIPȱaddressȱofȱtheȱsecondaryȱ(alternate)ȱDNSȱServerȱusedȱbyȱtheȱenterpriseȱ
serverȱtoȱresolveȱDNSȱentries.ȱ
TertiaryȱDNSȱIPȱAddress:ȱSpecifyȱtheȱIPȱaddressȱofȱtheȱtertiaryȱ(alternate)ȱDNSȱServerȱusedȱbyȱtheȱenterpriseȱserverȱ
toȱresolveȱDNSȱentries.ȱ
DNSȱSuffix:ȱAppendȱthisȱsuffixȱtoȱtheȱunqualifiedȱdomainȱnameȱtoȱgenerateȱaȱfullyȱqualifiedȱdomainȱname.ȱ
Theȱfollowingȱfiguresȱshowȱhowȱtoȱchangeȱtheȱnetworkȱsettings.ȱ
15
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
ȱ
Figure 22.
Change Network Settings
ȱ
Figure 23.
4.3.4
Confirm Network Settings Changes
Stepȱ3:ȱSetȱServerȱTimeȱZone,ȱDateȱandȱTimeȱSettingsȱ
ToȱsetȱtheȱTimeȱZoneȱ(TZ)ȱcorrectly,ȱselectȱaȱcontinent,ȱaȱcountry,ȱandȱthenȱaȱtimeȱzoneȱregion.ȱYouȱcanȱuseȱtheȱNetworkȱTimeȱ
ProtocolȱNTPȱ(NTP)ȱtoȱsynchronizeȱtheȱServerȱclockȱwithȱanotherȱServerȱorȱreferenceȱtimeȱsourceȱbyȱspecifyingȱtheȱIPȱaddressȱ
orȱtheȱURLȱofȱtheȱNTPȱServer.ȱ
Theȱfollowingȱfiveȱfiguresȱshowȱhowȱtoȱchangeȱtheȱtimeȱzoneȱsettingsȱandȱtheȱdateȱandȱtimeȱsettings.ȱ
16ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
ȱ
Figure 24.
Specify Continent and Country for Time Zone Settings
17
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
ȱ
Figure 25.
Select Time Zone Region
ȱ
Figure 26.
Specify IP Address of NTP Server for Synchronization
YouȱcanȱalsoȱspecifyȱtheȱtimeȱzoneȱusingȱtheȱPosixȱTZȱ1formatȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
ȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱ ȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱ
1ȱInȱPosixȱTZȱsystems,ȱaȱuserȱcanȱspecifyȱtheȱtimeȱzoneȱbyȱmeansȱofȱtheȱTZȱenvironmentȱvariable.ȱTheȱformatȱusedȱwhenȱthereȱ
isȱnoȱDaylightȱSavingȱTimeȱ(orȱsummerȱtime)ȱinȱtheȱlocalȱtimeȱzoneȱisȱstdȱoffset,ȱwhereȱ‘std’ȱspecifiesȱtheȱnameȱofȱtheȱtimeȱ
zoneȱandȱ‘offset’ȱspecifiesȱtheȱtimeȱvalueȱoneȱmustȱaddȱtoȱtheȱlocalȱtimeȱtoȱgetȱaȱCoordinatedȱUniversalȱTimeȱvalue.ȱItȱhasȱaȱ
syntaxȱ[+ȱ|Ȭ]ȱhhȱ[:ȱmmȱ[:ȱss]].ȱThisȱisȱpositiveȱifȱtheȱlocalȱtimeȱzoneȱisȱwestȱofȱtheȱPrimeȱMeridianȱandȱnegativeȱifȱitȱisȱeast.ȱTheȱ
hourȱmustȱbeȱbetweenȱ0ȱandȱ24,ȱandȱtheȱminuteȱandȱsecondsȱbetweenȱ0ȱandȱ59.ȱ
18ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
ȱ
Figure 27.
Specify Time Zone using Posix TZ format
ȱ
Figure 28.
Specify Date and Time
Important:ȱOnȱtheȱDateȱandȱTimeȱsettingsȱscreen,ȱifȱtheȱdayȱexceedsȱ31ȱandȱtheȱmonthȱexceedsȱ12,ȱtheȱsystemȱautomaticallyȱsetsȱtheȱdayȱ
toȱ31ȱandȱmonthȱtoȱ12.ȱ
4.3.5
Stepȱ4:ȱSetȱServerȱIDȱSettingsȱ
TheȱServerȱIDȱisȱidentifiesȱaȱuniqueȱServerȱinstanceȱwhenȱthereȱareȱmultipleȱServerȱinstancesȱonȱtheȱnetwork.ȱSensorsȱcanȱbeȱ
configuredȱtoȱcommunicateȱwithȱaȱspecificȱServerȱinstance.ȱTheȱdefaultȱServerȱIDȱisȱ1.ȱ
Recommended:ȱServerȱIDȱsettingȱisȱimportantȱonlyȱifȱyouȱhaveȱaȱmultiȱServerȱinstallation.ȱIfȱyouȱhaveȱonlyȱoneȱServer,ȱtheȱServerȱIDȱ
shouldȱbeȱleftȱatȱtheȱdefaultȱvalueȱ1.ȱ
TheȱfollowingȱfigureȱshowsȱhowȱtoȱsetȱtheȱServerȱID.ȱ
19
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
ȱ
Figure 29.
Set Server ID
TheȱServerȱinitializationȱcompletionȱmessageȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
ȱ
Figure 30.
Server Setup Completion Screen
20ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
ȱ
Figure 31.
Generating Certificate for Web Server
PressȱyȱtoȱrebootȱtheȱServerȱforȱtheȱchangesȱtoȱtakeȱeffect.ȱIfȱyouȱchooseȱtoȱrebootȱlaterȱpressȱn.ȱTheȱServerȱConfigȱShell.promptȱ
appears.ȱYouȱneedȱtoȱrebootȱtheȱServerȱonȱcompletionȱofȱtheȱInitializationȱandȱSetupȱWizardȱbeforeȱyouȱaccessȱtheȱServerȱ
Consoleȱ(“GUI”).ȱ
Note:ȱOnȱtheȱServerȱConfigȱShellȱprompt,ȱtypeȱtheȱcommandȱhelpȱtoȱviewȱtheȱlistȱofȱavailableȱcommands.ȱ
4.3.6
SetȱupȱtheȱServerȱDNSȱEntryȱ
AddȱaȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱinȱyourȱorganization’s/enterpriseȱDNSȱServer.ȱThisȱentryȱshouldȱpointȱtoȱtheȱNetworkȱ
InterfaceȱIPȱAddressȱofȱtheȱServerȱconfiguredȱinȱStepȱ2:ȱChangeȱNetworkȱSettings.ȱ
Addingȱthisȱentryȱservesȱtwoȱpurposes:ȱ
SensorsȱcanȱconnectȱtoȱtheȱServerȱwithȱzeroȱconfigurationȱifȱtheyȱareȱconnectedȱtoȱaȱDHCPȱenabledȱsubnet.ȱ
YouȱcanȱaccessȱtheȱServerȱusingȱtheȱaddressȱ‘https://wifiȬsecurityȬserver’.ȱ
4.4
LaunchingȱtheȱSystemȱConsoleȱ(GUI)ȱ
4.4.1 SystemȱRequirementsȱ
Ensureȱthatȱtheȱfollowingȱhardwareȱandȱsoftwareȱisȱavailableȱonȱyourȱcomputerȱbeforeȱlaunchingȱtheȱsystem.ȱ
Table 9.
Hardware Requirements
Hardware
Requirements
Processor
Intel P4 X86 architecture platform (or
equivalent)
Processor Speed
1.4 GHz (minimum)
Memory
512 MB (minimum)
Screen Resolution
1024X768 (recommended)
ȱ
Table 10.
Software Requirements
Software
Requirements
Operating System
(OS)
Windows 2000 or XP
Browser
Internet Explorer (IE) 5.5 or higher
Java Runtime
Environment (JRE)
version
JRE 1.6.0 or above
ȱ
21
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
Recommended:ȱInȱIE,ȱunderȱToolsÆInternetȱOptionsÆȱAdvanced,ȱdeselectȱtheȱoption,ȱReuseȱwindowsȱforȱlaunchingȱshortcuts.ȱ
Additionally,ȱunderȱToolsÆPopȬupȱBlocker,ȱselectȱTurnȱOffȱPopȬupȱBlocker.ȱ
ToȱlaunchȱtheȱConsole,ȱperformȱtheȱfollowingȱsteps:ȱ
1. LaunchȱaȱWebȱbrowserȱsuchȱasȱIEȱ5.5ȱorȱhigherȱonȱaȱclientȱcomputerȱonȱtheȱnetworkȱthatȱhasȱWindowsȱ2000ȱorȱXPȱ
OperatingȱSystemȱ(OS).ȱ
2. EnterȱtheȱdefaultȱIPȱAddressȱforȱtheȱServer,ȱthatȱis,ȱ192.168.1.246.ȱ
3. ClickȱȱonȱeachȱofȱtheȱsecurityȱmessageȱpopȬupȱdialogsȱtoȱproceed.ȱ
ȱ
Figure 32.
Web Site Certificate Verification
Theȱdialogȱshownȱbelowȱappearsȱunderȱtheȱfollowingȱconditions:ȱ
Ifȱtheȱcorrectȱversion,ȱthatȱis,ȱSunȱJREȱ1.6.0ȱisȱnotȱdetectedȱonȱyourȱcomputerȱ
Ifȱtheȱversionȱinstalledȱhasȱnotȱbeenȱactivatedȱforȱusageȱ
ȱ
Figure 33.
4.
Installing JRE
DisableȱallȱpopȬupȱblockersȱactiveȱonȱyourȱWebȱbrowserȱtoȱeliminateȱtheȱwarningȱmessageȱshownȱinȱtheȱfollowingȱfigure.ȱ
ȱ
Figure 34.
Pop-up Blocker Message
22ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱServerȱ
ȱ
Figure 35.
Detecting Java Runtime Environment (JRE)
ȱ
Figure 36.
5.
Web Site Certificate Warning
AddȱaȱDNSȱentryȱforȱtheȱhostnameȱwifiȬsecurityȬserverȱandȱtheȱIPȱaddressȱofȱtheȱServerȱinȱtheȱhostsȱfileȱofȱtheȱclientȱ
computerȱtoȱeliminateȱtheȱwarningȱshownȱinȱtheȱfollowingȱfigure.ȱ
Theȱhostsȱfileȱisȱlocatedȱatȱtheȱfollowingȱpath:ȱ
C:\WINNT\system32\drivers\etc\hosts,ȱforȱWindowsȱ2000ȱ
C:\windows\system32\drivers\etc\hosts,ȱforȱWindowsȱXPȱ
6.
SaveȱtheȱhostsȱfileȱandȱrestartȱtheȱbrowserȱtoȱinvokeȱtheȱConsole.ȱ
ȱ
Figure 37.
Hostname Mismatch Warning
23
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱServerȱ
ȱ
Figure 38.
4.5
1.
2.
Digital Signature Verified
ActivatingȱtheȱLicenseȱ
SaveȱtheȱlicenseȱkeyȱfileȱshippedȱwithȱtheȱServerȱonȱyourȱdesktop.ȱ
Browseȱtoȱtheȱlicenseȱkeyȱfileȱandȱselectȱit.ȱClickȱ.ȱ
ȱ
Figure 39.
Activate License
Ifȱtheȱlicenseȱkeyȱisȱvalid,ȱyouȱwillȱseeȱtheȱLoginȱscreen.ȱOtherwise,ȱyouȱwillȱseeȱanȱerrorȱmessage.ȱ
24ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱSensorȱ
Chapterȱ5
InstallingȱtheȱSensorȱȱ
SensorȱisȱtheȱprobeȱthatȱmonitorsȱyourȱnetworkȱandȱcommunicatesȱwithȱtheȱServerȱtoȱguardȱyourȱcorporateȱnetworkȱagainstȱ
overȬtheȬairȱattacks.ȱTheȱSensorȱmustȱbeȱpluggedȱtoȱyourȱcorporateȱnetworkȱtoȱperformȱtheȱaboveȱoperations.ȱ
Sensorȱcanȱbeȱconfiguredȱinȱoneȱofȱtheȱfollowingȱthreeȱmodes:ȱ
SensorȱOnlyȱ(SO)ȱMode:ȱThisȱisȱtheȱdefaultȱmode.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱanȱaccessȱportȱ
onȱaȱswitch.ȱItȱthenȱmonitorsȱaȱsingleȱVLANȱthatȱisȱconfiguredȱonȱthatȱaccessȱport.ȱTheȱwirelessȱinterfaceȱofȱtheȱ
Sensorȱisȱenabled.ȱ
NetworkȱDetectorȱ(ND)ȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱNDȱshouldȱbeȱ
connectedȱintoȱaȱtrunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱ
thatȱtrunkȱportȱandȱareȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱNDȱisȱdisabled.ȱAnȱSSȬ200Ȭ
ATȱSensorȱinȱNDȱmodeȱcanȱmonitorȱupȱtoȱ32ȱVLANs.ȱSimilarly,ȱanȱSSȬ300ȬATȱcanȱmonitorȱuptoȱ100ȱVLANs.ȱ
Sensor/NDȱComboȱ(SNDC)ȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱ
connectedȱintoȱaȱtrunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱ
thatȱtrunkȱportȱandȱareȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱAȱSSȬ
200ȬATȱSensorȱinȱSNDCȱmodeȱcanȱmonitorȱupȱtoȱ4ȱVLAN.ȱSimilarly,ȱanȱSSȬ300ȬATȱcanȱmonitorȱuptoȱ16ȱVLANs.ȱ
Important:ȱToȱpreventȱabuseȱandȱintrusionȱbyȱunauthorizedȱpersonnel,ȱitȱisȱextremelyȱimportantȱtoȱinstallȱtheȱSensorȱsuchȱthatȱitȱisȱ
difficultȱtoȱunplugȱtheȱdeviceȱfromȱtheȱnetworkȱorȱfromȱtheȱpowerȱoutlet.ȱ
5.1
ZeroȱConfigurationȱofȱSensorsȱ
Zeroȱconfigurationȱisȱrequiredȱifȱtheȱfollowingȱconditionsȱareȱsatisfied:ȱ
TheȱSensorȱisȱinȱSOȱmode.ȱ
AȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱisȱsetȱupȱonȱallȱDNSȱServers.ȱThisȱentryȱshouldȱpointȱtoȱtheȱIPȱaddressȱofȱtheȱ
Server.ȱByȱdefaultȱtheȱSensorȱlooksȱforȱtheȱServerȱDNSȱentryȱ‘wifiȬsecurityȬserver’.ȱ
SensorȱisȱplacedȱonȱaȱsubnetȱthatȱisȱDHCPȱenabled.ȱ
Important:ȱIfȱaȱSensorȱisȱplacedȱonȱaȱnetworkȱsegmentȱthatȱisȱseparatedȱfromȱtheȱServerȱbyȱaȱfirewall,ȱyouȱmustȱfirstȱopenȱportȱ3851ȱforȱ
UserȱDatagramȱProtocolȱ(UDP)ȱandȱTransportȱControlȱProtocolȱ(TCP)ȱbidirectionalȱtrafficȱonȱthatȱfirewall.ȱThisȱportȱnumberȱisȱassignedȱ
toȱAirTight®ȱNetworks.ȱIfȱmultipleȱSensorsȱareȱsetȱupȱtoȱconnectȱtoȱmultipleȱServers,ȱzeroȱconfigurationȱisȱnotȱpossible.ȱInȱthisȱcaseȱ
manualȱconfigurationȱofȱSensorsȱisȱneeded.ȱReferȱtoȱManuallyȱConfiguringȱtheȱSensorȱforȱdetails.ȱ
TheȱstepsȱtoȱinstallȱtheȱSensorȱwithȱnoȱconfigurationȱ(zeroȱconfiguration)ȱareȱasȱfollows.ȱ
MountȱtheȱSensorȱ
PowerȱupȱtheȱSensorȱ
ConnectȱtheȱSensorȱtoȱtheȱnetworkȱ
5.2
ConnectingȱtheȱSensorȱ
ThisȱinvolvesȱmountingȱtheȱSensor,ȱpoweringȱitȱup,ȱandȱconnectingȱitȱtoȱtheȱnetwork.ȱ
5.2.1
MountȱtheȱSSȬ200ȬATȱSensorȱ
TakeȱaȱconfiguredȱSensor,ȱthatȱis,ȱmakeȱsureȱthatȱtheȱSensorȱisȱgivenȱaȱstaticȱIPȱorȱtheȱsettingsȱhaveȱbeenȱchangedȱforȱDHCP.ȱ
NoteȱtheȱMACȱaddressȱandȱtheȱIPȱaddressȱofȱtheȱSensorȱinȱaȱsafeȱplaceȱbeforeȱitȱisȱinstalledȱinȱaȱhardȬtoȬreachȱlocation.ȱTheȱ
MACȱaddressȱofȱtheȱSensorȱisȱprintedȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproductȱandȱtheȱpackagingȱbox.ȱ
Recommended:ȱYouȱshouldȱlabelȱtheȱSensorsȱusingȱMACȱaddressesȱorȱatȱleastȱyourȱownȱconvention.ȱForȱexample,ȱuseȱserialȱnumbers,ȱsoȱ
thatȱyouȱcanȱeasilyȱidentifyȱtheȱSensors.ȱ
5.2.1.1
CeilingȱMountingȱ
ToȱmountȱtheȱSensorȱtoȱaȱceiling,ȱperformȱtheȱfollowingȱsteps:ȱ
1. Placeȱtheȱmountingȱbracket/mountȱonȱtheȱSensorȱandȱalignȱtheȱbracketȱslotsȱwithȱthoseȱonȱtheȱSensorȱasȱshownȱinȱtheȱ
followingȱfigure.ȱ
ȱ
25
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱSensorȱ
ȱ
Figure 40.
2.
Aligning the Sensor and Mount Slots
SlideȱtheȱmountȱandȱbendȱtheȱtwoȱretainingȱplatesȱforwardȱtoȱpreventȱtheȱSensorȱfromȱslidingȱasȱshownȱinȱtheȱfollowingȱ
figure.ȱ
ȱ
Figure 41.
Fixing the Mounting Bracket to the Sensor
Note:ȱYouȱneedȱtoȱuseȱonlyȱoneȱofȱtheȱtwoȱtabsȱonȱtheȱmountȱatȱaȱtime.ȱForȱU.SȱInstallations,ȱuseȱtheȱtabȱnearestȱtheȱedgeȱforȱdropȱ
ceiling/tȬbarsȱthatȱareȱapproximatelyȱ1ȱinchȱwide.ȱYouȱneedȱtoȱbendȱtheȱinnerȱtabȱforȱtheȱsmallerȱEuropeanȱdropȱceilingsȱsoȱitȱisȱ
flush/flatȱwithȱtheȱbottomȱofȱtheȱmount.ȱTherefore,ȱtheȱinnerȱtabȱdoesȱnotȱprotrudeȱatȱall.ȱYouȱneedȱtoȱbendȱdownȱtheȱtabȱforȱUSȱdropȱ
ceilingsȱsoȱthatȱitȱprotrudesȱapproximatelyȱ¼ȱinchȱfromȱtheȱbottom.ȱForȱEuropeanȱInstallations,ȱuseȱtheȱinnerȱtabȱforȱdropȱceilings/tȬ
barsȱthatȱareȱapproximatelyȱ½ȱinchȱwide.ȱ
ȱ
Figure 42.
3.
Tab orientations for US Installations
PressȱtheȱSensor/bracketȱmountȱagainstȱtheȱtȬbarȱatȱanȱangleȱwithȱtheȱtȬbarȱrunningȱbetweenȱtheȱtwoȱtabsȱthatȱwillȱ
eventuallyȱgrabȱtheȱdropȱceilingȱtȬbarȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
26ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱSensorȱ
ȱ
Figure 43.
4.
Pressing the Mount against the T-Bar
Turn/twistȱtheȱmountȱsoȱthatȱtheȱtwoȱtabsȱbeginȱtoȱengageȱtheȱtȬbarȱandȱtheȱtȬbarȱpassesȱoverȱtheȱEuropeanȱtab,ȱwhichȱwasȱ
pushedȱdownȱflush.ȱTheȱtȬbarȱshouldȱalsoȱpushȱagainstȱtheȱUSȱtab,ȱwhichȱwasȱbentȱupȱapproximatelyȱ¼ȱinchȱasȱshownȱinȱ
theȱfollowingȱfigure.ȱ
ȱ
Figure 44.
5.
Initial Twisting of the Mount
Turn/twistȱtheȱmountȱallȱtheȱway,ȱsoȱthatȱtheȱtwoȱtabsȱcompletelyȱengageȱtheȱtȬbar.ȱTheȱUSȱtabȱbendsȱupȱapproximatelyȱ¼ȱ
inchȱandȱpushesȱagainstȱtheȱsideȱofȱtheȱtȬbarȱpreventingȱtheȱmountȱfromȱtwistingȱbackwardȱandȱdisengagingȱformȱtheȱtȬ
barȱasȱshownȱinȱtheȱfollowingȱfigures.ȱ
ȱ
Figure 45.
5.2.1.2
Final Twisting of the Mount with the US tab supporting the Mount
FlatȱSurfaceȱInstallationȱ
YouȱcanȱplaceȱtheȱSensorȱonȱaȱflatȱsurfaceȱsuchȱasȱaȱtable,ȱdesktop,ȱorȱfilingȱcabinet.ȱDoȱnotȱinstallȱtheȱSensorȱonȱanyȱtypeȱofȱ
metalȱsurface.ȱIfȱyouȱchooseȱaȱflatȱsurfaceȱmount,ȱselectȱaȱlocationȱthatȱisȱclearȱofȱobstructionsȱandȱprovidesȱgoodȱreception.ȱ
27
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱSensorȱ
ȱ
Figure 46.
Flat Surface Installation
Recommended:ȱAirTightȱdoesȱnotȱrecommendȱwallȱmountingȱofȱtheȱSensorȱasȱitȱusesȱomniȱdirectionalȱantennas.ȱ
5.2.2
MountȱtheȱSSȬ300ȬATȱSensorȱ
TakeȱaȱconfiguredȱSensor,ȱthatȱis,ȱmakeȱsureȱthatȱtheȱSensorȱisȱgivenȱaȱstaticȱIPȱorȱtheȱsettingsȱhaveȱbeenȱchangedȱforȱDHCP.ȱ
NoteȱtheȱMACȱaddressȱandȱtheȱIPȱaddressȱofȱtheȱSensorȱinȱaȱsafeȱplaceȱbeforeȱitȱisȱinstalledȱinȱaȱhardȬtoȬreachȱlocation.ȱTheȱ
MACȱaddressȱofȱtheȱSensorȱisȱprintedȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproduct.ȱ
Recommended:ȱYouȱshouldȱlabelȱtheȱSensorsȱusingȱMACȱaddressesȱorȱatȱleastȱyourȱownȱconvention.ȱForȱexample,ȱuseȱserialȱnumbers,ȱsoȱ
thatȱyouȱcanȱeasilyȱidentifyȱtheȱSensors.ȱ
5.2.2.1
Ceiling/WallȱMountingȱ
ToȱinstallȱtheȱSensorȱonȱaȱwallȱorȱceiling,ȱuseȱtheȱmountingȱbracketȱthatȱcomesȱwithȱtheȱdevice.ȱFollowȱtheseȱsteps:ȱ
1. ȱFollowingȱtheseȱguidelines,ȱscrewȱtheȱmountingȱbracketȱtoȱaȱwallȱorȱceiling:ȱ
Theȱmountingȱbracketȱtabsȱshouldȱbeȱpointingȱupward.ȱ
Ifȱmountingȱtoȱdrywall,ȱuseȱtheȱ4ȱscrewsȱandȱ4ȱwallȱanchors.ȱ
IfȱmountingȱtoȱanȱEUȱelectricalȱboxȱ(60.3mm),ȱuseȱ2ȱthreadedȱscrewsȱandȱinsertȱintoȱtheȱholesȱmarkedȱ“A”ȱinȱtheȱ
diagramȱshownȱbelow.ȱ
IfȱmountingȱtoȱaȱUSȱelectricalȱboxȱ(83.3mm),ȱuseȱ2ȱthreadedȱscrewsȱandȱinsertȱintoȱtheȱholesȱmarkedȱ“B”ȱinȱtheȱ
diagramȱshownȱbelow.ȱ
ȱ
Figure 47.
2.
3.
Holes for inserting screws
ConnectȱtheȱEthernetȱcableȱ(forȱpowerȱandȱnetworkȱconnection)ȱtoȱtheȱLANȱportȱonȱtheȱbackȱofȱtheȱSensor.ȱ
ToȱmountȱtheȱSensorȱontoȱtheȱmountingȱbracket,ȱinsertȱtheȱmountingȬbracketȱtabsȱintoȱtheȱslotsȱonȱtheȱbackȱofȱtheȱAP.ȱ
IMPORTANT:ȱIfȱyouȱareȱmountingȱtheȱSensorȱonȱaȱwall,ȱyouȱcannotȱuseȱtheȱslotsȱonȱtheȱbottomȱnarrowȱedgeȱofȱtheȱdevice.ȱInstead,ȱtheȱ
slotsȱonȱtheȱbackȱofȱtheȱSensorȱmustȱbeȱused.ȱ
5.2.2.2
FlatȱSurfaceȱInstallationȱ
ToȱinstallȱtheȱSensorȱonȱaȱflatȱsurfaceȱsuchȱasȱaȱtableȱorȱdesktop,ȱfollowȱtheseȱsteps:ȱ
28ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱSensorȱ
1.
InsertȱtheȱtabsȱonȱtheȱtableȱstandȱintoȱtheȱslotsȱonȱtheȱsideȱofȱtheȱSensor,ȱasȱshownȱinȱtheȱillustration.ȱAlignȱtheȱcableȱ
routingȱcutȱoutȱtowardȱtheȱupperȱpartȱofȱtheȱstand.ȱ
ȱ
Figure 48.
2.
Inserting tabs on the table stand
ToȱlockȱtheȱstandȱtoȱtheȱSensor,ȱslideȱtheȱstandȱbackȱandȱtheȱSensorȱforward,ȱasȱshownȱhere:ȱ
ȱ
Figure 49.
3.
Locking the Stand to the Sensor
PlaceȱtheȱSensorȱandȱtableȱstandȱonȱtheȱtable.ȱ
ȱ
Figure 50.
4.
Sensor Mount on a Table
ConnectȱtheȱEthernetȱcableȱforȱpowerȱandȱnetworkȱconnectionȱtoȱtheȱLANȱportȱonȱtheȱbackȱofȱtheȱAP.ȱ
5.2.3
PowerȱupȱtheȱSensorȱ
AnȱSSȬ200ȬATȱSensorȱrunsȱonȱaȱ5VȱDCȱconnection.ȱUseȱtheȱpowerȱadapterȱprovidedȱtoȱpowerȱtheȱSensorȱfromȱanȱ110V~240Vȱ
50/60ȱHzȱACȱpowerȱconnection.ȱ
ToȱpowerȱupȱtheȱSensor,ȱperformȱtheȱfollowingȱsteps:ȱ
29
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
InstallingȱtheȱSensorȱ
1.
2.
PlugȱtheȱpowerȱcableȱintoȱtheȱDCȱpowerȱreceptacleȱatȱtheȱrearȱofȱtheȱSensor.ȱ
Plugȱtheȱotherȱendȱofȱtheȱpowerȱcableȱintoȱanȱ110V~240Vȱ50/60ȱHzȱACȱpowerȱsource.ȱ
ȱ
Figure 51.
Power up the Sensor
Waitȱforȱtwoȱminutes!ȱ
3. CheckȱtheȱStatusȱLEDs.ȱYouȱwillȱseeȱLED1ȱturnȱOrangeȱandȱLED2ȱturnȱgreen,ȱindicatingȱthatȱtheȱSensorȱisȱpoweredȱonȱ
correctlyȱandȱwaitingȱtoȱbeȱconnectedȱtoȱtheȱnetwork.ȱ
AnȱSSȬ300ȬATȱSensorȱcanȱbeȱPoweredȱonȱbyȱ802.3afȱClassȱ0ȱPowerȱOverȱEthernetȱofȱNominalȱinputȱvoltageȱ48VȱDC.ȱ
5.2.4
ConnectȱtheȱSensorȱtoȱtheȱNetworkȱ
EnsureȱthatȱtheȱServerȱisȱalreadyȱrunningȱonȱyourȱnetwork.ȱAddȱtheȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱonȱallȱDNSȱServers.ȱThisȱ
entryȱshouldȱpointȱtoȱtheȱIPȱaddressȱofȱtheȱServer.ȱ
ToȱconnectȱtheȱSensorȱtoȱtheȱnetwork,ȱperformȱtheȱfollowingȱsteps:ȱ
1. EnsureȱthatȱDHCPȱisȱrunningȱonȱtheȱsubnetȱtoȱwhichȱtheȱSensorȱwillȱbeȱconnected.ȱ
2. ConnectȱoneȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱtheȱEthernetȱportȱatȱtheȱrearȱofȱtheȱSensor.ȱ
3. ConnectȱtheȱotherȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱanȱEthernetȱjackȱthatȱisȱconnectedȱtoȱtheȱdesiredȱsubnet.ȱ
Important:ȱIfȱDHCPȱisȱnotȱenabledȱonȱaȱsubnet,ȱSensorsȱcannotȱconnectȱtoȱthatȱsubnetȱwithȱzeroȱconfiguration.ȱReferȱtoȱManuallyȱ
ConfiguringȱtheȱSensorȱforȱdetailsȱonȱmanualȱconfigurationȱofȱSensor.ȱ
ȱ
Figure 52.
Connect the Sensor to the Network
Waitȱforȱtwoȱminutes!ȱ
CheckȱtheȱStatusȱLEDsȱonȱtheȱSensor.ȱIfȱallȱLEDsȱglowȱgreen,ȱthenȱtheȱSensorȱisȱoperationalȱandȱconnectedȱtoȱtheȱServer.ȱ
LogȱonȱtoȱtheȱServerȱthroughȱSSH.ȱRunȱtheȱ‘getȱsensorȱlist’ȱcommand.ȱYouȱwillȱseeȱaȱlistȱofȱallȱSensorsȱthatȱareȱrecognizedȱbyȱ
theȱServer.ȱ
TheȱSensorȱisȱconfiguredȱandȱreadyȱtoȱgo.ȱCheckȱtheȱConsoleȱtoȱensureȱthatȱthisȱSensorȱhasȱbeenȱdetected.ȱ
IfȱallȱtheȱSensorsȱhaveȱconnectedȱwithȱzeroȱconfiguration,ȱyouȱneedȱnotȱreadȱthisȱinstallationȱguideȱfurther.ȱ
30ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
InstallingȱtheȱSensorȱ
Note:ȱIfȱLED1ȱturnsȱOrange,ȱitȱmeansȱthatȱtheȱzeroȱconfigurationȱwasȱnotȱsuccessfulȱandȱtheȱSensorȱmustȱbeȱconfiguredȱmanually.ȱReferȱ
toȱManuallyȱConfiguringȱtheȱSensorȱforȱdetails
31
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ManuallyȱConfiguringȱtheȱSensorȱ
Chapterȱ6
ManuallyȱConfiguringȱtheȱSensorȱ
Important:ȱIfȱtheȱinstallationȱinȱInstallingȱtheȱSensorȱwasȱsuccessful,ȱstop!ȱYouȱdoȱnotȱneedȱtoȱconfigureȱtheȱSensorȱmanually.ȱ
6.1
Introductionȱ
ManualȱconfigurationȱofȱaȱSensorȱisȱtypicallyȱrequiredȱinȱtheȱfollowingȱcases:ȱ
SensorȱneedsȱtoȱbeȱconfiguredȱinȱNDȱorȱSNDCȱmode.ȱ
SensorȱOnlyȱ(SO)ȱdevicesȱcannotȱconnectȱtoȱtheȱServerȱthroughȱzeroȱconfiguration.ȱTheȱDNSȱentryȱforȱtheȱServerȱhasȱ
beenȱchangedȱtoȱanȱentryȱotherȱthanȱȈwifiȬsecurityȬserverȈȱorȱthereȱisȱnoȱDNSȱServerȱpresentȱinȱtheȱnetwork.ȱThisȱisȱ
applicableȱforȱmultiȬserverȱinstallations.ȱ
SensorȱisȱplacedȱonȱaȱsubnetȱthatȱisȱnotȱDHCPȱenabled.ȱ
6.2
ConfiguringȱSensorȱthroughȱConfigȱShellȱ
ToȱuseȱtheȱConfigȱShell,ȱconnectȱaȱSerialȱ(RSȬ232)ȱcableȱbetweenȱyourȱcomputerȱandȱtheȱSensor.ȱTheȱConfigȱShellȱsupportsȱaȱ
preȬdefinedȱsetȱofȱcommandsȱusedȱtoȱconfigureȱtheȱSensor.ȱ
ȱ
Figure 53.
Connecting the Sensor to your computer using a Serial Cable
TheȱstepsȱtoȱconfigureȱtheȱSensorȱmanuallyȱareȱasȱfollows:ȱ
1. InvokeȱHyperȱTerminalȱ(orȱminicom)ȱ
2. Logȱinȱandȱchangeȱtheȱdefaultȱpasswordȱ
3. SetȱServerȱDiscoveryȱ
4. SetȱSensorȱModeȱ
5. SetȱNetworkȱSettingsȱforȱthatȱSensorȱModeȱ
Theȱaboveȱstepsȱareȱexplainedȱinȱdetailȱbelow.ȱ
6.2.1 InvokeȱHyperTerminalȱ(orȱminicom)ȱ
ToȱconfigureȱtheȱSensor,ȱfollowȱtheȱstepsȱdescribedȱbelowȱtoȱinvokeȱtheȱConfigȱShell.ȱ
6.2.1.1
LaunchingȱHyperTerminalȱ
ToȱstartȱHyperTerminal,ȱclickȱStartÆProgramsÆAccessoriesÆCommunicationsÆHyperTerminalȱasȱshownȱinȱtheȱfollowingȱ
figure.ȱ
30ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ManuallyȱConfiguringȱtheȱSensorȱ
ȱ
Figure 54.
Opening HyperTerminal
Note:ȱIfȱyouȱareȱusingȱaȱLinuxȱlaptop,ȱyouȱcanȱuseȱminicomȱtoȱconnectȱtoȱtheȱConfigȱShell.ȱ
6.2.1.2
DefiningȱaȱNewȱHyperTerminalȱConnectionȱ
ȱ
ȱ
Figure 55.
Define a New HyperTerminal Connection for Sensor
31
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ManuallyȱConfiguringȱtheȱSensorȱ
6.2.1.3
Selectȱanȱiconȱtoȱidentifyȱtheȱnewȱconnection.ȱ
TypeȱtheȱrequiredȱnameȱforȱtheȱHyperTerminalȱconnectionȱinȱtheȱNameȱfieldȱ
ClickȱȱonȱtheȱConnectionȱDescriptionȱdialog.ȱ
SpecifyingȱHyperTerminalȱConnectionȱDetailsȱ
ȱ
ȱ
Figure 56.
Specify HyperTerminal Connection Details
Selectȱorȱenterȱtheȱappropriateȱconnectionȱdetails.ȱ
ClickȱȱonȱtheȱConnectȱToȱdialog.ȱ
Note:ȱTheȱnameȱofȱtheȱserialȱportȱwillȱchangeȱasȱperȱtheȱsettingsȱofȱyourȱcomputer.ȱ
6.2.1.4
EditingȱSerialȱPortȱSettingsȱ
ȱ
ȱ
Figure 57.
Edit Serial Port Settings
32ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ManuallyȱConfiguringȱtheȱSensorȱ
6.2.2
Editȱtheȱserialȱportȱsettingsȱasȱfollowsȱorȱclickȱȱtoȱensureȱproperȱcommunicationȱbetweenȱtheȱ
Sensorȱandȱyourȱcomputer.ȱ
¾ Bitsȱperȱsecond:ȱ9600ȱ
¾ Dataȱbits:ȱ8ȱ
¾ Parity:ȱNoneȱ
¾ Stopȱbits:ȱ1ȱ
¾ Flowȱcontrol:ȱNoneȱ
ClickȱȱonȱtheȱCOMȱPropertiesȱdialog.ȱ
PressȱȱorȱȱonȱtheȱHyperTerminalȱscreen.ȱ
LogȱinȱandȱChangeȱtheȱDefaultȱPasswordȱ
LogȱinȱtoȱtheȱConfigȱShellȱusingȱtheȱuserȱnameȱconfigȱandȱpasswordȱconfig.ȱChangeȱtheȱdefaultȱpasswordȱusingȱtheȱcommandȱ
passwd.ȱYouȱcanȱchangeȱtheȱSensorȱpasswordȱusingȱSensorȱtemplates.ȱReferȱtoȱsectionȱ8.4.4:ȱSensorȱConfigurationȱinȱtheȱ
SpectraguardȱEnterpriseȱUserȱGuideȱforȱmoreȱdetails.ȱ
Recommended;ȱAirTightȱrecommendsȱthatȱyouȱchangeȱtheȱdefaultȱpasswordȱforȱsecurityȱreasons,ȱalthoughȱitȱisȱnotȱmandatory.ȱ
6.2.3
SetȱServerȱDiscoveryȱ
TheȱnextȱstepȱisȱtoȱsetȱtheȱServerȱDiscoveryȱinformation.ȱThereȱareȱtwoȱtypesȱofȱServerȱDiscovery.ȱ
ServerȱIPȱbasedȱdiscoveryȱ(preferred)ȱ
ServerȱIDȱbasedȱdiscoveryȱ(deprecated)ȱ
ServiceȱLocationȱProtocolȱ(SLP)ȱbasedȱdiscoveryȱ(ifȱwifiȬsecurityȬserverȱserviceȱhasȱbeenȱconfigured)ȱ
UseȱtheȱcommandȱsetȱserverȱdiscoveryȱtoȱpointȱtheȱSensorȱtoȱtheȱcorrectȱServer.ȱ
ȱ
Figure 58.
set server discovery command
Note:ȱIfȱIP/HostnameȱbasedȱdiscoveryȱisȱbeingȱusedȱandȱthereȱisȱmoreȱthanȱoneȱServerȱonȱtheȱnetwork,ȱthenȱyouȱmustȱenterȱtheȱIPȱaddressȱ
ofȱtheȱappropriateȱServer.ȱ
6.2.4
SetȱSensorȱModeȱ
TheȱnextȱstepȱisȱtoȱsetȱtheȱmodeȱofȱtheȱSensor.ȱThereȱareȱthreeȱpossibleȱmodes:ȱ
SOȱMode:ȱThisȱisȱtheȱdefaultȱmode.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱanȱaccessȱportȱonȱaȱswitch.ȱItȱ
thenȱmonitorsȱaȱsingleȱVLANȱthatȱisȱconfiguredȱonȱthatȱaccessȱport.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱ
NDȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱNDȱshouldȱbeȱconnectedȱintoȱaȱtrunkȱportȱ
(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱthatȱtrunkȱportȱandȱareȱchosenȱ
byȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱNDȱisȱdisabled.ȱAȱSensorȱinȱNDȱmodeȱcanȱmonitorȱupȱtoȱ
32ȱVLANsȱandȱdetectȱupȱtoȱ32ȱVLANs.ȱ
33
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ManuallyȱConfiguringȱtheȱSensorȱ
SNDCȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱaȱ
trunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱthatȱtrunkȱportȱandȱ
areȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱAȱSensorȱinȱSNDCȱmodeȱ
canȱmonitorȱupȱtoȱ4ȱVLANsȱandȱdetectȱupȱtoȱ4ȱVLANs.ȱ
UseȱtheȱsetȱmodeȱcommandȱtoȱsetȱtheȱSensorȱmode.ȱ
ȱ
Figure 59.
set sensor mode command
6.2.5 ConfigureȱNetworkȱSettingsȱ
Onceȱtheȱmodeȱisȱset,ȱyouȱhaveȱtoȱenableȱtheȱNetworkȱSettings.ȱ
SensorȱOnlyȱMode:ȱForȱthisȱmode,ȱuseȱtheȱcommandȱsetȱipȱconfig.ȱThisȱcommandȱrunsȱthroughȱtheȱcurrentȱVLANȱ
andȱtheȱIPȱconfigȱwizard.ȱ
NetworkȱDetector/Sensor/NDȱComboȱMode:ȱForȱthisȱmode,ȱuseȱtheȱcommandȱsetȱvlanȱconfig.ȱThisȱcommandȱ
configuresȱtheȱIPȱaddressesȱonȱtheȱND.ȱ
ReferȱtoȱChapterȱ3:ȱGuidelinesȱforȱConfiguringȱandȱInstallingȱNDȱandȱSNDCȱinȱtheȱdocumentȱ‘NetworkȱDetectorȱ
ConfigurationȱforȱSpectraGuardȱEnterprise_5.7’ȱforȱfurtherȱdetails.
34ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
Chapterȱ7
SettingȱupȱtheȱServerȱConsoleȱ
TheȱConfigurationȱWizardȱguidesȱyouȱthroughȱtheȱstepsȱrequiredȱtoȱsetȱupȱtheȱsystem.ȱTheȱsystemȱisȱmanagedȱthroughȱaȱJavaȱ
appletȱthatȱisȱlaunchedȱinȱtheȱInternetȱExplorerȱ5.5+ȱWebȱbrowser.ȱThisȱHTMLȱinterfaceȱisȱknownȱasȱtheȱ‘ConsoleȱorȱGraphicalȱ
UserȱInterfaceȱ(GUI)’.ȱThisȱchapterȱdescribesȱhowȱtheȱConsoleȱisȱlaunchedȱandȱsetup.ȱ
7.1
1.
LoggingȱintoȱtheȱConsoleȱ
OnȱtheȱLoginȱscreen,ȱtypeȱtheȱLoginȱID:ȱadminȱandȱtheȱPassword:ȱadminȱandȱclickȱȱorȱpressȱ.ȱ
ȱ
ȱ
Figure 60.
2.
Console Login Screen
TheȱEndȱUserȱLicenseȱAgreementȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱReadȱtheȱagreementȱcarefullyȱandȱ
selectȱ‘IȱhaveȱreadȱandȱagreeȱtoȱtheȱLicensingȱAgreementȱabove’.ȱClickȱ.ȱ
ȱ
Figure 61.
7.1.1
3.
End User License Agreement Screen
Stepȱ1:ȱStartingȱtheȱSetupȱWizardȱ
TheȱWelcomeȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱThisȱwizardȱtakesȱyouȱthroughȱtheȱstepsȱtoȱhelpȱyouȱ
initializeȱtheȱsystem.ȱClickȱȱonȱeachȱscreenȱtoȱproceedȱtoȱtheȱnextȱstep.ȱToȱgoȱbackȱtoȱaȱpreviousȱstep,ȱclickȱ
.ȱToȱexitȱtheȱsetupȱwizardȱatȱanyȱpoint,ȱclickȱ.ȱYouȱcanȱtakeȱaȱtourȱofȱthisȱwizardȱlaterȱthroughȱtheȱ
ConsoleȱfromȱAdministrationÆGlobalȱTabÆSystemȱSettingsÆWizardsȱandȱconfigureȱtheȱappropriateȱsettings.ȱClickȱ
.ȱ
35
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 62.
7.1.2
4.
System Setup Wizard Welcome Screen
Stepȱ2:ȱChangingȱyourȱAccountȱPasswordȱ
TheȱChangeȱPasswordȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱChangeȱyourȱaccountȱloginȱpassword.ȱSpecifyȱanȱ
emailȱaddressȱforȱtheȱuserȱadminȱtoȱbeȱusedȱlaterȱtoȱtestȱSMTPȱServerȱsettingsȱandȱotherȱemailȱnotifications.ȱ
36ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 63.
Change Password
UnderȱPasswordȱDetails,ȱyouȱcanȱspecifyȱtheȱfollowing:ȱ
EmailȱAddressȱ
OldȱPasswordȱ
NewȱPasswordȱ
ConfirmȱPasswordȱ
UnderȱUserȱPreferences,ȱyouȱcanȱchangeȱyourȱsessionȱtimeoutȱinterval,ȱlanguageȱsettings,ȱorȱtimeȱzone.ȱ
SessionȱTimeout:ȱEnablesȱyouȱtoȱspecifyȱtheȱtimeȱafterȱwhichȱtheȱuserȱisȱloggedȱoutȱautomaticallyȱifȱtheȱsystemȱdoesȱ
notȱdetectȱanyȱactivityȱ
¾ SessionȱNeverȱExpires:ȱSelectȱthisȱcheckboxȱifȱyouȱdoȱnotȱwantȱtheȱsessionȱtoȱexpireȱ
¾ SessionȱTimeout:ȱEnablesȱyouȱtoȱspecifyȱtheȱnumberȱofȱminutesȱafterȱwhichȱtheȱsystemȱautomaticallyȱlogsȱoutȱ
theȱcurrentlyȱloggedȱinȱuserȱwhenȱthereȱisȱnoȱactivityȱonȱtheȱConsoleȱforȱtheȱSessionȱTimeoutȱperiodȱ
(Minimum:ȱ10ȱminutes;ȱMaximum:ȱ120ȱminutes)ȱ
Languageȱpreference:ȱSelectȱEnglishȱorȱMultilingualȱsupportȱfromȱtheȱdropȬdownȱlistȱ
TimeȱZone:ȱSelectȱtheȱappropriateȱtimeȱzoneȱforȱtheȱuserȱ
Toȱsaveȱtheȱnewȱpasswordȱandȱuserȱpreferences,ȱclickȱ.ȱ
7.1.3
5.
Stepȱ3:ȱPreparingȱyourȱSystemȱforȱConfigurationȱ
TheȱEventȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱToȱavoidȱtransientȱeventsȱduringȱtheȱsetupȱprocess,ȱ
deȬactivateȱthisȱfeatureȱforȱallȱlocationsȱwhereȱchangesȱareȱtoȱbeȱmade.ȱTheȱsystemȱpromptsȱyouȱtoȱturnȱthisȱfeatureȱbackȱ
onȱatȱtheȱendȱofȱtheȱSetupȱWizard.ȱIfȱyouȱexitȱtheȱSetupȱWizardȱprematurely,ȱyouȱmustȱmanuallyȱreȬactivateȱthisȱfeature.ȱ
37
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 64.
6.
Event De-activation
TheȱIntrusionȱPreventionȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱToȱavoidȱunwantedȱintrusionȱ
preventionȱactivityȱduringȱtheȱsetupȱprocess,ȱdeȬactivateȱthisȱfeatureȱforȱallȱlocationsȱwhereȱchangesȱareȱtoȱbeȱmade.ȱTheȱ
systemȱpromptsȱyouȱtoȱturnȱthisȱfeatureȱbackȱonȱatȱtheȱendȱofȱtheȱSetupȱWizard.ȱIfȱyouȱexitȱtheȱSetupȱWizardȱprematurely,ȱ
youȱmustȱmanuallyȱreȬactivateȱthisȱfeature.ȱAuthorizedȱAPsȱshouldȱbeȱinȱtheȱAuthorizedȱfolderȱbeforeȱactivatingȱintrusionȱ
prevention.ȱTheirȱnetworkȱconnectivityȱiconȱmayȱshowȱtheȱstatusȱasȱWired,ȱUnwired,ȱorȱIndeterminate.ȱ
38ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 65.
7.
Intrusion Prevention De-activation
TheȱDeviceȱListȱLockingȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱyouȱhadȱpreviouslyȱlockedȱtheȱlistȱofȱ
AuthorizedȱAPsȱandȱClientsȱatȱaȱlocationȱbyȱcheckingȱtheȱtwoȱcheckboxesȱLockȱAPȱListȱforȱlocationȱ‘ȱ
andȱLockȱClientȱListȱforȱlocationȱ‘,ȱyouȱmustȱunlockȱtheȱlistsȱforȱallȱtheȱlocationsȱwhereȱyouȱexpectȱtoȱ
addȱAuthorizedȱAPsȱorȱClientsȱduringȱtheȱsetupȱwizard.ȱIfȱyouȱlockȱaȱparticularȱdeviceȱlist,ȱnoȱmoreȱdevicesȱofȱthatȱtypeȱ
canȱbeȱsubsequentlyȱautomaticallyȱAuthorizedȱforȱthatȱlocation.ȱAsȱAPsȱareȱnotȱautomaticallyȱmovedȱtoȱtheȱAuthorizedȱ
folder,ȱlockingȱtheȱAuthorizedȱAPȱlistȱmeansȱthatȱnoȱwiredȱAPsȱwillȱbeȱtaggedȱasȱPotentiallyȱAuthorizedȱatȱthisȱlocation;ȱ
theyȱwillȱbecomeȱPotentiallyȱRogueȱandȱmayȱbeȱautomaticallyȱmovedȱtoȱtheȱRogueȱfolderȱbasedȱonȱtheȱAPȱAutoȬ
Classificationȱpolicy.ȱ
39
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 66.
7.1.4
8.
Device List Unlocking
Stepȱ4:ȱConfiguringȱNotificationȱSettingsȱ
TheȱSMTPȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱYouȱmustȱsetȱSimpleȱMailȱTransferȱProtocolȱ
(SMTP)ȱServerȱsettingsȱtoȱsendȱnotificationȱofȱeventsȱviaȱemail.ȱAirTightȱrecommendsȱthatȱyouȱtestȱtheȱSMTPȱsettingsȱ
beforeȱapplyingȱtheȱchanges.ȱYouȱmustȱhaveȱadministratorȱprivilegesȱtoȱsetȱtheseȱvalues.ȱ
40ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 67.
SMTP Configuration
Note:ȱIfȱyouȱwantȱtheȱsystemȱtoȱnotifyȱyouȱbyȱanȱeventsȱemail,ȱyouȱneedȱtoȱspecifyȱSMTPȱServerȱdetails.ȱTheȱsystemȱdoesȱnotȱemailȱeventsȱ
byȱdefault.ȱIfȱyouȱdoȱnotȱwantȱtoȱreceiveȱemailȱforȱtheȱevents,ȱselectȱȱandȱ.ȱ
SMTPȱConfigurationȱcontainsȱtheȱfollowingȱoptions:ȱ
SMTPȱServerȱ(IPȱaddress/Hostname:ȱPort):ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱandȱtheȱportȱnumberȱofȱtheȱ
SMTPȱServerȱtoȱbeȱusedȱbyȱtheȱsystemȱforȱsendingȱemailȱalerts.ȱ
(Default:ȱ127.0.0.1:25)ȱ
TheȱfollowingȱareȱtheȱauthenticationȱprotocolsȱforȱSMTPȱServer:ȱ
¾ PLAINȱ(Forȱsendmailȱ8.10ȱandȱabove)ȱ
¾ LOGINȱ(Forȱsendmailȱ8.10ȱandȱabove)ȱ
¾ NTLMȱ(Windowsȱproprietaryȱauthenticationȱmethod)ȱ
EmailȱAddressȱinȱFromȱfield:ȱSpecifiesȱtheȱsourceȱaddressȱfromȱwhichȱemailȱalertsȱareȱsent.ȱ
AuthenticationȱRequired:ȱIfȱenabled,ȱspecifiesȱwhetherȱtheȱSMTPȱServerȱrequiresȱauthentication.ȱ
¾ Username:ȱSpecifiesȱtheȱuserȱnameȱforȱSMTPȱServerȱauthentication.ȱ
¾ Password:ȱSpecifiesȱtheȱpasswordȱforȱSMTPȱServerȱauthentication.ȱ
Toȱsendȱaȱtestȱemail,ȱclickȱ.ȱThisȱtestȱemailȱwillȱbeȱsentȱtoȱtheȱemailȱaddressȱofȱtheȱloggedȱinȱuser,ȱinȱthisȱ
caseȱuserȱadmin.ȱ
9.
TheȱSyslogȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱSyslogȱConfigurationȱallowsȱtheȱsystemȱtoȱ
sendȱeventsȱtoȱdesignatedȱSyslogȱreceivers.ȱ
41
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 68.
Syslog Configuration
SyslogȱIntegrationȱStatus:ȱIfȱSyslogȱintegrationȱisȱenabled,ȱtheȱsystemȱsendsȱmessagesȱtoȱtheȱconfiguredȱSyslogȱ
Servers.ȱElse,ȱSyslogȱintegrationȱservicesȱareȱshutȱoff.ȱ
¾ IfȱyouȱselectȱSyslogȱIntegrationȱEnabled,ȱyouȱcanȱmanageȱSyslogȱServers.ȱTheȱsystemȱenablesȱSyslogȱbyȱdefault.ȱ
¾ CurrentȱStatus:ȱDisplaysȱtheȱCurrentȱStatusȱofȱtheȱSyslogȱServer:ȱRunningȱorȱStopped.ȱAnȱErrorȱstatusȱisȱshownȱ
inȱoneȱofȱtheȱfollowingȱcases:ȱ
™ OneȱofȱtheȱconfiguredȱandȱenabledȱSyslogȱServersȱhasȱaȱhostname,ȱwhichȱcannotȱbeȱresolvedȱ
™ SystemȱServerȱisȱstoppedȱ
™ Internalȱerror,ȱinȱwhichȱcaseȱyouȱneedȱtoȱcontactȱTechnicalȱSupportȱ
UnderȱManageȱSyslogȱSevers,ȱclickȱȱtoȱopenȱSyslogȱConfigurationȱdialogȱwhereȱyouȱcanȱaddȱSyslogȱServerȱ
details.ȱ
42ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 69.
Syslog Configuration Dialog
SyslogȱConfigurationȱcontainsȱtheȱfollowingȱfields:ȱ
SyslogȱServerȱ(IPȱAddress/Hostname):ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱofȱtheȱSyslogȱServerȱtoȱwhichȱeventsȱ
shouldȱbeȱsent.ȱ
Note:ȱConfiguredȱSyslogȱServersȱwillȱuseȱtheȱDNSȱnamesȱandȱDNSȱsuffixesȱconfiguredȱbyȱtheȱuserȱinȱtheȱServerȱInitializationȱandȱSetupȱ
WizardȱonȱtheȱServerȱConfigȱShell.ȱ
PortȱNumber:ȱSpecifiesȱtheȱportȱnumberȱofȱtheȱSyslogȱServerȱtoȱwhichȱtheȱsystemȱsendsȱevents.ȱ
(Default:ȱ514)ȱ
MessageȱFormat:ȱSpecifiesȱtheȱformatȱinȱwhichȱtheȱeventȱisȱsent:ȱIntrusionȱDetectionȱMessageȱExchangeȱFormatȱ
(IDMEF)ȱorȱPlainȱtext.ȱ
(Default:ȱPlainȱtext)ȱ
Note:ȱIfȱyouȱupgradeȱaȱServer,ȱpreȬ5.6ȱtoȱ5.6,ȱallȱpreviouslyȱconfiguredȱSyslogȱServersȱwouldȱsendȱeventsȱinȱPlainȱtextȱMessageȱFormatȱbyȱ
default.ȱYouȱcanȱselectȱtheȱIDMEFȱformatȱbyȱeditingȱtheȱSyslogȱServerȱsettings.ȱ
Enabled?:ȱSpecifiesȱifȱtheȱeventsȱareȱtoȱbeȱsentȱtoȱthisȱSyslogȱServer.ȱ
(Default:ȱEnabled)ȱ
ClickȱȱtoȱaddȱtheȱdetailsȱforȱaȱnewȱSyslogȱServer.ȱClickȱȱtoȱcloseȱtheȱwindowȱandȱdiscardȱallȱchangesȱthatȱwereȱ
made.ȱ
DoubleȬclickȱaȱrowȱorȱclickȱȱtoȱopenȱSyslogȱConfigurationȱdialogȱsimilarȱtoȱtheȱoneȱshownȱabove.ȱClickȱȱtoȱsaveȱ
allȱsettings.ȱClickȱȱtoȱcloseȱtheȱwindowȱandȱdiscardȱallȱchangesȱthatȱwereȱmade.ȱ
ClickȱȱtoȱdiscardȱtheȱdetailsȱofȱanȱexistingȱSyslogȱServer.ȱ
10. TheȱSNMPȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱSNMPȱConfigurationȱallowsȱtheȱsystemȱtoȱ
sendȱeventsȱasȱSNMPȱtrapsȱtoȱdesignatedȱSNMPȱtrapȱreceivers.ȱItȱalsoȱallowsȱSNMPȱmanagersȱtoȱqueryȱServerȱoperatingȱ
parametersȱusingȱIFȬMIB,ȱMIBȬII,ȱandȱHostȱResourcesȱMIB.ȱ
43
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 70.
SNMP Configuration
SNMPȱIntegrationȱStatus:ȱIfȱSNMPȱintegrationȱisȱenabled,ȱtheȱsystemȱsendsȱSNMPȱtrapsȱtoȱtheȱconfiguredȱSNMPȱ
Servers.ȱOtherȱsystemsȱcanȱdoȱanȱSNMPȱGetȱtoȱthisȱServer.ȱElse,ȱSNMPȱintegrationȱservicesȱareȱshutȱoff.ȱ
¾ IfȱyouȱselectȱSNMPȱIntegrationȱEnabled,ȱyouȱcanȱeditȱandȱmanageȱSNMPȱServerȱdetails.ȱTheȱsystemȱenablesȱ
SNMPȱbyȱdefault.ȱ
¾ CurrentȱStatus:ȱDisplaysȱtheȱCurrentȱStatusȱofȱtheȱSNMPȱServer:ȱRunning,ȱError,ȱorȱStopped.ȱ
UnderȱSNMPȱSettings,ȱconfigureȱSNMPȱGetsȱorȱTraps.ȱ
¾ SNMPȱGetsȱEnabled:ȱAllowsȱSNMPȱmanagersȱtoȱqueryȱServerȬoperatingȱparametersȱusingȱIFȬMIB,ȱMIBȬII,ȱandȱ
HostȱResourcesȱMIB.ȱ
¾ SNMPȱTrapsȱEnabled:ȱAllowsȱSNMPȱtrapsȱtoȱbeȱsentȱtoȱconfiguredȱSNMPȱServers.ȱ
Additionally,ȱselectȱtheȱSNMPȱversionsȱtoȱbeȱenabledȱandȱconfigureȱtheȱrelevantȱsettings.ȱ
¾ SNMPȱv1,ȱv2:ȱIfȱselected,ȱspecifyȱtheȱCommunityȱStringȱforȱtheȱSNMPȱagent.ȱ
(Default:ȱpublic)ȱ
¾ SNMPȱv3:ȱIfȱselected,ȱspecifyȱtheȱEngineȱID,ȱUsername,ȱandȱPassword.ȱ
(DefaultȱUsername:ȱadmin;ȱDefaultȱPassword:ȱpassword)ȱ
UnderȱSNMPȱMIBs,ȱselectȱtheȱfollowingȱSNMPȱMIBsȱtoȱbeȱenabledȱandȱconfigureȱtheȱrelevantȱsettings.ȱ
¾ IFȱMIBȱ
¾ HostȱResourcesȱMIBȱ
¾ AirTightȬMIB:ȱEnablesȱtheȱexternalȱSNMPȱagentȱtoȱreceiveȱtrapsȱ
¾ MIBȬII:ȱIfȱselected,ȱconfigureȱtheȱSystemȱContact,ȱSystemȱName,ȱandȱSystemȱLocation.ȱ
(DefaultȱSystemȱName:ȱWifiȱSecurityȱSever)ȱ
Note:ȱTheȱInternetȱAssignedȱNumbersȱAuthorityȱ(IANA)ȱassignedȱPrivateȱEnterpriseȱNumberȱforȱAirTight®ȱNetworks,ȱInc.ȱisȱ16901.ȱ
UnderȱSNMPȱTrapȱDestinationȱServers,ȱclickȱtoȱopenȱSNMPȱConfigurationȱdialogȱwhereȱyouȱcanȱaddȱSNMPȱ
Serverȱdetails.ȱ
44ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 71.
SNMP Configuration Dialog
SNMPȱDestinationȱServerȱDetailsȱcontainsȱtheȱfollowingȱfields:ȱ
DestinationȱServerȱ(IPȱAddress/Hostname)*:ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱofȱtheȱSNMPȱServerȱtoȱwhichȱ
eventsȱshouldȱbeȱsent.ȱ
Note:ȱConfiguredȱSNMPȱServersȱwillȱuseȱtheȱDNSȱnamesȱandȱDNSȱsuffixesȱconfiguredȱbyȱtheȱuserȱinȱtheȱServerȱInitializationȱandȱSetupȱ
WizardȱonȱtheȱServerȱConfigȱShell.ȱ
SNMPȱProtocolȱVersion:ȱSpecifiesȱtheȱSNMPȱprotocolȱversionȱforȱtheȱSNMPȱagent.ȱ
(Default:ȱSNMPȱv1,ȱv2)ȱ
PortȱNumber:ȱSpecifiesȱtheȱportȱnumberȱonȱtheȱreceivingȱsystemȱtoȱwhichȱtheȱSNMPȱtrapȱisȱsent.ȱ
(Default:ȱ162)ȱ
Enabled?:ȱSpecifiesȱifȱtheȱSNMPȱServerȱisȱenabledȱtoȱreceiveȱSNMPȱtraps.ȱ
(Default:ȱEnabled)ȱ
Note:ȱYouȱmustȱspecifyȱaȱdifferentȱportȱnumberȱifȱanotherȱapplicationȱusesȱtheȱdefaultȱport.ȱ
ClickȱȱtoȱaddȱtheȱdetailsȱforȱaȱnewȱSNMPȱServer.ȱ
DoubleȬclickȱaȱrowȱorȱselectȱaȱrowȱandȱclickȱȱtoȱopenȱSNMPȱConfigurationȱdialogȱsimilarȱtoȱtheȱoneȱshownȱabove..ȱ
Clickȱȱtoȱsaveȱallȱsettings.ȱ
SelectȱaȱrowȱandȱclickȱȱtoȱdiscardȱtheȱdetailsȱofȱanȱexistingȱSNMPȱServer.ȱ
7.1.5
Stepȱ5:ȱSettingȱupȱLocationsȱandȱSensorsȱ
11. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCreateȱaȱhierarchyȱofȱallȱtheȱlocationsȱthatȱtheȱsystemȱwillȱ
monitorȱandȱsecureȱbyȱaddingȱlocationȱfoldersȱandȱnodes.ȱ
45
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 72.
Locations Screen
TheȱLocationsȱscreenȱoperatesȱinȱtwoȱmodes:ȱDesignerȱmodeȱandȱViewerȱmode.ȱTheȱDesignerȱmodeȱisȱactiveȱbyȱdefault.ȱ
Aȱlocationȱhierarchyȱofȱyourȱsetupȱmayȱcompriseȱlocationȱfoldersȱandȱlocationȱnodes.ȱ
Locationȱfoldersȱrepresentȱorganizationalȱcomponentsȱsuchȱasȱbuildings,ȱcities,ȱorȱcountries.ȱ
¾ Root:ȱThisȱisȱtheȱrootȱlocation.ȱTheȱfactoryȱdefaultȱnameȱforȱthisȱlocationȱisȱLocations.ȱYouȱcanȱrenameȱthisȱ
location.ȱHowever,ȱyouȱcannotȱdeleteȱorȱmoveȱthisȱlocation.ȱ
¾ Unknown:ȱThisȱisȱtheȱdefaultȱlocationȱfolderȱofȱtheȱrootȱlocation.ȱYouȱcannotȱcreate,ȱdelete,ȱrename,ȱmove,ȱorȱaddȱ
aȱlocationȱtoȱtheȱUnknownȱfolder.ȱWhenȱtheȱsystemȱdetectsȱaȱnewȱuntaggedȱSensor,ȱitȱtagsȱthisȱSensorȱtoȱtheȱ
Unknownȱlocationȱfolder.ȱInȱotherȱwords,ȱwhenȱtheȱlocationȱtagȱofȱaȱlocationȬawareȱentityȱisȱnotȱknownȱorȱ
cannotȱbeȱdetermined,ȱitȱisȱtaggedȱtoȱtheȱUnknownȱfolder.ȱ
7.1.5.1
Locationȱnodesȱrepresentȱcomponentȱdetailsȱsuchȱasȱaȱfloorȱinȱaȱbuilding.ȱForȱexample,ȱHawaiiȱConferenceȱRoom,ȱ
Bldgȱ15–CubicleȱG2,ȱorȱExecutiveȱArea.ȱ
AddingȱaȱNewȱLocationȱ
Useȱtheȱfollowingȱstepsȱtoȱaddȱaȱlocation:ȱ
a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱunderȱwhichȱyouȱwishȱtoȱaddȱaȱnewȱlocation.ȱ
b. Doȱoneȱofȱtheȱfollowing:ȱ
RightȬclickȱandȱfromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱAddȱNewȱLocation.ȱ
ClickȱtheȱAddȱNewȱLocationȱiconȱ(
)ȱbelowȱtheȱDesignerȱmodeȱtab.ȱ
46ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 73.
Adding a New Location
ȱ
Figure 74.
c.
d.
Specifying Location Properties
InȱtheȱAddȱNewȱLocationȱdialog,ȱselectȱtheȱtypeȱofȱlocation,ȱthatȱis,ȱLocationȱFolderȱorȱLocationȱNode.ȱ
Enterȱaȱnameȱforȱtheȱnewȱlocationȱandȱoptionallyȱenterȱtheȱfollowingȱdetails.ȱ
SelectȱImageȱFile:ȱClickȱȱtoȱnavigateȱtoȱtheȱpathȱofȱtheȱimageȱthatȱyouȱwishȱtoȱattachȱtoȱtheȱlocationȱfolderȱ
orȱnode.ȱ
Unit:ȱSpecifyȱtheȱunitȱofȱmeasurementȱ(feetȱorȱmeters)ȱforȱtheȱlocationȱnode.ȱ
Length:ȱSpecifyȱtheȱlengthȱofȱtheȱlocationȱnode.ȱ
Width:ȱSpecifyȱtheȱwidthȱofȱtheȱlocationȱnode.ȱ
SelectȱSPM:ȱClickȱȱtoȱnavigateȱtoȱtheȱpathȱofȱtheȱ.SPMȱfileȱthatȱyouȱwishȱtoȱimportȱfromȱSpectraGuardȱ
Plannerȱ(Planner)ȱintoȱtheȱnewȱlocationȱnode.ȱ
Note:ȱUnit,ȱLength,ȱWidth,ȱandȱSelectȱSPMȱoptionsȱareȱavailableȱonlyȱforȱaȱlocationȱnode.ȱTheyȱareȱgrayedȱoutȱforȱaȱlocationȱfolder.ȱ
e.
Clickȱȱtoȱcreateȱaȱnewȱlocation.ȱAlternatively,ȱclickȱȱtoȱavoidȱcreatingȱaȱnewȱlocation.ȱ
12. TheȱSensorȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱThisȱenablesȱyouȱtoȱcreateȱdifferentȱSensorȱ
configurationȱtemplates.ȱThisȱallowsȱtheȱuserȱtoȱapplyȱdifferentȱsettingsȱtoȱdifferentȱSensorsȱbyȱapplyingȱdifferentȱ
templates.ȱEachȱconfigurationȱtemplateȱallowsȱsettingsȱforȱoperatingȱregion,ȱchannelsȱtoȱmonitor,ȱchannelsȱtoȱdefend,ȱ
antennaȱconfiguration,ȱSensorȱpassword,ȱandȱofflineȱSensorȱoperation.ȱ
Atȱanyȱlocation,ȱyouȱcanȱchooseȱaȱtemplateȱasȱaȱdefaultȱtemplate.ȱThisȱtemplateȱwillȱbeȱappliedȱtoȱanyȱnewȱSensorȱtaggedȱtoȱ
thatȱlocation.ȱ
47
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 75.
Sensor Configuration
Note:ȱSensorsȱpriorȱtoȱVersionȱ5.2ȱdoȱnotȱsupportȱadditionalȱchannelsȱ(802.11jȱ&ȱTurboȱchannels),ȱAntennaȱPortȱAssignment,ȱandȱSensorȱ
PasswordȱConfigurationȱfeatures.ȱIfȱyouȱapplyȱtemplatesȱcontainingȱtheseȱsettingsȱtoȱolderȱSensors,ȱolderȱSensorsȱwillȱignoreȱtheȱadditionalȱ
settings.ȱ
ClickȱȱtoȱopenȱtheȱSensorȱConfigurationȱTemplateȱdialog.ȱ
48ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 76.
Channel Settings Tab
UnderȱCreateȱConfigurationȱTemplate,ȱspecifyȱtheȱfollowing:ȱ
Name:ȱUniqueȱnameȱofȱtheȱSensorȱConfigurationȱtemplateȱ(lessȱthanȱ40ȱcharacters)ȱ
Description:ȱBriefȱdescriptionȱofȱtheȱSensorȱConfigurationȱtemplateȱ(lessȱthanȱ500ȱcharacters)ȱ
Note:ȱTheȱsystemȱstoresȱtheȱdefaultȱSensorȱconfigurationȱinȱaȱpredefinedȱtemplateȱSystemȱTemplate.ȱYouȱcannotȱdeleteȱtheȱSystemȱ
Templateȱnorȱeditȱitsȱname;ȱitȱisȱunique.ȱWhenȱaȱSensorȱisȱaddedȱorȱdiscovered,ȱitȱisȱautomaticallyȱassignedȱtheȱconfigurationȱsettingsȱinȱ
thisȱtemplate.ȱYouȱareȱallowedȱtoȱeditȱtheȱconfigurationȱsettingsȱinȱtheȱSystemȱTemplateȱtoȱeffectȱdefaultȱconfigurationȱofȱtheirȱchoice.ȱ
WheneverȱyouȱdeleteȱaȱuserȬdefinedȱSensorȱconfigurationȱtemplate,ȱallȱtheȱSensorsȱassociatedȱwithȱthatȱtemplateȱareȱassignedȱ
theȱSystemȱTemplate.ȱYouȱcanȱoverrideȱtheȱtemplateȱappliedȱtoȱaȱSensorȱmanuallyȱfromȱtheȱDevices ȱSensorsȱtab.ȱIfȱyouȱ
modifyȱtheȱsettingsȱinȱaȱtemplate,ȱtheȱnewȱsettingsȱareȱappliedȱtoȱtheȱSensorsȱtoȱwhichȱthisȱtemplateȱisȱapplied.ȱ
ChannelȱSettingsȱ
ChannelȱSettingsȱdisplaysȱtheȱ802.11a/802.11b/gȱandȱTurboȱchannelsȱonȱwhichȱscanningȱandȱdefendingȱisȱenabled/disabled.ȱ
SensorsȱscanȱWLANȱtrafficȱonȱchannelsȱspecifiedȱunderȱChannelsȱtoȱMonitorȱandȱdefendȱtheȱnetworkȱagainstȱvariousȱWLANȱ
threatsȱonȱchannelsȱspecifiedȱunderȱChannelsȱtoȱDefend.ȱ
UnderȱChannelȱSettingsȱtab,ȱspecifyȱtheȱfollowing:ȱ
¾ SelectȱOperatingȱRegion:ȱSpecifiesȱtheȱregion:ȱcountry:ȱofȱoperation.ȱEachȱregionȱhasȱitsȱownȱlawsȱgoverningȱtheȱ
useȱofȱtheȱunlicensedȱfrequencyȱspectrumȱforȱ802.11ȱcommunicationsȱandȱTurboȱmode.ȱTheȱsystemȱautomaticallyȱ
selectsȱtheȱchannelsȱthatȱareȱallowedȱbyȱtheȱregulatoryȱdomainȱinȱselectedȱregion.ȱ
(DefaultȱOperatingȱRegion:ȱUnitedȱStates)ȱ
¾
ClickȱtheȱlinkȱChannelȱFrequencyȱTableȱtoȱviewȱaȱlistȱofȱchannels,ȱprotocols,ȱfrequencies,ȱandȱcapabilities.ȱ
49
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 77.
Channel Frequency Table
¾
ChannelsȱtoȱMonitor:ȱSpecifiesȱtheȱchannelsȱtoȱbeȱusedȱbyȱSensorsȱtoȱmonitorȱWLANȱtraffic.ȱ
™ SelectȱtheȱcheckboxȱSelectȱAllȱStandardȱChannelsȱtoȱselectȱaȱsupersetȱofȱallȱtheȱchannels.ȱForȱ802.11a,ȱtheȱ
standardȱsetsȱofȱchannelsȱareȱ184ȱ–ȱ216ȱandȱ34ȱȬȱ165.ȱByȱdefault,ȱthisȱcheckboxȱisȱselected.ȱ
™ SelectȱtheȱcheckboxȱSelectȱAllȱAllowedȱChannelsȱtoȱselectȱallȱtheȱallowedȱchannelsȱinȱtheȱselectedȱoperatingȱ
region.ȱByȱdefault,ȱthisȱcheckboxȱisȱselected.ȱ
™ SelectȱtheȱcheckboxȱAdditionally,ȱselectȱintermediateȱchannelsȱforȱ802.11ȱaȱonlyȱtoȱselectȱtheȱchannelsȱ
betweenȱtheȱallowedȱchannelsȱthatȱareȱnonȬallowedȱinȱtheȱselectedȱoperatingȱregion.ȱSelectingȱtheȱoptionȱ
helpsȱtheȱsystemȱdetectȱdevicesȱoperatingȱonȱillegalȱchannels.ȱForȱ802.11a,ȱtheȱintermediateȱchannelsȱareȱ185,ȱ
186,ȱ187,ȱ35,ȱ37,ȱandȱsoȱon.ȱByȱdefault,ȱthisȱcheckboxȱisȱdeselected.ȱ
¾
TurboȱMode:ȱCertainȱAtherosȱChipsetȱbasedȱdevicesȱuseȱwiderȱfrequencyȱbandsȱonȱcertainȱchannelsȱinȱ802.11ȱ
b/gȱandȱ802.11aȱbandȱofȱchannels.ȱTheȱsystemȱisȱcapableȱofȱmonitoringȱchannelsȱthatȱsupportȱTurboȱModeȱofȱ
operationȱandȱdetectingȱanyȱunauthorizedȱcommunicationȱonȱtheseȱchannels.ȱYouȱcanȱselectȱspecificȱorȱallȱ
channelsȱtoȱmonitorȱwirelessȱactivityȱonȱTurboȱchannels.ȱThereȱareȱtenȱTurboȱchannelsȱinȱaȬmode.ȱTheseȱchannelsȱ
areȱ40,ȱ42,ȱ48,ȱ50,ȱ56,ȱ58,ȱ152,ȱ153,ȱ160,ȱandȱ161.ȱThereȱisȱonlyȱoneȱTurboȱchannelȱinȱb/gȬmodeȱi.e.ȱ6.ȱ
¾
ChannelsȱtoȱDefend:ȱSpecifiesȱtheȱchannelsȱtoȱbeȱusedȱbyȱSensorsȱtoȱdefendȱWLANȱtrafficȱtoȱprotectȱyourȱ
networkȱagainstȱvariousȱWLANȱthreats.ȱ
Note:ȱItȱisȱmandatoryȱthatȱchannelsȱselectedȱforȱdefendingȱbeȱselectedȱforȱscanning.ȱIfȱaȱchannelȱisȱselectedȱforȱdefendingȱandȱisȱnotȱalreadyȱ
selectedȱforȱscanning,ȱtheȱsystemȱautomaticallyȱselectsȱthatȱchannelȱforȱscanningȱasȱwell.ȱIfȱyouȱdeselectȱaȱchannelȱfromȱChannelsȱtoȱ
Monitor,ȱthenȱthisȱchannelȱisȱalsoȱdeselectedȱfromȱChannelsȱtoȱDefendȱsection.ȱ
AntennaȱPortȱAssignmentȱ
Antennaȱconnectivityȱsettingȱisȱanȱadvancedȱsettingȱandȱshouldȱbeȱusedȱwithȱutmostȱcare.ȱThisȱsettingȱallowsȱyouȱtoȱprovideȱ
50ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
additionalȱinformationȱaboutȱtheȱtypeȱofȱantennasȱconnectedȱtoȱtheȱSensor.ȱYouȱneedȱtoȱchangeȱthisȱsettingȱonlyȱifȱyouȱuseȱ
Sensorsȱthatȱallowȱyouȱtoȱconnectȱantennas.ȱ
ApplyingȱaȱtemplateȱwithȱaȱparticularȱantennaȱsettingȱtoȱaȱSensorȱwithȱincompatibleȱantennaȱconnectionȱcanȱresultȱinȱaȱlossȱofȱ
systemȱfunctionalityȱleadingȱtoȱhigherȱsecurityȱrisks.ȱYouȱshouldȱnotȱchangeȱtheȱAntennaȱConnectivityȱSettingsȱforȱaȱtemplateȱ
thatȱisȱalreadyȱappliedȱtoȱaȱgroupȱofȱSensorsȱorȱisȱaȱDefaultȱSensorȱtemplate.ȱIfȱyouȱneedȱtoȱchangeȱtheseȱsettings,ȱyouȱshouldȱ
saveȱtheȱchangesȱasȱaȱnewȱtemplateȱfirst,ȱthenȱchangeȱtheȱantennasȱsettingsȱasȱrequired,ȱsaveȱtheȱtemplateȱandȱapplyȱitȱtoȱaȱ
groupȱofȱSensorsȱwhichȱhaveȱtheȱsameȱantennaȱsettingsȱasȱspecifiedȱinȱtheȱtemplate.ȱ
ȱ
Figure 78.
Antenna Port Assignment Tab
UnderȱAntennaȱPortȱAssignmentȱtabȱ
¾ SelectȱDiversityȱOnȱorȱDiversityȱOffȱ
™ DiversityȱOn:ȱThisȱisȱtheȱdefaultȱsetting,ȱwhichȱmeansȱbothȱtheȱantennasȱareȱdualȱband.ȱSelectȱthisȱoptionȱifȱ
youȱhaveȱaȱdualȱbandȱ(2.4ȱGHzȱandȱ5ȱGHz)ȱantennaȱconnectedȱtoȱbothȱtheȱportsȱonȱtheȱSensor.ȱAssigningȱ
thisȱsettingȱtoȱaȱSensorȱwhichȱdoesȱnotȱhaveȱaȱdualȱbandȱantennaȱconnectedȱtoȱbothȱports,ȱcanȱresultȱinȱ
unpredictableȱSensorȱbehaviorȱleadingȱtoȱlossȱofȱsystemȱfunctionality.ȱMakeȱsureȱthatȱtheȱtemplateȱwithȱ
“DiversityȱOn”ȱsettingȱisȱindeedȱappliedȱtoȱSensor(s),ȱwhichȱhaveȱdualȱbandȱantennaȱconnectedȱtoȱthem.ȱ
™ DiversityȱOff:ȱSelectȱthisȱoptionȱifȱandȱonlyȱifȱyourȱSensorsȱhaveȱaȱ5ȱGHzȱantennaȱconnectedȱtoȱPortȱ1ȱandȱaȱ
2.4ȱGHzȱantennaȱconnectedȱtoȱPortȱ2.ȱTheȱfigureȱinȱtheȱAntennaȱPortȱAssignmentȱtabȱshowsȱhowȱtoȱlocateȱ
theȱportsȱtoȱensureȱthatȱtheȱsingleȱbandȱantennasȱareȱcorrectlyȱconnected.ȱAssigningȱthisȱsettingȱtoȱaȱSensorȱ
thatȱdoesȱnotȱhaveȱsingleȱbandȱantennasȱconnectedȱasȱmentionedȱaboveȱcanȱresultȱinȱunpredictableȱSensorȱ
behaviorȱleadingȱtoȱlossȱofȱsystemȱfunctionality.ȱMakeȱsureȱthatȱtheȱtemplateȱwithȱDiversityȱOffȱsettingȱisȱ
indeedȱappliedȱtoȱSensor(s)ȱthatȱhaveȱtwoȱdifferentȱsingleȱbandȱantennasȱsupportingȱ2.4ȱGHzȱandȱ5ȱGHzȱ
frequencyȱbandsȱandȱconnectedȱasȱmentionedȱabove.ȱ
SensorȱPasswordȱConfigurationȱ
SensorȱPasswordȱsettingȱallowsȱyouȱtoȱmanageȱtheȱpasswordȱforȱuserȱconfigȱonȱtheȱSensorȱCommandȱLineȱInterfaceȱ(CLI).ȱByȱ
51
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
definingȱaȱpasswordȱinȱtheȱSensorȱtemplate,ȱyouȱcanȱmanageȱtheȱpasswordȱforȱaȱgroupȱofȱSensorsȱwithoutȱhavingȱtoȱchangeȱitȱ
onȱeachȱSensorȱseparately.ȱTypeȱaȱnewȱpasswordȱorȱclickȱȱtoȱchangeȱtheȱcurrentȱpasswordȱsettings.ȱIfȱyouȱ
chooseȱ,ȱthenȱtheȱpasswordȱsettingȱwillȱbeȱtheȱsameȱasȱthatȱinȱtheȱSystemȱTemplate.ȱ
Note:ȱIfȱaȱSensorȱtemplateȱcontainsȱaȱblankȱpassword,ȱthenȱtheȱSensors,ȱtoȱwhichȱthisȱtemplateȱisȱassigned,ȱretainȱtheirȱexistingȱpassword.ȱ
FactoryȱsettingȱofȱtheȱSystemȱTemplateȱcontainsȱaȱblankȱpassword.ȱ
ȱ
Figure 79.
Sensor Password Configuration Tab
UnderȱSensorȱPasswordȱConfigurationȱtabȱspecifyȱtheȱfollowingȱ
¾ CurrentȱPasswordȱstate:ȱSpecifiesȱthatȱtheȱnewȱpasswordȱmustȱbeȱtheȱsameȱasȱtheȱoneȱspecifiedȱinȱtheȱSystemȱ
Template.ȱ
¾ NewȱPassword:ȱEnterȱtheȱnewȱpasswordȱtoȱbeȱassignedȱasȱuserȱ‘config’ȱpasswordȱforȱallȱSensorsȱassociatedȱwithȱ
theȱSensorȱtemplateȱbeingȱedited.ȱ
¾ ConfirmȱPassword:ȱReenterȱtheȱpasswordȱtoȱhelpȱconfirmȱtheȱnewȱpasswordȱbeforeȱsaving.ȱ
OfflineȱSensorȱConfigurationȱ
ThisȱfeatureȱprovidesȱsomeȱsecurityȱcoverageȱevenȱwhenȱthereȱisȱnoȱconnectivityȱbetweenȱaȱSensorȱandȱtheȱServer.ȱTheȱSensorȱ
providesȱsomeȱclassificationȱandȱpreventionȱcapabilitiesȱwhenȱitȱisȱdisconnectedȱfromȱtheȱServer.ȱTheȱSensorȱalsoȱraisesȱevents,ȱ
storesȱthem,ȱandȱsendsȱthemȱbackȱtoȱtheȱServerȱonȱreconnection.ȱ
52ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 80.
Offline Sensor Configuration Tab
EnableȱofflineȱSensorȱmode:ȱSelectȱthisȱcheckboxȱtoȱenableȱtheȱofflineȱSensorȱmode.ȱWhenȱthisȱmodeȱisȱenabled,ȱtheȱ
Sensorȱcontinuesȱtoȱdetectȱandȱclassifyȱdevices,ȱraiseȱeventȱalerts,ȱandȱpreventȱongoingȱthreats.ȱ(Default:ȱSelected)ȱ
OnlineȬOfflineȱmodeȱswitchȱdelay:ȱSpecifyȱtheȱtimeȱafterȱwhich,ȱifȱtheȱSensorȱdoesȱnotȱreceiveȱanyȱcommunicationȱ
fromȱtheȱServerȱandȱEnableȱofflineȱSensorȱmodeȱisȱenabled,ȱtheȱSensorȱswitchesȱtoȱtheȱofflineȱmode.ȱ
(Minimum:ȱ5ȱminutes;ȱMaximum:ȱ60ȱminutes;ȱDefault:ȱ5ȱminutes)ȱ
UnderȱOfflineȱSensorȱParametersȱtab,ȱyouȱcanȱviewȱtheȱfollowing:ȱ
¾ NumberȱofȱAPsȱtoȱbeȱstored:ȱNumberȱofȱAPsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱdetectȱinȱOfflineȱmodeȱ(Default:ȱ
128)ȱ
¾ NumberȱofȱClientsȱtoȱbeȱstored:ȱNumberȱofȱClientsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱdetectȱinȱOfflineȱmodeȱ
(Default:ȱ256)ȱ
¾ Numberȱofȱeventsȱtoȱbeȱstored:ȱNumberȱofȱeventsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱraiseȱinȱOfflineȱmodeȱ(Default:ȱ
256)ȱ
¾ Numberȱofȱpreventionȱrecordsȱtoȱbeȱstored:ȱNumberȱofȱpreventionȱrecordsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱstoreȱ
inȱOfflineȱmodeȱtoȱpreventȱongoingȱthreatsȱ(Default:ȱ256)ȱ
53
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
sueȱ
Figure 81.
Offline Sensor Configuration: Device Classification Policy Tab
UnderȱDeviceȱClassificationȱPolicyȱtabȱspecifyȱtheȱdesiredȱclassificationȱpoliciesȱtoȱmoveȱAPsȱandȱClientsȱfromȱtheȱ
UncategorizedȱlistȱtoȱtheȱCategorizedȱlist:ȱ
¾
UnderȱAPȱClassificationȱPolicy,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱtheȱsystemȱautomaticallyȱmoveȱAPsȱfromȱ
theȱUncategorizedȱAPȱlistȱtoȱtheȱCategorizedȱAPȱlist:ȱ
™ MoveȱnetworkedȱAPsȱtoȱtheȱRogueȱorȱAuthorizedȱAPȱfolderȱinȱtheȱCategorizedȱAPȱListȱ
™ MoveȱnonȬnetworkedȱAPsȱtoȱtheȱExternalȱAPȱfolderȱinȱtheȱCategorizedȱAPȱListȱ
¾
UnderȱClientȱClassificationȱPolicy,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱtheȱsystemȱautomaticallyȱclassifyȱ
ClientsȱbasedȱonȱtheirȱassociationsȱwithȱAPs:ȱ
™ OnȱassociationȱwithȱanȱAuthorizedȱAP,ȱclassifyȱanȱUncategorizedȱClientȱasȱAuthorizedȱ
™ OnȱassociationȱwithȱaȱRogueȱAP,ȱclassifyȱanȱUncategorizedȱClientȱasȱUnauthorizedȱ
™ OnȱassociationȱwithȱanȱExternalȱAP,ȱclassifyȱanȱUncategorizedȱClientȱasȱUnauthorizedȱ
54ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 82.
Offline Sensor Configuration: Intrusion Prevention Policy Tab
UnderȱIntrusionȱPreventionȱPolicyȱtabȱenableȱintrusionȱpreventionȱagainstȱtheȱfollowingȱthreats:ȱ
¾
¾
¾
¾
¾
¾
RogueȱAPsȱ
™ APsȱcategorizedȱasȱRogueȱ
™ UncategorizedȱAPsȱthatȱareȱconnectedȱtoȱtheȱnetworkȱ
MisconfiguredȱAPsȱ
™ APsȱcategorizedȱasȱAuthorizedȱbutȱusingȱnoȱsecurityȱmechanismȱ(Open)ȱ
™ APsȱcategorizedȱasȱAuthorizedȱbutȱusingȱweakȱsecurityȱmechanismȱ(WEP)ȱ
ClientȱMisȬassociationsȱ
™ AuthorizedȱClientȱconnectionsȱtoȱAPsȱcategorizedȱasȱExternalȱ
UnauthorizedȱAssociationsȱ
™ UnauthorizedȱClientȱconnectionsȱtoȱAPsȱcategorizedȱasȱAuthorizedȱ
AdhocȱConnectionsȱ
™ AuthorizedȱClientsȱparticipatingȱinȱanyȱadhocȱnetworkȱ
Honeypot/EvilȱTwinȱAPsȱ
™ AuthorizedȱClientȱconnectionȱtoȱHoneypot/EvilȱTwinȱAPsȱ
Additionally,ȱspecifyȱtheȱintrusionȱpreventionȱlevelȱthatȱallowsȱyouȱtoȱchooseȱaȱtradeȬoffȱbetweenȱtheȱdesiredȱlevelȱofȱ
preventionȱandȱtheȱdesiredȱnumberȱofȱmultipleȱsimultaneousȱpreventionsȱacrossȱradioȱchannels.ȱYouȱcanȱchooseȱeitherȱofȱtheȱ
followingȱpreventionȱlevels:ȱ
Blockȱ
Disruptȱ
Interruptȱ
Degradeȱ
ReferȱtoȱtheȱsectionȱIntrusionȱPreventionȱLevelȱforȱmoreȱdetails.ȱ
55
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
Clickȱȱtoȱsaveȱallȱsettings.ȱ
Clickȱtheȱ
ȱiconȱtoȱeditȱanȱexistingȱSensorȱtemplate.ȱWhenȱanȱexistingȱSensorȱtemplateȱisȱeditedȱaȱConfirmationȱ–ȱSaveȱ
dialogȱappearsȱindicatingȱtheȱmodifications,ȱbyȱselectingȱtheȱtabsȱthatȱwereȱmodified.ȱYouȱareȱallowedȱtoȱuncheckȱaȱtabȱifȱyouȱ
wishȱtoȱcancelȱthoseȱmodifications.ȱClickȱȱtoȱsaveȱtheȱchangesȱforȱtheȱselectedȱtab.ȱ
Note:ȱNameȱandȱDescriptionȱofȱtheȱSensorȱtemplateȱareȱautomaticallyȱsaved.ȱ
ClickȱȱtoȱsaveȱtheȱSensorȱtemplateȱwithȱaȱdifferentȱnameȱwithoutȱmodifyingȱtheȱoriginalȱtemplate.ȱ
ClickȱȱtoȱrevertȱtoȱtheȱSystemȱTemplate.ȱTheȱsystemȱenablesȱyouȱtoȱselectȱtabsȱtoȱcontrolȱtheȱsettingsȱthatȱwillȱ
beȱrestoredȱtoȱtheȱdefaultȱvalues.ȱIfȱyouȱclickȱȱonȱtheȱSystemȱTemplate,ȱparametersȱunderȱtheȱselectedȱtabsȱ
areȱrestoredȱtoȱtheirȱfactoryȱdefaultȱsettings.ȱAȱConfirmationȱ–ȱRestoreȱDefaultȱdialogȱappearsȱwithȱaȱlistȱofȱtabsȱselected,ȱforȱ
whichȱdefaultȱsettingsȱwillȱbeȱapplied.ȱ
Important:ȱTheȱsystemȱhasȱtheȱabilityȱtoȱscanȱandȱdefendȱonȱ4.920Ȭ4.980ȱGHzȱandȱ5.470Ȭ5.725ȱGHzȱchannelsȱinȱUS/CanadaȱandȱIEEEȱ
802.11jȱchannelsȱ4.920Ȭ4.980ȱGHzȱandȱ5.040Ȭ5.080GHzȱchannelsȱinȱJapan.ȱ
Clickȱtheȱ
ȱiconȱtoȱviewȱanȱexistingȱSensorȱtemplate.ȱClickȱtheȱ
ȱiconȱtoȱdeleteȱanȱexistingȱSensorȱtemplate.ȱ
13. TheȱImportȱSensorȱListȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱImportingȱaȱSensorȱlistȱisȱanȱefficientȱalternativeȱ
toȱmanuallyȱmovingȱSensorsȱtoȱtheȱdesiredȱlocationsȱwhileȱsettingȱupȱtheȱsystem.ȱTheȱsuccessfullyȱimportedȱSensorsȱareȱ
automaticallyȱtaggedȱtoȱtheȱchosenȱlocationsȱwhenȱtheyȱconnectȱtoȱtheȱServer.ȱ
ȱ
Figure 83.
Import Devices - Sensors
UnderȱImportȱSensorȱList,ȱclickȱȱtoȱopenȱImportȱSensorȱListȱdialog.ȱ
56ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 84.
Import Sensor List
InȱtheȱImportȱSensorȱListȱdialog:ȱ
UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ
AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱSensorȱtoȱtheȱcorrespondingȱlocation.ȱ
ManuallyȱTagȱDevicesȱto::ȱClickȱȱtoȱmanuallyȱtagȱtheȱSensorȱtoȱtheȱdesiredȱlocation.ȱ
UnderȱEnterȱSensorȱdetailsȱ
ToȱaddȱaȱSensor’sȱdetails,ȱtypeȱtheȱSensor’sȱMACȱaddressȱandȱNameȱandȱclickȱ>>>.ȱ
ToȱaddȱaȱSensor’sȱdetailsȱfromȱaȱfile,ȱclickȱ.ȱOnȱtheȱSelectȱSensor_Device_List_Fileȱdialog,ȱselectȱtheȱ.txtȱfileȱ
fromȱtheȱdesiredȱlocationȱandȱclickȱ.ȱThenȱclickȱ>>>.ȱ
UnderȱAuthorizedȱSensorȱImportȱListȱ
ToȱdeleteȱaȱSensor’sȱdetails,ȱselectȱtheȱcorrespondingȱrowȱandȱclickȱ.ȱ
ToȱimportȱSensorsȱfromȱtheȱSensorȱImportȱList,ȱclickȱ.ȱ
Note:ȱWhenȱyouȱimportȱSensorsȱfromȱaȱlist,ȱyouȱcanȱdeleteȱtheseȱSensorsȱonlyȱfromȱtheȱDevicesȱscreen.ȱ
14. TheȱDevicesÆSensorsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱSensorsȱproactivelyȱscanȱtheȱnetworkȱandȱ
generateȱevents.ȱSensorsȱcommunicateȱeventȱinformationȱtoȱtheȱsystem.ȱThisȱscreenȱguidesȱyouȱtoȱmoveȱallȱtheȱSensorsȱ
fromȱtheȱUnknownȱlocationȱtoȱtheirȱcorrectȱlocations.ȱ
57
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 85.
Devices Screen – Sensors
RightȬclickȱaȱSensorȱrowȱtoȱmoveȱaȱSensor.ȱSelectȱChangeȱLocationȱfromȱtheȱresultantȱcontextȬsensitiveȱmenuȱtoȱmanuallyȱtagȱ
theȱSensorȱtoȱtheȱdesiredȱlocation.ȱ
15. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCreateȱaȱvisualȱviewȱofȱyourȱdeploymentȱbyȱattachingȱ
picturesȱandȱfloormapsȱtoȱlocations.ȱ
58ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 86.
7.1.5.2
Locations Screen
Attachingȱanȱimageȱ
Useȱtheȱfollowingȱstepsȱtoȱattachȱanȱimage:ȱ
a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱtoȱwhichȱyouȱwishȱtoȱattachȱanȱimage.ȱ
b. Doȱoneȱofȱtheȱfollowing:ȱ
RightȬclickȱandȱfromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱAttachȱImage.ȱ
c.
ClickȱtheȱAttachȱImageȱonȱfloorȱiconȱ(
)ȱinȱtheȱrightȱcorner.ȱ
OnȱtheȱSelectȱanȱimageȱfileȱtoȱattachȱtoȱattachȱoverȱaȱplannedȱlocationȱdialog,ȱbrowseȱtoȱtheȱappropriateȱimageȱandȱthenȱ
clickȱ.ȱ
7.1.5.3
PlacingȱLocationsȱonȱaȱLocationȱFolderȱwithȱanȱAttachedȱImageȱ
Theȱsystemȱenablesȱyouȱtoȱplaceȱlocationsȱonȱaȱlocationȱfolderȱthatȱhasȱanȱattachedȱimage.ȱThisȱhelpsȱyouȱidentifyȱtheȱphysicalȱ
positionȱofȱeachȱofȱtheȱlocations.ȱTheȱlocationsȱplacedȱonȱtheȱattachedȱimageȱareȱindicatedȱbyȱcoloredȱcircles.ȱAȱgreenȱcircleȱ
indicatesȱthatȱtheȱlocationȱisȱSecure,ȱwhileȱaȱredȱcircleȱindicatesȱthatȱtheȱlocationȱisȱVulnerable.ȱ
Useȱtheȱfollowingȱstepsȱtoȱplaceȱlocationsȱonȱtheȱattachedȱimageȱandȱviewȱtheirȱdetails:ȱ
a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱfolder.ȱ
b. UnderȱAvailableȱLocations,ȱdragȱandȱdropȱtheȱrequiredȱlocationsȱonȱtheȱattachedȱimage.ȱ
c. Toȱviewȱdetailsȱaboutȱtheȱlocationȱholdȱtheȱmouseȱcursorȱoverȱtheȱcoloredȱcircle.ȱ
d. Toȱgoȱtoȱaȱparticularȱlocationȱplacedȱonȱtheȱimage,ȱdoȱoneȱofȱtheȱfollowing:ȱ
Clickȱtheȱcoloredȱcircleȱrepresentingȱtheȱlocation.ȱ
Pointȱtoȱcoloredȱcircleȱrepresentingȱtheȱlocation,ȱrightȬclickȱandȱselectȱJumpȱtoȱthisȱlocation.ȱ
Note:ȱYouȱcanȱtraverseȱtoȱaȱparticularȱlocationȱnodeȱbyȱfollowingȱstepȱdȱuntilȱyouȱreachȱtheȱdesiredȱlocationȱnode.ȱ
59
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
7.1.5.4
ImportingȱaȱPlannerȱfileȱintoȱaȱLocationȱNodeȱ
Theȱsystemȱenablesȱyouȱtoȱspecifyȱaȱlayoutȱforȱeachȱlocationȱnodeȱusingȱaȱblankȱcanvas,ȱaȱlayoutȱimage,ȱorȱaȱ.SPMȱfileȱexportedȱ
fromȱPlanner.ȱUseȱtheȱfollowingȱstepsȱtoȱimportȱaȱPlannerȱfile:ȱ
a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱnodeȱintoȱwhichȱyouȱwishȱtoȱimportȱtheȱ.SPMȱfileȱandȱthenȱrightȬclick.ȱ
b. Doȱoneȱofȱtheȱfollowing:ȱ
FromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱImportȱLocation.ȱ
c.
ClickȱtheȱImportȱLocationȱiconȱ(
)ȱbelowȱtheȱViewerȱmodeȱtab.ȱ
InȱtheȱSelectȱSpectraGuardȱPlannerȱ(.spm)ȱFileȱdialog,ȱbrowseȱtoȱtheȱappropriateȱPlannerȱexportedȱ.SPMȱfileȱandȱthenȱ
clickȱ.ȱ
16. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱYouȱcanȱplaceȱSensorsȱonȱtheȱfloormapsȱbyȱdraggingȱandȱ
droppingȱthem.ȱIfȱyouȱhaveȱimportedȱanȱSPMȱfileȱfromȱPlannerȱthatȱcontainsȱfloorȱinformationȱandȱSensorȱplacements,ȱ
Sensorsȱcontainedȱinȱthatȱfileȱwillȱbeȱplacedȱautomatically.ȱ
ȱ
Figure 87.
Placing Sensors on the Floormap
YouȱmustȱcompleteȱthisȱstepȱtoȱviewȱliveȱRFȱcoverageȱmapsȱforȱaȱlocationȱnodeȱandȱperformȱonȬfloorȱlocationȱtrackingȱofȱ
visibleȱ802.11ȱdevices.ȱUseȱtheȱfollowingȱstepsȱtoȱplaceȱSensorsȱonȱtheȱfloormap:ȱ
a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱnode.ȱ
b. UnderȱAvailableȱDevices,ȱselectȱtheȱSensorsȱtab,ȱthenȱdragȱandȱdropȱtheȱSensorsȱonȱyourȱfloormap.ȱ
7.1.6
Stepȱ6:ȱClassifyingȱAPsȱ
17. TheȱAuthorizedȱWLANȱSetupȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱOnȱthisȱscreen,ȱspecifyȱAuthorizedȱAPȱ
detailsȱusingȱSSIDȱtemplatesȱtoȱsuitȱdifferentȱlocations.ȱ
60ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 88.
Authorized WLAN Setup
Selectȱoneȱofȱtheȱfollowingȱtoȱcharacterizeȱaȱparticularȱlocation:ȱ
ThisȱisȱaȱNoȱWiȬFiȱlocation:ȱIfȱnoȱAuthorizedȱWiȬFiȱAPsȱareȱinstalledȱatȱthisȱlocation.ȱIfȱyouȱconfigureȱaȱlocationȱasȱaȱ
noȱWiȬFiȱlocation,ȱtheȱSpecifyȱAuthorizedȱSSIDȱsectionȱisȱgrayedȱout.ȱ
WiȬFiȱisȱallowedȱatȱthisȱlocation:ȱToȱspecifyȱtheȱdetailsȱofȱtheȱAuthorizedȱWiȬFiȱAPsȱinȱthisȱlocation.ȱ
7.1.6.1
SpecifyȱAuthorizedȱSSIDsȱ
Underȱthisȱtab,ȱspecifyȱtheȱAuthorizedȱSSIDsȱatȱthisȱlocation.ȱForȱeachȱSSID,ȱyouȱcanȱspecifyȱtheȱdetailedȱconfiguration.ȱThisȱ
perȱSSIDȱconfigurationȱisȱcalledȱanȱSSIDȱtemplate.ȱ
CreatingȱaȱConfigurationȱTemplateȱforȱanȱAuthorizedȱ802.11ȱSSIDȱ
AddȱAuthorizedȱSSIDsȱallowsȱyouȱtoȱcreateȱanȱSSIDȱtemplateȱinȱoneȱofȱtheȱfollowingȱways:ȱ
AddȱVisibleȱSSID:ȱToȱcreateȱanȱSSIDȱtemplateȱfromȱaȱlistȱofȱvisibleȱSSIDs.ȱTheȱvisibleȱSSIDȱlistȱisȱbuiltȱusingȱtheȱdataȱ
receivedȱfromȱSensors.ȱ
AddȱCustomȱSSID:ȱToȱcreateȱaȱtemplateȱusingȱaȱuserȬdefinedȱSSID.ȱ
ClickȱȱtoȱcreateȱaȱnewȱSSIDȱtemplate.ȱTheȱTemplateȱforȱanȱAuthorizedȱ802.11ȱSSIDȱdialogȱappearsȱwhereȱyouȱcanȱ
selectȱmultipleȱitemsȱinȱsomeȱfields.ȱ
61
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 89.
Creating a Configuration Template for an Authorized SSID
CreateȱSSIDȱTemplateȱallowsȱyouȱtoȱspecifyȱtheȱdetailsȱforȱcreatingȱaȱnewȱSSIDȱasȱfollows:ȱ
¾ AuthorizedȱSSID:ȱDisplaysȱtheȱnameȱofȱtheȱSSIDȱthatȱyouȱhaveȱaddedȱearlierȱ
¾ ThisȱisȱaȱGuestȱSSID:ȱSelectȱthisȱoptionȱifȱthisȱSSIDȱisȱaȱGuestȱSSIDȱusedȱtoȱprovideȱWiȬFiȱconnectivityȱtoȱvisitorsȱ
andȱguests.ȱThoughȱAPsȱwithȱGuestȱSSIDȱareȱAuthorized,ȱtheyȱmayȱbeȱtreatedȱdifferentlyȱthanȱAPsȱthatȱareȱusedȱ
byȱemployeesȱforȱcorporateȱaccess.ȱMakingȱanȱSSIDȱasȱGuestȱallowsȱyouȱtoȱspecifyȱadditionalȱclassificationȱandȱ
preventionȱpoliciesȱrelatedȱtoȱGuestȱSSIDs.ȱReferȱtoȱtheȱsectionsȱClientȱAutoȬClassificationȱandȱIntrusionȱ
PreventionȱPolicyȱinȱtheȱSpectraGuardȱEnterpriseȱUserȱGuideȱforȱmoreȱdetailsȱonȱclassifyingȱGuestȱSSIDsȱ
¾ TemplateȱName:ȱNameȱofȱtheȱSSIDȱtemplateȱ
¾ ApplyȱthisȱSSIDȱtemplateȱatȱcurrentȱlocation:ȱSelectȱthisȱoptionȱtoȱapplyȱthisȱSSIDȱtemplateȱtoȱtheȱcurrentȱ
location.ȱTheȱWLANȱpolicyȱatȱaȱlocationȱconsistsȱofȱSSIDȱtemplatesȱappliedȱatȱthatȱlocation.ȱIfȱtheȱtemplateȱisȱnotȱ
appliedȱatȱthisȱlocation,ȱitȱwillȱnotȱbeȱaȱpartȱofȱtheȱWLANȱpolicyȱ
¾ Description:ȱWriteȱaȱshortȱdescriptionȱtoȱhelpȱidentifyȱtheȱSSIDȱtemplateȱ
NetworkȱProtocolȱallowsȱyouȱtoȱselectȱtheȱallowedȱ802.11ȱprotocolsȱforȱtheȱSSID:ȱ
¾ Any:ȱAllowȱAPsȱwithȱanyȱnetworkȱprotocolȱforȱthisȱSSIDȱ
¾ Select:ȱSpecifyȱtheȱ802.11ȱprotocolȱonȱwhichȱtheȱsystemȱallowsȱtheȱAPsȱconnectedȱtoȱtheȱnetworkȱtoȱoperate–
802.11ȱa,ȱ802.11ȱb,ȱandȱ802.11gȱ
AuthenticationȱFrameworkȱallowsȱyouȱtoȱselectȱtheȱsecurityȱframeworkȱforȱtheȱSSID:ȱ
62ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
¾
¾
Any:ȱAllowȱAPsȱwithȱanyȱauthenticationȱframeworkȱtoȱconnectȱtoȱtheȱsystemȱ
Select:ȱSpecifyȱtheȱauthenticationȱframework–PSKȱandȱ802.1xȱ(EAP).ȱTheȱauthenticationȱframeworkȱisȱonlyȱ
applicableȱifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ
EncryptionȱProtocolsȱallowsȱyouȱtoȱselectȱtheȱallowedȱencryptionȱprotocolsȱforȱtheȱSSID:ȱ
¾ Any:ȱAllowȱAPsȱwithȱanyȱencryptionȱprotocolȱforȱthisȱSSIDȱ
¾ Select:ȱSpecifyȱtheȱencryptionȱprotocols–WEP40,ȱWEP108,ȱTKIP,ȱandȱCCMP.ȱTKIPȱandȱCCMPȱareȱavailableȱonlyȱ
ifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ
SecurityȱSettingsȱallowsȱyouȱtoȱselectȱtheȱsecurityȱprotocol(s)ȱforȱtheȱSSID:ȱ
¾ Any:ȱAllowȱAPsȱwithȱanyȱsecurityȱsettingsȱtoȱconnectȱ
¾ Select:ȱSpecifyȱtheȱprivacyȱmechanism–Open,ȱWEP,ȱWPA,ȱandȱ802.11iȱforȱtheȱAPsȱconnectedȱtoȱtheȱSSIDȱ
CiscoȱMFPȱallowsȱyouȱtoȱmakeȱclassificationȱdecisionsȱonȱCiscoȱManagementȱFrameȱProtection(MFP)ȱcapabilityȱifȱ
802.11iȱcheckboxȱisȱselectedȱunderȱSecurityȱSettings:ȱ
¾ Any:ȱPolicyȱdoesȱnotȱcheckȱforȱMFP;ȱbothȱCiscoȱMFPȱenabledȱandȱdisabledȱAPsȱareȱclassifiedȱasȱAuthorizedȱ
¾ Select:ȱPolicyȱchecksȱforȱMFPȱ
™ CiscoȱMFPȱEnabled:ȱSelectȱtoȱclassifyȱonlyȱCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ
™ CiscoȱMFPȱDisabled:ȱSelectȱtoȱclassifyȱnonȬCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ
APȱCapabilitiesȱallowsȱyouȱtoȱselectȱtheȱadditionalȱcapabilitiesȱthatȱAuthorizedȱAPsȱmayȱhave.ȱIfȱyouȱselectȱanyȱofȱ
theseȱadvancedȱcapabilities,ȱtheȱclassificationȱlogicȱallowsȱAPsȱwithȱandȱwithoutȱtheseȱcapabilities.ȱSelectȱoneȱofȱtheȱ
following:ȱ
¾ Any:ȱAllowȱAPsȱwithȱanyȱspecialȱcapabilityȱforȱthisȱSSIDȱ
¾ Select:ȱSpecifyȱifȱtheȱAPȱusesȱanyȱTurbo/SuperȱtechniquesȱusedȱbyȱAtherosȱtoȱgetȱhigherȱthroughputs–Turbo,ȱ
SuperAG,ȱandȱDot11nȱ(802.11n)ȱ
AuthenticationȱTypesȱallowsȱyouȱtoȱselectȱtheȱallowedȱauthenticationȱtypesȱthatȱClientsȱcanȱuse.ȱAuthenticationȱ
typesȱdoȱnotȱdetermineȱtheȱclassificationȱofȱAPs,ȱbutȱareȱusedȱtoȱraiseȱanȱeventȱifȱaȱClientȱisȱauthenticatedȱviaȱaȱnonȬ
allowedȱauthenticationȱtype.ȱTheȱsystemȱraisesȱthisȱeventȱonlyȱifȱtheȱsystemȱseesȱauthenticationȱprotocolȱhandshakeȱ
frames.ȱ
¾ Any:ȱAllowȱClientsȱwithȱanyȱauthenticationȱtypeȱforȱthisȱSSIDȱ
¾ Select:ȱSpecifyȱtheȱauthenticationȱtypesȱthatȱClientsȱcanȱuseȱ(onlyȱifȱ802.1xȱisȱselected)–PEAP,ȱEAPȬTLS,ȱLEAP,ȱ
EAPȬTTLS,ȱEAPȬFAST,ȱandȱEAPȬSIMȱSelectionȱisȱallowedȱ
AllowedȱNetworksȱallowsȱyouȱtoȱselectȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected:ȱ
¾ Any:ȱAllowȱAPsȱwithȱthisȱSSIDȱtoȱconnectȱtoȱanyȱnetworkȱ
¾ SelectȱNetworks:ȱSpecifyȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected.ȱYouȱcanȱeitherȱ
chooseȱfromȱnetworksȱthatȱareȱdiscoveredȱautomaticallyȱbyȱtheȱsystemȱorȱaddȱnewȱnetworksȱthatȱareȱnotȱyetȱ
discoveredȱbyȱtheȱsystemȱ
™ ClickȱȱtoȱopenȱAllowedȱNetworksȱforȱSSIDȱdialogȱwhereȱyouȱcanȱmoveȱaȱnetworkȱfromȱ
NetworksȱMonitoredȱbyȱtheȱSystemȱtoȱAllowedȱNetworksȱforȱthisȱSSIDȱandȱaddȱorȱdeleteȱnetworks.ȱ
UnderȱAllowedȱAPȱVendors,ȱselectȱoneȱofȱtheȱfollowing:ȱ
¾ Any:ȱAllowȱAPsȱmanufacturedȱbyȱanyȱvendorȱtoȱconnectȱtoȱtheȱsystemȱ
¾ SelectȱVendors:ȱSelectȱtheȱmanufacturerȱofȱtheȱAPȱwithȱtheȱspecifiedȱSSID.ȱIfȱanȱAPȱwithȱtheȱspecifiedȱSSIDȱisȱ
discoveredȱatȱthisȱlocation,ȱtheȱsystemȱdeclaresȱitȱasȱaȱRogue,ȱunlessȱoneȱofȱtheȱmanufacturersȱlistedȱ
manufacturesȱit.ȱ
SSIDȱTemplatesȱ
AȱpolicyȱisȱcollectionȱofȱSSIDȱtemplatesȱattachedȱtoȱthatȱlocation.ȱYouȱcanȱapplyȱanȱSSIDȱtemplateȱfromȱtheȱparentȱorȱcreateȱitȱ
locally;ȱifȱyouȱwishȱtoȱcustomizeȱtheȱWLANȱpolicyȱforȱthatȱlocation.ȱOtherȱtemplatesȱmayȱbeȱavailableȱtoȱbeȱattachedȱbutȱareȱ
notȱpartȱofȱtheȱWLANȱpolicyȱandȱwillȱnotȱbeȱusedȱforȱAPȱclassification.ȱ
TheȱSSIDȱTemplatesȱsectionȱlistsȱtheȱSSIDȱtemplatesȱthatȱareȱavailableȱatȱaȱparticularȱlocation.ȱYouȱmustȱapplyȱtheȱtemplatesȱ
fromȱtheȱavailableȱlistȱtoȱcreateȱtheȱWLANȱpolicyȱatȱthatȱlocation.ȱAȱnewȱAPȱorȱanȱexistingȱAuthorizedȱAPȱisȱcomparedȱagainstȱ
theȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱitȱisȱaȱRogueȱorȱMisȬconfiguredȱAP.ȱTheȱSSIDȱtemplatesȱcreatedȱatȱotherȱlocationsȱ
canȱbeȱappliedȱtoȱaȱselectedȱlocationȱbutȱcannotȱbeȱeditedȱorȱdeleted.ȱTheȱeditȱandȱdeleteȱoperationsȱareȱpossibleȱonlyȱatȱtheȱ
locationȱwhereȱtheȱtemplateȱisȱcreated.ȱTheȱtableȱshowsȱtheȱfollowingȱdetails:ȱ
63
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
SSID:ȱNameȱofȱtheȱSSIDȱ
GuestȱSSID?:ȱIndicatesȱifȱitȱisȱaȱGuestȱSSIDȱ
TemplateȱName:ȱNameȱofȱtheȱSSIDȱtemplateȱ
ApplyȱHere?:ȱEnablesȱyouȱtoȱapplyȱtheȱSSIDȱtemplateȱtoȱtheȱselectedȱlocation.ȱNewȱandȱexistingȱAuthorizedȱAPsȱareȱ
evaluatedȱagainstȱallȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱtheyȱareȱRogueȱorȱMisȬconfigured.ȱ
ȱ
¾
¾
¾
¾
7.1.6.2
ȱ
ȱ
:ȱClickȱtheseȱiconsȱtoȱperformȱtheȱfollowing:ȱ
CopyȱtheȱselectedȱSSIDȱtemplateȱtoȱanotherȱlocation.ȱ
EditȱtheȱSSIDȱtemplate.ȱThisȱoptionȱisȱenabledȱonlyȱatȱtheȱlocationȱwhereȱtheȱtemplateȱwasȱcreated.ȱ
ViewȱtheȱSSIDȱtemplate.ȱ
Deleteȱtheȱtemplate.ȱThisȱoptionȱisȱenabledȱonlyȱatȱtheȱlocationȱwhereȱtheȱtemplateȱwasȱcreatedȱandȱonlyȱifȱtheȱ
templateȱisȱnotȱappliedȱatȱanyȱotherȱchildȱlocationsȱofȱtheȱlocationȱwhereȱitȱwasȱcreated.ȱ
SelectȱWiȬFiȱNetworksȱ
ThisȱsectionȱallowsȱyouȱtoȱspecifyȱtheȱlistȱofȱnetworksȱatȱtheȱselectedȱlocationȱwhereȱnoȱWiȬFiȱAPsȱareȱallowedȱtoȱbeȱconnected.ȱ
TheȱNoȱWiȬFiȱNetworksȱlistȱatȱaȱlocationȱtakesȱprecedenceȱoverȱtheȱlistȱofȱnetworksȱinȱSSIDȱtemplatesȱappliedȱatȱthatȱlocation.ȱ
Inȱotherȱwords,ȱifȱaȱnetworkȱisȱincludedȱinȱaȱlocation’sȱnoȱWiȬFiȱlistȱandȱhappensȱtoȱbeȱinȱtheȱlistȱofȱnetworksȱinȱoneȱorȱmoreȱ
appliedȱSSIDsȱatȱthatȱlocation,ȱtheȱnetworkȱwillȱbeȱstillȱtreatedȱasȱaȱnoȱWiȬFiȱnetwork.ȱ
ȱ
Figure 90.
No-Wi-Fi Networks
NetworksȱMonitoredȱbyȱtheȱSystem:ȱSpecifiesȱtheȱnetworksȱmonitoredȱbyȱtheȱsystem.ȱ
NoȱWiȬFiȱNetworksȱatȱthisȱLocation:ȱSpecifiesȱtheȱnetworksȱtoȱwhichȱnoȱWiȬFiȱAPȱshouldȱbeȱconnectedȱatȱtheȱ
selectedȱlocation.ȱ
YouȱcanȱmoveȱaȱnetworkȱfromȱNetworksȱMonitoredȱbyȱtheȱSystemȱtoȱNoȱWiȬFiȱNetworksȱatȱthisȱLocation.ȱ
ClickȱȱtoȱenterȱaȱnewȱnetworkȱaddressȱtoȱaddȱaȱNoȱWiȬFiȱnetworkȱatȱtheȱselectedȱlocation.ȱ
7.1.6.3
RSSIȱbasedȱClassificationȱ
APsȱareȱfurtherȱclassifiedȱbasedȱonȱtheȱRSSIȱvalueȱthatȱtheȱSensorsȱreceive.ȱIfȱtheȱsignalȱstrenthȱexceedsȱaȱmaximmumȱ
threshold,ȱtheȱSensorȱappropriatelyȱclssifiesȱtheȱAP.ȱAirtightȱhiglyȱrecommendsȱthatȱyouȱturnȱonȱnetworkȱconnectivityȱbasedȱ
64ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
classificationȱasȱitȱisȱtheȱmostȱreliableȱmechanismȱtoȱclassifyȱwirelessȱdevicesȱwhenȱmostȱofȱyourȱnetworkȱisȱmonitoredȱusingȱ
SensorsȱandȱNDs.ȱ
UnderȱRSSIȱThreshold,ȱselectȱoneȱorȱbothȱ(recommend)ȱofȱtheȱfollowingȱcheckboxes:ȱ
PreȬclassifyȱAPsȱwithȱsignalȱstrengthȱstrongerȱthanȱthresholdȱasȱRogueȱorȱAuthorizedȱAPsȱtoȱspecifyȱtheȱthresholdȱ
RSSIȱvalueȱbasedȱonȱwhichȱtheȱsystemȱfurtherȱclassifiesȱAPs.ȱ
PreȬclassifyȱAPsȱconnectedȱtoȱmonitoredȱsubnetȱasȱRogueȱorȱAuthorizedȱAPsȱtoȱclassifyȱAPsȱbasedȱonȱtheirȱ
networkȱconnectivity.ȱ
ȱ
Figure 91.
RSSI based Classification
18. TheȱAPȱAutoȬclassificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱItȱenablesȱyouȱtoȱspecifyȱtheȱAPȱclassificationȱ
policyȱforȱdifferentȱAPȱcategories.ȱ
65
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 92.
AP Auto-Classification Policy
UnderȱExternalȱAPs,ȱAirTightȱrecommendsȱthatȱyouȱselectȱAutomaticallyȱmoveȱPotentiallyȱExternalȱAPsȱinȱtheȱ
UncategorizedȱlistȱtoȱtheȱExternalȱFolder.ȱTheȱsystemȱautomaticallyȱremovesȱanȱAPȱfromȱtheȱExternalȱfolderȱandȱmovesȱitȱtoȱ
anȱappropriateȱAPȱfolderȱifȱitȱlaterȱdetectsȱthatȱtheȱAPȱisȱwiredȱtoȱtheȱenterpriseȱnetwork.ȱ
UnderȱRogueȱAPs,ȱAirTightȱrecommendsȱthatȱyouȱselectȱAutomaticallyȱmoveȱPotentiallyȱExternalȱAPsȱinȱtheȱUncategorizedȱ
listȱtoȱtheȱRogueȱFolder.ȱ
Note:ȱOnceȱyouȱmoveȱanȱAPȱtoȱtheȱRogueȱfolder,ȱtheȱsystemȱneverȱautomaticallyȱremovesȱitȱfromȱtheȱRogueȱfolder,ȱevenȱifȱitȱlaterȱdetectsȱ
thatȱtheȱAPȱisȱunwiredȱfromȱtheȱenterpriseȱnetworkȱorȱitsȱsecurityȱsettingsȱhaveȱchanged.ȱ
19. TheȱImportȱDevicesȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱImportingȱanȱAuthorizedȱAPȱListȱisȱanȱefficientȱ
alternativeȱtoȱmanualȱmovementȱofȱtheseȱAPsȱintoȱtheȱAuthorizedȱbin.ȱAfterȱsuccessfullyȱimportingȱtheseȱlists,ȱtheȱsystemȱ
automaticallyȱclassifiesȱtheȱAPsȱinȱtheȱrespectiveȱlistsȱasȱAuthorized.ȱ
66ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 93.
Import Devices – APs
YouȱcanȱmoveȱAuthorizedȱAPsȱtoȱtheȱAuthorizedȱfolderȱusingȱoneȱofȱtheȱfollowingȱmethods:ȱ
MoveȱanȱAPȱtoȱtheȱAuthorizedȱfolderȱusingȱrightȱclickȱandȱMoveȱoptionȱ
ImportȱtheȱAuthorizedȱAPȱlistȱ
SynchronizeȱwithȱanȱAPȱManagementȱServerȱ
Note:ȱOnceȱyouȱmoveȱanȱAPȱtoȱtheȱAuthorizedȱfolder,ȱtheȱsystemȱneverȱautomaticallyȱremovesȱitȱfromȱtheȱAuthorizedȱfolder,ȱevenȱifȱitȱ
laterȱdetectsȱthatȱtheȱAPȱisȱunwiredȱfromȱtheȱenterpriseȱnetwork.ȱ
UnderȱImportȱAPȱList,ȱclickȱȱtoȱopenȱImportȱAuthorizedȱAPȱListȱdialog.ȱ
ȱ
67
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
Figure 94.
Import Authorized AP List
InȱtheȱImportȱAuthorizedȱAPȱListȱdialog:ȱ
UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ
AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱAPȱtoȱtheȱcorrespondingȱlocation.ȱ
ManuallyȱTagȱDevicesȱto::ȱClickȱȱtoȱmanuallyȱtagȱtheȱAPȱtoȱtheȱdesiredȱlocation.ȱ
UnderȱEnterȱAPȱdetailsȱ
ToȱaddȱanȱAP’sȱdetails,ȱtypeȱtheȱAP’sȱMACȱaddress,ȱIPȱAddress,ȱandȱNameȱandȱclickȱ>>>.ȱ
ToȱaddȱanȱAP’sȱdetailsȱfromȱaȱfile,ȱclickȱ.ȱOnȱtheȱSelectȱAuthorizedȱAP_Device_List_Fileȱdialog,ȱselectȱtheȱ
.txtȱfileȱfromȱtheȱdesiredȱlocationȱandȱclickȱ.ȱThenȱclickȱ>>>.ȱ
UnderȱAuthorizedȱAPȱImportȱListȱ
ToȱdeleteȱanȱAP’sȱdetails,ȱselectȱtheȱcorrespondingȱrowȱandȱclickȱ.ȱ
ToȱimportȱAuthorizedȱAPsȱfromȱtheȱAuthorizedȱAPȱImportȱList,ȱclickȱ.ȱ
Note:ȱWhenȱyouȱimportȱAPsȱfromȱaȱlist,ȱpolicyȱsettingsȱinȱtheȱSetupȱWizardȱdoȱnotȱaffectȱtheseȱAPs.ȱ
20. TheȱDevicesÆAPsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱinspect,ȱconfirm,ȱandȱreȬ
classifyȱaȱdevice,ȱwhichȱis,ȱmoveȱaȱdeviceȱtoȱaȱdifferentȱfolderȱbasedȱonȱfreshȱinformation.ȱ
ȱ
Figure 95.
Devices Screen – APs
UseȱtheȱfollowingȱstepsȱtoȱmoveȱanȱAPȱtoȱaȱspecificȱfolder:ȱ
a. InȱtheȱAPȱlist,ȱrightȱclickȱtheȱdesiredȱAPȱrow.ȱ
b. Fromȱtheȱresultingȱcontextȱsensitiveȱmenu,ȱselectȱMoveȱto….ȱ
c. ClickȱtheȱdesiredȱcategoryȱtoȱwhichȱyouȱwantȱtoȱmoveȱtheȱAP.ȱ
Note:ȱIfȱyouȱmoveȱanȱAPȱplacedȱonȱaȱfloormap,ȱanȱErrorȱdialogȱappears.ȱ
68ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
21. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱplaceȱAPsȱonȱtheȱfloormapȱtoȱ
viewȱliveȱRFȱcoverageȱmapsȱforȱaȱlocationȱnodeȱandȱperformȱonȬfloorȱlocationȱtrackingȱofȱvisibleȱ802.11ȱdevices.ȱ
ȱ
Figure 96.
Locations Screen
UseȱtheȱfollowingȱstepsȱtoȱplaceȱAPsȱonȱtheȱfloormap:ȱ
a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱnode.ȱ
b. UnderȱAvailableȱDevices,ȱselectȱtheȱAPsȱtab,ȱthenȱdragȱandȱdropȱtheȱAPsȱonȱyourȱfloormap.ȱ
7.1.7
Stepȱ7:ȱClassifyingȱClientsȱ
22. TheȱClientȱAutoȬclassificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱItȱdeterminesȱhowȱClientsȱareȱclassifiedȱ
uponȱinitialȱdiscoveryȱandȱsubsequentȱassociationsȱwithȱAPs.ȱ
69
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 97.
Client Auto-Classification Policy
UnderȱInitialȱClientȱClassification,ȱspecifyȱifȱnewlyȱdiscoveredȱClientsȱatȱaȱparticularȱlocation,ȱwhichȱareȱUncategorizedȱbyȱ
defaultȱshouldȱbeȱclassifiedȱasȱAuthorizedȱorȱUnauthorized.ȱ
UnderȱAutomaticȱClientȱClassification,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱTheȱsystemȱautomaticallyȱreȬclassifyȱ
UncategorizedȱandȱUnauthorizedȱClientsȱbasedȱonȱtheirȱassociationsȱwithȱAPs.ȱYouȱcanȱcategorizeȱtheȱfollowingȱtypesȱofȱ
Clients.ȱ
ClientsȱrunningȱSAFEȱ
¾ AllȱUnauthorizedȱClientsȱrunningȱSpectraGuardȱSAFEȱareȱclassifiedȱasȱAuthorizedȱ
¾ AllȱUncategorizedȱClientsȱrunningȱSpectraGuardȱSAFEȱareȱclassifiedȱasȱAuthorizedȱ
ClientsȱconnectingȱtoȱAuthorizedȱAPsȱ
¾ AllȱUnauthorizedȱClientsȱthatȱconnectȱtoȱanȱAuthorizedȱAPȱareȱreȬclassifiedȱasȱAuthorizedȱ
¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱanȱAuthorizedȱAPȱareȱclassifiedȱasȱAuthorizedȱ
YouȱcanȱselectȱtheȱfollowingȱExceptionsȱ
¾ DoȱnotȱreȬclassifyȱaȱClientȱconnectingȱtoȱaȱGuestȱAPȱasȱAuthorizedȱ
¾ DoȱnotȱreȬclassifyȱaȱClientȱconnectingȱtoȱaȱMisȬconfiguredȱAPȱasȱAuthorizedȱ
¾ DoȱnotȱreȬclassifyȱaȱClientȱasȱAuthorizedȱifȱitsȱwirelessȱdataȱpacketsȱareȱnotȱdetectedȱonȱtheȱwiredȱnetworkȱ
ClientsȱconnectingȱtoȱExternalȱorȱRogueȱAPsȱ
¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱanȱExternalȱAPȱareȱclassifiedȱasȱUnauthorizedȱ
¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱaȱRogueȱAPȱareȱclassifiedȱasȱUnauthorizedȱ
¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱaȱPotentiallyȱExternalȱAPȱareȱclassifiedȱasȱUnauthorizedȱ
¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱaȱPotentiallyȱRogueȱAPȱareȱclassifiedȱasȱUnauthorizedȱ
23. TheȱImportȱDevicesȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱImportingȱanȱAuthorizedȱorȱUnauthorizedȱClientsȱ
ListȱisȱanȱefficientȱalternativeȱtoȱmanualȱmovementȱofȱtheseȱdevicesȱintoȱtheȱAuthorized/Unauthorizedȱbins.ȱAfterȱ
successfullyȱimportingȱtheseȱlists,ȱtheȱsystemȱautomaticallyȱclassifiesȱtheȱClientsȱinȱtheȱrespectiveȱlistsȱasȱ
Authorized/Unauthorized.ȱ
70ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 98.
Import Devices – Clients
InȱtheȱImportȱDevicesȱdialog,ȱunderȱImportȱClientȱList,ȱclickȱȱtoȱopenȱImportȱAuthorizedȱ
ClientȱListȱdialogȱand/orȱclickȱȱtoȱopenȱImportȱUnauthorizedȱClientȱListȱdialog.ȱ
InȱtheȱImportȱAuthorized/UnauthorizedȱClientȱListȱdialog:ȱ
UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ
AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱAPȱtoȱtheȱcorrespondingȱlocation.ȱ
ManuallyȱTagȱDevicesȱto::ȱClickȱȱtoȱmanuallyȱtagȱtheȱAPȱtoȱtheȱdesiredȱlocation.ȱ
UnderȱEnterȱClientȱdetailsȱ
ToȱaddȱaȱClient’sȱdetails,ȱunderȱEnterȱClientȱdetails,ȱtypeȱtheȱClient’sȱMACȱAddress,ȱIPȱAddress,ȱandȱNameȱandȱclickȱ
>>>.ȱ
ToȱaddȱaȱClient’sȱdetailsȱfromȱaȱfile,ȱclickȱ.ȱOnȱtheȱSelectȱAuthorized/Unauthorizedȱ
Client_Device_List_Fileȱdialog,ȱselectȱtheȱ.txtȱfileȱfromȱtheȱdesiredȱlocationȱandȱclickȱ.ȱThenȱclickȱ>>>.ȱ
UnderȱAuthorized/UnauthorizedȱClientȱImportȱListȱ
ToȱdeleteȱaȱClient’sȱdetails,ȱselectȱtheȱcorrespondingȱrowȱandȱclickȱ.ȱ
ToȱimportȱAuthorized/UnauthorizedȱClientsȱfromȱtheȱAuthorized/UnauthorizedȱClientȱImportȱList,ȱclickȱ.ȱ
Note:ȱWhenȱyouȱimportȱClientsȱfromȱaȱlist,ȱpolicyȱsettingsȱinȱtheȱSetupȱWizardȱdoȱnotȱaffectȱtheseȱClients.ȱ
24. TheȱDevicesÆClientsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱinspect,ȱconfirm,ȱandȱ
reȬclassifyȱaȱdevice,ȱwhichȱis,ȱmoveȱaȱdeviceȱtoȱaȱdifferentȱfolderȱbasedȱonȱfreshȱinformation.ȱ
71
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 99.
Devices Screen – Clients
UseȱtheȱfollowingȱstepsȱtoȱmoveȱaȱClientȱtoȱaȱspecificȱfolder:ȱ
a. InȱtheȱClientȱlist,ȱrightȱclickȱtheȱdesiredȱClientȱrow.ȱ
b. Fromȱtheȱresultingȱcontextȱsensitiveȱmenu,ȱselectȱMoveȱto….ȱ
c. ClickȱtheȱdesiredȱcategoryȱtoȱwhichȱyouȱwantȱtoȱmoveȱtheȱClient.ȱ
7.1.8
Stepȱ8:ȱConfiguringȱIntrusionȱPreventionȱPolicyȱ
25. TheȱIntrusionȱPreventionȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
7.1.8.1
IntrusionȱPreventionȱPolicyȱ
TheȱIntrusionȱPreventionȱpolicyȱdeterminesȱtheȱwirelessȱthreatsȱagainstȱwhichȱtheȱsystemȱprotectsȱtheȱnetworkȱautomatically.ȱ
TheȱsystemȱautomaticallyȱmovesȱsuchȱthreatȬposingȱAPsȱandȱClientsȱtoȱquarantine.ȱTheȱsystemȱcanȱprotectȱagainstȱmultipleȱ
threatsȱsimultaneouslyȱbasedȱonȱtheȱselectedȱIntrusionȱPreventionȱLevel.ȱ
IfȱtheȱServerȱquarantinesȱanȱAPȱorȱClientȱbasedȱonȱtheȱIntrusionȱPreventionȱpolicy,ȱtheȱDisableȱAutoȬquarantineȱoptionȱ
ensuresȱthatȱtheȱsystemȱwillȱnotȱautomaticallyȱquarantineȱthisȱAPȱorȱClientȱ(regardlessȱofȱtheȱspecifiedȱIntrusionȱPreventionȱ
policies).ȱ
72ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 100.
Intrusion Prevention Policy
Youȱcanȱenableȱintrusionȱpreventionȱagainstȱtheȱfollowingȱthreats:ȱ
RogueȱAPs:ȱAPsȱthatȱareȱconnectedȱtoȱyourȱnetworkȱbutȱnotȱauthorizedȱbyȱtheȱadministrator;ȱanȱattackerȱcanȱgainȱ
accessȱtoȱyourȱnetworkȱthroughȱtheȱRogueȱAPs.ȱYouȱcanȱalsoȱautomaticallyȱquarantineȱUncategorizedȱIndeterminateȱ
andȱBannedȱAPsȱconnectedȱtoȱtheȱnetwork.ȱ
MisȬconfiguredȱAPs:ȱAPsȱthatȱareȱauthorizedȱbyȱtheȱadministratorȱbutȱdoȱnotȱconformȱtoȱtheȱsecurityȱpolicy;ȱanȱ
attackerȱcanȱgainȱaccessȱtoȱyourȱnetworkȱthroughȱmisconfiguredȱAPs.ȱThisȱcouldȱhappenȱifȱtheȱAPsȱareȱreset,ȱ
tamperedȱwith,ȱorȱifȱthereȱisȱaȱchangeȱinȱtheȱsecurityȱpolicy.ȱ
ClientȱMisȬassociation:ȱAuthorizedȱClientsȱthatȱconnectȱtoȱRogueȱorȱExternalȱ(neighboring)ȱAPs;ȱcorporateȱdataȱonȱ
theȱAuthorizedȱClientȱisȱunderȱthreatȱdueȱtoȱsuchȱconnections.ȱAirTightȱrecommendsȱthatȱyouȱprovideȱautomaticȱ
intrusionȱpreventionȱagainstȱAuthorizedȱClientsȱthatȱconnectȱtoȱExternalȱAPs.ȱ
UnauthorizedȱAssociations:ȱUnauthorizedȱandȱBannedȱClientsȱthatȱconnectȱtoȱAuthorizedȱAPs;ȱanȱattackerȱcanȱgainȱ
accessȱtoȱyourȱnetworkȱthroughȱAuthorizedȱAPsȱifȱtheȱsecurityȱmechanismsȱareȱweak.ȱUnauthorizedȱorȱ
UncategorizedȱClientȱconnectionsȱtoȱanȱAuthorizedȱAPȱusingȱaȱGuestȱSSIDȱareȱnotȱtreatedȱasȱunauthorizedȱ
associations.ȱ
AdȱhocȱConnections:ȱPeerȬtoȬpeerȱconnectionsȱbetweenȱClients;ȱcorporateȱdataȱonȱtheȱAuthorizedȱClientȱisȱunderȱ
threatȱifȱitȱisȱinvolvedȱinȱanȱadȱhocȱconnection.ȱ
MACȱSpoofing:ȱAnȱAPȱthatȱspoofsȱtheȱwirelessȱMACȱaddressȱofȱanȱAuthorizedȱAP;ȱanȱattackerȱcanȱlaunchȱanȱattackȱ
throughȱaȱMACȱspoofingȱAP.ȱ
Honeypot/EvilȱTwinȱAPs:ȱNeighboringȱAPsȱthatȱhaveȱtheȱsameȱSSIDȱasȱanȱAuthorizedȱAP;ȱAuthorizedȱClientsȱcanȱ
connectȱtoȱHoneypot/EvilȱTwinȱAPs.ȱCorporateȱdataȱonȱtheseȱAuthorizedȱClientsȱisȱunderȱthreatȱdueȱtoȱsuchȱ
connections.ȱ
DenialȱofȱServiceȱ(DoS)ȱAttacks:ȱDoSȱattacksȱdegradeȱtheȱperformanceȱofȱanȱofficialȱWLAN.ȱ
WEPGuardȱTM:ȱActiveȱWEPȱcrackingȱtoolsȱallowȱattackersȱtoȱcrackȱtheȱWEPȱkeyȱandȱgainȱaccessȱtoȱconfidentialȱdataȱ
inȱaȱmatterȱofȱminutesȱorȱevenȱseconds.ȱCompromisedȱWEPȱkeysȱareȱusedȱtoȱgainȱentryȱintoȱtheȱauthorizedȱWLANȱ
byȱspoofingȱtheȱMACȱaddressȱofȱanȱinactiveȱAuthorizedȱClient.ȱ
73
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
7.1.8.2
IntrusionȱPreventionȱLevelȱ
Theȱsystemȱcanȱpreventȱanyȱunwantedȱcommunicationȱinȱyourȱ802.11ȱnetwork.ȱItȱprovidesȱyouȱvariousȱlevelsȱofȱpreventionȬ
blockingȱmechanismsȱofȱvaryingȱeffectiveness.ȱIntrusionȱPreventionȱLevelȱenablesȱyouȱtoȱspecifyȱaȱtradeȬoffȱbetweenȱtheȱ
desiredȱlevelȱofȱpreventionȱandȱtheȱdesiredȱnumberȱofȱmultipleȱsimultaneousȱpreventionsȱacrossȱradioȱchannels.ȱ
Theȱgreaterȱtheȱnumberȱofȱchannelsȱacrossȱwhichȱsimultaneousȱpreventionȱisȱdesired,ȱtheȱlesserȱisȱtheȱeffectivenessȱofȱ
preventionȱinȱinhibitingȱunwantedȱcommunication.ȱScanningȱforȱnewȱdevicesȱcontinuesȱregardlessȱofȱtheȱchosenȱpreventionȱ
level.ȱ
ȱ
Figure 101.
Intrusion Prevention Level
Youȱcanȱselectȱtheȱfollowingȱpreventionȱlevels:ȱ
Block:ȱAȱsingleȱSensorȱcanȱblockȱunwantedȱcommunicationȱonȱanyȱoneȱchannelȱinȱtheȱ802.11b/gȱbandȱandȱanyȱoneȱ
channelȱinȱtheȱ802.11aȱband.ȱ
Disrupt:ȱAȱsingleȱSensorȱcanȱdisruptȱunwantedȱcommunicationȱonȱanyȱtwoȱchannelsȱinȱtheȱ802.11b/gȱbandȱandȱanyȱ
twoȱchannelsȱinȱtheȱ802.11aȱband.ȱ
Interrupt:ȱAȱsingleȱSensorȱcanȱinterruptȱunwantedȱcommunicationȱonȱanyȱthreeȱchannelsȱinȱtheȱ802.11b/gȱbandȱandȱ
anyȱthreeȱchannelsȱinȱtheȱ802.11aȱband.ȱ
Degrade:ȱAȱsingleȱSensorȱcanȱdegradeȱtheȱperformanceȱofȱunwantedȱcommunicationȱonȱanyȱfourȱchannelsȱinȱ
802.11b/gȱbandȱandȱanyȱfourȱchannelsȱinȱtheȱ802.11aȱband.ȱ
Blockȱisȱtheȱmostȱpowerfulȱpreventionȱlevel,ȱthatȱis,ȱitȱcanȱseverelyȱblockȱalmostȱallȱpopularȱInternetȱapplicationsȱincludingȱ
ping,ȱSSH,ȱtelnet,ȱFTP,ȱHTTP,ȱandȱtheȱlike.ȱHowever,ȱatȱthisȱlevel,ȱaȱsingleȱSensorȱcanȱsimultaneouslyȱpreventȱunwantedȱ
communicationȱonȱonlyȱoneȱchannelȱinȱtheȱ802.11b/gȱbandȱandȱoneȱchannelȱinȱtheȱ802.11aȱband.ȱIfȱyouȱwantȱtheȱSensorȱtoȱ
preventȱunwantedȱcommunicationȱonȱmultipleȱchannelsȱsimultaneouslyȱinȱtheȱ802.11ȱb/gȱand/orȱtheȱ802.11aȱband,ȱyouȱmustȱ
selectȱotherȱpreventionȱlevels.ȱ
74ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
Note:ȱPreventionȱTypeȱdeterminesȱtheȱblockingȱstrengthȱtoȱpreventȱcommunicationȱfromȱunwantedȱAPsȱandȱClients.ȱTheȱsystemȱcanȱ
preventȱmultipleȱAPsȱandȱClientsȱonȱeachȱchannel.ȱPreventionȱTypeȱisȱnotȱapplicableȱforȱDenialȱofȱServiceȱ(DoS)ȱattacksȱorȱadȱhocȱ
networks.ȱYouȱmustȱselectȱaȱlowerȱblockingȱlevelȱtoȱpreventȱdevicesȱonȱmoreȱchannels.ȱChoosingȱaȱlowerȱblockingȱlevelȱmeansȱthatȱsomeȱ
packetsȱfromȱtheȱblockedȱdeviceȱmayȱgoȱthrough.ȱ
7.1.9
Stepȱ9:ȱConfiguringȱEventsȱandȱReportsȱ
26. TheȱEventȱConfigurationȱfunctionȱscreenȱofȱtheȱEventȱSettingsȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ
7.1.9.1
Securityȱ
Securityȱenablesȱyouȱtoȱviewȱeventsȱrelatedȱtoȱsecurityȱandȱthatȱposeȱaȱthreatȱtoȱyourȱnetwork.ȱ
ȱ
Figure 102.
Event Configuration – Security
Securityȱisȱfurtherȱdividedȱintoȱtheȱfollowing:ȱ
RogueȱAPȱ
MisȬConfiguredȱAPȱ
MisbehavingȱClientsȱ
Preventionȱ
DoSȱ
AdȱhocȱNetworkȱ
ManȬinȬtheȬMiddleȱ
MACȱSpoofingȱ
Reconnaissanceȱ
Systemȱ
7.1.9.2
Monitoringȱ
Monitoringȱenablesȱyouȱtoȱviewȱeventsȱrelatedȱtoȱtheȱmonitoringȱofȱyourȱnetworkȱandȱthatȱareȱinformationalȱinȱnature.ȱ
75
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 103.
Event Configuration – Monitoring
Monitoringȱisȱfurtherȱdividedȱintoȱtheȱfollowing:ȱ
APȱ
Clientȱ
Sensorȱ
Serverȱ
Trafficȱ
Troubleshootingȱ
OnceȱyouȱselectȱanyȱofȱtheȱaboveȱcategoriesȱandȱsubȬcategories,ȱaȱlistȱofȱrelatedȱeventsȱappears.ȱ
Theȱeventsȱlistȱdisplaysȱtheȱfollowingȱcolumns:ȱ
Display:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱthatȱyouȱwantȱtoȱappearȱinȱtheȱmainȱEventsȱ
screen.ȱ
EȬmail:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱforȱwhichȱyouȱwantȱemailsȱnotificationsȱsentȱtoȱ
allȱusersȱwhoseȱemailȱaddressesȱyouȱhaveȱconfiguredȱinȱtheȱAdministrationÆEventȱSettingsÆEmailȱNotification.ȱ
Notify:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱforȱwhichȱyouȱwantȱnotificationsȱsentȱtoȱexternalȱ
agentsȱsuchȱasȱSNMP,ȱSyslog,ȱArcSight,ȱandȱOPSEC.ȱ
Vulnerability:ȱSelectȱcheckboxesȱtoȱindicateȱwhichȱeventsȱmakeȱtheȱsystemȱVulnerable.ȱTheȱSecurityȱScorecardȱ
showsȱVulnerableȱstatusȱifȱanyȱeventsȱofȱtheȱselectedȱtypeȱoccur.ȱ
Severity:ȱSelectȱtheȱseverityȱofȱeachȱeventȱasȱHigh,ȱMedium,ȱorȱLow.ȱThisȱfunctionȱhelpsȱyouȱtoȱorganizeȱeventsȱinȱ
theȱmostȱusefulȱway.ȱ
Event:ȱProvidesȱaȱshortȱdescriptionȱofȱeachȱevent.ȱ
Click…:ȱȱClickȱ
ȱtoȱviewȱaȱdetailedȱdescriptionȱofȱtheȱcorrespondingȱeventȱcategory.ȱ
AdvancedȱSettings:ȱClickȱȱtoȱopenȱtheȱEventȱAdvancedȱSettingsȱdialogȱandȱchangeȱtheȱconfigurationȱ
parametersȱofȱtheȱcorrespondingȱeventȱcategory.ȱȱisȱdisabledȱwhenȱtheȱeventȱhasȱnoȱconfigurationȱparameters.ȱ
Note:ȱTheȱparametersȱinȱtheȱEventȱAdvancedȱSettingsȱdialogȱchangesȱaccordingȱtoȱtheȱsettingsȱforȱtheȱselectedȱevent.ȱ
76ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 104.
Event Advanced Settings
27. TheȱEmailȱNotificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱEmailȱNotificationȱnodeȱenablesȱyouȱtoȱ
selectȱtheȱemailȱaddressesȱthatȱshouldȱbeȱnotifiedȱwhenȱanȱeventȱoccursȱatȱaȱparticularȱlocation.ȱYouȱcanȱselectȱfromȱtheȱ
emailȱaddressesȱofȱsystemȱusersȱorȱaddȱaȱcustomȱemailȱaddress.ȱ
ȱ
Figure 105.
Email Notification
ClickȱtoȱopenȱCustomȱEmailȱAddressȱforȱNotificationȱdialogȱwhereȱyouȱcanȱaddȱaȱnewȱemailȱaddress.ȱ
77
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 106.
Email Configuration Dialog
Clickȱȱtoȱaddȱtheȱnewȱemailȱaddress.ȱ
Selectȱanȱemailȱaddressȱandȱclickȱȱtoȱdeleteȱanȱexistingȱemailȱaddress.ȱYouȱcanȱdeleteȱmultipleȱemailȱaddressesȱusingȱ
clickȬandȬdragȱorȱusingȱtheȱȱ+ȱȱkeysȱandȱthenȱclickingȱ.ȱ
28. TheȱReportsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱuseȱreportsȱgeneratedȱbyȱtheȱ
systemȱandȱcreateȱcustomȱreports.ȱYouȱcanȱscheduleȱemailȱdeliveryȱofȱaȱSharedȱreport.ȱYouȱcanȱselectȱoneȱtimeȱdeliveryȱorȱ
recurringȱdelivery.ȱ
ȱ
Figure 107.
7.1.9.3
Reports Screen
AddingȱaȱReportȱ
Theȱsystemȱenablesȱyouȱtoȱdefineȱcustomizedȱreportsȱsoȱthatȱyouȱcanȱviewȱpreciseȱdetailsȱthatȱyouȱrequire.ȱUseȱtheȱfollowingȱ
stepsȱtoȱaddȱaȱreport:ȱ
a. SelectȱtheȱtabȱMyȱReports.ȱ
b. UnderȱListȱofȱReports,ȱclickȱ.ȱ
78ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 108.
c.
d.
e.
f.
g.
h.
Report Details Screen
OnȱtheȱReportȱDetailsȱdialog,ȱunderȱReportȱName,ȱenterȱaȱunique,ȱuserȬfriendlyȱnameȱforȱtheȱreport.ȱ
UnderȱReportȱDescription,ȱenterȱbriefȱnotesȱtoȱhelpȱidentifyȱtheȱreport.ȱ
ClickȱUseȱdefaultȱlookȱandȱfeel,ȱtoȱretainȱtheȱdefaultȱtext,ȱtitle,ȱandȱcolorsȱforȱtheȱreports.ȱ
Alternatively,ȱclickȱCustomizeȱlookȱandȱfeel,ȱtoȱcustomizeȱtheȱappearanceȱofȱtheȱreport.ȱ
SelectȱtheȱReportȱHeaderȱtab.ȱ
UnderȱReportȱHeader,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ
¾ TitleȱText:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱinȱtheȱheaderȱonȱtheȱleftȱside.ȱ
¾ TextȱonȱRight:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱinȱtheȱheaderȱonȱtheȱrightȱside.ȱ
¾ ClickȱȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱReportȱHeader.ȱ
UnderȱReportȱTitle,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ
¾ TitleȱText:ȱSpecifyȱaȱtitleȱthatȱappearsȱbelowȱtheȱheaderȱonȱtheȱleftȱside.ȱTheȱReportȱDescriptionȱfollowsȱthisȱtitle.ȱ
¾ ClickȱȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱReportȱTitle.ȱ
Selectȱtheȱcheckbox,ȱDisplayȱReportȱGenerationȱInformationȱtoȱviewȱtheȱfollowingȱinformationȱbelowȱtheȱReportȱ
Titleȱ
¾ Durationȱforȱwhichȱtheȱreportȱisȱgeneratedȱ
¾ Locationȱforȱwhichȱtheȱreportȱisȱgeneratedȱ
¾ Userȱwhoȱgeneratedȱtheȱreportȱ
¾ Dateȱandȱtimeȱwhenȱtheȱreportȱisȱgeneratedȱ
Selectȱtheȱcheckbox,ȱDisplayȱReportȱDescriptionȱTextȱtoȱviewȱaȱdetailedȱdescriptionȱofȱtheȱreport.ȱ
SelectȱtheȱReportȱSummaryȱtab.ȱ
79
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 109.
Report Details Screen showing Report Summary Tab
i.
DeȬselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱifȱyouȱdoȱnotȱwishȱtoȱviewȱtheȱReportȱSummaryȱinȱaȱtabularȱform.ȱ
Alternatively,ȱselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱtoȱcustomizeȱparametersȱinȱtheȱReportȱSummaryȱtableȱ
inȱtheȱgeneratedȱreport.ȱ
¾ SpecifyȱtheȱReportȱSummaryȱTextȱthatȱshouldȱappearȱasȱtheȱReportȱSummaryȱtableȱheading.ȱ
¾ ClickȱȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱReportȱSummaryȱtableȱheading.ȱ
UnderȱSummaryȱTable,ȱselectȱtheȱcheckbox,ȱIncludeȱSectionȱwithȱzeroȱresultsȱtoȱviewȱsectionsȱinȱwhichȱtheȱresultȱ
countȱisȱzero.ȱ
UnderȱSummaryȱTableȱHeader,ȱclickȱ,ȱselectȱtheȱForeground,ȱandȱBackgroundȱcolorsȱforȱtheȱReportȱ
Summaryȱtableȱrowȱheader.ȱ
UnderȱSummaryȱTableȱColumnȱHeaderȱDefinition,ȱselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱTableȱtoȱ
customizeȱtheȱfollowingȱcolumnȱnamesȱinȱtheȱReportȱSummaryȱtableȱinȱtheȱgeneratedȱreport.ȱ
¾ SectionȱNameȱ
¾ SectionȱDescriptionȱ
¾ QueryȱTypeȱ
¾ ResultȱCountȱ
¾ Jumpȱtoȱ
UnderȱSummaryȱCharts,ȱselectȱaȱradioȱbuttonȱtoȱviewȱtheȱchartsȱinȱtheȱdesiredȱformat.ȱ
SelectȱtheȱReportȱSectionsȱtab.ȱ
80ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 110.
Report Details Screen showing Report Sections Tab
j.
UnderȱSectionȱTitle,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ
¾ SectionȱNameȱTitle:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱasȱaȱcommonȱheadingȱforȱallȱtheȱSectionȱNames.ȱ
¾ ClickȱȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱSectionȱNameȱTitle.ȱ
UnderȱSectionȱHeader,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ
¾ Clickȱ,ȱselectȱtheȱForeground,ȱandȱBackgroundȱcolorsȱforȱtheȱtableȱrowȱheadersȱinȱtheȱSectionȱSummaryȱ
andȱSectionȱResultsȱsections.ȱ
¾ SelectȱDisplayȱSectionȱDescriptionȱtextȱtoȱviewȱaȱbriefȱdescriptionȱforȱeachȱsectionȱofȱtheȱreport.ȱ
¾ SelectȱDisplayȱSectionȱQueryȱtoȱviewȱallȱtheȱconstraintsȱspecifiedȱinȱtheȱdatabaseȱqueryȱforȱthatȱsection.ȱ
¾ SelectȱDisplayȱSectionȱSummaryȱtoȱviewȱaȱgraphicalȱandȱtabularȱatȬaȬglanceȱviewȱofȱtheȱresultsȱofȱtheȱsection.ȱ
¾ SelectȱDisplayȱSectionȱResultsȱtoȱviewȱallȱtheȱentriesȱinȱtheȱdatabaseȱthatȱsatisfyȱtheȱconstraintsȱspecifiedȱbyȱtheȱ
sectionȱquery.ȱ
™ SelectȱDisplayȱdetailsȱofȱSectionȱResultsȱtoȱviewȱadditionalȱdetailsȱforȱeachȱentryȱinȱtheȱSectionȱResultsȱ
table.ȱ
ToȱaddȱtheȱreportȱtoȱtheȱListȱofȱReports,ȱclickȱ.ȱTheȱnewȱreportȱappearsȱunderȱtheȱListȱofȱReportsȱtable.ȱ
7.1.9.4
AddingȱaȱSectionȱtoȱaȱReportȱ
Aȱreportȱconsistsȱofȱoneȱorȱmoreȱsections.ȱEachȱsectionȱisȱaȱqueryȱtoȱtheȱdatabase.ȱTheȱsystemȱthenȱsearchesȱitsȱdatabaseȱforȱ
thoseȱrecordsȱthatȱsatisfyȱtheȱconditionsȱthatȱyouȱimpose.ȱUseȱtheȱfollowingȱstepsȱtoȱaddȱaȱsectionȱtoȱaȱreport:ȱ
a. FromȱtheȱListȱofȱReportsȱtable,ȱselectȱtheȱreportȱtoȱwhichȱyouȱneedȱtoȱaddȱaȱsection.ȱ
b. Clickȱ.ȱ
ȱ
81
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 111.
c.
d.
e.
f.
g.
h.
i.
Adding a Section to a Report
OnȱtheȱAddȱSectionȱtoȱReportȱdialog,ȱenterȱaȱSectionȱNameȱandȱaȱSectionȱDescriptionȱforȱtheȱnewlyȱaddedȱsection.ȱ
SelectȱtheȱcheckboxȱDisplayȱthisȱsectionȱtoȱviewȱthisȱsectionȱinȱtheȱgeneratedȱreport.ȱ
UnderȱSectionȱQueryȱType,ȱselectȱDevice,ȱEvent,ȱorȱSAFEȱasȱtheȱqueryȱtype.ȱ
SelectȱanyȱcombinationȱofȱtheȱAP,ȱClient,ȱandȱSensorȱcheckboxesȱtoȱincludeȱtheseȱdeviceȱtypesȱinȱtheȱreport.ȱTheseȱ
checkboxesȱareȱnotȱavailableȱforȱaȱSAFEȱquery.ȱ
DescribeȱtheȱSectionȱQueryȱconstructionȱlogicȱbyȱselectingȱtheȱfollowing:ȱ
AȱcolumnȱfromȱSelectȱColumnȱ
AȱconditionȱfromȱSelectȱConditionȱ
Anȱobjectȱforȱtheȱquery,ȱwhichȱyouȱcanȱselectȱorȱenterȱ
Optionally,ȱselectȱoneȱorȱmoreȱBooleanȱconnectorsȱ(ORȱorȱAND)ȱtoȱjoinȱtwoȱorȱmoreȱqueries.ȱClickȱȱtoȱdeleteȱaȱ
query.ȱ
UnderȱSelectȱColumnsȱtoȱbeȱdisplayedȱinȱSectionȱResults,ȱdoȱtheȱfollowing.ȱ
Clickȱȱtoȱviewȱaȱlistȱofȱattributesȱandȱselectȱanȱattribute.ȱ
SelectȱtheȱcheckboxȱDisplayȱtoȱviewȱtheȱselectedȱattributeȱinȱtheȱgeneratedȱreport.ȱ
UnderȱSummary,ȱyouȱcanȱchooseȱtoȱdoȱtheȱfollowing:ȱ
¾ SelectȱtheȱtypeȱofȱchartȱfromȱtheȱdropȬdownȱlistȱtoȱviewȱaȱgraphȱforȱtheȱselectedȱattribute.ȱ
¾ SelectȱtheȱcheckboxȱTableȱtoȱviewȱaȱtabulatedȱcountȱforȱtheȱselectedȱattribute.ȱ
Note:ȱPieȱchartsȱareȱnotȱvisibleȱinȱanȱHTMLȱreport.ȱYouȱcanȱviewȱpieȱchartsȱonlyȱinȱaȱPDFȱreport.ȱ
j.
Selectȱanȱattributeȱandȱclickȱȱtoȱdeleteȱthatȱattribute.ȱ
SelectȱanȱattributeȱandȱclickȱȱorȱȱtoȱorganizeȱtheȱattributesȱthatȱappearȱasȱcolumnsȱinȱtheȱSectionȱResultsȱ
tableȱofȱtheȱgeneratedȱreport.ȱ
Toȱsaveȱtheȱsectionȱtoȱanȱexistingȱreport,ȱclickȱ.ȱToȱsaveȱtheȱsectionȱwithȱaȱnewȱname,ȱclickȱ.ȱ
82ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
7.1.9.5
CreatingȱaȱReportȱScheduleȱ
Useȱtheȱfollowingȱstepsȱtoȱscheduleȱemailȱdeliveryȱofȱaȱreport:ȱ
a. FromȱtheȱListȱofȱReportsȱtable,ȱselectȱtheȱreportȱthatȱyouȱwantȱtoȱschedule.ȱ
b. Clickȱ.ȱTheȱGenerationȱandȱDeliveryȱOptionsȱforȱSelectedȱLocationȱdialogȱappears.ȱ
ȱ
ȱ
Figure 112.
c.
Scheduling a Report for One Time Delivery
FromȱtheȱFormatȱdropȬdownȱlist,ȱselectȱtheȱoutputȱtypeȱforȱtheȱreport,ȱthatȱis,ȱHTML,ȱXML,ȱorȱPDF.ȱ
Note:ȱTheȱsystemȱdoesȱnotȱsupportȱPDFȱreportȱgenerationȱonȱolderȱversionsȱofȱIEȱ(versionsȱlowerȱthanȱ7.0).ȱ
d.
SelectȱeitherȱOneȱTimeȱGenerationȱorȱRecurringȱGeneration.ȱ
ToȱscheduleȱaȱreportȱforȱOneȱTimeȱGeneration,ȱperformȱtheȱfollowing:ȱ
ȱtoȱspecifyȱtheȱdateȱandȱtheȱtimeȱonȱwhichȱtoȱgenerateȱtheȱ
¾ UnderȱScheduleȱReport,ȱclickȱtheȱcalendarȱiconȱ
report.ȱ
¾ UnderȱReportȱTimeȱPeriod,ȱcustomizeȱtheȱdurationȱforȱwhichȱtheȱreportȱshouldȱbeȱgeneratedȱbyȱdoingȱeitherȱofȱ
theȱfollowing:ȱ
™ SelectȱLastȱandȱthenȱtheȱnumberȱofȱhours,ȱdays,ȱorȱmonthsȱbeforeȱtheȱreportȱdeliveryȱtime.ȱ
™ SelectȱCustomizeȱandȱthenȱtheȱexactȱdateȱandȱtimeȱinȱFromȱDateȱandȱToȱDateȱfields.ȱ
83
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 113.
Scheduling a Report for Recurring Generation
e.
f.
ToȱscheduleȱaȱreportȱforȱRecurringȱGeneration,ȱperformȱtheȱfollowing:ȱ
¾ UnderȱScheduleȱReport,ȱfromȱtheȱGenerateȱReportȱEveryȱdropȬdownȱlist,ȱselectȱtheȱnumberȱofȱhours,ȱdays,ȱorȱ
monthsȱoverȱwhichȱtoȱdeliverȱtheȱreport.ȱ
¾ ClickȱtheȱcalendarȱiconȱnextȱtoȱStartȱDateȱtoȱselectȱtheȱstartȱdateȱandȱtimeȱforȱtheȱreport.ȱ
¾ ClickȱtheȱcalendarȱiconȱnextȱtoȱEndȱDateȱtoȱselectȱtheȱendȱdateȱandȱtimeȱforȱtheȱreport.ȱTheȱEndȱDateȱmustȱbeȱ
greaterȱthanȱtheȱStartȱDate.ȱTheȱsystemȱautomaticallyȱselectsȱtheȱEndȱDateȱandȱTimeȱfromȱtheȱStartȱDate.ȱ
¾ UnderȱReportȱTimeȱPeriod,ȱcustomizeȱtheȱdurationȱforȱwhichȱtheȱreportȱshouldȱbeȱgeneratedȱbyȱselectingȱLastȱ
andȱthenȱtheȱnumberȱofȱhours,ȱdays,ȱorȱmonthsȱbeforeȱtheȱreportȱdeliveryȱtime.ȱ
UnderȱDeliveryȱOptions,ȱperformȱtheȱfollowing:ȱ
SelectȱArchiveȱReportȱandȱthenȱchooseȱtheȱfollowing:ȱ
¾ NeverȱDeleteȱtoȱretainȱtheȱreportȱforeverȱ
¾ Deleteȱafterȱ‘n’ȱdaysȱtoȱdeleteȱtheȱreportȱafterȱtheȱspecifiedȱnumberȱofȱdaysȱ
SelectȱEmailȱReportȱtoȱemailȱaȱcopyȱofȱtheȱreportȱtoȱtheȱselectedȱuser(s).ȱ
¾ SelectȱZipȱbeforeȱemailȱtoȱcompressȱtheȱreportȱbeforeȱemailingȱit.ȱ
ClickȱȱtoȱopenȱReportȱDeliveryȱdialog.ȱHere,ȱyouȱcanȱdoȱtheȱfollowing:ȱ
SelectȱoneȱorȱmoreȱemailȱaddressesȱunderȱSystemȱUsersȱandȱthenȱclickÆȱtoȱmoveȱtheȱchosenȱemailȱaddress(s)ȱtoȱ
Recipients.ȱTheȱsystemȱdeliversȱscheduledȱreportsȱtoȱtheȱusersȱunderȱRecipients.ȱ
ClickȱȱtoȱopenȱAdditionalȱEmailȱAddressesȱdialogȱwhereȱyouȱcanȱspecifyȱaȱcustomȱemailȱaddressȱforȱaȱnonȬ
systemȱuserȱwhoȱwillȱreceiveȱaȱscheduledȱreport.ȱInȱthisȱdialog,ȱyouȱcanȱaddȱmultipleȱemailȱaddressesȱoneȱatȱaȱtime.ȱ
84ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 114.
g.
h.
i.
Specifying Additional Email Addresses for Report Delivery
ClickȱȱtoȱcloseȱtheȱAdditionalȱEmailȱAddressesȱdialog.ȱ
ClickȱȱtoȱcloseȱtheȱReportȱDeliveryȱdialog.ȱ
Toȱscheduleȱtheȱreport,ȱclickȱ.ȱ
7.1.10 Stepȱ10:ȱCalibratingȱLocationȱTrackingȱ
29. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCalibrateȱyourȱsystemȱforȱaccurateȱlocationȱtracking.ȱ
ȱ
Figure 115.
Locations Screen – Calibration
85
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
CalibrationȱhelpsȱinȱtuningȱRFȱparametersȱusedȱbyȱtheȱsystemȱtoȱcompareȱtheȱAPȱandȱSensorȱpredictionsȱtoȱactualȱ
observations.ȱTheȱsystemȱhasȱaȱrobustȱcalibrationȱtechniqueȱthatȱalsoȱallowsȱmanualȱinterventionȱinȱcaseȱofȱdiscrepancy.ȱUseȱ
theȱfollowingȱstepsȱtoȱcalibrateȱRFȱviews:ȱ
a. Placeȱdevicesȱonȱtheȱfloormap.ȱ
b. SelectȱtheȱViewerȱtab.ȱ
c. SelectȱoneȱofȱtheȱAPȱorȱSensorȱviews.ȱ
d. GenerateȱtheȱdesiredȱRFȱCoverageȱmapȱbyȱclickingȱ.ȱ
e. Toȱimproveȱpredictions,ȱfineȬtuneȱtheȱMin.ȱSignalȱDecayȱConstantȱandȱtheȱMax.ȱSignalȱDecayȱConstant.ȱ
Note:ȱMin.ȱSignalȱDecayȱConstantȱspecifiesȱtheȱamountȱofȱsignalȱlossȱthatȱisȱacceptableȱforȱregionsȱcloseȱtoȱtheȱtransmitterȱ(Sensor).ȱ
Max.ȱSignalȱDecayȱConstantȱspecifiesȱtheȱamountȱofȱsignalȱlossȱthatȱisȱacceptableȱforȱregionsȱawayȱfromȱtheȱtransmitter.ȱSignalȱlossȱisȱ
directlyȱproportionalȱtoȱtheȱsignalȱdecayȱconstants.ȱ
f.
ChangeȱtheȱvaluesȱofȱtheȱSignalȱDecayȱSlopeȱ(Beta)ȱandȱtheȱSignalȱDecayȱInflectionȱ(Alpha).ȱTheȱsystemȱusesȱtheseȱ
parametersȱwhenȱcomputingȱtheȱRFȱandȱdefinesȱtheȱregionȱaroundȱtheȱtransmitterȱthatȱisȱunobstructed.ȱ
Note:ȱWhenȱyouȱchangeȱtheȱvaluesȱofȱMin.ȱSignalȱDecayȱConstant,ȱMax.ȱSignalȱDecayȱConstant,ȱSignalȱDecayȱSlopeȱ(Beta),ȱandȱ
SignalȱDecayȱInflectionȱ(Alpha)ȱtheȱRFȱviewȱandȱLocationȱTrackingȱforȱunobstructedȱregionsȱisȱaffected.ȱInȱtheȱobstructedȱregions,ȱonlyȱ
LocationȱTrackingȱisȱaffected,ȱRFȱviewȱisȱnotȱaffected.ȱ
g.
Clickȱȱtoȱviewȱyourȱselectionȱagainstȱtheȱpredictedȱvalues.ȱ
Important:ȱTheȱPredictedȱvalueȱcurveȱshouldȱoverlapȱtheȱObservedȱvalueȱcurveȱasȱmuchȱasȱpossible.ȱ
h.
i.
Clickȱȱtoȱcompleteȱcalibrationȱifȱyouȱhaveȱadjustedȱtheȱparametersȱmanuallyȱsuchȱthatȱtheȱtwoȱcurvesȱareȱ
parallelȱ(butȱnotȱcoinciding).ȱ
Clickȱȱtoȱcommitȱyourȱchanges.ȱ
ȱ
Figure 116.
RF Calibration Dialog
86ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
7.1.11 Stepȱ11:ȱLockingȱtheȱSystemȱConfigurationȱ
30. TheȱEventȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱtheȱsystemȱconfigurationȱisȱnotȱconfirmed,ȱyouȱ
needȱtoȱgoȱbackȱtoȱtheȱpreviousȱstepsȱandȱcompleteȱanyȱadditionalȱconfiguration.ȱOtherwise,ȱinȱthisȱstep,ȱyouȱcanȱturnȱonȱ
events.ȱTheȱsystemȱwillȱbecomeȱcompletelyȱoperationalȱafterȱactivatingȱintrusionȱprevention.ȱ
ȱ
Figure 117.
Event Activation
31. TheȱIntrusionȱPreventionȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱtheȱsystemȱconfigurationȱisȱnotȱ
confirmed,ȱyouȱneedȱtoȱgoȱbackȱtoȱtheȱpreviousȱstepsȱandȱcompleteȱanyȱadditionalȱconfiguration.ȱOtherwise,ȱinȱthisȱstep,ȱ
youȱcanȱturnȱonȱintrusionȱprevention.ȱThisȱmakesȱtheȱsystemȱoperational.ȱ
87
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 118.
Intrusion Prevention Activation
32. TheȱDeviceȱListȱLockingȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱyouȱhadȱpreviouslyȱunlockedȱtheȱlistȱofȱ
AuthorizedȱAPsȱandȱClientsȱatȱaȱlocationȱbyȱdeȬcheckingȱtheȱtwoȱcheckboxesȱLockȱAPȱListȱforȱlocationȱ‘ȱandȱLockȱClientȱListȱforȱlocationȱ‘,ȱyouȱmayȱlockȱtheȱlistsȱforȱallȱlocationsȱwhereȱyouȱdoȱ
notȱexpectȱmoreȱauthorizedȱAPsȱorȱClientsȱtoȱbeȱadded.ȱAirTightȱrecommendsȱthatȱyouȱlockȱtheȱAPȱlist.ȱIfȱyourȱClientsȱareȱ
authorizedȱautomatically,ȱdoȱnotȱlockȱtheȱClientȱlists.ȱAnyȱnewȱdeviceȱaddedȱafterȱtheȱlistȱisȱlockedȱhasȱtoȱbeȱmanuallyȱ
movedȱtoȱtheȱAuthorizedȱcategory.ȱ
88ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 119.
Device List Locking
7.1.12 Stepȱ12:ȱCompletionȱofȱSetupȱWizardȱ
33. Thisȱmarksȱtheȱcompletionȱofȱtheȱsetupȱwizard.ȱTheȱDashboardȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱ
Serverȱisȱconfiguredȱtoȱprotectȱyourȱnetworkȱagainstȱwirelessȱthreats.ȱ
89
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
SettingȱupȱtheȱServerȱConsoleȱ
ȱ
Figure 120.
Dashboard Screen
90ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ConfigȱShellȱCommandsȱ
Chapterȱ8
8.1
ConfigȱShellȱCommandsȱ
ServerȱConfigȱShellȱCommandsȱ
ThisȱchapterȱdescribesȱtheȱcommandsȱinȱtheȱServerȱConfigȱShellȱusedȱtoȱreconfigureȱorȱmaintainȱtheȱServerȱafterȱrunningȱtheȱ
ServerȱConfigurationȱWizard.ȱSomeȱcommandsȱdisplayȱtheȱstatusȱofȱtheȱServer.ȱ
Database Commands
Command
Description
db backup
Backs up the database to the Remote Server specified by
you
db clean
Resource clean-up without disruption of services
db maintain
Resource clean-up after temporary shutting down of services
db reset
Resets the database to factory defaults but maintains
network settings
db restore
Restores the database from a previous backup on a Remote
Server
ȱ
get Commands
Command
Description
get allowed ip
Displays the list of IP addresses or subnets that are allowed
to access this device
get cert
Generates a self-signed certificate
get certreq
Generates a Certificate Signing Request (CSR)
get date
Displays the current time zone, date, and time on the Server
get debug
Creates a debug information ‘tarball’ file; this file can be
used for debugging purposes
get ha
Displays High Availability (HA) Cluster configuration and
service status
get ha help
Displays detailed High Availability (HA) setup help
get interface
Displays the Network and HA Interface speed and mode
get locationinfo
Extracts information about location hierarchy, imported
images, and signal strength for all devices seen by Sensor
get log config
Displays the configuration of the logger
get monitoring
Displays the number of days that the system should keep
the data for all performance monitoring charts
get network
Displays the Network Interface (eth0) configuration including
the IP Address, Subnet mask, Gateway, DNS Address, and
DNS Prefix
get opsec log
Displays the log messages generated by OPSEC API
get route
Displays the routing table
91
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ConfigȱShellȱCommandsȱ
get sensor list
Displays a list of Sensors and NDs
get server config
Displays the complete Server configuration which includes
the Server ID, Server Version, Server Build, MAC address of
the Network and HA Interface, Server Mode, Server Time
Zone, Date and Time Settings, WLSE Integration Settings,
Settings of Network Interfaces, and Server Processes
get server check
Runs a Server consistency check and display the results. If
any fatal item fails, a failure result is recorded
get serverid
Displays the Server ID
get ssh
Displays the status of the SSH Server
get status
Displays the status of Server processes
get support
Displays settings that control how, when, where, and what
support information is to be sent
get version
Displays the version and build information of all the Server
components
ȱ
92ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ConfigȱShellȱCommandsȱ
set Commands
Command
Description
set allowed ip
Sets the list of IP addresses or subnets that are allowed to
access this device
set cert
Installs a signed SSL certificate issued for the request
generated using 'get certreq'
set date
Sets the current time zone, date, and time information on
the Server; the Server needs to be rebooted for the
date/time information to take effect
set dbserver
Starts/Stops the Database Server
set erase
Configures the backspace key
set ha
Enables or disables High Availability (HA) service
set interface
Sets the Network and HA Interface speed and mode
set log config
Sets the configuration of the logger
set monitoring
Sets the number of days that the system should keep the
data for all performance monitoring charts
set network
Sets the Network Interface (eth0) configuration including the
IP Address, Subnet mask, Gateway, DNS Address, and DNS
Prefix
set route
Allows addition/deletion of routing table entries
set server
Starts/Stops the Application Server
set serverid
Sets the Server ID
set ssh
Starts/Stops the SSH access to the Server
set support
Sets up how, when, where, and what support information is
to be sent
set webserver
Starts/Stops the Web Server
ȱ
93
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ConfigȱShellȱCommandsȱ
Other Commands
Command
Description
exit
Exits the config shell session
help
Displays help for all the commands
passwd
Allows the admin to change the config shell password
ping
Pings a host
reboot
Reboots the Server
reset factory
Resets the Server to the factory defaults/out of the box
status
reset password gui
Sets the Graphical User Interface (GUI) password for the user
‘admin’ to the factory default ‘admin’
shutdown
Shuts down the Server gracefully
traceroute
Shows the route to a host
upgrade
Upgrades the Server using the specified upgrade bundle from
an HTTP location
ȱ
94ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
ConfigȱShellȱCommandsȱ
ȱ
8.2
SensorȱConfigȱShellȱCommandsȱ
get Commands
Command
Description
get ap
Displays all the currently visible APs
get interface
Displays Network Interface speed and mode
get ip config
Displays the IP information
get log
Displays the log information as it is created
get log config
Displays the configuration of the logger
get mode
Displays the mode in which the Sensor is currently configured
get rf
Displays if RF monitoring for a Sensor is ‘ON’ or ‘OFF’
get serial num
Displays the Board Number
get server discovery
Displays the Server discovery/setting information
get status
Displays the current running status of all the components
get version
Displays the version and build information of all the
components
get vlan config
Displays the VLAN information (set info and dynamic info)
get vlan id
Displays the VLAN IDs seen by the ND
get vlan status
Displays the VLAN status information
get model
Displays the Sensor Model
ȱ
set Commands
Command
Description
set erase
Sets the erase character to ^H
set interface
Sets Network Interface speed and mode
set ip config
Runs through the current VLAN and IP config wizard
set server discovery
Sets the Server discovery information
set vlan config
Sets multiple VLAN monitoring to ‘ON’ or ‘OFF’
set mode
Sets the mode to Sensor, Sensor/ Network Detector Combo,
Network Detector, or Sentry
ȱ
95
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
ConfigȱShellȱCommandsȱ
Other Commands
Command
Description
exit
Exists the Sensor config Shell session
help
Displays help for all commands
help set
Displays help for ‘set’ commands
help get
Displays help for ‘get’ commands
help other
Displays help for ‘other’ commands
passwd
Changes the config Shell password
ping
Pings a host.
Usage: ping  e.g. ping
192.168.1.246
reboot
Reboots the Sensor
restart
Restarts the Sensor application
reset factory
Resets the Sensor to ‘out of the box’ status
upgrade
Upgrades the Sensor manually from a given IP address
ȱ
ȱ
96ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
Troubleshootingȱ
Chapterȱ9
9.1
Troubleshootingȱ
ServerȱTroubleshootingȱ
ȱ
Problem
After changing the IP
address of the Server,
the computer used to
configure the Server
gets disconnected.
On typing ‘https:// wifisecurity-server’ in the
IE 5.5 browser, the
‘Login’ screen does not
appear even after
adding a DNS entry
‘wifi-security-server’ for
the Server.
Solution
The subnet mask of the computer used to configure the
Server may not be the same as that of the Server. Change
the subnet mask of the computer so that it is in the same
subnet as the Server.
The Default gateway and Preferred DNS Server settings of
the computer used to access the Server Console may be
incorrect. Ensure that the Default gateway and Preferred
DNS Server settings of the computer used to access the
Server Console match the Server settings.
On rebooting the
Server, the get network
command does not
show an IP address.
The IP address that you have assigned to the Server
conflicts with some other IP address on the network.
Change the IP address of the Server using the set network
command.
No Sensors connect to
the Server after setting
the Server ID.
The Server ID used by the Server may be used by another
Server on the network. Verify that no other Server with the
Server ID set for the Server is running on the network.
Change the Server ID using the set serverid command.
No connection to the
Server
Check if the Server is powered on.
If the Server is not powered on, switch it on.
Else, check the IP Address or the DNS Name on the Server
Config Shell.
Important: Please ensure that you have used the correct IP
Address or the DNS name to connect to the Server.
If the IP Address or the DNS name is correct, try pinging
other computers on the network from the Server Config
Shell interface.
If the problem still exits, reset the Server and attempt to
reconnect to the Server.
The Console reports
“Java Runtime
Environment Detection”
not installed message.
Follow the instructions provided on the Console to install
the Java Runtime Environment.
Unable to log into the
Console.
If you are logging in for the first time, refer to the
Initializing section for the default Login Name and
Password.
Try recovering the password using the Recover option in the
Forgot Password? section of the Login Screen.
The Console has frozen
(Clicks do not work).
Close the browser and try connecting to the Server in
another window.
If you cannot connect to the Server, follow the steps listed
in Problem 1 of this table.
97
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®
Troubleshootingȱ
No events are being
reported or the device
status is stale (not
updated).
Check the status of the Server on the Administration
screen.
If the Current Status field shows
or
, click the
Start Server button in the Server Status section.
Check the status of the Server on the Administration
screen.
No Sensor is connected
to the Server.
If the Current Status field shows
or
, click the
Start Sever button in the Server Status section.
If the Current Status field shows
, refer to the
Sensors Troubleshooting section for the solution.
Server response time is
high.
Restart the Console. If the problem persists, run the db
clean command from the Server Config Shell.
ȱ
98ȱ
SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ
Troubleshootingȱ
ȱ
9.2
SensorȱTroubleshootingȱ
ȱ
ȱ
Symptoms
Diagnosis
Solution
LED1: Solid
Orange
LED2: Fast
Blink
The Sensor did not
receive a valid IP
address via the DHCP.
The DHCP Server is unreachable. Restore the
connectivity to the DHCP Server or set a static IP
address via the HTTP interface or the Config Shell
CLI.
LED1: Solid
Orange
LED2: Slow
Blink
Unable to connect to
the Server.
Ensure that the Server is running and is reachable
from the network to which the Sensor is attached. If
there is a firewall or a router with ACLs enabled
between the Sensor and the Server, ensure that the
traffic is allowed on UDP port 3851.
If utilizing the Server ID based discovery, ensure
that multicast is enabled on the network.
Alternatively, if utilizing the Server IP based
discovery, ensure that the DNS name ‘wifi-securityserver’ has been correctly entered on the DNS
Server. Also ensure that the DNS Server IP
addresses are either correctly configured on the
Sensor, or are provided by the DHCP Server.
LED1: Solid
Orange
LED2: Solid
Green
The Ethernet cable is
loose. It is probably
disconnected from the
network.
Ensure that the Ethernet cable is connected.
An error on the
802.11 interface has
occurred.
Contact support@airtightnetworks.com for more
details.
A fatal Software error
has occurred.
Contact support@airtightnetworks.com for more
details.
LED1: Solid
Orange
LED3: Solid
Green
LED1: Solid
Orange
LED4: Solid
Green
99
SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ
®

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.3
Linearized                      : No
XMP Toolkit                     : 3.1-701
Producer                        : Acrobat Distiller 7.0 (Windows)
Create Date                     : 2008:10:27 11:12:17+08:00
Modify Date                     : 2008:10:30 10:48:52+08:00
Metadata Date                   : 2008:10:30 10:48:52+08:00
Document ID                     : uuid:71235BDFD4A3DD11926CF43E1915E74A
Instance ID                     : uuid:9c7d6364-f230-49be-a101-87e91c72ed6d
Derived From Document Name      : uuid:dd29599b-70c2-42cd-be52-9b710c95c081
Derived From Instance ID        : uuid:edb6c17f-9e05-428c-8b82-4dee27825b86
Derived From Document ID        : uuid:e40f8c27-c8fd-4cdb-a14d-346670f63ebd
Format                          : application/pdf
Title                           : Microsoft Word - SpectraGuard Enterprise_Installation Guide_5.7.doc
Creator                         : Jatin
Page Count                      : 117
Author                          : Jatin
EXIF Metadata provided by EXIF.tools
FCC ID Filing: TOR-SS300AT

Navigation menu