Installation Guide ȱ SpectraGuard ® Enterprise An AirTight® Product ȱ Wireless Vulnerability Management and Intrusion Prevention Version 5.7 ȱ ȱ ® AirTight Networks, Inc., 339 N. Bernardo Avenue, # 200, Mountain View, CA 94043 https://www.airtightnetworks.com Product documentation is being enhanced continuously based on customer feedback. To obtain a latest copy of this document, visit www.airtightnetworks.com/home/support.
ȱ Thisȱpageȱhasȱbeenȱintentionallyȱleftȱblank.
ȱ SpectraGuard® Enterprise InstallationȱGuideȱ
Disclaimerȱ THEȱINFORMATIONȱINȱTHISȱGUIDEȱISȱSUBJECTȱTOȱCHANGEȱWITHOUTȱANYȱPRIORȱNOTICE.ȱ AIRTIGHT®ȱNETWORKS,ȱINC.ȱISȱNOTȱLIABLEȱFORȱANYȱSPECIAL,ȱINCIDENTAL,ȱINDIRECT,ȱORȱCONSEQUENTIALȱ DAMAGESȱWHATSOEVERȱ(INCLUDING,ȱWITHOUTȱLIMITATION,ȱDAMAGESȱFORȱLOSSȱOFȱBUSINESSȱPROFITS,ȱ BUSINESSȱINTERRUPTION,ȱLOSSȱOFȱBUSINESSȱINFORMATION,ȱORȱANYȱOTHERȱPECUNIARYȱLOSS)ȱARISINGȱOUTȱOFȱ THEȱUSEȱOFȱORȱINABILITYȱTOȱUSEȱTHISȱPRODUCT.
Disclaimerȱ FCCȱRadiationȱExposureȱStatement:ȱ ThisȱequipmentȱcompliesȱwithȱFCCȱradiationȱexposureȱlimitsȱsetȱforthȱforȱanȱuncontrolledȱenvironment.ȱThisȱequipmentȱ shouldȱbeȱinstalledȱandȱoperatedȱwithȱminimumȱdistanceȱ20ȱcmȱbetweenȱtheȱradiatorȱ&ȱyourȱbody.ȱ Ifȱthisȱdeviceȱisȱgoingȱtoȱbeȱoperatedȱinȱ5.15ȱ~ȱ5.25ȱGHzȱfrequencyȱrange,ȱthenȱitȱisȱrestrictedȱinȱindoorȱenvironmentȱonly.ȱ ThisȱtransmitterȱmustȱnotȱbeȱcoȬlocatedȱorȱoperatingȱinȱconjunctionȱwithȱanyȱotherȱantennaȱorȱtransmitter.
EndȱUserȱLicenseȱAgreementȱ EndȱUserȱLicenseȱAgreementȱ BEFOREȱYOUȱCLICKȱ“IȱHAVEȱREADȱANDȱAGREEȱTOȱTHEȱLICENSINGȱAGREEMENTȱABOVE”ȱORȱOTHERWISEȱUSEȱORȱ ACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS,ȱREADȱTHISȱAGREEMENTȱCAREFULLY.ȱȱITȱISȱAȱLEGALLYȱBINDINGȱ AGREEMENTȱANDȱCONTROLSȱYOURȱANDȱYOURȱCOMPANY’SȱUSEȱOFȱTHEȱAIRTIGHTȱPRODUCTS.ȱ WHENȱYOUȱCLICKȱȈIȱHAVEȱREADȱANDȱAGREEȱTOȱTHEȱLICENSINGȱAGREEMENTȱABOVEȈȱORȱOTHERWISEȱ DOWNLOAD,ȱUSEȱORȱACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS,ȱTHISȱAGREEMENTȱGOVERNSȱYOURȱUSE.
EndȱUserȱLicenseȱAgreementȱ 2. CONTROLLINGȱAGREEMENT:ȱThisȱelectronicȱAgreementȱisȱtheȱentireȱagreementȱbetweenȱyouȱandȱAirTightȱandȱ supersedesȱallȱpriorȱorȱcontemporaneousȱagreements,ȱunderstandings,ȱandȱcommunications,ȱwhetherȱwrittenȱorȱoralȱ unlessȱsuchȱagreementȱisȱexecutedȱbyȱanȱofficerȱofȱAirTight.ȱȱInȱsuchȱevent,ȱthatȱagreementȱshallȱonlyȱsupersedeȱthisȱ AgreementȱtoȱtheȱextentȱsuchȱagreementȱconflictsȱwithȱthisȱAgreement.
EndȱUserȱLicenseȱAgreementȱ 5.2ȱ Exclusions.
EndȱUserȱLicenseȱAgreementȱ theȱSectionȱentitledȱAirTight’sȱObligation,ȱAirTightȱshallȱdoȱoneȱofȱtheȱfollowing:ȱ(a)ȱobtainȱtheȱrightȱforȱyouȱtoȱcontinueȱusingȱ theȱHardwareȱorȱSoftware;ȱ(b)ȱreplaceȱorȱmodifyȱtheȱHardwareȱorȱSoftwareȱwithȱaȱfunctionalȱequivalentȱthatȱisȱnonȬinfringing;ȱ orȱ(c)ȱterminateȱthisȱAgreementȱandȱrefundȱanyȱfeeȱAirTightȱreceived,ȱproratedȱoverȱ3ȱyears,ȱorȱtheȱperiodȱofȱyourȱlicenseȱifȱ shorterȱthanȱ3ȱyears.ȱ 8. RISKSȱANDȱYOURȱOBLIGATIONS.
EndȱUserȱLicenseȱAgreementȱ entitledȱTermination.ȱ 12.2ȱ Termination.ȱWithoutȱprejudiceȱtoȱanyȱotherȱrights,ȱAirTightȱmayȱterminateȱthisȱAgreementȱifȱyouȱdoȱnotȱcomplyȱ withȱit.ȱYouȱmayȱterminateȱthisȱAgreementȱatȱanytime.
TableȱofȱContentsȱ TableȱofȱContentsȱ CHAPTER 1 1.1 1.2 1.3 GETTING STARTED...................................................................................................................................1 BEFORE YOU BEGIN .......................................................................................................................................................1 HOW TO GET MORE INFORMATION .......................................................................................................
TableȱofȱContentsȱ 6.2.1.4 6.2.2 6.2.3 6.2.4 6.2.5 Editing Serial Port Settings ............................................................................................................................................. 32 Log in and Change the Default Password............................................................................................................33 Set Server Discovery .................................................................................................................
TableȱofȱFiguresȱ TableȱofȱFiguresȱ FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17.
TableȱofȱFiguresȱ FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75.
GettingȱStartedȱ Chapterȱ1 1.1 GettingȱStartedȱ BeforeȱYouȱBeginȱ ThankȱyouȱforȱpurchasingȱSpectraGuardȱEnterpriseȱ(referredȱtoȱasȱ‘system’ȱhereafterȱinȱthisȱdocument)ȱfromȱAirTight®ȱ Networks,ȱInc.ȱTheȱsystemȱassistsȱyouȱtoȱeffectivelyȱmonitor,ȱtroubleshoot,ȱadminister,ȱandȱprotectȱyourȱwirelessȱnetwork.ȱ PleaseȱreadȱtheȱEULAȱbeforeȱinstallingȱtheȱServer.ȱInstallingȱtheȱServerȱconstitutesȱyourȱacceptanceȱofȱtheȱtermsȱandȱ conditionsȱofȱtheȱEULAȱmentionedȱaboveȱinȱthisȱdocument.
PackageȱContentsȱ Chapterȱ2 PackageȱContentsȱ ThisȱchapterȱlistsȱtheȱcomponentsȱincludedȱinȱtheȱServerȱandȱSensorȱ(bothȱ802.11ȱa/b/gȱorȱ802.11ȱa/b/g/n)ȱpackages.ȱ Note:ȱTheȱconventionsȱtoȱbeȱfollowedȱinȱtheȱGuideȱare:ȱ1>ȱ802.11ȱa/b/g:ȱSSȬ200ȬATandȱ2>ȱ802.11ȱa/b/g/n:ȱSSȬ300ȬAT.ȱ PleaseȱensureȱthatȱtheȱfollowingȱitemsȱareȱincludedȱinȱtheȱServerȱpackage.ȱIfȱtheȱpackageȱisȱnotȱcomplete,ȱpleaseȱcontactȱ AirTight®ȱNetworks,ȱInc.ȱTechnicalȱSupportȱatȱsupport@airtightnetworks.
PackageȱContentsȱ ȱ Figure 2.
ServerȱandȱSensorȱOverviewȱ Chapterȱ3 ServerȱandȱSensorȱOverviewȱ ThisȱchapterȱprovidesȱanȱoverviewȱofȱtheȱServerȱandȱSensorȱandȱdescribesȱinȱdetailȱaboutȱtheȱfollowing.ȱ x x FrontȱPanelȱofȱtheȱServerȱandȱSensorȱ RearȱPanelȱofȱtheȱServerȱandȱSensorȱ 3.1 FrontȱPanelȱofȱtheȱServerȱ TheȱfrontȱpanelȱofȱtheȱServerȱhasȱaȱPowerȱswitchȱandȱLEDsȱthatȱindicateȱitsȱstate.ȱTheȱfollowingȱfigureȱshowsȱtheȱlocationȱofȱ theȱPowerȱswitchȱandȱLEDsȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ ȱ Figure 3.
ServerȱandȱSensorȱOverviewȱ Table 2.
ServerȱandȱSensorȱOverviewȱ High Availability Interface Used to connect the Server to a high availability cluster RJ-45 Settings: 10/100/1000 Mbps Protocol: Ethernet Network Interface Used to connect the Server to the wired LAN through a hub or a switch Allows the Server to talk to Sensors RJ-45 Settings: 10/100/1000 Mbps Protocol: Ethernet ȱ 3.3 3.3.1 FrontȱPanelȱofȱSensorȱ SensorȱSSȬ200ȬATȱ TheȱfrontȱpanelȱofȱtheȱSensorȱhasȱLEDsȱthatȱindicateȱtheȱworkingȱofȱtheȱSensor.ȱ ȱ Figure 5.
ServerȱandȱSensorȱOverviewȱ Solid Orange Solid Green Any Any The Sensor is unable to get Ethernet link. Solid Orange Fast Blink Any Any The Sensor did not receive a valid IP address via the DHCP. Solid Orange Slow Blink Any Any The Sensor is unable to connect to the Server. Any Solid Green Any Any Any Solid Green Off Off Off Solid Orange Solid Orange Off There is an error on 802.11a/b/g interfaces. The Sensor is experiencing a software error.
ServerȱandȱSensorȱOverviewȱ Solid Green Solid Orange Slow Blink Slow Blink Slow Blink The Sensor upgrade is in progress. Solid Green Any Any The Sensor is unable to get Ethernet link. Solid Orange Fast Blink Any Any The Sensor did not receive a valid IP address via the DHCP. Solid Orange Slow Blink Any Any The Sensor is unable to connect to the Server. Any Solid Green Any Any Any Solid Green Off Off Off Solid Orange Solid Orange Off There is an error on 802.11a/b/g/n interfaces.
ServerȱandȱSensorȱOverviewȱ Table 6. Port Serial Rear Panel Port Settings for SS-200-AT Description Connector Type Enables a serial connection to establish terminal sessions; used for launching Config Shell sessions Speed/Protocol Settings: Bits per second: 9600 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None DB-9 Protocol: RS-232 Ethernet Enables the device to be connected to the wired LAN through a switch or a hub.
ServerȱandȱSensorȱOverviewȱ ȱ TheȱsideȱpanelȱofȱtheȱSensorȱSSȬ300ȬATȱhasȱaȱResetȱSwitchȱandȱaȱSerialȱPort.ȱȱ ȱ Figure 9. Side Panel of Sensor SS-300-AT Theȱsideȱpanelȱhasȱtheȱfollowingȱports:ȱ x Serialȱport:ȱConnectsȱtheȱSensorȱtoȱserialȱterminalȱemulationȱprogramsȱsuchȱasȱHyperȱTerminalȱforȱWindowsȱorȱ minicomȱforȱLinuxȱ x Resetȱswitch:ȱResetsȱtheȱSensorȱtoȱfactoryȱdefaults.
InstallingȱtheȱServerȱ Chapterȱ4 InstallingȱtheȱServerȱ YouȱneedȱtoȱsetȱupȱtheȱServerȱbeforeȱusingȱitȱtoȱmonitorȱandȱprotectȱyourȱnetwork.ȱThisȱchapterȱexplainsȱhowȱtoȱconnectȱandȱ configureȱtheȱServer.ȱ 4.1 ConnectingȱtheȱServerȱ ThisȱinvolvesȱmountingȱtheȱServerȱappliance,ȱpoweringȱitȱup,ȱandȱconnectingȱitȱtoȱtheȱnetwork.ȱ 4.1.1 MountȱtheȱServerȱApplianceȱ PlaceȱtheȱServerȱonȱtheȱrackȱandȱmountȱitȱusingȱtheȱrackȱmountingȱaccessories.ȱ ȱ Figure 10. 4.1.
InstallingȱtheȱServerȱ ȱ Figure 11. Power up the Server ToȱpowerȱupȱtheȱServer,ȱperformȱtheȱfollowingȱsteps:ȱ 1. ConnectȱoneȱendȱofȱtheȱPowerȱcableȱtoȱtheȱPowerȱsocketȱonȱtheȱrearȱpanelȱofȱtheȱServer.ȱ 2. ConnectȱtheȱotherȱendȱofȱtheȱPowerȱcableȱtoȱaȱ110Ȭ240V,ȱ50/60ȱHzȱACȱpowerȱsource.ȱ 3. PressȱtheȱPowerȱswitchȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ Note:ȱOnȱconnectingȱtheȱPowerȱcable,ȱtheȱPowerȱLEDȱshouldȱturnȱsolidȱgreen.ȱ 4.1.
InstallingȱtheȱServerȱ 4.2.1 AccessingȱtheȱServerȱusingȱSSHȱ(Recommended)ȱ ToȱaccessȱtheȱServerȱusingȱSSH,ȱperformȱtheȱfollowingȱsteps:ȱ 1. ConnectȱyourȱcomputerȱtoȱtheȱsameȱsubnetȱwhereȱtheȱServerȱisȱconnected.ȱ Note:ȱTheȱdefaultȱIPȱaddressȱofȱtheȱServerȱisȱ192.168.1.246.ȱ 2. 3. 4. Changeȱyourȱcomputer’sȱIPȱaddressȱtoȱ192.168.1.XXX,ȱforȱexample,ȱ192.168.1.244.ȱ OpenȱSSHȱonȱyourȱcomputerȱandȱpressȱȱorȱȱonȱtheȱSSHȱSecureȱShellȱdialog.ȱ AccessȱtheȱdefaultȱServerȱIPȱaddress,ȱ192.168.1.
InstallingȱtheȱServerȱ 1. ForȱWindowsȱXP,ȱlaunchȱtheȱHyperTerminalȱapplicationȱbyȱclickingȱStartÆȱProgramsÆȱAccessoriesÆȱ CommunicationsÆȱHyperTerminalȱonȱyourȱdesktop.ȱ ȱ ȱ Figure 15. 2. Launch HyperTerminal Application DefineȱaȱnewȱHyperTerminalȱconnection.ȱ x Selectȱanȱiconȱtoȱidentifyȱtheȱnewȱconnection.ȱ x TypeȱtheȱuserȱdefinedȱnameȱforȱtheȱHyperTerminalȱconnectionȱinȱtheȱNameȱfieldȱ x ClickȱȱonȱtheȱConnectionȱDescriptionȱdialog.ȱ ȱ Figure 16. 3.
InstallingȱtheȱServerȱ ȱ Figure 17. 4. Specify HyperTerminal Connection Details EditȱtheȱserialȱportȱsettingsȱasȱfollowsȱorȱclickȱȱtoȱensureȱproperȱcommunicationȱbetweenȱtheȱServerȱ andȱyourȱcomputer.ȱ x Bitsȱperȱsecond:ȱ9600ȱ x Dataȱbits:ȱ8ȱ x Parity:ȱNoneȱ x Stopȱbits:ȱ1ȱ x Flowȱcontrol:ȱNoneȱ ȱ Figure 18. 5. 6. 7. Edit Serial Port Settings ClickȱȱonȱtheȱCOMȱPropertiesȱdialog.ȱ PressȱȱorȱȱonȱtheȱHyperTerminalȱscreen.ȱTheȱloginȱpromptȱappears.
InstallingȱtheȱServerȱ Important:ȱIfȱyouȱareȱconfiguringȱtheȱServerȱforȱHAȱmode,ȱyouȱcanȱskipȱtheȱServerȱInitializationȱandȱSetupȱwizardȱandȱgoȱtoȱtheȱconfigȱ prompt.ȱChangeȱtheȱconfigȱshellȱpassword,ȱsetȱtheȱtimeȱzone,ȱdateȱandȱtime,ȱsetȱtheȱServerȱID,ȱandȱthenȱuseȱtheȱsetȱhaȱcommandȱtoȱ configureȱtheȱServerȱinȱHAȱmode.ȱ 4.
InstallingȱtheȱServerȱ Figure 21. 4.3.3 Change Config Shell Password Stepȱ2:ȱChangeȱNetworkȱSettingsȱ TheȱnetworkȱsettingsȱofȱtheȱServerȱspecifyȱitsȱuniqueȱIPȱaddressȱonȱtheȱnetwork.ȱSensorsȱuseȱthisȱIPȱaddressȱtoȱidentifyȱtheȱ Server.ȱTheȱdefaultȱIPȱaddressȱassignedȱtoȱtheȱServerȱisȱ192.168.1.246.ȱ Important:ȱNoteȱtheȱnetworkȱsettingsȱonȱpaper.ȱIfȱyouȱforgetȱtheȱnetworkȱsettings,ȱyouȱcanȱnoȱlongerȱaccessȱtheȱServerȱoverȱtheȱnetworkȱ afterȱitȱisȱrebooted.
InstallingȱtheȱServerȱ ȱ Figure 22. Change Network Settings ȱ Figure 23. 4.3.4 Confirm Network Settings Changes Stepȱ3:ȱSetȱServerȱTimeȱZone,ȱDateȱandȱTimeȱSettingsȱ ToȱsetȱtheȱTimeȱZoneȱ(TZ)ȱcorrectly,ȱselectȱaȱcontinent,ȱaȱcountry,ȱandȱthenȱaȱtimeȱzoneȱregion.ȱYouȱcanȱuseȱtheȱNetworkȱTimeȱ ProtocolȱNTPȱ(NTP)ȱtoȱsynchronizeȱtheȱServerȱclockȱwithȱanotherȱServerȱorȱreferenceȱtimeȱsourceȱbyȱspecifyingȱtheȱIPȱaddressȱ orȱtheȱURLȱofȱtheȱNTPȱServer.
InstallingȱtheȱServerȱ ȱ Figure 24.
InstallingȱtheȱServerȱ ȱ Figure 25. Select Time Zone Region ȱ Figure 26. Specify IP Address of NTP Server for Synchronization YouȱcanȱalsoȱspecifyȱtheȱtimeȱzoneȱusingȱtheȱPosixȱTZȱ1formatȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱ ȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱ 1ȱInȱPosixȱTZȱsystems,ȱaȱuserȱcanȱspecifyȱtheȱtimeȱzoneȱbyȱmeansȱofȱtheȱTZȱenvironmentȱvariable.
InstallingȱtheȱServerȱ ȱ Figure 27. Specify Time Zone using Posix TZ format ȱ Figure 28. Specify Date and Time Important:ȱOnȱtheȱDateȱandȱTimeȱsettingsȱscreen,ȱifȱtheȱdayȱexceedsȱ31ȱandȱtheȱmonthȱexceedsȱ12,ȱtheȱsystemȱautomaticallyȱsetsȱtheȱdayȱ toȱ31ȱandȱmonthȱtoȱ12.ȱ 4.3.5 Stepȱ4:ȱSetȱServerȱIDȱSettingsȱ TheȱServerȱIDȱisȱidentifiesȱaȱuniqueȱServerȱinstanceȱwhenȱthereȱareȱmultipleȱServerȱinstancesȱonȱtheȱnetwork.ȱSensorsȱcanȱbeȱ configuredȱtoȱcommunicateȱwithȱaȱspecificȱServerȱinstance.
InstallingȱtheȱServerȱ ȱ Figure 29. Set Server ID TheȱServerȱinitializationȱcompletionȱmessageȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱ Figure 30.
InstallingȱtheȱServerȱ ȱ Figure 31. Generating Certificate for Web Server PressȱyȱtoȱrebootȱtheȱServerȱforȱtheȱchangesȱtoȱtakeȱeffect.ȱIfȱyouȱchooseȱtoȱrebootȱlaterȱpressȱn.ȱTheȱServerȱConfigȱShell.promptȱ appears.ȱYouȱneedȱtoȱrebootȱtheȱServerȱonȱcompletionȱofȱtheȱInitializationȱandȱSetupȱWizardȱbeforeȱyouȱaccessȱtheȱServerȱ Consoleȱ(“GUI”).ȱ Note:ȱOnȱtheȱServerȱConfigȱShellȱprompt,ȱtypeȱtheȱcommandȱhelpȱtoȱviewȱtheȱlistȱofȱavailableȱcommands.ȱ 4.3.
InstallingȱtheȱServerȱ Recommended:ȱInȱIE,ȱunderȱToolsÆInternetȱOptionsÆȱAdvanced,ȱdeselectȱtheȱoption,ȱReuseȱwindowsȱforȱlaunchingȱshortcuts.ȱ Additionally,ȱunderȱToolsÆPopȬupȱBlocker,ȱselectȱTurnȱOffȱPopȬupȱBlocker.ȱ ToȱlaunchȱtheȱConsole,ȱperformȱtheȱfollowingȱsteps:ȱ 1. LaunchȱaȱWebȱbrowserȱsuchȱasȱIEȱ5.5ȱorȱhigherȱonȱaȱclientȱcomputerȱonȱtheȱnetworkȱthatȱhasȱWindowsȱ2000ȱorȱXPȱ OperatingȱSystemȱ(OS).ȱ 2. EnterȱtheȱdefaultȱIPȱAddressȱforȱtheȱServer,ȱthatȱis,ȱ192.168.1.246.ȱ 3.
InstallingȱtheȱServerȱ ȱ Figure 35. Detecting Java Runtime Environment (JRE) ȱ Figure 36. 5. Web Site Certificate Warning AddȱaȱDNSȱentryȱforȱtheȱhostnameȱwifiȬsecurityȬserverȱandȱtheȱIPȱaddressȱofȱtheȱServerȱinȱtheȱhostsȱfileȱofȱtheȱclientȱ computerȱtoȱeliminateȱtheȱwarningȱshownȱinȱtheȱfollowingȱfigure.ȱ Theȱhostsȱfileȱisȱlocatedȱatȱtheȱfollowingȱpath:ȱ x C:\WINNT\system32\drivers\etc\hosts,ȱforȱWindowsȱ2000ȱ x C:\windows\system32\drivers\etc\hosts,ȱforȱWindowsȱXPȱ 6.
InstallingȱtheȱServerȱ ȱ Figure 38. 4.5 1. 2. Digital Signature Verified ActivatingȱtheȱLicenseȱ SaveȱtheȱlicenseȱkeyȱfileȱshippedȱwithȱtheȱServerȱonȱyourȱdesktop.ȱ Browseȱtoȱtheȱlicenseȱkeyȱfileȱandȱselectȱit.ȱClickȱ.ȱ ȱ Figure 39. Activate License Ifȱtheȱlicenseȱkeyȱisȱvalid,ȱyouȱwillȱseeȱtheȱLoginȱscreen.ȱOtherwise,ȱyouȱwillȱseeȱanȱerrorȱmessage.
InstallingȱtheȱSensorȱ Chapterȱ5 InstallingȱtheȱSensorȱȱ SensorȱisȱtheȱprobeȱthatȱmonitorsȱyourȱnetworkȱandȱcommunicatesȱwithȱtheȱServerȱtoȱguardȱyourȱcorporateȱnetworkȱagainstȱ overȬtheȬairȱattacks.ȱTheȱSensorȱmustȱbeȱpluggedȱtoȱyourȱcorporateȱnetworkȱtoȱperformȱtheȱaboveȱoperations.ȱ Sensorȱcanȱbeȱconfiguredȱinȱoneȱofȱtheȱfollowingȱthreeȱmodes:ȱ x SensorȱOnlyȱ(SO)ȱMode:ȱThisȱisȱtheȱdefaultȱmode.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱanȱaccessȱportȱ onȱaȱswitch.
InstallingȱtheȱSensorȱ ȱ Figure 40. 2. Aligning the Sensor and Mount Slots SlideȱtheȱmountȱandȱbendȱtheȱtwoȱretainingȱplatesȱforwardȱtoȱpreventȱtheȱSensorȱfromȱslidingȱasȱshownȱinȱtheȱfollowingȱ figure.ȱ ȱ Figure 41. Fixing the Mounting Bracket to the Sensor Note:ȱYouȱneedȱtoȱuseȱonlyȱoneȱofȱtheȱtwoȱtabsȱonȱtheȱmountȱatȱaȱtime.ȱForȱU.SȱInstallations,ȱuseȱtheȱtabȱnearestȱtheȱedgeȱforȱdropȱ ceiling/tȬbarsȱthatȱareȱapproximatelyȱ1ȱinchȱwide.
InstallingȱtheȱSensorȱ ȱ Figure 43. 4. Pressing the Mount against the T-Bar Turn/twistȱtheȱmountȱsoȱthatȱtheȱtwoȱtabsȱbeginȱtoȱengageȱtheȱtȬbarȱandȱtheȱtȬbarȱpassesȱoverȱtheȱEuropeanȱtab,ȱwhichȱwasȱ pushedȱdownȱflush.ȱTheȱtȬbarȱshouldȱalsoȱpushȱagainstȱtheȱUSȱtab,ȱwhichȱwasȱbentȱupȱapproximatelyȱ¼ȱinchȱasȱshownȱinȱ theȱfollowingȱfigure.ȱ ȱ Figure 44. 5. Initial Twisting of the Mount Turn/twistȱtheȱmountȱallȱtheȱway,ȱsoȱthatȱtheȱtwoȱtabsȱcompletelyȱengageȱtheȱtȬbar.
InstallingȱtheȱSensorȱ ȱ Figure 46. Flat Surface Installation Recommended:ȱAirTightȱdoesȱnotȱrecommendȱwallȱmountingȱofȱtheȱSensorȱasȱitȱusesȱomniȱdirectionalȱantennas.ȱ 5.2.2 MountȱtheȱSSȬ300ȬATȱSensorȱ TakeȱaȱconfiguredȱSensor,ȱthatȱis,ȱmakeȱsureȱthatȱtheȱSensorȱisȱgivenȱaȱstaticȱIPȱorȱtheȱsettingsȱhaveȱbeenȱchangedȱforȱDHCP.ȱ NoteȱtheȱMACȱaddressȱandȱtheȱIPȱaddressȱofȱtheȱSensorȱinȱaȱsafeȱplaceȱbeforeȱitȱisȱinstalledȱinȱaȱhardȬtoȬreachȱlocation.
InstallingȱtheȱSensorȱ 1. InsertȱtheȱtabsȱonȱtheȱtableȱstandȱintoȱtheȱslotsȱonȱtheȱsideȱofȱtheȱSensor,ȱasȱshownȱinȱtheȱillustration.ȱAlignȱtheȱcableȱ routingȱcutȱoutȱtowardȱtheȱupperȱpartȱofȱtheȱstand.ȱ ȱ Figure 48. 2. Inserting tabs on the table stand ToȱlockȱtheȱstandȱtoȱtheȱSensor,ȱslideȱtheȱstandȱbackȱandȱtheȱSensorȱforward,ȱasȱshownȱhere:ȱ ȱ Figure 49. 3. Locking the Stand to the Sensor PlaceȱtheȱSensorȱandȱtableȱstandȱonȱtheȱtable.ȱ ȱ Figure 50. 4.
InstallingȱtheȱSensorȱ 1. 2. PlugȱtheȱpowerȱcableȱintoȱtheȱDCȱpowerȱreceptacleȱatȱtheȱrearȱofȱtheȱSensor.ȱ Plugȱtheȱotherȱendȱofȱtheȱpowerȱcableȱintoȱanȱ110V~240Vȱ50/60ȱHzȱACȱpowerȱsource.ȱ ȱ Figure 51. Power up the Sensor Waitȱforȱtwoȱminutes!ȱ 3. CheckȱtheȱStatusȱLEDs.ȱYouȱwillȱseeȱLED1ȱturnȱOrangeȱandȱLED2ȱturnȱgreen,ȱindicatingȱthatȱtheȱSensorȱisȱpoweredȱonȱ correctlyȱandȱwaitingȱtoȱbeȱconnectedȱtoȱtheȱnetwork.ȱ AnȱSSȬ300ȬATȱSensorȱcanȱbeȱPoweredȱonȱbyȱ802.
InstallingȱtheȱSensorȱ Note:ȱIfȱLED1ȱturnsȱOrange,ȱitȱmeansȱthatȱtheȱzeroȱconfigurationȱwasȱnotȱsuccessfulȱandȱtheȱSensorȱmustȱbeȱconfiguredȱmanually.
ManuallyȱConfiguringȱtheȱSensorȱ Chapterȱ6 ManuallyȱConfiguringȱtheȱSensorȱ Important:ȱIfȱtheȱinstallationȱinȱInstallingȱtheȱSensorȱwasȱsuccessful,ȱstop!ȱYouȱdoȱnotȱneedȱtoȱconfigureȱtheȱSensorȱmanually.ȱ 6.1 Introductionȱ ManualȱconfigurationȱofȱaȱSensorȱisȱtypicallyȱrequiredȱinȱtheȱfollowingȱcases:ȱ x SensorȱneedsȱtoȱbeȱconfiguredȱinȱNDȱorȱSNDCȱmode.ȱ x SensorȱOnlyȱ(SO)ȱdevicesȱcannotȱconnectȱtoȱtheȱServerȱthroughȱzeroȱconfiguration.
ManuallyȱConfiguringȱtheȱSensorȱ ȱ Figure 54. Opening HyperTerminal Note:ȱIfȱyouȱareȱusingȱaȱLinuxȱlaptop,ȱyouȱcanȱuseȱminicomȱtoȱconnectȱtoȱtheȱConfigȱShell.ȱ 6.2.1.2 DefiningȱaȱNewȱHyperTerminalȱConnectionȱ ȱ ȱ Figure 55.
ManuallyȱConfiguringȱtheȱSensorȱ x x x 6.2.1.3 Selectȱanȱiconȱtoȱidentifyȱtheȱnewȱconnection.ȱ TypeȱtheȱrequiredȱnameȱforȱtheȱHyperTerminalȱconnectionȱinȱtheȱNameȱfieldȱ ClickȱȱonȱtheȱConnectionȱDescriptionȱdialog.ȱ SpecifyingȱHyperTerminalȱConnectionȱDetailsȱ ȱ ȱ Figure 56. x x Specify HyperTerminal Connection Details Selectȱorȱenterȱtheȱappropriateȱconnectionȱdetails.ȱ ClickȱȱonȱtheȱConnectȱToȱdialog.ȱ Note:ȱTheȱnameȱofȱtheȱserialȱportȱwillȱchangeȱasȱperȱtheȱsettingsȱofȱyourȱcomputer.
ManuallyȱConfiguringȱtheȱSensorȱ x x x 6.2.2 Editȱtheȱserialȱportȱsettingsȱasȱfollowsȱorȱclickȱȱtoȱensureȱproperȱcommunicationȱbetweenȱtheȱ Sensorȱandȱyourȱcomputer.ȱ ¾ Bitsȱperȱsecond:ȱ9600ȱ ¾ Dataȱbits:ȱ8ȱ ¾ Parity:ȱNoneȱ ¾ Stopȱbits:ȱ1ȱ ¾ Flowȱcontrol:ȱNoneȱ ClickȱȱonȱtheȱCOMȱPropertiesȱdialog.ȱ PressȱȱorȱȱonȱtheȱHyperTerminalȱscreen.ȱ LogȱinȱandȱChangeȱtheȱDefaultȱPasswordȱ LogȱinȱtoȱtheȱConfigȱShellȱusingȱtheȱuserȱnameȱconfigȱandȱpasswordȱconfig.
ManuallyȱConfiguringȱtheȱSensorȱ x SNDCȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱaȱ trunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱthatȱtrunkȱportȱandȱ areȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱAȱSensorȱinȱSNDCȱmodeȱ canȱmonitorȱupȱtoȱ4ȱVLANsȱandȱdetectȱupȱtoȱ4ȱVLANs.ȱ UseȱtheȱsetȱmodeȱcommandȱtoȱsetȱtheȱSensorȱmode.ȱ ȱ Figure 59.
SettingȱupȱtheȱServerȱConsoleȱ Chapterȱ7 SettingȱupȱtheȱServerȱConsoleȱ TheȱConfigurationȱWizardȱguidesȱyouȱthroughȱtheȱstepsȱrequiredȱtoȱsetȱupȱtheȱsystem.ȱTheȱsystemȱisȱmanagedȱthroughȱaȱJavaȱ appletȱthatȱisȱlaunchedȱinȱtheȱInternetȱExplorerȱ5.5+ȱWebȱbrowser.ȱThisȱHTMLȱinterfaceȱisȱknownȱasȱtheȱ‘ConsoleȱorȱGraphicalȱ UserȱInterfaceȱ(GUI)’.ȱThisȱchapterȱdescribesȱhowȱtheȱConsoleȱisȱlaunchedȱandȱsetup.ȱ 7.1 1.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 62. 7.1.2 4. System Setup Wizard Welcome Screen Stepȱ2:ȱChangingȱyourȱAccountȱPasswordȱ TheȱChangeȱPasswordȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱChangeȱyourȱaccountȱloginȱpassword.ȱSpecifyȱanȱ emailȱaddressȱforȱtheȱuserȱadminȱtoȱbeȱusedȱlaterȱtoȱtestȱSMTPȱServerȱsettingsȱandȱotherȱemailȱnotifications.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 63. Change Password UnderȱPasswordȱDetails,ȱyouȱcanȱspecifyȱtheȱfollowing:ȱ x EmailȱAddressȱ x OldȱPasswordȱ x NewȱPasswordȱ x ConfirmȱPasswordȱ UnderȱUserȱPreferences,ȱyouȱcanȱchangeȱyourȱsessionȱtimeoutȱinterval,ȱlanguageȱsettings,ȱorȱtimeȱzone.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 64. 6. Event De-activation TheȱIntrusionȱPreventionȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱToȱavoidȱunwantedȱintrusionȱ preventionȱactivityȱduringȱtheȱsetupȱprocess,ȱdeȬactivateȱthisȱfeatureȱforȱallȱlocationsȱwhereȱchangesȱareȱtoȱbeȱmade.ȱTheȱ systemȱpromptsȱyouȱtoȱturnȱthisȱfeatureȱbackȱonȱatȱtheȱendȱofȱtheȱSetupȱWizard.ȱIfȱyouȱexitȱtheȱSetupȱWizardȱprematurely,ȱ youȱmustȱmanuallyȱreȬactivateȱthisȱfeature.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 65. 7. Intrusion Prevention De-activation TheȱDeviceȱListȱLockingȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱyouȱhadȱpreviouslyȱlockedȱtheȱlistȱofȱ AuthorizedȱAPsȱandȱClientsȱatȱaȱlocationȱbyȱcheckingȱtheȱtwoȱcheckboxesȱLockȱAPȱListȱforȱlocationȱ‘ȱ andȱLockȱClientȱListȱforȱlocationȱ‘,ȱyouȱmustȱunlockȱtheȱlistsȱforȱallȱtheȱlocationsȱwhereȱyouȱexpectȱtoȱ addȱAuthorizedȱAPsȱorȱClientsȱduringȱtheȱsetupȱwizard.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 66. 7.1.4 8. Device List Unlocking Stepȱ4:ȱConfiguringȱNotificationȱSettingsȱ TheȱSMTPȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱYouȱmustȱsetȱSimpleȱMailȱTransferȱProtocolȱ (SMTP)ȱServerȱsettingsȱtoȱsendȱnotificationȱofȱeventsȱviaȱemail.ȱAirTightȱrecommendsȱthatȱyouȱtestȱtheȱSMTPȱsettingsȱ beforeȱapplyingȱtheȱchanges.ȱYouȱmustȱhaveȱadministratorȱprivilegesȱtoȱsetȱtheseȱvalues.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 67. SMTP Configuration Note:ȱIfȱyouȱwantȱtheȱsystemȱtoȱnotifyȱyouȱbyȱanȱeventsȱemail,ȱyouȱneedȱtoȱspecifyȱSMTPȱServerȱdetails.ȱTheȱsystemȱdoesȱnotȱemailȱeventsȱ byȱdefault.ȱIfȱyouȱdoȱnotȱwantȱtoȱreceiveȱemailȱforȱtheȱevents,ȱselectȱȱandȱ.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 68. Syslog Configuration x SyslogȱIntegrationȱStatus:ȱIfȱSyslogȱintegrationȱisȱenabled,ȱtheȱsystemȱsendsȱmessagesȱtoȱtheȱconfiguredȱSyslogȱ Servers.ȱElse,ȱSyslogȱintegrationȱservicesȱareȱshutȱoff.ȱ ¾ IfȱyouȱselectȱSyslogȱIntegrationȱEnabled,ȱyouȱcanȱmanageȱSyslogȱServers.ȱTheȱsystemȱenablesȱSyslogȱbyȱdefault.ȱ ¾ CurrentȱStatus:ȱDisplaysȱtheȱCurrentȱStatusȱofȱtheȱSyslogȱServer:ȱRunningȱorȱStopped.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 69. Syslog Configuration Dialog SyslogȱConfigurationȱcontainsȱtheȱfollowingȱfields:ȱ x SyslogȱServerȱ(IPȱAddress/Hostname):ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱofȱtheȱSyslogȱServerȱtoȱwhichȱeventsȱ shouldȱbeȱsent.ȱ Note:ȱConfiguredȱSyslogȱServersȱwillȱuseȱtheȱDNSȱnamesȱandȱDNSȱsuffixesȱconfiguredȱbyȱtheȱuserȱinȱtheȱServerȱInitializationȱandȱSetupȱ WizardȱonȱtheȱServerȱConfigȱShell.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 70. SNMP Configuration x SNMPȱIntegrationȱStatus:ȱIfȱSNMPȱintegrationȱisȱenabled,ȱtheȱsystemȱsendsȱSNMPȱtrapsȱtoȱtheȱconfiguredȱSNMPȱ Servers.ȱOtherȱsystemsȱcanȱdoȱanȱSNMPȱGetȱtoȱthisȱServer.ȱElse,ȱSNMPȱintegrationȱservicesȱareȱshutȱoff.ȱ ¾ IfȱyouȱselectȱSNMPȱIntegrationȱEnabled,ȱyouȱcanȱeditȱandȱmanageȱSNMPȱServerȱdetails.ȱTheȱsystemȱenablesȱ SNMPȱbyȱdefault.ȱ ¾ CurrentȱStatus:ȱDisplaysȱtheȱCurrentȱStatusȱofȱtheȱSNMPȱServer:ȱRunning,ȱError,ȱorȱStopped.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 71. SNMP Configuration Dialog SNMPȱDestinationȱServerȱDetailsȱcontainsȱtheȱfollowingȱfields:ȱ x DestinationȱServerȱ(IPȱAddress/Hostname)*:ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱofȱtheȱSNMPȱServerȱtoȱwhichȱ eventsȱshouldȱbeȱsent.ȱ Note:ȱConfiguredȱSNMPȱServersȱwillȱuseȱtheȱDNSȱnamesȱandȱDNSȱsuffixesȱconfiguredȱbyȱtheȱuserȱinȱtheȱServerȱInitializationȱandȱSetupȱ WizardȱonȱtheȱServerȱConfigȱShell.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 72. Locations Screen TheȱLocationsȱscreenȱoperatesȱinȱtwoȱmodes:ȱDesignerȱmodeȱandȱViewerȱmode.ȱTheȱDesignerȱmodeȱisȱactiveȱbyȱdefault.ȱ Aȱlocationȱhierarchyȱofȱyourȱsetupȱmayȱcompriseȱlocationȱfoldersȱandȱlocationȱnodes.ȱ x Locationȱfoldersȱrepresentȱorganizationalȱcomponentsȱsuchȱasȱbuildings,ȱcities,ȱorȱcountries.ȱ ¾ Root:ȱThisȱisȱtheȱrootȱlocation.ȱTheȱfactoryȱdefaultȱnameȱforȱthisȱlocationȱisȱLocations.ȱYouȱcanȱrenameȱthisȱ location.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 73. Adding a New Location ȱ Figure 74. c. d. Specifying Location Properties InȱtheȱAddȱNewȱLocationȱdialog,ȱselectȱtheȱtypeȱofȱlocation,ȱthatȱis,ȱLocationȱFolderȱorȱLocationȱNode.ȱ Enterȱaȱnameȱforȱtheȱnewȱlocationȱandȱoptionallyȱenterȱtheȱfollowingȱdetails.ȱ x SelectȱImageȱFile:ȱClickȱȱtoȱnavigateȱtoȱtheȱpathȱofȱtheȱimageȱthatȱyouȱwishȱtoȱattachȱtoȱtheȱlocationȱfolderȱ orȱnode.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 75. Sensor Configuration Note:ȱSensorsȱpriorȱtoȱVersionȱ5.2ȱdoȱnotȱsupportȱadditionalȱchannelsȱ(802.11jȱ&ȱTurboȱchannels),ȱAntennaȱPortȱAssignment,ȱandȱSensorȱ PasswordȱConfigurationȱfeatures.ȱIfȱyouȱapplyȱtemplatesȱcontainingȱtheseȱsettingsȱtoȱolderȱSensors,ȱolderȱSensorsȱwillȱignoreȱtheȱadditionalȱ settings.ȱ ClickȱȱtoȱopenȱtheȱSensorȱConfigurationȱTemplateȱdialog.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 76. Channel Settings Tab UnderȱCreateȱConfigurationȱTemplate,ȱspecifyȱtheȱfollowing:ȱ x Name:ȱUniqueȱnameȱofȱtheȱSensorȱConfigurationȱtemplateȱ(lessȱthanȱ40ȱcharacters)ȱ x Description:ȱBriefȱdescriptionȱofȱtheȱSensorȱConfigurationȱtemplateȱ(lessȱthanȱ500ȱcharacters)ȱ Note:ȱTheȱsystemȱstoresȱtheȱdefaultȱSensorȱconfigurationȱinȱaȱpredefinedȱtemplateȱSystemȱTemplate.ȱYouȱcannotȱdeleteȱtheȱSystemȱ Templateȱnorȱeditȱitsȱname;ȱitȱisȱunique.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 77. Channel Frequency Table ¾ ChannelsȱtoȱMonitor:ȱSpecifiesȱtheȱchannelsȱtoȱbeȱusedȱbyȱSensorsȱtoȱmonitorȱWLANȱtraffic.ȱ SelectȱtheȱcheckboxȱSelectȱAllȱStandardȱChannelsȱtoȱselectȱaȱsupersetȱofȱallȱtheȱchannels.ȱForȱ802.11a,ȱtheȱ standardȱsetsȱofȱchannelsȱareȱ184ȱ–ȱ216ȱandȱ34ȱȬȱ165.ȱByȱdefault,ȱthisȱcheckboxȱisȱselected.ȱ SelectȱtheȱcheckboxȱSelectȱAllȱAllowedȱChannelsȱtoȱselectȱallȱtheȱallowedȱchannelsȱinȱtheȱselectedȱoperatingȱ region.
SettingȱupȱtheȱServerȱConsoleȱ additionalȱinformationȱaboutȱtheȱtypeȱofȱantennasȱconnectedȱtoȱtheȱSensor.ȱYouȱneedȱtoȱchangeȱthisȱsettingȱonlyȱifȱyouȱuseȱ Sensorsȱthatȱallowȱyouȱtoȱconnectȱantennas.ȱ ApplyingȱaȱtemplateȱwithȱaȱparticularȱantennaȱsettingȱtoȱaȱSensorȱwithȱincompatibleȱantennaȱconnectionȱcanȱresultȱinȱaȱlossȱofȱ systemȱfunctionalityȱleadingȱtoȱhigherȱsecurityȱrisks.
SettingȱupȱtheȱServerȱConsoleȱ definingȱaȱpasswordȱinȱtheȱSensorȱtemplate,ȱyouȱcanȱmanageȱtheȱpasswordȱforȱaȱgroupȱofȱSensorsȱwithoutȱhavingȱtoȱchangeȱitȱ onȱeachȱSensorȱseparately.ȱTypeȱaȱnewȱpasswordȱorȱclickȱȱtoȱchangeȱtheȱcurrentȱpasswordȱsettings.ȱIfȱyouȱ chooseȱ,ȱthenȱtheȱpasswordȱsettingȱwillȱbeȱtheȱsameȱasȱthatȱinȱtheȱSystemȱTemplate.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 80. x x x Offline Sensor Configuration Tab EnableȱofflineȱSensorȱmode:ȱSelectȱthisȱcheckboxȱtoȱenableȱtheȱofflineȱSensorȱmode.ȱWhenȱthisȱmodeȱisȱenabled,ȱtheȱ Sensorȱcontinuesȱtoȱdetectȱandȱclassifyȱdevices,ȱraiseȱeventȱalerts,ȱandȱpreventȱongoingȱthreats.
SettingȱupȱtheȱServerȱConsoleȱ sueȱ Figure 81.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 82.
SettingȱupȱtheȱServerȱConsoleȱ Clickȱȱtoȱsaveȱallȱsettings.ȱ Clickȱtheȱ ȱiconȱtoȱeditȱanȱexistingȱSensorȱtemplate.ȱWhenȱanȱexistingȱSensorȱtemplateȱisȱeditedȱaȱConfirmationȱ–ȱSaveȱ dialogȱappearsȱindicatingȱtheȱmodifications,ȱbyȱselectingȱtheȱtabsȱthatȱwereȱmodified.ȱYouȱareȱallowedȱtoȱuncheckȱaȱtabȱifȱyouȱ wishȱtoȱcancelȱthoseȱmodifications.ȱClickȱȱtoȱsaveȱtheȱchangesȱforȱtheȱselectedȱtab.ȱ Note:ȱNameȱandȱDescriptionȱofȱtheȱSensorȱtemplateȱareȱautomaticallyȱsaved.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 84. Import Sensor List InȱtheȱImportȱSensorȱListȱdialog:ȱ UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ x AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱSensorȱtoȱtheȱcorrespondingȱlocation.ȱ x ManuallyȱTagȱDevicesȱto::ȱClickȱȱtoȱmanuallyȱtagȱtheȱSensorȱtoȱtheȱdesiredȱlocation.ȱ UnderȱEnterȱSensorȱdetailsȱ x ToȱaddȱaȱSensor’sȱdetails,ȱtypeȱtheȱSensor’sȱMACȱaddressȱandȱNameȱandȱclickȱ>>>.ȱ x ToȱaddȱaȱSensor’sȱdetailsȱfromȱaȱfile,ȱclickȱ.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 85. Devices Screen – Sensors RightȬclickȱaȱSensorȱrowȱtoȱmoveȱaȱSensor.ȱSelectȱChangeȱLocationȱfromȱtheȱresultantȱcontextȬsensitiveȱmenuȱtoȱmanuallyȱtagȱ theȱSensorȱtoȱtheȱdesiredȱlocation.ȱ 15. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCreateȱaȱvisualȱviewȱofȱyourȱdeploymentȱbyȱattachingȱ picturesȱandȱfloormapsȱtoȱlocations.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 86. 7.1.5.2 Locations Screen Attachingȱanȱimageȱ Useȱtheȱfollowingȱstepsȱtoȱattachȱanȱimage:ȱ a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱtoȱwhichȱyouȱwishȱtoȱattachȱanȱimage.ȱ b. Doȱoneȱofȱtheȱfollowing:ȱ x RightȬclickȱandȱfromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱAttachȱImage.ȱ x c. ClickȱtheȱAttachȱImageȱonȱfloorȱiconȱ( )ȱinȱtheȱrightȱcorner.
SettingȱupȱtheȱServerȱConsoleȱ 7.1.5.4 ImportingȱaȱPlannerȱfileȱintoȱaȱLocationȱNodeȱ Theȱsystemȱenablesȱyouȱtoȱspecifyȱaȱlayoutȱforȱeachȱlocationȱnodeȱusingȱaȱblankȱcanvas,ȱaȱlayoutȱimage,ȱorȱaȱ.SPMȱfileȱexportedȱ fromȱPlanner.ȱUseȱtheȱfollowingȱstepsȱtoȱimportȱaȱPlannerȱfile:ȱ a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱnodeȱintoȱwhichȱyouȱwishȱtoȱimportȱtheȱ.SPMȱfileȱandȱthenȱrightȬclick.ȱ b. Doȱoneȱofȱtheȱfollowing:ȱ x FromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱImportȱLocation.ȱ x c.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 88. Authorized WLAN Setup Selectȱoneȱofȱtheȱfollowingȱtoȱcharacterizeȱaȱparticularȱlocation:ȱ x ThisȱisȱaȱNoȱWiȬFiȱlocation:ȱIfȱnoȱAuthorizedȱWiȬFiȱAPsȱareȱinstalledȱatȱthisȱlocation.ȱIfȱyouȱconfigureȱaȱlocationȱasȱaȱ noȱWiȬFiȱlocation,ȱtheȱSpecifyȱAuthorizedȱSSIDȱsectionȱisȱgrayedȱout.ȱ x WiȬFiȱisȱallowedȱatȱthisȱlocation:ȱToȱspecifyȱtheȱdetailsȱofȱtheȱAuthorizedȱWiȬFiȱAPsȱinȱthisȱlocation.ȱ 7.1.6.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 89. Creating a Configuration Template for an Authorized SSID x CreateȱSSIDȱTemplateȱallowsȱyouȱtoȱspecifyȱtheȱdetailsȱforȱcreatingȱaȱnewȱSSIDȱasȱfollows:ȱ ¾ AuthorizedȱSSID:ȱDisplaysȱtheȱnameȱofȱtheȱSSIDȱthatȱyouȱhaveȱaddedȱearlierȱ ¾ ThisȱisȱaȱGuestȱSSID:ȱSelectȱthisȱoptionȱifȱthisȱSSIDȱisȱaȱGuestȱSSIDȱusedȱtoȱprovideȱWiȬFiȱconnectivityȱtoȱvisitorsȱ andȱguests.
SettingȱupȱtheȱServerȱConsoleȱ ¾ ¾ Any:ȱAllowȱAPsȱwithȱanyȱauthenticationȱframeworkȱtoȱconnectȱtoȱtheȱsystemȱ Select:ȱSpecifyȱtheȱauthenticationȱframework–PSKȱandȱ802.1xȱ(EAP).ȱTheȱauthenticationȱframeworkȱisȱonlyȱ applicableȱifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ x EncryptionȱProtocolsȱallowsȱyouȱtoȱselectȱtheȱallowedȱencryptionȱprotocolsȱforȱtheȱSSID:ȱ ¾ Any:ȱAllowȱAPsȱwithȱanyȱencryptionȱprotocolȱforȱthisȱSSIDȱ ¾ Select:ȱSpecifyȱtheȱencryptionȱprotocols–WEP40,ȱWEP108,ȱTKIP,ȱandȱCCMP.
SettingȱupȱtheȱServerȱConsoleȱ x x x x SSID:ȱNameȱofȱtheȱSSIDȱ GuestȱSSID?:ȱIndicatesȱifȱitȱisȱaȱGuestȱSSIDȱ TemplateȱName:ȱNameȱofȱtheȱSSIDȱtemplateȱ ApplyȱHere?:ȱEnablesȱyouȱtoȱapplyȱtheȱSSIDȱtemplateȱtoȱtheȱselectedȱlocation.ȱNewȱandȱexistingȱAuthorizedȱAPsȱareȱ evaluatedȱagainstȱallȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱtheyȱareȱRogueȱorȱMisȬconfigured.ȱ x ȱ ¾ ¾ ¾ ¾ 7.1.6.2 ȱ ȱ :ȱClickȱtheseȱiconsȱtoȱperformȱtheȱfollowing:ȱ CopyȱtheȱselectedȱSSIDȱtemplateȱtoȱanotherȱlocation.
SettingȱupȱtheȱServerȱConsoleȱ classificationȱasȱitȱisȱtheȱmostȱreliableȱmechanismȱtoȱclassifyȱwirelessȱdevicesȱwhenȱmostȱofȱyourȱnetworkȱisȱmonitoredȱusingȱ SensorsȱandȱNDs.ȱ UnderȱRSSIȱThreshold,ȱselectȱoneȱorȱbothȱ(recommend)ȱofȱtheȱfollowingȱcheckboxes:ȱ x PreȬclassifyȱAPsȱwithȱsignalȱstrengthȱstrongerȱthanȱthresholdȱasȱRogueȱorȱAuthorizedȱAPsȱtoȱspecifyȱtheȱthresholdȱ RSSIȱvalueȱbasedȱonȱwhichȱtheȱsystemȱfurtherȱclassifiesȱAPs.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 92. AP Auto-Classification Policy UnderȱExternalȱAPs,ȱAirTightȱrecommendsȱthatȱyouȱselectȱAutomaticallyȱmoveȱPotentiallyȱExternalȱAPsȱinȱtheȱ UncategorizedȱlistȱtoȱtheȱExternalȱFolder.ȱTheȱsystemȱautomaticallyȱremovesȱanȱAPȱfromȱtheȱExternalȱfolderȱandȱmovesȱitȱtoȱ anȱappropriateȱAPȱfolderȱifȱitȱlaterȱdetectsȱthatȱtheȱAPȱisȱwiredȱtoȱtheȱenterpriseȱnetwork.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 93. Import Devices – APs YouȱcanȱmoveȱAuthorizedȱAPsȱtoȱtheȱAuthorizedȱfolderȱusingȱoneȱofȱtheȱfollowingȱmethods:ȱ x MoveȱanȱAPȱtoȱtheȱAuthorizedȱfolderȱusingȱrightȱclickȱandȱMoveȱoptionȱ x ImportȱtheȱAuthorizedȱAPȱlistȱ x SynchronizeȱwithȱanȱAPȱManagementȱServerȱ Note:ȱOnceȱyouȱmoveȱanȱAPȱtoȱtheȱAuthorizedȱfolder,ȱtheȱsystemȱneverȱautomaticallyȱremovesȱitȱfromȱtheȱAuthorizedȱfolder,ȱevenȱifȱitȱ laterȱdetectsȱthatȱtheȱAPȱisȱunwiredȱfromȱtheȱenterpriseȱnetwork.
SettingȱupȱtheȱServerȱConsoleȱ Figure 94. Import Authorized AP List InȱtheȱImportȱAuthorizedȱAPȱListȱdialog:ȱ UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ x AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱAPȱtoȱtheȱcorrespondingȱlocation.ȱ x ManuallyȱTagȱDevicesȱto::ȱClickȱȱtoȱmanuallyȱtagȱtheȱAPȱtoȱtheȱdesiredȱlocation.ȱ UnderȱEnterȱAPȱdetailsȱ ToȱaddȱanȱAP’sȱdetails,ȱtypeȱtheȱAP’sȱMACȱaddress,ȱIPȱAddress,ȱandȱNameȱandȱclickȱ>>>.
SettingȱupȱtheȱServerȱConsoleȱ 21. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱplaceȱAPsȱonȱtheȱfloormapȱtoȱ viewȱliveȱRFȱcoverageȱmapsȱforȱaȱlocationȱnodeȱandȱperformȱonȬfloorȱlocationȱtrackingȱofȱvisibleȱ802.11ȱdevices.ȱ ȱ Figure 96. Locations Screen UseȱtheȱfollowingȱstepsȱtoȱplaceȱAPsȱonȱtheȱfloormap:ȱ a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱnode.ȱ b. UnderȱAvailableȱDevices,ȱselectȱtheȱAPsȱtab,ȱthenȱdragȱandȱdropȱtheȱAPsȱonȱyourȱfloormap.ȱ 7.1.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 97. Client Auto-Classification Policy UnderȱInitialȱClientȱClassification,ȱspecifyȱifȱnewlyȱdiscoveredȱClientsȱatȱaȱparticularȱlocation,ȱwhichȱareȱUncategorizedȱbyȱ defaultȱshouldȱbeȱclassifiedȱasȱAuthorizedȱorȱUnauthorized.ȱ UnderȱAutomaticȱClientȱClassification,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱTheȱsystemȱautomaticallyȱreȬclassifyȱ UncategorizedȱandȱUnauthorizedȱClientsȱbasedȱonȱtheirȱassociationsȱwithȱAPs.ȱYouȱcanȱcategorizeȱtheȱfollowingȱtypesȱofȱ Clients.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 98. Import Devices – Clients InȱtheȱImportȱDevicesȱdialog,ȱunderȱImportȱClientȱList,ȱclickȱȱtoȱopenȱImportȱAuthorizedȱ ClientȱListȱdialogȱand/orȱclickȱȱtoȱopenȱImportȱUnauthorizedȱClientȱListȱdialog.ȱ InȱtheȱImportȱAuthorized/UnauthorizedȱClientȱListȱdialog:ȱ UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ x AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱAPȱtoȱtheȱcorrespondingȱlocation.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 99. Devices Screen – Clients UseȱtheȱfollowingȱstepsȱtoȱmoveȱaȱClientȱtoȱaȱspecificȱfolder:ȱ a. InȱtheȱClientȱlist,ȱrightȱclickȱtheȱdesiredȱClientȱrow.ȱ b. Fromȱtheȱresultingȱcontextȱsensitiveȱmenu,ȱselectȱMoveȱto….ȱ c. ClickȱtheȱdesiredȱcategoryȱtoȱwhichȱyouȱwantȱtoȱmoveȱtheȱClient.ȱ 7.1.8 Stepȱ8:ȱConfiguringȱIntrusionȱPreventionȱPolicyȱ 25. TheȱIntrusionȱPreventionȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ 7.1.8.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 100. Intrusion Prevention Policy Youȱcanȱenableȱintrusionȱpreventionȱagainstȱtheȱfollowingȱthreats:ȱ x RogueȱAPs:ȱAPsȱthatȱareȱconnectedȱtoȱyourȱnetworkȱbutȱnotȱauthorizedȱbyȱtheȱadministrator;ȱanȱattackerȱcanȱgainȱ accessȱtoȱyourȱnetworkȱthroughȱtheȱRogueȱAPs.ȱYouȱcanȱalsoȱautomaticallyȱquarantineȱUncategorizedȱIndeterminateȱ andȱBannedȱAPsȱconnectedȱtoȱtheȱnetwork.
SettingȱupȱtheȱServerȱConsoleȱ 7.1.8.2 IntrusionȱPreventionȱLevelȱ Theȱsystemȱcanȱpreventȱanyȱunwantedȱcommunicationȱinȱyourȱ802.11ȱnetwork.ȱItȱprovidesȱyouȱvariousȱlevelsȱofȱpreventionȬ blockingȱmechanismsȱofȱvaryingȱeffectiveness.ȱIntrusionȱPreventionȱLevelȱenablesȱyouȱtoȱspecifyȱaȱtradeȬoffȱbetweenȱtheȱ desiredȱlevelȱofȱpreventionȱandȱtheȱdesiredȱnumberȱofȱmultipleȱsimultaneousȱpreventionsȱacrossȱradioȱchannels.
SettingȱupȱtheȱServerȱConsoleȱ Note:ȱPreventionȱTypeȱdeterminesȱtheȱblockingȱstrengthȱtoȱpreventȱcommunicationȱfromȱunwantedȱAPsȱandȱClients.ȱTheȱsystemȱcanȱ preventȱmultipleȱAPsȱandȱClientsȱonȱeachȱchannel.ȱPreventionȱTypeȱisȱnotȱapplicableȱforȱDenialȱofȱServiceȱ(DoS)ȱattacksȱorȱadȱhocȱ networks.ȱYouȱmustȱselectȱaȱlowerȱblockingȱlevelȱtoȱpreventȱdevicesȱonȱmoreȱchannels.ȱChoosingȱaȱlowerȱblockingȱlevelȱmeansȱthatȱsomeȱ packetsȱfromȱtheȱblockedȱdeviceȱmayȱgoȱthrough.ȱ 7.1.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 103. Event Configuration – Monitoring Monitoringȱisȱfurtherȱdividedȱintoȱtheȱfollowing:ȱ x APȱ x Clientȱ x Sensorȱ x Serverȱ x Trafficȱ x Troubleshootingȱ OnceȱyouȱselectȱanyȱofȱtheȱaboveȱcategoriesȱandȱsubȬcategories,ȱaȱlistȱofȱrelatedȱeventsȱappears.ȱ Theȱeventsȱlistȱdisplaysȱtheȱfollowingȱcolumns:ȱ x Display:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱthatȱyouȱwantȱtoȱappearȱinȱtheȱmainȱEventsȱ screen.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 104. Event Advanced Settings 27. TheȱEmailȱNotificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱEmailȱNotificationȱnodeȱenablesȱyouȱtoȱ selectȱtheȱemailȱaddressesȱthatȱshouldȱbeȱnotifiedȱwhenȱanȱeventȱoccursȱatȱaȱparticularȱlocation.ȱYouȱcanȱselectȱfromȱtheȱ emailȱaddressesȱofȱsystemȱusersȱorȱaddȱaȱcustomȱemailȱaddress.ȱ ȱ Figure 105.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 106. Email Configuration Dialog Clickȱȱtoȱaddȱtheȱnewȱemailȱaddress.ȱ Selectȱanȱemailȱaddressȱandȱclickȱȱtoȱdeleteȱanȱexistingȱemailȱaddress.ȱYouȱcanȱdeleteȱmultipleȱemailȱaddressesȱusingȱ clickȬandȬdragȱorȱusingȱtheȱȱ+ȱȱkeysȱandȱthenȱclickingȱ.ȱ 28. TheȱReportsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱuseȱreportsȱgeneratedȱbyȱtheȱ systemȱandȱcreateȱcustomȱreports.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 108. c. d. e. f. g. h. Report Details Screen OnȱtheȱReportȱDetailsȱdialog,ȱunderȱReportȱName,ȱenterȱaȱunique,ȱuserȬfriendlyȱnameȱforȱtheȱreport.ȱ UnderȱReportȱDescription,ȱenterȱbriefȱnotesȱtoȱhelpȱidentifyȱtheȱreport.ȱ ClickȱUseȱdefaultȱlookȱandȱfeel,ȱtoȱretainȱtheȱdefaultȱtext,ȱtitle,ȱandȱcolorsȱforȱtheȱreports.ȱ Alternatively,ȱclickȱCustomizeȱlookȱandȱfeel,ȱtoȱcustomizeȱtheȱappearanceȱofȱtheȱreport.ȱ SelectȱtheȱReportȱHeaderȱtab.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 109. Report Details Screen showing Report Summary Tab x x i. DeȬselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱifȱyouȱdoȱnotȱwishȱtoȱviewȱtheȱReportȱSummaryȱinȱaȱtabularȱform.ȱ Alternatively,ȱselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱtoȱcustomizeȱparametersȱinȱtheȱReportȱSummaryȱtableȱ inȱtheȱgeneratedȱreport.ȱ ¾ SpecifyȱtheȱReportȱSummaryȱTextȱthatȱshouldȱappearȱasȱtheȱReportȱSummaryȱtableȱheading.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 110. Report Details Screen showing Report Sections Tab x j. UnderȱSectionȱTitle,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ ¾ SectionȱNameȱTitle:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱasȱaȱcommonȱheadingȱforȱallȱtheȱSectionȱNames.ȱ ¾ ClickȱȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱSectionȱNameȱTitle.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 111. c. d. e. f. g. h. i. Adding a Section to a Report OnȱtheȱAddȱSectionȱtoȱReportȱdialog,ȱenterȱaȱSectionȱNameȱandȱaȱSectionȱDescriptionȱforȱtheȱnewlyȱaddedȱsection.ȱ SelectȱtheȱcheckboxȱDisplayȱthisȱsectionȱtoȱviewȱthisȱsectionȱinȱtheȱgeneratedȱreport.ȱ UnderȱSectionȱQueryȱType,ȱselectȱDevice,ȱEvent,ȱorȱSAFEȱasȱtheȱqueryȱtype.ȱ SelectȱanyȱcombinationȱofȱtheȱAP,ȱClient,ȱandȱSensorȱcheckboxesȱtoȱincludeȱtheseȱdeviceȱtypesȱinȱtheȱreport.
SettingȱupȱtheȱServerȱConsoleȱ 7.1.9.5 CreatingȱaȱReportȱScheduleȱ Useȱtheȱfollowingȱstepsȱtoȱscheduleȱemailȱdeliveryȱofȱaȱreport:ȱ a. FromȱtheȱListȱofȱReportsȱtable,ȱselectȱtheȱreportȱthatȱyouȱwantȱtoȱschedule.ȱ b. Clickȱ.ȱTheȱGenerationȱandȱDeliveryȱOptionsȱforȱSelectedȱLocationȱdialogȱappears.ȱ ȱ ȱ Figure 112. c. Scheduling a Report for One Time Delivery FromȱtheȱFormatȱdropȬdownȱlist,ȱselectȱtheȱoutputȱtypeȱforȱtheȱreport,ȱthatȱis,ȱHTML,ȱXML,ȱorȱPDF.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 113. Scheduling a Report for Recurring Generation x e. f. ToȱscheduleȱaȱreportȱforȱRecurringȱGeneration,ȱperformȱtheȱfollowing:ȱ ¾ UnderȱScheduleȱReport,ȱfromȱtheȱGenerateȱReportȱEveryȱdropȬdownȱlist,ȱselectȱtheȱnumberȱofȱhours,ȱdays,ȱorȱ monthsȱoverȱwhichȱtoȱdeliverȱtheȱreport.ȱ ¾ ClickȱtheȱcalendarȱiconȱnextȱtoȱStartȱDateȱtoȱselectȱtheȱstartȱdateȱandȱtimeȱforȱtheȱreport.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 114. g. h. i. Specifying Additional Email Addresses for Report Delivery ClickȱȱtoȱcloseȱtheȱAdditionalȱEmailȱAddressesȱdialog.ȱ ClickȱȱtoȱcloseȱtheȱReportȱDeliveryȱdialog.ȱ Toȱscheduleȱtheȱreport,ȱclickȱ.ȱ 7.1.10 Stepȱ10:ȱCalibratingȱLocationȱTrackingȱ 29. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCalibrateȱyourȱsystemȱforȱaccurateȱlocationȱtracking.ȱ ȱ Figure 115.
SettingȱupȱtheȱServerȱConsoleȱ CalibrationȱhelpsȱinȱtuningȱRFȱparametersȱusedȱbyȱtheȱsystemȱtoȱcompareȱtheȱAPȱandȱSensorȱpredictionsȱtoȱactualȱ observations.ȱTheȱsystemȱhasȱaȱrobustȱcalibrationȱtechniqueȱthatȱalsoȱallowsȱmanualȱinterventionȱinȱcaseȱofȱdiscrepancy.ȱUseȱ theȱfollowingȱstepsȱtoȱcalibrateȱRFȱviews:ȱ a. Placeȱdevicesȱonȱtheȱfloormap.ȱ b. SelectȱtheȱViewerȱtab.ȱ c. SelectȱoneȱofȱtheȱAPȱorȱSensorȱviews.ȱ d. GenerateȱtheȱdesiredȱRFȱCoverageȱmapȱbyȱclickingȱ.ȱ e.
SettingȱupȱtheȱServerȱConsoleȱ 7.1.11 Stepȱ11:ȱLockingȱtheȱSystemȱConfigurationȱ 30. TheȱEventȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱtheȱsystemȱconfigurationȱisȱnotȱconfirmed,ȱyouȱ needȱtoȱgoȱbackȱtoȱtheȱpreviousȱstepsȱandȱcompleteȱanyȱadditionalȱconfiguration.ȱOtherwise,ȱinȱthisȱstep,ȱyouȱcanȱturnȱonȱ events.ȱTheȱsystemȱwillȱbecomeȱcompletelyȱoperationalȱafterȱactivatingȱintrusionȱprevention.ȱ ȱ Figure 117. Event Activation 31.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 118. Intrusion Prevention Activation 32. TheȱDeviceȱListȱLockingȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱyouȱhadȱpreviouslyȱunlockedȱtheȱlistȱofȱ AuthorizedȱAPsȱandȱClientsȱatȱaȱlocationȱbyȱdeȬcheckingȱtheȱtwoȱcheckboxesȱLockȱAPȱListȱforȱlocationȱ‘ȱandȱLockȱClientȱListȱforȱlocationȱ‘,ȱyouȱmayȱlockȱtheȱlistsȱforȱallȱlocationsȱwhereȱyouȱdoȱ notȱexpectȱmoreȱauthorizedȱAPsȱorȱClientsȱtoȱbeȱadded.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 119. Device List Locking 7.1.12 Stepȱ12:ȱCompletionȱofȱSetupȱWizardȱ 33. Thisȱmarksȱtheȱcompletionȱofȱtheȱsetupȱwizard.ȱTheȱDashboardȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱ Serverȱisȱconfiguredȱtoȱprotectȱyourȱnetworkȱagainstȱwirelessȱthreats.
SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 120.
ConfigȱShellȱCommandsȱ Chapterȱ8 8.1 ConfigȱShellȱCommandsȱ ServerȱConfigȱShellȱCommandsȱ ThisȱchapterȱdescribesȱtheȱcommandsȱinȱtheȱServerȱConfigȱShellȱusedȱtoȱreconfigureȱorȱmaintainȱtheȱServerȱafterȱrunningȱtheȱ ServerȱConfigurationȱWizard.ȱSomeȱcommandsȱdisplayȱtheȱstatusȱofȱtheȱServer.
ConfigȱShellȱCommandsȱ get sensor list Displays a list of Sensors and NDs get server config Displays the complete Server configuration which includes the Server ID, Server Version, Server Build, MAC address of the Network and HA Interface, Server Mode, Server Time Zone, Date and Time Settings, WLSE Integration Settings, Settings of Network Interfaces, and Server Processes get server check Runs a Server consistency check and display the results.
ConfigȱShellȱCommandsȱ set Commands Command Description set allowed ip Sets the list of IP addresses or subnets that are allowed to access this device set cert Installs a signed SSL certificate issued for the request generated using 'get certreq' set date Sets the current time zone, date, and time information on the Server; the Server needs to be rebooted for the date/time information to take effect set dbserver Starts/Stops the Database Server set erase Configures the backspace key set ha Enab
ConfigȱShellȱCommandsȱ Other Commands Command Description exit Exits the config shell session help Displays help for all the commands passwd Allows the admin to change the config shell password ping Pings a host reboot Reboots the Server reset factory Resets the Server to the factory defaults/out of the box status reset password gui Sets the Graphical User Interface (GUI) password for the user ‘admin’ to the factory default ‘admin’ shutdown Shuts down the Server gracefu
ConfigȱShellȱCommandsȱ ȱ 8.
ConfigȱShellȱCommandsȱ Other Commands Command Description exit Exists the Sensor config Shell session help Displays help for all commands help set Displays help for ‘set’ commands help get Displays help for ‘get’ commands help other Displays help for ‘other’ commands passwd Changes the config Shell password ping Pings a host. Usage: ping e.g. ping 192.168.1.
Troubleshootingȱ Chapterȱ9 9.1 Troubleshootingȱ ServerȱTroubleshootingȱ ȱ Problem After changing the IP address of the Server, the computer used to configure the Server gets disconnected. On typing ‘https:// wifisecurity-server’ in the IE 5.5 browser, the ‘Login’ screen does not appear even after adding a DNS entry ‘wifi-security-server’ for the Server. Solution The subnet mask of the computer used to configure the Server may not be the same as that of the Server.
Troubleshootingȱ No events are being reported or the device status is stale (not updated). Check the status of the Server on the Administration screen. If the Current Status field shows or , click the Start Server button in the Server Status section. Check the status of the Server on the Administration screen. No Sensor is connected to the Server. If the Current Status field shows or , click the Start Sever button in the Server Status section.
Troubleshootingȱ ȱ 9.2 SensorȱTroubleshootingȱ ȱ ȱ Symptoms Diagnosis Solution LED1: Solid Orange LED2: Fast Blink The Sensor did not receive a valid IP address via the DHCP. The DHCP Server is unreachable. Restore the connectivity to the DHCP Server or set a static IP address via the HTTP interface or the Config Shell CLI. LED1: Solid Orange LED2: Slow Blink Unable to connect to the Server. Ensure that the Server is running and is reachable from the network to which the Sensor is attached.