Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 197
Brocade Mobility Access Point System Reference Guide
187
53-1003100-01
5
FIGURE 85
Profile Security - Source Dynamic NAT screen - Add Row field
10. Select OK to save the changes made within the Add Row and Dynamic NAT screens. Select
Reset to revert to the last saved configuration.
Profile Security Configuration and Deployment Considerations
Profile Security Configuration
Before defining a profile’s security configuration, refer to the following deployment guidelines to
ensure the profile configuration is optimally effective:
•
Ensure the contents of the certificate revocation list are periodically audited to ensure
revoked certificates remained quarantined or validated certificates are reinstated.
•
NAT alone does not provide a firewall. If deploying NAT on a profile, add a firewall on the
profile to block undesirable traffic from being routed. For outbound Internet access, a
stateful firewall can be configured to deny all traffic. If port address translation is required,
a stateful firewall should be configured to only permit the TCP or UDP ports being
translated.
Virtual Router Redundancy Protocol (VRRP) Configuration
A default gateway is a critical resource for connectivity. However, it’s prone to a single point of
failure. Thus, redundancy for the default gateway is required by the access point. If WAN backhaul
is available on an Brocade Mobility 7131 Access Point, and a router failure occurs, then the access
point should act as a router and forward traffic on to its WAN link.
Define an external Virtual Router Redundancy Protocol (VRRP) configuration when router
redundancy is required in a wireless network requiring high availability.
Central to the configuration of VRRP is the election of a VRRP master. A VRRP master (once
elected) performs the following functions:
•
Responds to ARP requests