Best security practice on IAP
04-05-2019 08:42 AM - edited 04-09-2019 06:34 PM
What are the best security practices to implement on IAP? Few I can think of;
Block RFC 1918 addresses on Guest wireless.
Block access to instant.arubanetworks.com & securelogin.arubanetworks.com per SSID on corp.
Is it necessary to block PAPI communication between SSID?
Re: Best security practice on IAP
07-31-2019 10:55 PM - edited 07-31-2019 10:58 PM
in my opinion, it is not really necessary to block PAPI, however you can
- enable cluster security
- disable telnet access
- enable "protection from wired attacks"
- use inbould firewall use to provide mgmt access from a specific subnet
- use IDS/IPS functionality relevant to your organisation
- use the relevant WebCC rules to compliment your egress firewall policies
finally there is a new feature in Instant 8.5 around client isolation.
check this tutorial.