Product Specifications

Technical Specifications

Network Access Control

Support wired, wireless and VPN network access control (NAC) 

Support IEEE 802.1x access authentication, without the need for any client agent installation

Support MAC address authentication, without the need for any client agent installation

Support Web Portal authentication for staff.

Support two-factor authentication using user credentials as well as one-time password via SMS to verify user’s pre-registered mobile phone number 

Support Web Portal authentication for visitors 

Support Web Self-Service Platform for visitors to establish temporary/one-time user accounts (via SMS) 

Support QR-Code authentication for Visitors

Visitors require QR-Code authorization by any authenticated user before network access

Support different QoS bandwidth policies application to different users based on their role within the organization and the device type currently in use

Support per user, per device, and per application/TCP-port prioritization (require integration with Ruijie RG-ACE Internet Application Security Gateway)

Support web-based management interface

Support report and analysis generation to show details and correlation of user, authentication and device information for troubleshooting and locating problems

Support AAA framework providing complete separation of Authentication and Authorization sources

Support authorization for LDAP, AD, Kerberos, Token Server, SQL compliant database

Support integrated, network based, device profiler utilizing collection via SNMP, DHCP, HTTP, AD and ActiveSync

Support complex PKI deployment and AAA server certificate signed by external CA whilst validating internal PKI signed client certificates

Support NAC health check allowing both agent and agentless methods and the solution acts as a permanent or dissolvable health agent for Windows, Linux, and Macintosh platforms

Third-party Certification System Integration

Support 3^rd party Radius authentication integration

Support from based on Java / web service interface to read the user data of third-party certification information

Support Microsoft Windows Active Directory (AD) domain integration, including with seamless Single-Sign-On integration for a complete 802.1X authentication and Windows AD authentication

Support the integration with the LDAP server to obtain user identity information to achieve unified authentication

Learning and Support for Multi-element Binding

Support terminal hard drive serial number, SSID, user name, password, terminal IP, terminal MAC, network access control device (NAS) IP, NAS port active learning as well as multi-element flexible combination of binding elements. (May require agent installation)

User Management

Support account creation, cancellation, user group management 

Support customized user information fields, such as department, age, etc. 

Support Self-Service Platform (Web) for visitors to establish temporary/one-time user accounts 

Support dynamic user blacklist which prohibit user for landing in specified period of time 

Support for setting account period of use, auto account cancellation when expired with user notification in advance

Support users login broadcast messages pop up, or web page pop-up 

Support Disclaimer Acceptance message pop up, visitor need to click “Accept” before entering the network

Support authentication suspension period, during that period the user disable cannot authenticate and no Internet access

Support online user management, including message broadcast, online users status review, forced offline as well as online user re-authentication, information gathering and remote assistance

Support maximum user password attempts before user account locked

Support direct access to the user's physical NIC MAC address, to prevent tampering with the MAC address

Support limited number of devices, quota or bandwidth per user

Support caching of MAC address for post guest authentication and guests do not need to re-authenticate during the valid access period

Support bulk import of guest accounts and enable notification of credentials via email

Support sponsored approval workflow for guest self-registration which new SSID registration requires approval from internal staff 

Support display of post login session statistics page for users to review and monitor usage or quota assigned

Supports network-based devices ACL, VLAN, and host ACL network access control

User Authentication

Support seamless 802.1x authentication, without the need for any client agent installation and multi-vendor network access

Support Web Portal authentication for staff

Optionally support two-factor authentication using user credentials as well as one-time password via SMS to verify user’s pre-registered mobile phone number 

Support Web Portal authentication for visitors 

Support Web Self-Service Platform for visitors to establish temporary/one-time user accounts (via SMS or e-mail) 

Support QR-Code authentication for Visitors
Visitors require QR-Code authorization by any authenticated user before network access

Support MAC Address Bypass (MAB) authentication for devices cannot support IEEE 802.1x protocol

Support auto-login for self-registration workflow

End Point Compatibility

Support the latest Windows, Mac desktops and support for Apple, Android mobile device platform

Support device-based portal page and automatic screen fit feature for various screen resolution mobile device platform

Host Security Management

(Agent installation required)

Support 3^rd party antivirus software integration, allowing software installation detection, operation, and updates patches can be pushed remotely 

Support integration with Windows Security Center

Support the installation program to detect and repair of software that must be installed to force the download and installation, prohibit the installation software prompts to uninstall; support processes running, registry keys, Windows service entry inspection and repair; supports external connection port for management, prohibiting the use of USB, CD-ROM loaded with connectors; supports Windows patch updates the mandatory or non-mandatory; support switch-based ACL, the switch VLAN, ACL implementation of quarantine host

Asset

Management

(Agent installation required)

Support the collection of the user's software and hardware information, hardware information when the user changes, the ability for CPU, memory, motherboards, hard drives and other information for logging

Network Security Management

Support ARP spoofing prevention capabilities that enable trusted gateway ARP entries to prevent ARP spoofing gateway device is, the client also supports static binding ARP information.

Support role-based user security management

Support dynamic, stateful access rights into the network once authenticated based on source, destination, and/or ports

Support defining rules for access rights based on any combination of time, location, user identity, device identity, and extended attributes from the authentication database

Support defining policies for users who can access the network, with which mobile device and which areas of the network they can access

Support to allow traffic, deny traffic, reject traffic, route traffic, and blacklist (remove from the network)

Support blacklisting of wireless devices once firewall / ACL access rule violations are detected or revocation it

(Ruijie SMP Client installation is required)

Support to automatically recognize the operating system and product type of the end device

Support display of internet usage by users (integration with RG-ACE Internet Application Security Gateway required)

Support integration with RG-IDS devices that can collect IDS devices reported security incidents and the source of the attack for direct processing; critical server's IP address set for more sensitive event handling for protection

User-based Internet Application Control

• Support integration with RG-EG Next-Generation Integrated Gateway Series

; the gateway support real-time analysis on the L7 Internet Application that the authenticated users are using; the gateway support user-based application control which the user can be selected from the Authentication System

System Reliability

Support over 50,000 users by license extension

Support backup cluster node with uninterrupted authentication traffic during node failure occur

Support high availability redundancy design for resiliency