The ArubaOS Policy Enforcement Firewall (PEF) module provides identity-based controls to enforce application-layer security and prioritization.
With PEF™, IT can enforce network access policies that specify who may access the network, with which mobile devices and which areas of the network they may access.
The Aruba AppRF technology integrated with PEF delivers mobile application traffic visibility through a simple dashboard that shows the applications in use by user and device.
Working with Aruba Adaptive Radio Management™ (ARM) technology, which optimizes Wi-Fi client behavior and makes sure that APs stay clear of RF interference, PEF makes intelligent decisions over the air based on its knowledge of mobile apps and devices.
Deep insight into Layer 4-7 traffic and intelligent analysis allows the Aruba AppRF technology in PEF to identify mobile apps, network services like Apple AirPrint and AirPlay, web-based applications, and encrypted applications.
IDENTITY-BASED POLICY CONTROLS
PEF with AppRF technology provides user-level awareness of all traffic across the network. Aruba Mobility Controllers support multiple user categories on a single network, spanning wired, wireless and VPNs.
During the network sign-on process, the identity and role of each user or device is learned. Employees and other authorized internal users can be treated as a single class or further subdivided according to information found in a directory server.
Once the role of the user or device is determined, policies are applied based on a series of administrator-defined templates. These policies follow the user throughout the network and are applied uniformly across wireless, wired and VPN connections.
INTELLIGENT APPLICATION IDENTIFICATION
Deep insight into Layer 4-7 traffic and intelligent analysis allows Aruba AppRF technology to identify many new types of applications:
- Mobile applications: Aruba AppRF technology distinguishes corporate applications like Box from personal applications like Apple FaceTime, even when they are running on the same mobile device.
- Network services like Apple AirPrint and AirPlay: Aruba optimizes IP multicast video traffic and automatically prioritizes services, and adds policy controls.
- Web-based applications: Many web-based applications use the same port to communicate with clients and appear as HTTP traffic. Aruba AppRF technology resolves the destination address to identify unique applications like Facebook, Twitter, Box, WebEx and hundreds of others.
- Encrypted applications: For encrypted traffic, Aruba AppRF technology uses heuristics to look for traffic patterns and establishes a unique fingerprint to identify those applications.
For the first time, Aruba gives IT a simple, powerful view of mobile app usage and performance on the WLAN. Mobility Controllers display clickable charts with overview information on applications in use, which are sortable by user ID, application, role and other criteria.