1. Preface
Today, the popularity of mobile devices be quickly applied, many employees have a none corporate mobile device (IPAD, iPHONE, etc.) , it challenges the network security of corporate to connect a mobile device to wireless corporate network as one pleases, to prevent that employees connect their mobile device to wireless corporate network to use the corporate internet to surf, it is an important task for us, how to do this? The following example will demonstrate the point.
2. Network deployment
We need tow network devices, a switch with mirror port and a wireless router and application can send data via mirror port of switch, see the following figure:
Step1: To connect a PC to wireless router and change LAN port IP address of the wireless router, it will avoid conflicts with other devices within the network.
Step2: Disenable DHCP function of the wireless router.
Step3: Connect the wireless router to switch via LAN port of the wireless router.
Step4: Set mobile devices and connect them to wireless router.
Step5: Connect the monitor PC with Sax2 to mirror port of the switch.
3. Build a policy for Sax2 to prevent mobile devices access to app store
Step1: Launch Sax2 and open the "security policy" window, then derive a new policy set from the "default" policy set, see the following figure:
Step2: Select the new policy set and click the "edit" button on left to open setting window, see the following figure:
Step3: Switch to “Custom” page and select the “HTTP” item in right pane, click the “New” button to create a new policy, then enter the name of policy, select “Blocking and Log” response scheme, enter domains to be prohibited access, for example: www.ids-sax2.com, to here, the settings has been finished, see the following figure:
Step4: Save settings of policy and apply the new policy set, now we can prevent mobile devices to connect internet