SafeConnect Technical Requirements

Infrastructure Requirements

Directory Server

Requirements

Additional Information

LDAP

LDAP compliant directory server

MySQL

v4.2 or higher

User information stored in a single table:

  • Username

  • Password

  • Group Membership

  • Expiration

  • Password encoding (if applicable)

Secure LDAP

  • Public CA

  • Self-Signed Certificate

  • Copy of organizations Trusted Root Cert in PEM or Base64 format

  • Copies of other server certificates may also be needed

DHCP Service

Requirements

Additional Information

Aruba

Wireless Controllers

 

Cisco1

Cisco, CiscoCatalyst, ASA

 

Windows

Server 2003 or higher

Windows Server 2003 or newer

Requires installation of SafeConnect DHCP Syslog Relay service

Minimum 700 MB disk space

Other2

Bluecat, Infoblox, Lucent, SonicWALL

 

Domain Single Sign On (SSO)

Requirements

Operating System

Windows Vista or newer

OSX 10.6 or newer3

Domain Managed

Required

Other

Domain Controller IP’s and IP’s necessary for login scripts must be exempted from SafeConnect policy enforcement

RADIUS Single Sign On (SSO)

Requirements

Additional Information

RADIUS Accounting

Required

 

RADIUS Authentication

User Account Based

 

RADIUS Controller

Required

SafeConnect Appliance will need IP address(es) and shared secret are required to be configured

SAML Single Sign On (SSO)

Virtual Enforcer System Requirements

Appliance Specifications

SafeConnect Hyper-V Enforcer

Server

Microsoft Server 2012 R2

Hyper-V Version

Hypervisor Generation 2

CPU

2 Quad Core CPUs (2-3Ghz)7

Memory

18 GB Minimum8

Hard Drive Storage

350 GB Minimum9

Appliance Scalability

Up to 20,000 Devices

Network Interface

Gigabit NIC

VMWare vSphere

Large Standalone Appliance or Manager for a cluster (Up to 25,000 concurrent devices)

Appliance Specifications

SafeConnect VMWare Enforcer

VMWare Version

ESXi 5.1 or newer

Virtual Hardware Version

Minimum version 8

CPU

4 Quad Core CPUs (2-3Ghz)

Memory

32 GB Minimum

Hard Drive Storage

500 GB Minimum

Appliance Scalability

Up to 25,000 Devices

Network Interface

Gigabit NIC

Medium Standalone Appliance or Enforcer in a cluster (Up to 10,000 concurrent devices)

Appliance Specifications

SafeConnect VMWare Enforcer

VMWare Version

ESXi 5.1 or newer

Virtual Hardware Version

Minimum version 8

CPU

2 Quad Core CPUs (2-3Ghz)4

Memory

16 GB Minimum5

Hard Drive Storage

300 GB Minimum6

Appliance Scalability

Up to 25,000 Devices

Network Interface

Gigabit NIC

Standalone Appliance Small Footprint (up to 1000 concurrent devices)

Appliance Specifications

SafeConnect VMWare Enforcer

VMWare Version

ESXi 5.1 or newer

Virtual Hardware Version

Minimum version 8

CPU

2 CPU Cores (2-3Ghz)4

Memory

4 GB Minimum5

Hard Drive Storage

300 GB Minimum6

Appliance Scalability

Up to 1,000 Devices

Network Interface

Gigabit NIC

VMWare Cluster

Appliance Specifications

SafeConnect VMWare Policy Enforcer

SafeConnect VMWare Policy Manager

VMWare Version

ESXi 5.1 or higher

Virtual Hardware Version

Version 8 or higher

CPU

2 Quad Core CPUs (2-3Ghz)4

Memory

16 GB Minimum5

16 GB Minimum5

Hard Drive Storage

300 GB Minimum6

300 GB Minimum6

Appliance Scalability

25,000 (per Enforcer/Manager)

Network Interface

Gigabit NIC

Microsoft Hyper-V

Standalone Appliance

Appliance Specifications

SafeConnect Hyper-V Enforcer

Server

Microsoft Server 2012 R2

Hyper-V Version

Hypervisor Generation 2

CPU

2 Quad Core CPUs (2-3Ghz)7

Memory

18 GB Minimum8

Hard Drive Storage

350 GB Minimum9

Appliance Scalability

Up to 20,000 Devices

Network Interface

Gigabit NIC

End User Device Requirements

Policy Key System Requirements

Microsoft Windows

Device Requirements

Operating System

Windows Vista or newer

Service Pack

NA

Memory

1 GB

CPU

Single Core 1.6Ghz

Hard Drive Storage

100 MB

Administrative Rights

No

Mac OS X

Device Requirements

Operating System

10.6 or newer

Memory

1 GB

CPU

Single Core 1.6Ghz

Hard Drive Storage

100 MB

Administrative Rights

Yes (for installation only)

Web Browser Support

Microsoft Windows

Device Requirements

Internet Explorer

v9+

Mozilla Firefox

v35+

Google Chrome

v40+

Mac OS X

Device Requirements

Safari

v6.1.6+

Mozilla Firefox

v35+

Google Chrome

v40+

Secure BYOD Onboarding System Requirements

Requirements

Version

Additional Information

Android

2.1 or newer

 

Blackberry

NA

Does not support Secure BYOD Onboarding but step by step instructions available

ChromeOS

Any

 

iOS

v4.0 or newer

 

Linux

Most major platforms

Requires Python

Mac OS X

OS X 10.5 or newer

OS X 10.4 does not support Secure BYOD Onboarding but step by step instructions available

Nokia

NA

Does not support Secure BYOD Onboarding but step by step instructions available

Windows

Windows XP or newer

Windows RT is also supported

Windows Phone/ Windows Mobile

NA

Does not support Secure BYOD Onboarding but step by step instructions available

Network Integration Requirements

Layer 2 Wired Integration Switch Support10

Function/Feature

Switch Requirement

802.1X Authentication (supplicant)

802.1X

MAC Authentication (no supplicant)

802.1X, MAB

MAC Authentication (no supplicant) with Identity

802.1X, MAB, COA, Redirect-URL or VLAN Assignment plus upstream Layer3 Redirect/PBR

Layer2 Network Access Assignment

802.1X, MAB, COA, Filter/VSA or VLAN Assignment

Layer2 Network Access Quarantine

802.1X, MAB, COA, Redirect-URL or VLAN Assignment plus upstream Layer3 Redirect/PBR

Vendor Support

Vendor

OS/Firmware Requirements

Aruba

ArubaOS 7.4.1.7 – Tested

Other ArubaOS: Contact OPSWAT Support

Cisco

Catalyst 2960 LAN Base

IOS 15.0(2)SE11

IOS v12.2(55)SE5 5

Catalyst 2960-C

Catalyst 3560-C

IOS 15.2(2)E4

IOS 12.2(55)EX3

Catalyst 2960-Plus

Catalyst 2960-SF

IOS 15.2(2)E4

IOS 15.0(2)SE7

Catalyst 2960-S

IOS 15.2(2) E6

IOS 15.0.2-SE10a

15.0(2)SE11

IOS 12.2.(55)SE5

Catalyst 2960–XR

Catalyst 2960–X

IOS 15.2(2) E6

IOS 15.2(2)E5

IOS 15.2(4)E2

15.2.6E1(ED)

IOS 15.0.2A-EX5

Catalyst 2960-CX

Catalyst 3560-CX

IOS 15.2(3)E1

IOS 15.2(3)E

Catalyst 3560-G

Catalyst 3750-G

Cat 3750-E

IOS 15.2(2) E6

IOS 12.2(55)SE10

12.2(55)SE11

IOS 12.2(55)SE5

Catalyst 3560V2

Catalyst 3750V2

IOS 12.2(55)SE10

IOS 12.2(55)SE5

Catalyst 3560-E

IOS 15.0(2)SE11

IOS 12.2(55)SE5

Catalyst 3560-X

IOS 15.2(2) E6

IOS 15.2(2)E5

IOS 12.2(55)SE5

Catalyst 3650

IOS XE 16.3.3

IOS XE 3.6.5E

IOS 16.6.2 ES

IOS XE 3.3.5.E

Catalyst 3750-E

IOS 15.2(2) E6

IOS 15.0(2)SE11

IOS 12.2(55)SE5

Catalyst 3750-X

IOS 15.2(2) E6

IOS 15.2(2)E5

IOS 15.2(4)E2

IOS 12.2(55)SE5

Catalyst 3850

IOS XE 16.3.3

IOS XE 3.6.5E

IOS 16.6.2 ES

IOS XE 3.3.5.E

Catalyst 4500-X

IOS XE 3.6.6 E

IOS 15.2(2)E5

IOS 15.2(4)E2

IOS 15.2(6)E

IOS XE 3.4.4 SG

Catalyst 4500 Supervisor 7-E, 7L-E

IOS XE 3.6.4

IOS XE 3.4.4 SG

Catalyst 4500 Supervisor 6-E, 6L-E

IOS 15.2(2)E4

IOS 15.2(2)E

Catalyst 4500 Supervisor 8-E

IOS XE 3.6.4

IOS XE 3.6.8E

IOS XE 3.3.2 XO

Catalyst 6500-E (Supervisor 32)

IOS 12.2(33)SXJ10

IOS 12.2(33)SXI6

Catalyst 6500-E (Supervisor 720)

IOS 15.1(2)SY7

IOS v12.2(33)SXI6

Catalyst 6500-E (VS-S2T-10G)

IOS 152-1.SY1a

IOS 15.0(1)SY1

Catalyst 6807-XL

Catalyst 6880-X (VS-S2T-10G)

IOS 152-1.SY1a

IOS 15.0(1)SY1

Catalyst 6500-E (Supervisor 32)

IOS 12.2(33)SXJ10

IOS 12.2(33)SXI6

Catalyst 6848ia

IOS 152-1.SY1a

IOS 15.1(2) SY+

Catalyst 9300 6

IOS 16.6.2 ES

IOS 16.8.1a

IOS 16.6.2 ES

Catalyst 9400 7

IOS 16.6.2 ES

IOS 16.8.1a

IOS 16.6.2 ES

Catalyst 9500 8

IOS 16.6.2 ES

IOS 16.8.1a

IOS 16.6.2 ES

Brocade

ICX 6430: 8.0.20 or later

ICX 6450: 8.0.20 or later

FCX: 8.0.20 or later

ICX 6610: 8.0.20 or later

ICX 7250: 8.0.30 or later

ICX 7450: 8.0.20 or later

ICX 7750: 8.0.20 or later

ICX 6650: 08.0.01 Flexible Authentication (CoA) not supported

FSX 800 FSX 1600: 08.0.01 Flexible Authentication (CoA) not supported

Other Models: Contact OPSWAT Support

Dell

N-Series Switches (OS6) 6.2.0.5 or later

Juniper

EX Series switches:

15.1R3 or later

HP

Contact OPSWAT Support

Other

Contact OPSWAT Support

Wireless Integration Support

Function/Feature

Switch Requirement

Hardware

Aerohive16

Aruba

Cisco

Cisco Meraki

Ruckus

Xirrus

Other - Contact OPSWAT Support

Minimum Version

Aruba Wireless Controller 6.3 or later

Cisco Wireless Controller 7.2 or later

Cisco Meraki AP’s firmware (July 2016 or Later)

HiveManager 6.4.r115 or later

HiveManager NG

Ruckus ZoneDirector 9.13 preferred (9.10 or later supported)

Ruckus Cloud Managed Wi-Fi

Xirrus Cloud Management System

Controller Modes

Aerohive

HiveManager 6 Enterprise Mode

HiveManager NG

Aruba – Policy Enforcement Firewall (PEF) License17

Cisco – Central Switching11

Cisco Meraki19

Ruckus20

Ruckus AP’s connected to Cloud Managed Wi-Fi

Xirrus AP’s connected to the Xirrus Cloud Management System

Layer3 Integration Switch/Router Support

Function/Feature

Switch Requirement

Layer3 Authentication and Enforcement/Quarantine

Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)11, 12, 13

Contextual Intelligence Publisher

Requirements

Version

 

Exinda

v6.0 or higher

 

iBoss

v6.0 or higher

 

Palo Alto

v5.0 or higher

 

Procera

 

 

SonicWALL

v6.0 or higher

 

Syslog

Any

Must support LEEF, CEF or Key-Value Format

RADIUS Accounting

NA

 

Notes

1 – Cisco Wireless Controllers are NOT supported

2 – Other environments may be supported, provided the syslog output is comparable to one of the supported environments.

3 – AD Connecter is required for OSX Single Sign On

4 – VMWare Dedicated CPU resource is required

5 – VMWare Dedicated Memory resources are required

6 – VMWare Dedicated 300GB of storage required

7 – Dedicated CPU resource is required

8 – Dedicated Memory resources are required

9 – Dedicated 300GB of storage required

10 – All features require RADIUS Accounting

11 – Full RBE requires user traffic be switched by the controller, VLAN assignment only is available with local switching

12 – Maximum capacity will vary based on PBR CAM table size, CPU utilization and other factors

13 – PBR on HP chassis models mandate only v2 modules be installed, PBR with v1 modules installed is not supported

14 – Some Cisco switches may require specific modules to support Netflow, refer to manufacturer’s documentation

15 – Most Aerohive Access Points require HiveOS 6.5r4. For specifics on your Access Point requirements please contact OPSWAT

16 – VLAN assignment using Aerohive User Profiles is not supported, please contact OPSWAT Support with any questions

17 – Aruba Instant AP’s do not require PEF license

18 – Flexible Authentication Required

19 – Cisco Meraki July 2016 Firmware with NAC Authentication (External Auth)

20 – Layer 3 Required for PBR