Profile Configuration
7-47
7.4.4 Profile Security Configuration and Deployment Considerations
Profile Security Configuration
Before defining a profile’s security configuration, refer to the following deployment guidelines to ensure the
profile configuration is optimally effective:
• Ensure the contents of the Certificate Revocation List are periodically audited to ensure revoked
certificates remained quarantined or validated certificates are reinstated.
• NAT alone does not provide a firewall. If deploying NAT on a profile, add a firewall on the profile to
block undesirable traffic from being routed. For outbound Internet access, a stateful firewall can be
configured to deny all traffic. If port address translation is required, a stateful firewall should be
configured to only permit the TCP or UDP ports being translated.
To Next Page
Loading...
