Pulse Secure Steel-Belted Radius
Network Access Security Solution for Enterprises

• Standardizes and enforces unified authentication and security
• Implements robust controls on users and their network access
• Determines and aids in enforcing who can connect to the network, when, and for how long

• Extremely reliable performance with a minimum of downtime and productivity loss, increasing ROI

• Standards-based and vendor-agnostic, interfacing seamlessly with network access equipment from different vendors simultaneously to protect existing network equipment investments
• Designed for compatibility and interoperability, supporting current and future network configurations
• Instantly accommodates new employees and legacy systems

• Saves support staff time and expense while increasing productivity through dynamic reporting and statistics, as well as comprehensive, granularly detailed log files
• Decreases administrative time, load, and cost while limiting administration and configuration errors via centralized administration and management features, and automated or customized configuration tools and processes

• Empowers administrators with enhanced security controls
• Provides unsurpassed business logic controls that allow administrators to determine what levels of authentication and authorization they require based on the access being requested by the user
• Offers virtually anytime/anywhere administration

• Delivers cross-platform (Windows, Solaris, Linux), multivendor, multiple authentication method support
• Supports all popular stores of user credentials (Microsoft Active Directory, LDAP, SQL, Token, Proxy Radius)

• Customized dictionaries
• Proxy realms

• Works seamlessly with a variety of network access equipment, in virtually any combination.
• Customized dictionaries describe each vendor’s extensions to the RADIUS protocol, supporting 100+ vendor-specific dictionaries, with updates or additions to the dictionaries easily accomplished.
• As an option, can direct RADIUS requests to another AAA server.

• Offers best-in-class AAA control for virtually all deployment types and vendor products.
• Seamlessly operates in a heterogeneous network environment, simplifying deployment and day-today operations.
• Leverages your existing network equipment, saving you deployment time and additional expense.

• EAP-TTLS
• EAP-PEAPv0/v1
• EAP-TLS
• EAP-FAST and LEAP
• EAP-POTP
• EAP-MD5
• PAP
• CHAP
• MS-CHAP
• MS-CHAPv2

• A native database of up to 20,000 users and their passwords.
• Microsoft Windows Domains and UNIX security systems, including Microsoft Active Directory (with full support for MS-CHAP extensions to support change of expired passwords).
• Extensible Authentication ProtocolTransport Layer Security (EAP-TLS) and Active Directory (AD) accounts, enabling Machine Authentication with EAP-TLS and User Authentication with EAPTLS with AD.
• UNIX local users and groups, and Solaris Network Information Services+.
• Token-based authentication systems, such as RSA Security Authentication Manager (RSA SecurID).
• LDAP directories, including Novell eDirectory, Sun Java System Directory Server, and open LDAP.
• SQL databases, including MySQL and Oracle, with support for the Oracle 10g client for SQL authentication and accounting provided via the Native Oracle client (Solaris version only); JDBC (Linux and Solaris versions only); and ODBC (Windows version only).
• Any ODBC- or JDBC-compliant database.
• TACACS+ authentication.
• Other RADIUS servers, for proxy authentication.

• Saves time and cost by allowing you to use your existing authentication database or data store to authenticate LAN, WLAN, remote/VPN, and wired 802.1X users.
• Authentication is not limited to just user name/ password queries.
• Take full advantage of the power of an LDAP directory to manage your users.

• Microsoft Windows ((Windows XP (all 32-bit editions); Windows Server 2003 (all 32-bit editions)).
• Solaris (Solaris 9 or 10 running on SPARC or UltraSPARC).
• Linux (32-bit versions of Red Hat Enterprise Linux ES or AS 4.0 and Red Hat Enterprise Linux ES or AS 4.5).

• Allows a default profile to be assigned to an individual user gaining network access via a particular RADIUS client; will be used as the default profile if no attributes or other profiles exist for the user.
• Enables the user device to determine the nature of the access provided for proper authentication.
• As an option, on a client-by-client basis, can allow an administrator to ignore a user’s profile and/ or attributes in favor of a profile and/or attributes associated with the RADIUS client.
• Also available as an option, enables an administrator to choose which attributes— user or client profile—will take precedence if normal profile merge rules apply.

• View entire history of authentication requests and responses.
• Track length of user connections with RADIUS accounting.
• View statistics on authentication, accounting proxied requests, and more.
• Compile information into informative, searchable reports.
• Accounting records can be saved locally to a comma separated values (CSV) file or recorded to SQL

• Simplifies diagnostics and troubleshooting.
• Decreased problem diagnosis time = decreased support costs.
• Sophisticated logging, auditing, and report features make it easy to view network and user activities from a variety of perspectives; they also enhance your ability to address and comply with industry and government regulations.

• Empowers administrators to track who logged onto or disconnected from an SBR Enterprise Series server and when, and what changes were made to the server.
• Supports local storage of audit logs to the server being administered, in an administratordefinable directory with retention for an administratordefined time period.

• Ensures a high level of administrative accountability.
• Supplies a substantive audit trail and peace of mind to your operations team.
• Also helps address compliance with regulatory requirements.

• Quick, easy provisioning, administration, and maintenance
• Web-delivered administration user interface
• Centralized administration via Java-based administration program
• RADIUS clients via IP address range

• Enables administrative operation from any supported platform accessible through any supported Web browser (Internet Explorer, Netscape Navigator, Firefox).
• Manage multiple SBR Enterprise Series servers from the same user interface.
• An easy-to-use LDAP Interface is available for most SBR Enterprise Series administrator functions.

• Simplifies administration and maintenance.
• Delivers multi-platform administrative support.
• Allows for the administration of SBR Enterprise Series servers from virtually any machine, at any location.
• Drives administrative costs down through the use of automated and/or customized configuration tools and processes.
• Diminishes administrative workload.

• Enables you to quickly and simply address increased traffic and distributed authentication, and prevents the modification of certain SBR Enterprise Series servers.
• Significantly reduces the time needed to bring devices and users online.
• Eases server configuration and deployment.

• Create, modify, and delete filters
• View existing filters
• Locate specific filters given a set of criteria

Data can be replicated across multiple SBR Enterprise Series servers.

• Manage and configure all available EAP types. • Manage server certificates. • Create an administrator-configurable certificate expiration warning. • Provides the option of allowing users to replicate the server certificate. • Supplies the means to create a certificate signing request (CSR) that may be saved to a file for submission to a Certificate Authority (CA). • Manage trusted root certificates.

• Querying and modifying any attribute-value pair (AVP) in the authentication or accounting request during the realm selection process
• Querying an LDAP server or an SQL database during the realm selection process
• Allowing the continued use of a routed-proxy mechanism for realm selection

JavaScript Filter Selection supports:

• Querying and modifying any AVP in the authentication or accounting request during the filter selection process
• Querying an LDAP server or an SQL database during the filter selection process

• Enables you to configure SBR GE more precisely, allowing for better enforcement of your business requirements.
• Provides unparalleled flexibility for changing rules.
• Scripting filter rules allow for greater logic to address special cases.

• Enables administrators to group RADIUS client objects together as a single object in the SBR GE administrator user interface.
• Allows for the association of a profile with a RADIUS client group object, and allows the group to supersede individual clients’ profile settings.

• Based on failed access attempts and authentication attributes.
• Set limits on the number of active connections per user, network access to specific accounts, and concurrent network connections by criteria such as user and group.

• Increases your control over user sessions and connections.
• Provides you with additional granular control over who can access your network and how.

• Supports attribute translation from one type of network access equipment to another.
• Supports the mapping of different attributes with similar information to the same alias.

• Promotes use in heterogeneous environments by easily accommodating different network equipment.
• Ensures the appropriate level of AAA enforcement for each network access point.