Documents

Soliton logo

NetAttest EPS – All-in-one, port-based network access control

NetAttest EPS is a powerful all-in-one port-based network access control solution that enables organisations to create device authentication and certificate-based users. Everything needed is available in a single package, including the necessary public key infrastructure, a RADIUS server and a one-time password server. It makes it easy for IT managers to strengthen network security and create multiple network segments (VLANs) while users experience seamless access. At the same time, NetAttest EPS upgrades Wi-Fi security to the WPA2 Enterprise level and contains a Mac address database for systems that are not able to provide certificates.NetAttest EPS is available as a virtual machine and in hardware.

NetAttest EPS-ap / Soliton Key Manager

NetAttest EPS-ap (add-on) supports the distribution of certificates to unmanaged systems, including private or third-party devices from partners and contractors. The Soliton Key Manager application makes it easy for end users to install certificates on their systems, eliminating the need for Mobile Device Management (MDM).

Features and benefits:

ALL-IN-ONE APPLIANCE

• Conducts user requests to access company’s resources and provides authentication, authorization, and accounting (AAA) services.
• The build-in RADIUS server provides multiple EAP authentication methods
including MAC address, One-Time Passwords (OTP) or certificate-based
authentication, etc.
• Acts as a dedicated certificate authority (CA) issuing and managing certificates. It can also act as a subordinate CA which integrates into an existing Public Key Infrastructure (PKI).

IEEE 802.1X WLAN ACCESS CONTROL

With the NetAttest EPS network administrators can manage the access to the WLAN securely. Guests, temporary employees or contractors can use the self-
service portal to request temporary access to the WiFi. When authenticated the guest user is automatically directed to the right network resources. The NetAttest EPS also provides an internal user database for storing temporary employees or contractors.

EASY TO BACK-UP AND RESTORE

Back-up takes less than 20 seconds and a full restore approximately 100 seconds.
The full restore includes the CA function and the RADIUS function.

EASE OF MAKING REDUNDANT INSTALLATIONS

In case of a redundant configuration the RADIUS server on both units are active. The network access servers require configuration to use the first NetAttest EPS unit as the primary RADIUS server and the second unit as the secondary RADIUS server. The full configuration, including the CA configuration, is automatically shared daily. In case the master CA crashes, the backup CA will take over.

Opções NetAttest EPS

CA (CERTIFICATE AUTHORITY) EXTENDED OPTION
Key features include:
Web-portal: A self-service portal for end-users to request and download their own user and/or device certificate. Certificates are issued automatically or after approval by the administrator.
Online Certificate Status Protocol (OCSP) Responder: The CA extended option offers OCSP-Responder for easy checking of revocation of certificates.
Support of Simple Certificate Enrolment Protocol (SCEP): The embedded SCEP-server makes the issuing of digital certificates simple and scalable for other IT systems, such as MDM systems or third-party devices, that require a certificate for authentication.
Customizable Certificate Signing Request (CSR) templates: The CSR templates include any kind of data of extended key usage and key generation such as certificate validity period and renewal period.
Special-purpose certificates: The CA extended option allows the administrator to generate special purpose certificates such as Windows SmartCard, Code Signing and Domain Controller certificates. 
MAC ADDRESS EXTENDED OPTION
With the MAC address extended option network administrators have a dedicated database available that allows the authentication of MAC addresses of non-802.1X supplicants. The database can store up to 200,000 MAC addresses.
Other features include:
• The MAC address extended option automatically detects the non-IEEE 802.1X supplicants in the network and adds them to the whitelist.
• The dedicated interface for the registration of new MAC-addresses allows the administrator to quickly add new devices to the network.