Reactive network rules
One of the most popular capabilities of our MX security appliances and MR wireless access points is their ability to control what is going on in the network. This can be accomplished via a whole range of built in features such as Layer 7 traffic shaping, Layer 7 firewalling, intrusion prevention, malware scanning, and content filtering. Importantly these features can be easily applied in varying ways to different devices or users with the creation of custom network policies.
Known as Group Policies, these customized network rules prevent network administrators having to enforce a ‘one size fits all’ policy. They can make the network fit their users’ requirements, rather than the other way round. As is typical of Meraki feature design, the simplicity of configuration makes deploying it achievable and not an unattainable dream.
However, what if we could make this even simpler to implement? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry Policies enable dynamic updates to a client device’s assigned Group Policy based on contextual information gathered by the Systems Manager MDM. Now your firewall, traffic shaping, or content filtering rules can be automatically updated based on changes to a device’s security posture, logged-in user, or even location.
Sentry Policies are automatically made available when Systems Manager is deployed with Meraki network equipment. Due to the unified Meraki cloud management architecture, no complex integration or further configuration is required. If you can’t see Sentry Policies in your dashboard, then you are running an older version of Systems Manager. Click here to find out how to upgrade.
For one example of how Sentry Policies can be implemented,consider a content filtering deployment in an education environment. The multi-user authentication capability of the Systems Manager app allows devices such as iPads to have unique apps, settings, and restrictions per student. When a student logs into the device, Sentry Policies can trigger a content filtering policy change on the MX suitable for that class’s age group or subject. This is done without any teacher or administrator intervention.
For security conscious customers, Sentry Policies can also be used to control network access. When a device is detected that is jailbroken or has an undesirable app installed, Sentry can implement firewall rules in the access points to block that device’s connectivity to sensitive corporate resources. Again, this requires no administrator intervention.
Systems Manager Sentry is unique in the way it enables automated security and simplified IT operations by unifying network and endpoint management. To find out more, sign up for one of our advanced webinars covering the Sentry feature set, or contact us to get a live demonstration.