Technical Requirements

Infrastructure Requirements

Directory Server

RequirementsAdditional Information
LDAPLDAP compliant directory server
MySQL

v4.2 or higher User information stored in a single table:

  • Username
  • Password
  • Group Membership
  • Expiration
  • Password encoding (if applicable)
Secure LDAP
  • Public CA
  • Self-Signed Certificate
  • Copy of organizations Trusted Root Cert in PEM or Base64 format
  • Copies of other server certificates may also be needed

DHCP Service

RequirementsAdditional Information
ArubaWireless Controllers
Cisco1Cisco, CiscoCatalyst, ASA
WindowsServer 2003 or higherWindows Server 2003 or newer Requires installation of MetaAccess NAC DHCP Syslog Relay service Minimum 700 MB disk space
Other 2Bluecat, Infoblox, Lucent, SonicWALL

Domain Single Sign On (SSO)

Requirements
Operating SystemWindows Vista or newer OSX 10.6 or newer3
Domain ManagedRequired
OtherDomain Controller IP’s and IP’s necessary for login scripts must be exempted from MetaAccess NAC policy enforcement

RADIUS Single Sign On (SSO)

RequirementsAdditional Information
RADIUS AccountingRequired
RADIUS AuthenticationUser Account Based
RADIUS ControllerRequiredMetaAccess NAC Appliance will need IP address(es) and shared secret are required to be configured

SAML Single Sign On (SSO)

RequirementsAdditional Information
GoogleGoogle Apps for Business/EducationMore Information: https://support.google.com/a/answer/6087519?hl=en&ref_topic=6304963
Azure ADAzure AD PremiumMore Information: https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-custom-apps/
Duo Two-FactorDuo Access GatewayMore Information: https://duo.com/docs/dag#add-a-cloud-application-to-duo-access-gateway
OktaMore Information: http://developer.okta.com/standards/SAML/setting_up_a_saml_application_in_okta
OneLoginMore Information: https://support.onelogin.com/hc/en-us/articles/202673944-How-to-Use-the-OneLogin-SAML-Test-Connector
Dell One Identity Cloud Access ManagerMore Information: http://documents.software.dell.com/dell-one-identity-cloud-access-manager/8.1.1/configuration-guide/adding-a-web-application/saml-federation
GluuMore Information: https://www.gluu.org/docs/integrate/outbound-saml/
OtherMust Support SAML 2.0

Virtual Enforcer System Requirements

VMWare vSphere

Large Standalone Appliance or Manager for a cluster (Up to 25,000 concurrent devices)

Appliance SpecificationsMetaAccessNAC VMWare Enforcer
VMWare VersionESXi 5.1 or newer
Virtual Hardware VersionMinimum version 8
CPU8 vCPUs (2-3Ghz)
Memory32 GB Minimum
Hard Drive Storage500 GB Minimum
Appliance ScalabilityUp to 25,000 Devices
Network InterfaceGigabit NIC

Small Standalone Appliance or Enforcer in a cluster (Up to 10,000 concurrent devices)

Appliance SpecificationsMetaAccess NAC VMWare Enforcer
VMWare VersionESXi 5.1 or newer
Virtual Hardware VersionMinimum version 8
CPU4 vCPUs (2-3Ghz)
Memory16 GB Minimum
Hard Drive Storage300 GB Minimum
Appliance ScalabilityUp to 10,000 Devices
Network InterfaceGigabit NIC

VMWare Cluster

Appliance SpecificationsMetaAccess NAC VMWare Policy EnforcerMetaAccessNAC VMWare Policy Manager
VMWare VersionESXi 5.1 or higherESXi 5.1 or higher
Virtual Hardware VersionVersion 8 or higherVersion 8 or higher
CPU4 vCPUs (2-3Ghz)48 vCPUs (2-3Ghz)
Memory16 GB Minimum516 GB Minimum5
Hard Drive Storage300 GB Minimum6300 GB Minimum6
Appliance Scalability25,000 (per Enforcer/Manager)
Network InterfaceGigabit NIC

Microsoft Hyper-V

Standalone Appliance

Appliance SpecificationsMetaAccess NAC Hyper-V Enforcer
ServerMicrosoft Server 2012 R2
Hyper-V VersionHypervisor Generation 2
CPU4 vCPUs (2-3Ghz)
Memory16 GB Minimum
Hard Drive Storage300 GB Minimum
Appliance ScalabilityUp to 10,000 Devices
Network InterfaceGigabit NIC

End User Device Requirements

Policy Key System Requirements

Microsoft Windows

Device Requirements
Operating SystemWindows Vista or newer
Service PackNA
Memory1 GB
CPUSingle Core 1.6Ghz
Hard Drive Storage100 MB
Administrative RightsNo

Mac OS X

Device Requirements
Operating System10.6 or newer
Memory1 GB
CPUSingle Core 1.6Ghz
Hard Drive Storage100 MB
Administrative RightsYes (for installation only)

Web Browser Support

Microsoft Windows

Device Requirements
Internet Explorerv9+
Mozilla Firefoxv35+
Google Chromev40+

Mac OS X

Device Requirements
Safariv6.1.6+
Mozilla Firefoxv35+
Google Chromev40+

Secure BYOD Onboarding System Requirements

RequirementsVersionAdditional Information
Android2.1 or newer
BlackberryNADoes not support Secure BYOD Onboarding but step by step instructions available
ChromeOSAny
iOSv4.0 or newer
LinuxMost major platformsRequires Python
Mac OS XOS X 10.5 or newerOS X 10.4 does not support Secure BYOD Onboarding but step by step instructions available
NokiaNADoes not support Secure BYOD Onboarding but step by step instructions available
WindowsWindows XP or newerWindows RT is also supported
Windows Phone/ Windows MobileNADoes not support Secure BYOD Onboarding but step by step instructions available

Network Integration Requirements

Layer 2 Wired Integration Switch Support

Function/FeatureSwitch Requirement
802.1X Authentication (supplicant)802.1X
MAC Authentication (no supplicant)802.1X, MAB
MAC Authentication (no supplicant) with Identity802.1X, MAB, COA, Redirect-URL or VLAN Assignment plus upstream Layer3 Redirect/PBR
Layer2 Network Access Assignment802.1X, MAB, COA, Filter/VSA or VLAN Assignment
Layer2 Network Access Quarantine802.1X, MAB, COA, Redirect-URL or VLAN Assignment plus upstream Layer3 Redirect/PBR

Vendor Support

Layer 2 Wireless
VendorOS/Firmware Requirements
AerohiveHM-6 - HiveManager HiveOS 6.4.r1, 6.6.r3 or higher, AP HiveOS 6.4r1, 6.5.r3, 6.6.r2 or higher HM-NG - HiveManager HiveManagerNG 11.13 or higher, AP HiveOS 6.5.r5 or higher
CiscoAireOS - 7.2 or later IOS-XE (Catalyst 9800 VM) - tested on 16.12.2s
ExtremeIdentifi - Tested on V2110 VM controller 10.41.02.0014 WiNG - Tested on VX9000 VM controller 5.9.7.0-011R
HPE-ArubaArubaOS 6.1.3.4 or later (Instant) - InstantOS 6.4.0.2-4.1 or later
Juniper-MistCertified on AP version 0.6.18694
MerakiCertified on beta build (July 2016)
RuckusZoneDirector - 9.10 or later SmartZone -
UbiquitiUnifi - Cloudkey (controller) - Unifi 5.12.35, AP Unifi 4.3.20.11298
XirrusXirrus - APs connected to XMS-Cloud
OtherContact OPSWAT Support
Layer 2 Wired
VendorOS/Firmware Requirements
ArubaArubaOS - tested on ArubaOS 7.4.1.7 ArubaOS-Switch - tested on WC.16.10.0002
CiscoLAN base or better (i.e. not LAN Lite)
DellN-Series - OS6 6.2.0.5 or later S-Series - OS9 9.13 or later
ExtremeSummit Gen1 - tested on ExtremeXOS 30.6.1-Patch1-11
JuniperEX Series switches - 15.1R3 or later
MerakiCertified on MS 11.31
Ruckus/ArrisICX - 8.0.20 or later
OtherContact OPSWAT Support
Layer 3 Wired
VendorOS/Firmware Requirements
Alcatel-Lucent6850/6900 - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR) 9700 - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)
Brocade/Ruckus/ArrisICX - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)
Brocade/ExtremeMLX - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)
CiscoCatalyst - (IOS) - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR) Catalyst - (IOS-XE) - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR) Nexus - (NX-OS) - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)
DellN-Series/OS6 - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR) S-Series/OS9 - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)
HP3800 - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR) 5400/8200 - Platform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)
OtherContact OPSWAT Support

Wireless Integration Support

Function/FeatureSwitch Requirement
HardwareAerohive, Aruba, Cisco, Cisco Meraki, Ruckus, Xirrus, Other - Contact OPSWAT Support
Minimum VersionAruba Wireless Controller 6.3 or later, Cisco Wireless Controller 7.2, or later Cisco Meraki AP’s firmware (July 2016 or Later), HiveManager 6.4.r1, or later HiveManager NG Ruckus ZoneDirector 9.13 preferred (9.10 or later supported), Ruckus Cloud Managed Wi-Fi Xirrus Cloud Management System
Controller ModesAerohive HiveManager 6 Enterprise Mode, HiveManager NG, Aruba – Policy Enforcement Firewall (PEF) License, Cisco – Central Switching, Cisco Meraki, Ruckus, Ruckus AP’s connected to Cloud Managed Wi-Fi, Xirrus AP’s connected to the Xirrus Cloud Management System

Layer3 Integration Switch/Router Support

Function/FeatureSwitch Requirement
Layer3 Authentication and Enforcement/QuarantinePlatform, license and OS image must support sFlow or Netflow and Policy-Based Routing (PBR)

Contextual Intelligence Publisher

RequirementsVersion
Exindav6.0 or higher
iBossv6.0 or higher
Palo Altov5.0 or higher
Procera
SonicWALLv6.0 or higher
SyslogAnyMust support LEEF, CEF or Key-Value Format
RADIUS AccountingNA

Notes

1 – Cisco Wireless Controllers are NOT supported

2 – Other environments may be supported, provided the syslog output is comparable to one of the supported environments.

3 – AD Connecter is required for OSX Single Sign On

4 – VMWare Dedicated CPU resource is required

5 – VMWare Dedicated Memory resources are required

6 – VMWare Dedicated 300GB of storage required

7 – Dedicated CPU resource is required

8 – Dedicated Memory resources are required

9 – Dedicated 300GB of storage required

10 – All features require RADIUS Accounting

11 – Full RBE requires user traffic be switched by the controller, VLAN assignment only is available with local switching

12 – Maximum capacity will vary based on PBR CAM table size, CPU utilization and other factors

13 – PBR on HP chassis models mandate only v2 modules be installed, PBR with v1 modules installed is not supported

14 – Some Cisco switches may require specific modules to support Netflow, refer to manufacturer’s documentation

15 – Most Aerohive Access Points require HiveOS 6.5r4. For specifics on your Access Point requirements please contact OPSWAT

16 – VLAN assignment using Aerohive User Profiles is not supported, please contact OPSWAT Support with any questions

17 – Aruba Instant AP’s do not require PEF license

18 – Flexible Authentication Required

19 – Cisco Meraki July 2016 Firmware with NAC Authentication (External Auth)

20 – Layer 3 Required for PBR
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
TACACS+ Installation and Configuration
On This Page
Technical RequirementsInfrastructure RequirementsDirectory ServerDHCP ServiceDomain Single Sign On (SSO)RADIUS Single Sign On (SSO)SAML Single Sign On (SSO)Virtual Enforcer System RequirementsVMWare vSphereLarge Standalone Appliance or Manager for a cluster (Up to 25,000 concurrent devices)Small Standalone Appliance or Enforcer in a cluster (Up to 10,000 concurrent devices)VMWare ClusterMicrosoft Hyper-VStandalone ApplianceEnd User Device RequirementsPolicy Key System RequirementsMicrosoft WindowsMac OS XWeb Browser SupportMicrosoft WindowsMac OS XSecure BYOD Onboarding System RequirementsNetwork Integration RequirementsLayer 2 Wired Integration Switch SupportVendor SupportWireless Integration SupportLayer3 Integration Switch/Router SupportContextual Intelligence PublisherNotes