10. Select
OK
to save the changes made within the
saved configuration.
5.2.6.7 Profile Security Configuration and Deployment Considerations
Profile Security Configuration
Before defining a profile's security configuration, refer to the following deployment guidelines to ensure the profile
configuration is optimally effective:
• Ensure the contents of the certificate revocation list are periodically audited to ensure revoked certificates remained
quarantined or validated certificates are reinstated.
• NAT alone does not provide a firewall. If deploying NAT on a profile, add a firewall on the profile to block undesirable
traffic from being routed. For outbound Internet access, a stateful firewall can be configured to deny all traffic. If port
address translation is required, a stateful firewall should be configured to only permit the TCP or UDP ports being
translated.
Figure 5-71 Profile Security - Source Dynamic NAT screen - Add Row field
Add Row
and
Dynamic NAT
screens. Select
Reset
to revert to the last
5 - 113