CGX Server

The CGX server is a virtual machine or appliance that provides the core functions of the CGX solution and hosts optional applications used to build a flexible and custom solution. The base appliance comes with:

A powerful policy builder and analysis engine
The flexible policy builder allows you to create custom rule sets using information about the user, directory membership, device, location, time and more. These policies can invoke operations such as flagging devices, sending alerts and restricting access.

Network access control
Selective network access is provided based on the results of policy rules. In-band enforcement is supported as part of the appliance. Out-of-band enforcement is supported by integrating with the existing wired or wireless network or through our dynamic NAC feature.

Additional applications
Additional applications can be hosted on the CGX server platform. These applications address additional needs, such as registering guests, managing employee devices, enhanced compliance and MDM integration:

Guest Access BYOD application Posture Compliance MDM

CGX server profiling works to scan and interpret information collected from the network to determine further information about the device. The profiler is agentless and can identify device information.

The device profiler will:
• Create full visibility of devices on your wired and wireless networks
• Automatically identify device type, OS, ownership, user, etc.
• Flag devices for review by administrator before allowing full access
• Detect web servers, printers and other unmanaged devices and automatically provide the appropriate access

NAC policies are custom logic rules that check for a set of conditions and perform appropriate actions. These policies can be used to decide what access a particular user or device will receive based on conditions such as incoming SSID, authentication information, AD Group membership, OS, device type and role, etc. Policies can also be used to monitor various processes that may affect your network and alert an administrator.

  • Uses flexible policies to decide what resources a particular device has access to
  • Monitors devices for login changes, excessive access changes, shared logins, percentage of restricted devices, etc.
  • Sends notifications by email or SMS
  • Flags devices for administrator review or subsequent actions

Providing selective access to the network is the most basic feature for any network access control solution. However, accomplishing this is often dependent on the network infrastructure. CGX supports standard out-of-band enforcement protocols such as 802.1x and in-line enforcement. These work for most wireless and VPN environments. When 802.1x isn't practical for portions of the network, CGX offers alternatives such as directly interfacing to popular wireless controllers and switches. If infrastructure-based enforcement isn't the right approach, CGX supports Dynamic NAC, which uses endpoints enforce access without network changes.

CGX Enforcement Modules include:

  • 802.1x Infrastructure Enforcement
  • Direct Control for Non-802.1x Infrastructure Enforcement
  • Dynamic NAC which requires no Network Infrastructure Changes
  • In-Line Enforcement

The CGX server includes extensive and customizable reporting capabilities, which are critical to providing administratord full visibility of devices and users on the network.

Dashboard views show compliance and infrastructure status at a glance. Reports include real-time and historical information about devices (managed or unmanaged, agent-based or agent-less) on wired and wireless networks managed by the CGX.

Various filtered reports are built in, such as reports on restricted or flagged devices, guest devices, BYOD devices, MDM-managed devices, etc. The administrator can also take action on specific devices directly from the reporting interface. We customize our reports to make your job easier.