Trapeze WLAN location appliance adds firewall

Trapeze has a released an enhanced version of its wireless location-tracking appliance, now incorporating what had been a separate firewall product.

Besides the patented RF Firewall product, the new LA-200E Location Appliance also now tracks signals from 802.11n radios and doubles the number of Wi-Fi devices it can monitor, to 4,000 including Trapeze asset-tracking tags.

With the integrated firewall switched on, the location server can apply and enforce authentication and security policies based on the client location and virtual boundaries. Unauthorized clients show up as outside the corporate perimeter, or as within restricted areas, such as a guest Wi-Fi user wandering into an area designated “employee-only.” The firewall makes it possible to block their network access.

RF Firewall also creates alerts that identify the location of an unidentified or suspect radio. It can also track their movements, based on their authentication requests. All this data can be viewed in real-time, according to Trapeze.

The complete system relies on Trapeze access points collecting signal data from any and all Wi-Fi devices within range. The data is passed onto the LA-200E for processing, and for comparison with a set of stored radio patterns, or “fingerprints,” all based on pattern-matching algorithms created by Newbury Networks, which Trapeze bought in 2008. The fingerprints help the controller identify potential threats, and factor in its location as part of that process. Trapeze says the process is faster and far more accurate than more generalized triangulation techniques.

Earlier this year, Trapeze released version 4.0 of Newbury Active Asset, a server application for monitoring and managing radio-tagged assets.

With the LA-200E, the combination of location server plus firewall means an enterprise can define and enforce WLAN access and security policies for users and for specific locations, says Brian Wangerien, vice president of product marketing, Trapeze, now a unit of Belden, based in Pleasanton, Calif.

In an office park or urban area, the location of signals can be used to identify and then ignore radios that are outside the enterprise and don’t pose a threat. “We’ve seen this [capability] reduce hundreds of rogue alerts down to one or two,” says Wangerien.

Rival Cisco offers a software application for “context aware data” including location as part of its Mobility Software Engine, essentially a server that processes data from the WLAN and makes it available to Cisco and third-party applications running on the MSE box. The MSE was introduced a year ago. Cisco integrated the software from its previous standalone server, the Cisco 2700 Location Appliance.

Available now, the new LA-200E Location Appliance, with the RF Firewall License activated, is priced at $21,995. It can be bought without activating the license, for $15,995. You can turn on the firewall later for another $6,995.