Aruba Networks Policy Enforcement Firewall
Home — Partners — Aruba Networks — Aruba Networks Policy Enforcement Firewall

The Aruba Networks Policy Enforcement Firewall (PEF) provides context—based controls to enforce application-layer security and prioritization. With the Aruba Networks Policy Enforcement Firewall — IT can enforce network access policies that specify who may access the network, with which mobile devices and which areas of the network they may access. AppRF is a Aruba Networks Policy Enforcement Firewall feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. WebCC is an optional Aruba Networks Policy Enforcement Firewall subscription feature that includes URL filtering, IP reputation, and geolocation filtering. Aruba Networks Policy Enforcement Firewall with AppRF technology provides user-level awareness of all traffic across the network. Aruba Networks Mobility Controllers support multiple user categories on a single network, spanning wired, wireless and VPNs.

Other capabilities include — phone number association — SIP-enabled devices can be tracked and displayed by their phone number. Call quality tracking — automatically calculate, display and track the R-value for each SIP call being processed through an Aruba Networks  Mobility Controller. SIP authentication tracking-track the registration of SIP devices to an IP PBX to determine if they are authenticated. Call detail records (CDRs) — display calls made to and from Wi-Fi clients, including originator, terminator, termination reason, rejected and failed calls, duration, and call quality. High-performance traffic processing with Aruba Networks Policy Enforcement Firewall, policy enforcement does not come at the expense of performance or require additional external hardware. Intelligent application identification — deep packet inspection (DPI) and of Layer 4-7 traffic and intelligent analysis allows Aruba Networks AppRF technology to identify many new types of applications — encrypted applications.

Aruba Networks Policy Enforcement Firewall

Network services like Apple AirPrint and AirPlay are optimized, IP multicast video traffic is automatically prioritized, and proprietary Apple FaceTime traffic and encrypted voice and video sessions like Microsoft Lync are automatically identified and prioritized. Most powerfully, knowledge of call status enables smarter voice-over-IP management across the air. Capabilities like RF management and load balancing do not affect voice quality during a call. Instead, PEF waits until voice handsets are on-hook to perform RF optimization. The external services interface (ESI) allows a wide range of network service appliances to be co-located with Aruba Networks Mobility Controllers to provide their services to clients on the network. These centrally enabled appliances provide services like virus protection, content inspection and filtering, intrusion detection and prevention, content transformation and protocol-based bandwidth shaping.

Aruba Networks Application Visibility

The AppRF dashboard gives IT a simple, powerful view of mobile app usage and performance on the WLAN. Aruba Networks mobility or virtual controllers display and categorize applications in use. Which can be sorted by user role, application, network and other criteria. This information can be used to troubleshoot application performance in real-time, set global WLAN policies, and plan for future growth. For longer-term historical data, Aruba Networks AirWave network management can aggregate up to two years of data from multiple Aruba controllers. Aruba Networks Policy Enforcement Firewall features controls that optimize WLAN bandwidth utilization. Role-based policies can limit the maximum amount of bandwidth consumption for a particular user or class of users. And prevents power users from monopolizing network resources. At the same time, traffic management policies can guarantee minimum amounts of bandwidth for devices to ensure that users stay productive.
Aruba Networks Policy Enforcement Firewall


IntroSpect User and Entity Behavior Analytics (UEBA) uses AI-based machine learning to spot changes in user behavior that often indicate inside attacks that have evaded perimeter defenses. Security teams are armed with insights into malicious, compromised or negligent users, systems and devices — cutting off the threat before it does damage. Entity360 represents an entity’s security-relevant activity regardless of data source, devices used or activity type. It includes a risk score (0 to 100) as well as a full security profile with hours worth of investigation available in a single click. Entity risk scores based on machine learning can account for key factors like the order and time of incidents across various attack stages as well as time since detection and business context.

Accurate, normalized scores mean security analysts can confidently prioritize their efforts. Machine learning-based analytics build baselines for normal behavior of both individual entities and groups by continuously monitoring IT activities — like authentication, remote access, internal access to high-value resources and cloud app usage — across network and log data. Attack detection and forensics are intrinsically tied together, providing analysts with instant access to complete investigative records. Security teams can now triage more efficiently, make more informed decisions, and respond before damage is done. Aruba security provides 360 degree protection by combining ClearPass network access control with behavior analytics-based attack detection and alerting for a complete solution that secures your organization from malicious threats.


Using policy management in a mobile environment, where users connect over wireless and wired networks throughout the day solves a set of entirely new challenges that didn’t previously exist. If a device is denied access today, user and it productivity is lost. With the right policy management approach, it organizations can ensure that the growing universe of #GenMobile workers get instant access to the apps, printers and network services they’re authorized to use, no matter where they are or what device they have. Mobile devices — authentication services are fairly consistent between AAA and policy management systems.

However, any form of health checks or device interrogation will require a policy management system. A critical policy management capability entails making real-time decisions based on intelligence gathered from devices using NAC and/or MDM agents. the policy management system determines if a device can connect, if remediation is required or if access should be denied. Most it organizations currently rely on active Directory or lDap to assign and enforce security policies for users and devices.


Aruba is in the midst of a massive transition away from networking technologies that were designed for the 20th century when mobile, IoT and cloud did not exist. The surge in mobile and IoT means that the wired and wireless network must deliver more than just connectivity — the network is expected to provide actionable insights about the use of mobile and IoT to justify future investments, so that businesses can adopt new technologies and serve the needs of GenMobile — while keeping the network secure and without breaking the budget.

Cloud networking — Aruba Central manages, monitors and secures wired, Wi-Fi and wide area networks from the public cloud. Thanks to its multi-tenant operation, it enables Aruba and end users to support multiple disparate networks from a single location. Aruba Networks Mobile First Networks are optimized for today’s enterprise and SMB environments where mobile and IoT are pervasive. Aruba Mobile First Platform is the software layer between the Aruba network infrastructure and is designed to share rich, contextual insights with third-party business, IT and end-user facing applications.

Mobile Virtual Enterprise

This capability enables guests to quickly and easily navigate hospitality properties, and, via Aruba Networks Beacons, for hospitality marketing departments to engage them using context-relevant, location-based services while they are doing so. Operating over Aruba Networks’ PIC — compliant Wi-Fi networks, these devices reliably stay connected to the back-office LightSpeed database as users roam, allowing sales to be processed anywhere in the store. Aruba Networks’ context-aware Mobile Virtual Enterprise (MOVE) architecture provides policy enforcement based on device-fingerprinting, application-fingerprinting, and location, ensuring a good in-store experience by prioritizing LightSpeed’s mobile POS applications over other less critical network traffic.

Monscierge is a global software company specializing in innovative hospitality solutions for properties, owners and brands. Monscierge Connect enhances communication between a hotel’s guest and staff through mobile, tablet, large-format touch-screen devices, and a central web-based platform that manages property content. Skyfii IO is a mobile technology and venue analytics company whose solutions capture, analyze, and visualize customer behavior.

Mobility Controllers

Enterprises moving to voice and video calling on Wi-Fi need their IT departments to design a wireless infrastructure that supports these apps at high density. Wired infrastructure — the integration of the HP Enterprise and Aruba Networks access portfolios is a key ingredient in Aruba's mobile-first approach. As organizations transition to the digital workplace, they won’t need as many ports as before because of the increased use of Wi-Fi. Although a highly mobile workforce means that the majority of users will connect via wireless, the surge in IoT devices and the increasing use of Wi-Fi bandwidth means that the wired infrastructure is critical, too.

Predict network issues before they happen — with the huge scale of devices connecting to the network, IT needs granular visibility into the access layer — at the user, device, and app level — to keep things running without disruptions to the business. Aruba Networks AirWave is a powerful and easy-to-use network management system that manages Aruba Networks wired, wireless, and remote access networks, as well as multi vendor wired and wireless infrastructures.