Ivanti Policy Secure Enforcement Modes

To provision resource access policies, you can use 802.1X Layer 2 switch, access point, or firewall within any enterprise class network edge infrastructure that supports 802.1X and Remote Authentication Dial-In User Service (RADIUS).

The following types of devices can be used as Ivanti Policy Secure enforcement points:

• Infranet Enforcer (Firewall) —Devices that control traffic flow based on Layer 3 data. You can use Palo Alto, Check Point, Fortinet, Juniper Networks SRX series and Screen OS firewalls as enforcers. For more information, see Layer 3 Enforcement.
• 802.1X devices—You can use any 802.1X enabled switches or access points with Ivanti Policy Secure. The 802.1X protocol provides port based authenticated access to LAN. This standard applies to both wireless and wired networks. For more information, see Layer 2 Enforcement.

You can use 802.1X enabled switches or access points with or without the Infranet Enforcer as part of the solution. If you do not deploy the Enforcer, the 802.1X enabled switch or access point functions as the enforcement point. You can create different security zones by configuring VLANs on the network and assigning different roles to the appropriate VLAN.