Best Practices

Network

• If possible, the reader-controllers should be in a dedicated subnet or VLAN.
  • This is not a requirement, but can be considered a best practice for IoT style devices.
  • High traffic devices (such as IP cameras) that share the same subnet as reader-controllers may negatively impact the controller’s ability to maintain a stable path of communication with Pure Access.
• The PoE switch should have enough power to run all ports and account for in-rush.
• We recommend the ethernet cable length does not exceed 100 feet unless a PoE injector is in use at the reader-controller. See pages 13-14 of the installation manual for more information.

Port Speeds

We recommend that the network switch/switches your ISONAS reader controllers are running on are set to 10Mb full duplex and that auto-negotiate is disabled.

*The one exception to this is with RC-03 Classic units which should be set to 10Mb half duplex.

Firewall

• If Intrusion Detection and Prevention is enabled, double check the firewall logs for dropped packets with a source IP that matches a device and create bypass rules as needed.
• A firewall egress rule allowing the IP addresses of the devices is required.
  • Note: The devices do not proxy.
• Multiple NATs and multiple firewalls are strongly discouraged as they can cause communication issues for the ISONAS devices.
  • If these must be used for security purposes, ensure that all rules are configured properly and that the IP address and ports are free to communicate through the multiple layers of firewall and/or NAT.

!Recommendation: Create a group for the IP addresses and apply this group to a rule allowing port 55533 to communicate with app.pureaccess.com. Both UDP and TCP should be allowed to pass. app.pureaccess.com resolves to a CloudFlare IP Address