Configuring IoT Protection

In the R81.10.X releases, this feature is available starting from the R81.10.10 version.

This section provides commands for the IoT protection.

When you enable the IoT blade on the appliance, it recognizes each IoT device that connects to WiFi provided by your appliance and automatically enforces practices (policy set by the particular vendor) in the preconfigured IoT policy.

You do not need to configure the policy for each IoT device that connects to your appliance.

General rules for IoT are preconfigured. For example, the appliance always allows traffic to some domains, and always blocks traffic to other domains. You can make some changes to the policy.

Workflow:

1. Configure the settings for the IoT device type (asset):

   1. Examine the current settings:

      show iot-device-type

   2. Add an IoT device type (asset):

      add iot-device-type

   3. Configure the applicable settings:

      set iot-device-type

2. Configure the IoT policy:

   1. Add an IoT policy for an IoT device type:

   2. Configure how to handle traffic for new discovered IoT features:

      set iot-protection-policy newly-discovered-functions

   3. Configure the monitor mode:

      set iot-protection-policy monitor-mode

   4. Examine the policy settings:

      show iot-protection-policy

3. Configure the collection of IoT protection statistics:

   1. Examine the current settings:

      show iot-stats

   2. Configure the applicable settings:

      set iot-stats

4. Enable the IoT protection:

   set iot-protection-policy mode

5. Examine the current settings:

   show iot-device-type

6. Examine the list of IoT device vendors:

   show iot-vendor-to-assets