Skip to content

Device profiles

Role

The manage_profiles role is required to use this feature.

Device profiles in ZEM are "base" Device descriptions and settings shared between multiple devices, which may be (but not necessarily) a physical device type. This allows for easy configuration of multiple devices, and ensures that all devices of the same type have the same shared settings.

Fields

In this section, the fields that are available to the user when adding a device profile are described.

Adding a profile

Name

The name of the profile. This can be Camera, Intercom or a more device-specific name for example.

Description

The number by which the order of display for the profiles is determined. 0 Is the number that is displayed at the top of the page.

Icon

The icon that is displayed for this profile in the profile overview page and metrics.

Maximum number of IP/MAC pairs

This is used to limit the number of IP- and MAC-address pairs associated with devices using this profile.

Maximum number of ports

This is used to limit the number of interfaces/ports assignable to devices using this profile.

Order

The number by which the order of display for the profiles is determined. 0 Is the number that is displayed at the top of the page.

PoE usage (W)

The Power over Ethernet (PoE) usage of devices using this profile. This is applied to all devices in this profile and is thus additionally used to calculate the PoE budget of Switches and Groups.

Start / End IP range

This is used to define the floor and limit of the host portion of the IP address that can be assigned to devices using this profile.

Monitoring profile

This is used to assign a Zabbix monitoring profile.

Device category

This is used to categorize the device profile for the purpose of metrics, graphs and generating reports as shown in the dashboard and various other reporting tools.

Inspection

These are settings that govern how devices using this profile are shown and interact with the Inspection feature in ZEM.

Ignore

This option will cause all inspection alerts on ports assigned to devices with this profile to be suppressed.

VM host

This option will cause inspection alerts from virtual devices with this profile to be suppressed.

Ignore unknown addresses

This option will cause inspection alerts from unknown addresses on ports assigned to devices with this profile to be suppressed.

Generates log

This option is currently disabled.

Port configuration

Device profiles in ZEM allow sets of default and secure instructions for each of the enabled Engines on the site. Most allowed engines have a default port config, which is applied by default or can be set using the actions dropdown menu.

These instructions have to be separated by newlines and are used to program the ports and interfaces of the devices on the switch. The following placeholders can be used which will be replaced by the configuration of the individual devices: #vlan-id#, #hostname#, #port#, #max-mac-addresses#, #count-mac-addresses# and #mac-addresses#.

Port configuration

This is the default port configuration for the devices with this profile. This is applied to all ports on the device unless a more specific port configuration is set.

Secure (alt) configuration

This is the secure port configuration for the devices with this profile. This can be enabled on each device's dashboard.

Multicast

Sends multicast

This option enables the device to send multicast traffic.

Receives multicast

This option enables the device to receive multicast traffic.

Interface

The interface setting is exclusively part of the proxy feature on On-Site Appliances and is used to configure the proxy settings for devices using this profile.

Description

The description of the interface.

Protocol

The protocol used for the interface. This can be http or https for example.

Port

The port the interface is listening on.

Index

The index of the interface. This should match the specific proxy settings in the System settings.

Additional settings for device profiles

When viewing the device profile overview page in ZEM, more settings are available to the user. These settings are described below.

Firewall Rules

Firewall rules can be configured for all devices using this profile. Note that traffic is blocked by default unless it is explicitly permitted by the rules listed above. By clicking the "Add" button under FW rules, the user can add new firewall rule(s) to the device profile. The order of the fields can be changed by dragging rules using the "hamburger" icon on the left side of the rule, next to "Name".

The following fields are available when configuring firewall rules:

Name

The name of the firewall rule.

IN / OUT

The terms IN and OUT are from the perspective of the device. IN means traffic coming into the device, OUT means traffic leaving the device. This can be "IN", "OUT" or both options can be selected.

Protocol

The protocol of the traffic this rule applies to. This can apply to all protocols, or either "TCP", "UDP", "ICMP" or "IGMP".

Port range

The port range of the traffic this rule applies to when TCP or IP is selected. This can be a single port or a range of ports separated by a hyphen (-).

Allow / Deny

This option can be selected to deny or allow all traffic this rule applies to. All rules are set to "Allow" by default.