We have got CPPM cluster serving the corporate users and guest users. There are some SSIDs in both environments require web authentication, which is served by CPPM. Security team got a concern that traffic flow for both corporate and guests are taking the same path from controllers. I have the following doubts in this deployment.
- What will be the source ip-address when guest/Corporate users try to access capital portal (CPPM). Is it controller address or the end-user vlans address space?
- Can CPPM have multiple data ports. So that, we can deploy one port in corporate vrf and other port in guest vrf. In this way, we can host corporate capital portal in corporate vrf and guest capital portal in guest VRF.