Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Controller placed in DMZ

This thread has been viewed 7 times

  • 1.  Controller placed in DMZ

    Posted Jan 06, 2015 06:06 AM

    Hi,

     

    Is it feasible to put a wireless controller inside the DMZ? Any implications? Highlight any limitations?

    In my case, the DMZ comprises of 2 firewalls and 1 cisco switch (in between)

     

    Regards,



  • 2.  RE: Controller placed in DMZ

    EMPLOYEE
    Posted Jan 06, 2015 06:15 AM

    Suggestforme,

     

    Very few people deploy controllers in the DMZ, because of the complexity.  It is much simpler to deploy it internally.  We typically only DMZ deployments  in high-security environments like banks where it is their policy.  



  • 3.  RE: Controller placed in DMZ

    Posted Jan 14, 2015 11:18 PM

    Hi cjoseph,

     

    Having solved the placement of the controller, now the customer want to establish a link (allow Aruba controller from Country A communicate with Country B),

     

    Can Aruba controller supports IPsec tunnelling VPN?

     

    How does controller in Country A and Country B communicates? What is involved in this case?

    Please advice.



  • 4.  RE: Controller placed in DMZ

    Posted Jan 15, 2015 04:16 AM
    @Suggestforme wrote:

    Hi cjoseph,

     

    Having solved the placement of the controller, now the customer want to establish a link (allow Aruba controller from Country A communicate with Country B),

     

    Can Aruba controller supports IPsec tunnelling VPN?

     

    How does controller in Country A and Country B communicates? What is involved in this case?

    Please advice.

    Aruba controllers , can act as a VPN routeur, for your case you need a public IP addres from each way.



  • 5.  RE: Controller placed in DMZ

    EMPLOYEE
    Posted Jan 15, 2015 04:39 AM

    you can find more specific info in here with respect to setting up a site-to-site VPN.

     



  • 6.  RE: Controller placed in DMZ

    EMPLOYEE
    Posted Jan 15, 2015 06:23 AM
    @Suggestforme wrote:

    Hi cjoseph,

     

    Having solved the placement of the controller, now the customer want to establish a link (allow Aruba controller from Country A communicate with Country B),

     

    Can Aruba controller supports IPsec tunnelling VPN?

     

    How does controller in Country A and Country B communicates? What is involved in this case?

    Please advice.

    Suggestforme,

     

    What does the customer want to accomplish?  What is the main goal of the controllers communicating?

     



  • 7.  RE: Controller placed in DMZ

    Posted Jan 19, 2015 05:18 AM

    Hi cjoseph,

     

    The purpose of the two controllers communicating such that:

    Users in Country A goes to Country B for conference or meeting etc. Users (in Country A) will access the Wi-Fi (authenticated to AP) in Country B and join the network of Country B.

     

    Hope this clarifies.



  • 8.  RE: Controller placed in DMZ

    EMPLOYEE
    Posted Jan 19, 2015 05:42 AM

    SuggestforMe,

     

    Do you have any other wired traffic that functions like this?  For example, does the wired traffic have an ipsec tunnel from site a to site b?



  • 9.  RE: Controller placed in DMZ

    Posted Jan 20, 2015 04:39 AM

    Hi cjoseph,

     

    Yes, IPsec tunnel do exist from one site to another site.

     

    Regards,



  • 10.  RE: Controller placed in DMZ

    Posted Jan 06, 2015 04:10 PM

    In a campus deployment the natural place of the controller is the inside zone especially because it have integrated statefull firewall (if you have the PEF-NG licences).

    But if you are deploying the controller to work with remote AP outside of your network, the DMZ zone will be more suitable for the controller