Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Firewall/Security differences between IAP and Controller Setups

This thread has been viewed 1 times

  • 1.  Firewall/Security differences between IAP and Controller Setups

    Posted Sep 25, 2013 01:20 PM

    Hello,

    i have 2 seperate jobs int he design phase now that are basically asking the same question, which is more securie, iap or controller.

    both are sites where theer is 1 main corporate location and 10-40 branch locations.  Each branch location has a dedicated MPLS/T1 line back to corp with a general intenet gateway as well.

     

    With the controller all traffic from aps flows to it, goes through pef firewall (acl/polices/user profiling/app profiling/etc).

    With the iap, it has some firewall capabillites of the pef built into it already.

     

    What features are diferent between firewall between iap and controller?

     

    i am basically trying to balance network uptime, resilance, and security.  It seems like design overkill in making all the traffic tunnel across the country back to a controller chockpoint for "securty" if i can accomplish most of this with the iap model.

     

    thanks,

    chris



  • 2.  RE: Firewall/Security differences between IAP and Controller Setups

    EMPLOYEE
    Posted Sep 25, 2013 01:32 PM

    The IAP model is great BUT...there are some things that the controller can do as the firewall is much more robust as it's handling a large amount of data and clients.  So...it really depends on your requirements.  

     

    Things you will get in the controller that are NOT in IAP:

     

    - AppRF or application visibility

    - VLAN centralization - no need to configure trunk ports at the AP level

    - ability to terminate VPN tunnels

    - deeper spectrum analysis visibilty

    - bandwidth contracts per user

     

    However, with IAPs regarding the firewall, you will realize the following main features...

     

    - DHCP fingerprinting and user derivation rules (i.e. - ability to apply a role to device types like iOS and Android)

    - Bandwidth contracts per ssid

    - role based stateful firewall

    - classify media and apply QoS based on traffic type like Lync, voice, video

     

    If you have any questions...please let us know.



  • 3.  RE: Firewall/Security differences between IAP and Controller Setups

    Posted Sep 25, 2013 02:15 PM

    thanks for the reply seth.

    were talking about tire stores here.  1 coporate location with say 10 aps and then 30-40 stores with each 1-2 aps.

    there is a need for a guest and a corporate network.  All stores have local internet and a t1 for corporate access.

    So the client and data load per location really shouldn't be very high.

     

    i have done some controller instalations and understand the firewall setup with that and the network setup, but never doen an IAP solution.  So the basisc acl based firewall seem to be matched between iap and controller.  which is waht i needed to double check.

     

    Do you think in the above example iaps are a viable option managed by airwave?

     

    thanks

    chris

     

     

     

     

     

     

     



  • 4.  RE: Firewall/Security differences between IAP and Controller Setups

    EMPLOYEE
    Posted Sep 25, 2013 02:20 PM
    Absolutely! This is a sweet spot for instant. Central management would be via Airwave and you can do zero touch provisioning using activate.arubanetworks.com

    Visit cloud.arubanetworks.com?for more info. Use Instant here?you'll be happy with the quick install and the customer will be thrilled.