Wireless Access

Reply
New Contributor

Firewall/Security differences between IAP and Controller Setups

Hello,

i have 2 seperate jobs int he design phase now that are basically asking the same question, which is more securie, iap or controller.

both are sites where theer is 1 main corporate location and 10-40 branch locations.  Each branch location has a dedicated MPLS/T1 line back to corp with a general intenet gateway as well.

 

With the controller all traffic from aps flows to it, goes through pef firewall (acl/polices/user profiling/app profiling/etc).

With the iap, it has some firewall capabillites of the pef built into it already.

 

What features are diferent between firewall between iap and controller?

 

i am basically trying to balance network uptime, resilance, and security.  It seems like design overkill in making all the traffic tunnel across the country back to a controller chockpoint for "securty" if i can accomplish most of this with the iap model.

 

thanks,

chris

Re: Firewall/Security differences between IAP and Controller Setups

The IAP model is great BUT...there are some things that the controller can do as the firewall is much more robust as it's handling a large amount of data and clients.  So...it really depends on your requirements.  

 

Things you will get in the controller that are NOT in IAP:

 

- AppRF or application visibility

- VLAN centralization - no need to configure trunk ports at the AP level

- ability to terminate VPN tunnels

- deeper spectrum analysis visibilty

- bandwidth contracts per user

 

However, with IAPs regarding the firewall, you will realize the following main features...

 

- DHCP fingerprinting and user derivation rules (i.e. - ability to apply a role to device types like iOS and Android)

- Bandwidth contracts per ssid

- role based stateful firewall

- classify media and apply QoS based on traffic type like Lync, voice, video

 

If you have any questions...please let us know.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
New Contributor

Re: Firewall/Security differences between IAP and Controller Setups

thanks for the reply seth.

were talking about tire stores here.  1 coporate location with say 10 aps and then 30-40 stores with each 1-2 aps.

there is a need for a guest and a corporate network.  All stores have local internet and a t1 for corporate access.

So the client and data load per location really shouldn't be very high.

 

i have done some controller instalations and understand the firewall setup with that and the network setup, but never doen an IAP solution.  So the basisc acl based firewall seem to be matched between iap and controller.  which is waht i needed to double check.

 

Do you think in the above example iaps are a viable option managed by airwave?

 

thanks

chris

 

 

 

 

 

 

 

Re: Firewall/Security differences between IAP and Controller Setups

Absolutely! This is a sweet spot for instant. Central management would be via Airwave and you can do zero touch provisioning using activate.arubanetworks.com

Visit cloud.arubanetworks.com?for more info. Use Instant here?you'll be happy with the quick install and the customer will be thrilled.
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: