Hi all,
hope you could give me some advice on the problem I have.
I have 2 master controllers placed in 2 different sites. Only one of them is connected to a TMG firewall which handles our guest wifi traffic. After looking for several solutions I've ended up with creating a GRE tunnel between the 2 controllers which is up and running at the moment. I am having some problems though with setting the policies and roles for the guests as they transit between the controllers. The idea is to move all the action to the controller-A which is directly connected to the TMG i.e. DHCP, active portal, dns....The guests users when connecting to controller-A have a guest-logon role with 2 policies applied
logon control 1:
| user | any | udp 68 | deny | | | Low | | | | | | |
| any | any | svc-icmp | permit | | | Low | | | | | | |
| any | any | svc-dns | permit | | | Low | | | | | | |
| any | any | svc-dhcp | permit | | | Low | | | | | | |
| any | any | svc-natt | permit | | | Low |
captive portal policy:
| user | any | svc-http | dst-nat 8088 | Yes | | Low | | | | | | |
| user | any | svc-https | dst-nat 8081 | | | Low |
and a guest role after they authenticate- 3 policies applied:
lock down control:
| user | any | udp 68 | deny | | | Low | | | | | | |
| any | any | svc-dhcp | permit | | | Low | | | | | | |
| user | any | svc-dns | permit | | | Low |
internet only:
| user | any | svc-http | permit | Yes | | Low | | | | | | |
| user | any | svc-https | permit | Yes | | Low |
icmp:
What should I do on my controllers-B side for my guests? Which roles and policies do I need to apply?
Any help appreciated.
Thank you