Wireless Access

 View Only
last person joined: 3 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Does PEF license a requirement to have?

This thread has been viewed 26 times

  • 1.  Does PEF license a requirement to have?

    Posted Jun 22, 2021 10:15 PM

    Hello,

    Is it mandatory to have PEF license for Aruba MM & MD deployment? I will be using Clearpass as Guest portal and 802.1x

    Awaiting feedback. Thanks

    ------------------------------
    DarrenPJW
    ------------------------------



  • 2.  RE: Does PEF license a requirement to have?

    EMPLOYEE
    Posted Jun 23, 2021 04:42 AM
    It is not a requirement, but it will limit your configuration options considerably.  Very few customers deploy without PEF.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 3.  RE: Does PEF license a requirement to have?

    Posted Jun 23, 2021 04:47 AM
    Hi Joseph,

    Thanks for feedback. May I know what are the limitations if I'm to deploy 1x MM with 2 MC in a cluster together with Clearpass as guest portal and 802.1x? Appreciate your opinions and feedback.

    Thanks

    ------------------------------
    DarrenPJW
    ------------------------------

    Original Message


  • 4.  RE: Does PEF license a requirement to have?

    EMPLOYEE
    Posted Jun 23, 2021 03:36 PM
    If you do not have the PEF license, you cannot treat any users differently within the system.  You cannot restrict any traffic, so enterprise users will have the same rights in the system as guest users as any IOT device.  You could optionally use an external firewall, but that would mean you would have to touch a firewall every time you want to update your policies for employees, guests or users.  In addition, things like QOS based on specific application-based traffic, which is essential nowadays, is not possible.  Without PEF, each network has a single predefined role which cannot be modified to do anything meaningful, really.  Captive Portal does not require the PEF license, but it is very rudimentary and all of the options like whitelisting websites users would not need to authenticate to get to, would not be available.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 5.  RE: Does PEF license a requirement to have?

    MVP
    Posted Jun 23, 2021 05:43 AM
    A PEF license is required to use almost all the wireless roles since they are based on using the stateful firewall. When we first considered moving to Aruba wireless I had the same idea and I am very pleased we chose to have the firewall licenses. Without them you are basically crippling a lot of ArubaOS functionality.

    I did run a controller for a while with no PEF license but it was just passing along user traffic from onside or network to outside.

    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------

    Original Message


  • 6.  RE: Does PEF license a requirement to have?

    Posted Jun 23, 2021 11:39 AM
    Hi Bruce,

    Thanks for the feedback. But without PEF license can I still use the default roles that they have? Just that I can't create new roles right? 
    In addition, customer actually was wondering if they can just use external firewall to control the traffic instead of purchasing PEF license. What are your thoughts on that?

    Thanks. Appreciate it

    ------------------------------
    DarrenPJW
    ------------------------------

    Original Message


  • 7.  RE: Does PEF license a requirement to have?

    MVP
    Posted Jun 23, 2021 11:46 AM
    I would not recommend that. The PEF firewall is tightly integrated with much of the system functionality and cannot be bypassed. An external firewall cannot make those claims.

    I suspect the only role that would work would be permitting all data. I am not sure whether captive portal requires PEF.

    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------

    Original Message