Hello,
We currently have an Aruba mesh network that then goes thru a cipafilter to the world. Everything is functioning normally except for the following.
I have been tasked with turning on SSL decryption on the firewall, but that causes all of our guest wifi users to have to install a certificate which I would prefer guests not have to do.
I spoke with cipa filter and they said to create a group on the filter for wifi that doesnt require ssl decryption and give it the subnet/ip coming from the Aruba wifi guest dhcp service.
I have all of this setup, but the strangest thing happens. I can connect multiple clients to guest wifi, get a correct dhcp served ip address and get to the internet on any of the clients. BUT, The clients can not go to the same webpage at the same time. If I have 1 go to msn another to yahoo and another go to google, all load quickly without issue. If I make it so they all try to get to yahoo at the same time, only 1 will load while the others white screen, then as soon as the first is loaded, the 2nd will then load, then the 3rd when the 2nd is finished.
I have tried multiple routing changes thinking something is getting lost along the way with no luck.
I did notice that the firewall is not seeing any traffic from the dhcp addresses handed out on the guest wifi ssid, it is only seeing traffic from the master AP ip address.
I am using the AP's 172.x.x.x dhcp service without setting any other parameters. No vlan changes, no other changes to routing and such on the AP's.
All other systems and ssids work without an issue.
Its that whole round robin loading of the same website that is messing me up. Is there a way to just have the AP be more transparent and just forward the traffic to the firewall without Natting it maybe? Then I could just set up the firewall to accept that traffic and route it back to that ap on its way back in.
Thanks for reading this long winded issue. Much Appreciated.