@davidbr wrote:
All,
We are thinking of moving some of our border firewall rules that apply to all the wireless user to our 9 M3 controllers.
I wanted to know if anybody else has done this? We feel that this will lighten the load on our Border firewall and distribute the load.
My understanding is that the firewall is statefull for a user profile, as well as on the interfaces to the controllers, but wanted to confirm this.
.
Davidbr,
If you have wired clients at your sites, they need border firewall protection and that should be an essential part of the "belt and suspenders" approach to security. The Aruba built-in firewall allows you to layer additional protection that will cover your clients when they get placed onto the wired network. With that being said, a border firewall guarantees that all of your clients, regardless of their type of connection have a minimum level of protection. You can use the Aruba firewall to layer on top of this and to give different users different protection, but at minimum you should be using an effective border firewall.