Wireless Access

Hi,

Before I installed a trial version of the NGF my wifi network (a 620 controller + 4 AP) worked perfectly.

I installed the NGF to solve a dot1x issue : I couldn't populate a "server auth group" without it. In fact all my dot1x issues have now been resolved, including a missing authenticated user role.

But

Although i can icmp all my subnets in all directions - from wifi to LAN and vice versa, TCP sessions fail. My wireless clients fail to connect to terminalservers, and Lan PC's fail to connect to Airdroid on an android phone, which is a http server running on a smartphone to do fileupload. I know my way around an ASA firewall, i know about deny precedence ... basically I don't want the controller to do any form of firewalling.  Could anyone point me to the right direction ?

thx

Ward

What Role do your wireless clients end up in?  Those Roles have firewall policies attached to them.

Go to configuration> Security> Access control and Edit whatever role you want to make more permissive.

That was it, I selected the "authenticated role" and re-connected laptops as well as airdroid's to the wifi.

Now TerminalServers are accessible from wifi , and Airdroid webservers from LAN !

Chances are I'll ask some pointers next  for my first "remote" accesspoint, on a private Wan, in split tunneling mode : I want to control it centrally, but for all other intents and purposes the AP needs to break out remotely and use legacy routing if it needs a resource in the Core. I want remote wifi clients to print remotely without going back and forth over the WAN.

That was the real purpose of the NGF install.

Thank you very much !

Ward