Firewall Deployment Considerations

Before defining a unique controller, service platform or access point Firewall access policy, refer to the following deployment guidelines to ensure the configuration is optimally effective:

• Firewalls implement access control policies, so if you don't have an idea of what kind of access to allow or deny, a Firewall is of little value.
• It is important to recognize the Firewall's configuration is a mechanism for enforcing a network access policy.
• A role based Firewall requires an advanced security license to apply inbound and outbound Firewall policies to users and devices
• Firewalls cannot protect against tunneling over application protocols to poorly secured wireless clients.
• Firewalls should be deployed on WLANs implementing weak encryption to minimize access to trusted networks and hosts in the event the WLAN is compromised.
• Firewalls should be enabled when providing captive portal network access. Firewall policies should be applied to captive portal enabled WLANs to prevent guest user traffic from being routed to trusted networks and hosts.