Wireless Firewall

A Firewall enforces access control and is considered a first line of defense in protecting proprietary information within the access-point managed network. The means by which this is accomplished varies, but in principle, a Firewall can be thought of as mechanisms both blocking and permitting data traffic in the network. Because firewalls implement uniquely defined access control policies, they are of little value unless you have a clear idea of what kind of access to allow or deny. In such an instance, in fact, a firewall could provide a false sense of security.

With WiNG access points, firewalls are configured to protect against unauthenticated logins from outside the network. This helps prevent hackers from accessing managed wireless clients. Well designed firewalls block traffic from outside the network while permitting authorized users to communicate freely outside the network.

Firewalls can be implemented in both hardware and software, or a combination of both. All traffic entering or leaving a controller, service platform, or access point passes through the firewall, which examines each message and blocks those not do not meet the security criteria (rules) defined.

Firewall rules define the traffic permitted or denied within the network. Rules are processed by a firewall supported device from first to last. When a rule matches the network traffic that a controller, service platform, or accesspoint is processing, the firewall uses that rule's action to determine whether to allow or deny the traffic.

Rules have two parts:
  • A condition describes a traffic packet stream. It defines constraints on source and destination devices, the service (protocols and ports), and the incoming interface.
  • An action describes what happens to packets matching the conditions that have been set. For example, if the packet stream meets all conditions, then traffic is permitted, authenticated, and sent to the destination device.

Additionally, IP and MAC rule-based firewall filtering can be deployed to apply firewall policies to traffic bridged by centrally managed radios. IP and MAC filtering permits or restricts traffic exchanged between hosts, hosts residing on separate WLANs, or hosts forwarding traffic to wired devices.