Firewall Deployment Considerations
Before defining a unique controller, service platform or access point Firewall access policy, refer to the following deployment guidelines to ensure the configuration is optimally effective:
- Firewalls implement access control policies, so if you don't
have an idea of what kind of access to allow or deny, a Firewall is of little
value.
- It is important to recognize the Firewall's configuration is a
mechanism for enforcing a network access policy.
- A role based Firewall requires an advanced security license to
apply inbound and outbound Firewall policies to users and devices
- Firewalls cannot protect against tunneling over application
protocols to poorly secured wireless clients.
- Firewalls should be deployed on WLANs implementing weak
encryption to minimize access to trusted networks and hosts in the event the WLAN is
compromised.
- Firewalls should be enabled when providing captive
portal network access. Firewall policies should be applied to captive portal
enabled WLANs to prevent guest user traffic from being routed to trusted networks and
hosts.