WebBlocker and Application Control in WiFi Cloud
Am I missing something or is the WebBlocker and Application Control we had in the Gateway Wireless Controller (Fireboxes) definitely not the same?
Do we have to know exactly what we want blocked and manually setup each item?
I'm new to actually setting up an AP using the Cloud WiFi and it just doesn't seem as user friendly as going Basic through my firewall(XTM).
Suggestions or pointers?
0
Sign In to comment.
Comments
In XTM, it is your policies, not Gateway Wireless Controller, by which you implement WebBlocker and Application Control, and also all other XTM security products such as GAV, Geolocation and DNSWatch.
So I still control those aspects through the XTM even those it's WiFi Cloud setup?
I'll get a better view tomorrow, dept. closed right now, but I didn't see any traffic.
Should I have it set for SSID Bridge or Nat mode?
Currently this is 'Guest' access with employees using it also.
Nat mode I get internet access; Bridge mode I lose it. My XTM does DHCP but I noticed the AP325 Nat mode does DHCP with a different IP scheme.
AP325 - 172... vs XTM - 10....
In Bridge mode I don't get assigned (wireless device) an IP address from my XTM (10.0.2.xxx). No internet access.
in Nat mode my wireless device gets a 172.16.101.xxx address from the AP. Internet access.
Wifi cloud devices have nothing to do with an XTM appliance.
You don't need a WG firewall to implement WG wifi cloud capable APs.
Thus XTM security options/concepts do not apply to a WG wifi cloud AP.
WG wifi cloud allows a totally different set of wifi cloud AP reporting than is available with an XTM controlled AP.
Basically - 2 unrelated implementations.
If you really want the controls over an AP that XTM allows, and don't need the features of WG wifi cloud, then you can change the AP to be a Basic AP setup:
FAQ:
How to change a Total Wi-Fi or Secure Wi-Fi cloud-managed AP to a Basic Wi-Fi local-managed AP
https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000k9gmKAA&lang=en_US
Thanks Bruce,
With this new AP I was trying to implement the Cloud WiFi and try the 'new' security features it brings.
My questions are about Firewall setup; policies, webblocker, etc., also Application Control. Are those still available with Cloud WiFi?
To me it looks like your going back to where you have to setup individual policies for everything you want to let through and/or block, which would be tedious. The same for Application Control.
Does WG assume you don't need or want to control or block what's happening with your AP's/WiFi using the Cloud WiFi?
Oh and yes, I know I can set it up as basic because that's what I'm doing with my AP120's. I tried the Cloud WiFi (kinda) when I was setting those up but didn't have the patience or time to get it working.
I think I misuderstood what you were trying to say / explain here.
Yes, I know it's my policies that control WebBlocker and App.Control; I was thinking you meant it was 'also, still' controlling the Cloud WiFi AP's. Your next explanation answered that.
I'm going to have to do more research and reading on the Cloud WiFi.
But I also don't believe WG is doing a very good job in publishing extensive information about it.
They make it sound good but yet it's limiting, and until you try to use it (after using Fireware) it's not the same.
OK, I need a cup of coffee after all that! Sorry! ;o)
If you have wifi cloud managed APs behind a Firebox, then you get to apply WebBlocker and Application Control etc. to the traffic from those APs.
And you get to set up WIPS etc. for the wifi cloud managed APs.
Bruce,
Thank you, as always, for your insightful comments and explanations.
My AP is behind my Firebox, I guess I was expecting more in the way of controlling the web traffic with the Cloud WiFi.
I have it in place and running, although I had to do a power cycle/reset already this morning. ;o(
Just installed and configured it last night, hoping that was a fluke.
Have a great day and weekend!