We have 15 Cisco 1240AGs, which were apparently announced of End of Sale, though EOL is apparently 2018..
No controller, but I just talked with our supplier, who is recommending the 2504. There's a unit that comes with a 15-WAP license, for not too expensive. *Very* good to know about the captive portal capability. The recommendation of CCIEs for the PA over the ASA is, well, interesting. I wonder if I can find someone he will believe on that... Kurt On Wed, Feb 6, 2013 at 12:48 PM, Kevin Lundy <[email protected]> wrote: > I have two CCIE's that work for me. Both also used to work for a Cisco VAR > - so obviously Cisco bigots. They both recommended PA to me over the ASA. > From a security perspective, the PA do so much more than ASAs. We still use > ASAs for some intranet firewalls. > > Are you using the Cisco controllers with your WAPs? If so, they have > captive portal capability. They call it Lobby Ambassador. > > On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff <[email protected]> wrote: >> >> Our Sidewinders are EOL at the end of April, and my manager doesn't like >> them. >> >> He's a Cisco bigot, and wants ASAs in here. >> >> I'm fighting him to at least take a look at the Palo Alto platform, or >> perhaps the newest iteration of the Sidewinders (which are now called >> McAfee Enteprise Firewalls). >> >> That's an interesting tip on the Sophos solution. What did you use for >> the hardware? >> >> Kurt >> >> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall <[email protected]> >> wrote: >> > I was going to suggest using the SonicPoint solution from SonicWall, but >> > you've got Sidewinders, don't you? >> > >> > Does McAfee have anything like SonicWall's wireless solution where it's >> > all >> > managed from the firewall? >> > >> > PS Sophos has this too, and they give their UTM firewall away free for >> > home >> > use. Just bring your own hardware. I just switched to this the other >> > day >> > and love it so far. I should write a blog post about it. (But then I'd >> > have to create a blog...) >> > >> > >> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff <[email protected]> wrote: >> >> >> >> All, >> >> >> >> Quite some time ago, I set up an unsecured guest VLAN in our network, >> >> providing wireless access to all of the sundry devices that staff and >> >> visitors carry. I set up a small FreeBSD machine to serve IP addresses >> >> via DHCP, and that was dead simple. >> >> >> >> It is a layer2 VLAN, traversing our backbone, and terminating on our >> >> corporate firewall. >> >> >> >> However, there are now other tenants in our building, and the subnet >> >> is getting too much bandwidth and address consumption - the range I >> >> set up is completely filled, and the VLAN is consuming about half of >> >> our Internet pipe, which is far too much for my comfort. >> >> >> >> I suspect the other tenants are leeching. >> >> >> >> What I've read of captive portals seems to indicate that the portal is >> >> part of the firewall. I could be wrong about that, though. Regardless, >> >> the >> >> corporate firewall will not be allowed to be part of this solution. >> >> >> >> The only other alternative I see right now is to set up a password on >> >> the SSID, and have the front desk hand it out to guests, after mailing >> >> it to staff, and I'm getting pushback on that from my manager. >> >> >> >> Does anyone have some ideas I could pursue on this? >> >> >> >> Thanks, >> >> >> >> Kurt >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> --- >> >> To manage subscriptions click here: >> >> http://lyris.sunbelt-software.com/read/my_forums/ >> >> or send an email to [email protected] >> >> with the body: unsubscribe ntsysadmin >> > >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > --- >> > To manage subscriptions click here: >> > http://lyris.sunbelt-software.com/read/my_forums/ >> > or send an email to [email protected] >> > with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
