Enterprise wireless access control system
-
Hi everybody, I have to deploy a wireless network that will span over 300 users for a house rental.
The customer want to implement an access control system that will provide any user unique credentials and that will log not only the access but also the traffic for legal reason (https proxy in here).I'm searching for an all-in-one solution, easy to learn and deploy. Any advice is welcome!
-
Addendum: can ubiquiti provides a captive portal and detailed log of any http request?
What about Aerohive?
-
I would go with Ubiquity -
It is easy to deploy, centrally managed and can do Captive Portal.
-
@gjacobse can it do also Radius? I see that a Radius server is needed for guest wifi.
Can it also log any internet site visited by the users? -
-
@gjacobse "beta program" is not what I could use in production…
-
@francesco-provino we use Aerohive, you need the Identity Manager in order to provide a unique 1 time login per user. For the cost I would not recommend and we are looking at Ubiquity for our next hardware refresh
-
@francesco-provino said in Enterprise wireless access control system:
@gjacobse "beta program" is not what I could use in production…
Then you need a full proxy solution
-
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
-
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
-
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
I... what? What part of Squid isn't supported? Squid is fully production ready and is used in dozens of other appliances to do web filtering.
It's a mature project that has been around for twelve years.
-
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
Squid is the industry standard and is as enterprise as it gets. You can get any level of support that you want for it. Literally, nothing gets more support for enterprise deployments.
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
I... what? What part of Squid isn't supported? Squid is fully production ready and is used in dozens of other appliances to do web filtering.
It's a mature project that has been around for twelve years.
Has to be a lot more than 12 years. It was mature when I deployed it in production 12 years ago.
-
Squid is 21 years old.
-
@scottalanmiller said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
I... what? What part of Squid isn't supported? Squid is fully production ready and is used in dozens of other appliances to do web filtering.
It's a mature project that has been around for twelve years.
Has to be a lot more than 12 years. It was mature when I deployed it in production 12 years ago.
July 1996 was the first stable release. It has probably been around significantly longer then that.
-
Companies providing Squid enterprise support include Red Hat, Suse and Canonical. Many others do as well, those are just quick examples of "no product on Windows has this level of support, including Windows itself." I think IBM supports it, too.
-
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
-
I would go with the edge Routers over the USG.
-
@francesco-provino said in Enterprise wireless access control system:
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
Yes, and @JaredBusch and I would "always" recommend a proxy inside of a VM and not in the firewall itself. That's not a function that you want located on your firewall box. By having it in a VM you have more power, more flexibility and better options for support.
