Enterprise wireless access control system
-
-
@gjacobse "beta program" is not what I could use in production…
-
@francesco-provino we use Aerohive, you need the Identity Manager in order to provide a unique 1 time login per user. For the cost I would not recommend and we are looking at Ubiquity for our next hardware refresh
-
@francesco-provino said in Enterprise wireless access control system:
@gjacobse "beta program" is not what I could use in production…
Then you need a full proxy solution
-
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
-
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
-
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
I... what? What part of Squid isn't supported? Squid is fully production ready and is used in dozens of other appliances to do web filtering.
It's a mature project that has been around for twelve years.
-
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
Squid is the industry standard and is as enterprise as it gets. You can get any level of support that you want for it. Literally, nothing gets more support for enterprise deployments.
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
I... what? What part of Squid isn't supported? Squid is fully production ready and is used in dozens of other appliances to do web filtering.
It's a mature project that has been around for twelve years.
Has to be a lot more than 12 years. It was mature when I deployed it in production 12 years ago.
-
Squid is 21 years old.
-
@scottalanmiller said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
I... what? What part of Squid isn't supported? Squid is fully production ready and is used in dozens of other appliances to do web filtering.
It's a mature project that has been around for twelve years.
Has to be a lot more than 12 years. It was mature when I deployed it in production 12 years ago.
July 1996 was the first stable release. It has probably been around significantly longer then that.
-
Companies providing Squid enterprise support include Red Hat, Suse and Canonical. Many others do as well, those are just quick examples of "no product on Windows has this level of support, including Windows itself." I think IBM supports it, too.
-
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
-
I would go with the edge Routers over the USG.
-
@francesco-provino said in Enterprise wireless access control system:
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
Yes, and @JaredBusch and I would "always" recommend a proxy inside of a VM and not in the firewall itself. That's not a function that you want located on your firewall box. By having it in a VM you have more power, more flexibility and better options for support.
-
@penguinwrangler said in Enterprise wireless access control system:
I would go with the edge Routers over the USG.
Yes, generally the EdgeRouters is what you want. More power, lower price.
-
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
-
@francesco-provino said in Enterprise wireless access control system:
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Backup a second. Squid is a proxy/cache. It doesn't do landing pages or authentication. You'd be looking at something else to handle that. The believe the Unifi controller has a captive portal built in that you may be able to work with.
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Backup a second. Squid is a proxy/cache. It doesn't do landing pages or authentication. You'd be looking at something else to handle that. The believe the Unifi controller has a captive portal built in that you may be able to work with.
I know, but it needs an external radius server to works.
