Filter
Top Products
749 | ExternalServicesInterface DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Figure 343: ESI-Fortinet Topology
In the ESI–Fortnet topology, the clients connect to access points (both wireless and wired). The wired access points
tunnel all traffic back to the over the existing network.", the clients connect to access points (both wireless and
wired). The wired access points tunnel all traffic back to the over the existing network.", the clients connect to access
points (both wireless and wired). The wired access points tunnel all traffic back to the controller over the existing
network.
The controller receives the traffic and redirects relevant traffic (including but not limited to all HTTP/HTTPS and
email protocols such as SMTP and POP3) to the AVF server device to provide services such as anti-virus scanning,
email scanning, web content inspection, etc. This traffic is redirected on the “untrusted” interface between the
controller and the AVF server device. The controller also redirects the traffic intended for the clients coming from
either the Internet or the internal network. This traffic is redirected on the “trusted” interface between the controller
and the AVF server device. The controller forwards all other traffic (for which the AVF server does not perform any of
the required operations such as AV scanning). An example of such traffic would be database traffic running from a
client to an internal server.
The controller can also be configured to redirect traffic only from clients in a particular role such as “guest” or “non-
remediated client” to the AVF server device. This might be done to reduce the load on the AVF server device if
there is a different mechanism such as the Dell-Sygate integrated solution to enforce client policies on the clients
that are under the control of the IT department. These policies can be used to ensure that an anti-virus agent runs
on the clients and the client can get access to the network only if this agent reports a “healthy” status for the client.
Refer to the paper (available from Sygate) on Sygate integrated solutions for more details on this solution.
The controller is also capable of load balancing between multiple external server appliances. This provides more
scalability as well as redundancy by using multiple external server appliances. Also, the controller can be configured to
have multiple groups of external server devices and different kinds of traffic can be redirected to different groups of
devices with load balancing occurring within each group (see Figure 344 for an example).