There was a time when Wi-Fi was a bolt-on to the corporate network. As long as you had a strong passcode or some other authentication tool in place such as certificates or similar, you had reasonable confidence that things were okay. But as the footprint of the wireless local area network (WLAN) expanded, initially in response to Bring Your Own Device (BYOD) programs but more recently because workers need to easily move around within an office or between sites, there has been a need to apply more access points.
"With massive Wifi deployments and more recently CCTV and IOT deployments connected to WiFi for simplicity, the attack surface has expanded drastically, making management, operation and security a major point of discussion even at the executive level", says Swapneil Diwaan, Fortinet Business Manager at Ingram Micro.
As a result, businesses have had to find ways to manage large fleets of wireless access points (WAPs). It simply isn’t viable to have to manually configure devices when you may have hundreds, or even thousands of them, spread a across a corporate network. This led to the development of centralised wireless controllers that could be used to automatically configure access points as they were connected to the main network.
While that solved the problem of configuration, it created another challenge. How can the WLAN be secured without adding another security layer or appliance into the mix?
WAP controllers are generally pretty good at managing access points from a deployment and configuration perspective but they aren't security devices. They aren't very good at detecting when a wirelessly-connected device is executing a malicious act with or without the consent of the end user. And they don’t let you know if a device or application with a known vulnerability is connected to your network.
As a result, some network and security managers started looking for ways to pass traffic from wireless access points and controllers to another system where it could be scanned and anomalous traffic passed to a Security Information Event Management (SIEM) system. However, this creates an extra service to manage and potentially more expense for the user as they have to procure, deploy and maintain another device or service.
Fortinet already has a footprint in many businesses, offering state-of-the-art firewall devices that are able to detect and respond to threats and attacks on corporate network. And, when you look at what a WAP is, it's simply an entry point to the corporate network. That is why it makes sense for the WLAN controller to be a security appliance.
Fortinet’s controller-based WLAN solution, FortiGate, brings together the management of wired and wireless infrastructure and security to a single platform rather than a collection of separate appliances. As well as flattening your infrastructure with fewer layers and devices to manage, it delivers a “single pane of glass” management interface. You can see precisely what's happening on your network without having to toggle between multiple screens and applications.
Controller-based WLANs aren't new. They have been around since 2004 and most of the standards and services they offer have become commoditised.
Fortinet offers a different approach that helps partners and resellers leverage a customer's existing relationship and familiarity with Fortinet.
The FortiAP family of controller-managed access points offer a range of different WLAN solutions to meet many different use cases. They include indoor and outdoor WAPs that support everything from single radio 802.11n through to dual radio 3x3 MIMO 802.11ac. And some of the outdoor models are ruggedised for operation in extreme conditions.
The WAPs work with the FortiGate controllers so they can automatically configure themselves, making life easy for network administrators. A reseller can ship WAPs to a customer as their needs expand and the customer can easily deploy the new points by plugging into them to a PoE-enabled switch on the network. The FortiGate WAPs automatically detect the FortiGate controller and receive their configuration without any need for manual intervention by a network support person.
FortiAP devices support all the features needed in enterprise access points including the ability to assign multiple SSIDs to networks, each with their own network policy settings. And, as the traffic from each FortiAP goes through the FortiGate controller, they can be easily moved around without needing to worry about VLAN assignments and other policies. The access points also monitor other nearby radio signals and automatically optimise their connections to ensure the best possible experience for end users.
Customers benefit by being able to integrate their WLAN and security solution without having to find a way to integrate these two elements of their security equation. For resellers, this presents a great opportunity. As wireless becomes an increasingly important part of the network, companies will seek ways to not only better manage the deployment of their WLAN, but also the security of their systems as more wireless clients connect.
FortiAP and FortiGate make this easy with high-performance WAPs that can be securely deployed in a variety of different settings.
To know more, contact the Ingram Micro Fortinet Team to sign up for the upcoming WI-FI seminar and be part of the WI-Fi lab arriving in the second half of 2018.