Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

1047| External Services Interface AOS-W 6.5.3.x| User Guide

Figure 228 ESI-Fortinet Topology

In the ESI–Fortnet topology, the clients connect to access points (both wireless and wired). The wired access

points tunnel all traffic back to the switch over the existing network.

The switch receives the traffic and redirects relevant traffic (including but not limited to all HTTP/HTTPS and

email protocols such as SMTP and POP3) to the AVF server device to provide services such as anti-virus

scanning, email scanning, web content inspection, etc. This traffic is redirected on the “untrusted” interface

between the switch and the AVF server device. The switch also redirects the traffic intended for the clients

coming from either the Internet or the internal network. This traffic is redirected on the “trusted” interface

between the switch and the AVF server device. The switch forwards all other traffic (for which the AVF server

does not perform any of the required operations such as AV scanning). An example of such traffic would be

database traffic running from a client to an internal server.

The switch can also be configured to redirect traffic only from clients in a particular role such as “guest” or “non-

remediated client” to the AVF server device. This might be done to reduce the load on the AVF server device if

there is a different mechanism such as the Alcatel-Lucent-Sygate integrated solution to enforce client policies

on the clients that are under the control of the IT department. These policies can be used to ensure that an

anti-virus agent runs on the clients and the client can get access to the network only if this agent reports a

“healthy” status for the client. Refer to the paper (available from Sygate) on Sygate integrated solutions for

Alcatel-Lucent AOS-W 6.5.3.x - Page 1047