Possible to block traffic by application on BR200?

  • 2
  • Question
  • Updated 2 years ago
We are moving to to have a single BR200 at each satellite location, this device will be the only networking device at each site. As I read more and more about what I've inherited here, it's become clear to me there were some misunderstandings about what these devices can do.

Is there any current or planned functionality to allow me to block traffic by application service on both the wired and wireless networks at these locations?
Photo of Alex

Alex

  • 3 Posts
  • 0 Reply Likes
  • Disappointed

Posted 3 years ago

  • 2
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The BR200 has application visibility but, I believe, lacks the control element.
This is, I am assuming, likely to have been a deliberate choice based on the price point for these.
The datasheet does state only that Application Visibility is supported, Control is not mentioned:
http://www.aerohive.com/pdfs/Aerohive_Datasheet_BR200.pdf

Additionally, you lack the same type of user profiles on the BR200 that you get on the APs that would make such a control element viable/useful.

Mike Kouri made comment on the user profiles here https://community.aerohive.com/aerohive/topics/firewall-policy-on-branch-router, stating that:
We are aware that people like applying policies to user profiles, and we have plans to eventually bring the BR and SR products in line with the APs, but that's off in the indefinite future and should not be a consideration for your planning purposes.
(Edited)
Photo of Alex

Alex

  • 3 Posts
  • 0 Reply Likes
My sole intention is to be able to block all traffic at the satellite locations that is disagreeable to a business environment, this is made much simpler if I don't have to block per IP address in the network firewall.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Alex,
Yes, this is in our plans, but it is not possible today and will not be in the next immediate release of software for this hardware platform. We are still working on some necessary foundation work before we will be able to add that capability. My best estimate today is some time in calendar year 2016.
Photo of Bryan Adams

Bryan Adams

  • 5 Posts
  • 2 Reply Likes
@Mike - is this still looking like being "some time in calendar year 2016"?
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Bryan,
It is still in our plans, but the introduction of our 802.11ac portfolio has been consuming more of our development resources than I expected a year ago, so these efforts are delayed a bit. We now plan to do this before the middle of 2017.