First of all, I'm not sure if this is the right place to post. I apology if I should have posted elsewhere.
I'm playing a bit with a design of an HQ with Juniper UAC and Endpoint Profiler. The endpoint profiler should profile devices at my branch and the Juniper UAC be used for VLAN-assignment etc. based on the chosen profile.
I have various options to collect the data centrally. DHCP is one thing. The DHCP-traffic can be forwarded from my branches by relaying it to the central EP via VPN.
If I need to profile based on things like port numbers, I would need to have my branch traffic forwarded to the HQ to be watched by Endpoint Profiler - either the NetWatch or NetRelay module.
Is there any limitation as to having Netflow / jflow data exported via VPN (would prefer this over exporting the data directly via internet). For example with Juniper SRX / EX switches but potentially also with switches or firewalls from other vendors like Cisco.
Could also setup some kind of TAP / SPAN but then I wouldn't have the sampling benefits of the flow technologies.
Solved! Go to Solution.
I understand your requirement.
I also believe that your requirement should be possible using UAC and Beacon Endpoint MAG SM360 profiler solution. I have seen customers profiling based onport numbers, mac address etc.
However I recommend you to work with Juniper support on this since its needs confirmation from GreatBay support who are the OEM vendor for this profiler device.
Hope this should resolve your query.
Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!
Thanks for the reply.
Would this be JTAC or an SE?
See this is still on the draw board, so the hardware is yet to be bought.
Thanks for the reply. I will work with our SE to find the right solution for the customer.