First time posting here. We have recently deployed a Zone Director 1100 and several zf7363 APs in our main office. So far the response has been great and everything is working smoothly. Eventually we would like to deploy APs in our branch offices as well and hopefully still use the Zone Director in our main office as the controller.
The challenge I am facing is that the ZD and APs all are totally isolated from our corporate LAN/WAN. They sit behind their own firewall and only provide internet access to our users. All of the APs to be deployed at the branch offices would be arranged in a like topology. When we spec'd the system we did not take this isolation into account unfortunately. Without the remote APs being able to communicate to the Zone Director over the corporate WAN I'm not exactly sure of the best path forward.
Would the recommended approach/design be to put the Zone Director and APs into a DMZ and then talking back and forth over the public internet? I'm not sure what sort of in/out traffic the zone director uses to communicate to the APs and what ports are in use.
I'm hoping there is a more simple approach that will allow the APs to operate autonomously but still be managed centrally. I've read a bit about the Flex Master platform which sounds like it might suit our needs but could be way overkill since we are only going to have about 25-30 APs total throughout our company.
Any advice or input is appreciated.