I have robust WiFi coverage in place already from another vendor. I would like to benefit from all the security features the MX-68 with advanced security license offers across my network, including wireless. So long as the APs are behind the MX, shouldn't clients connected to those APs benefit from the MX device?
Thanks in advance.
That depends on the architecture.
If the APs connect to some central controller and data flows out there (e.g. Capwap) then the location of the controller is what matters.
Certainly @KA that's fine. Depending on which 3rd party APs you're using, you can either have DHCP services provided by the MX, or by the standalone APs if they're able to do so. Regardless, like you said, clients on the APs would benefit from the security features of the inline MX, just connect the MX68 WAN to your ISP and hang the APs off of the LAN ports.
Then yes, all traffic that flows through the MX (so I'm assuming it's the gateway) will be protected by the L3/L7 firewall rules defined in it, IDS/IPS if enabled, AMP, content filtering etc.
Yes this is a common scenario we have, when taking over sites and beginning the change or update of equipment. We usually start at the gateway to secure ingress and egress into the network then work back replacing the network equipment.
You shouldn't have any issues doing this 🙂