First of all, I'm not sure if this is the right place to post. I apology if I should have posted elsewhere.
I'm playing a bit with a design of an HQ with Juniper UAC and Endpoint Profiler. The endpoint profiler should profile devices at my branch and the Juniper UAC be used for VLAN-assignment etc. based on the chosen profile.
I have various options to collect the data centrally. DHCP is one thing. The DHCP-traffic can be forwarded from my branches by relaying it to the central EP via VPN.
If I need to profile based on things like port numbers, I would need to have my branch traffic forwarded to the HQ to be watched by Endpoint Profiler - either the NetWatch or NetRelay module.
Is there any limitation as to having Netflow / jflow data exported via VPN (would prefer this over exporting the data directly via internet). For example with Juniper SRX / EX switches but potentially also with switches or firewalls from other vendors like Cisco.
Could also setup some kind of TAP / SPAN but then I wouldn't have the sampling benefits of the flow technologies.