Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 9730 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create a separate wifi without Access to other lans

Kurosh Dabbagh

Hi everybody,

 

I want to have a WIF in my sophos xg 115 without access to any other network in it.

I created a "separate zone" wifi and added it to local Access point. After that, i created a new dhcp for this wifi.

After all, i have a functional wifi, i can connect to it and Access google, but i can ping to other LAN's that i have in the firewall too, and id like to deny that Access to other networks...

 

Is that posible? And how can i do it?

 

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    What DNS is used in the Separate Zone DHCP? You should NOT use the UTM as DNS-Server here, use Google DNS, Open DNS servers, some external.

    The easiest way is to NOT proxy the guest network at all, create allowed rules (e.g. Web Surfing, E-Mail, VPN protocols,... what's needed -> DO NOT FORGET DNS!) in the firewall pointing to the internet, drop anything else.

    If you really want to proxy both networks, the internal networks should at least be skipped as targets so that only the firewall controls the traffic between the networks and not the proxy. But even then there exist ways to connect from the guest network to your normal network, ask BAlfson for the document about securing setups that should use web protection in the guest network.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

Reply
  • 0

    What DNS is used in the Separate Zone DHCP? You should NOT use the UTM as DNS-Server here, use Google DNS, Open DNS servers, some external.

    The easiest way is to NOT proxy the guest network at all, create allowed rules (e.g. Web Surfing, E-Mail, VPN protocols,... what's needed -> DO NOT FORGET DNS!) in the firewall pointing to the internet, drop anything else.

    If you really want to proxy both networks, the internal networks should at least be skipped as targets so that only the firewall controls the traffic between the networks and not the proxy. But even then there exist ways to connect from the guest network to your normal network, ask BAlfson for the document about securing setups that should use web protection in the guest network.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

Children
  • 0 in reply to kerobra_retired

    Thanks for that, Kevin!

    Hi Kurosh, and welcome to the UTM Community!

    If you are interested in me sending you a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests,"  please PM me your email address.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML