Hardware, Installation, Up2Date, Licensing guest network question

UTM Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 2 replies
Subscribers 5 subscribers
Views 6107 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

guest network question

B.R.O. over 7 years ago

has anyone assign another public ip for your wireless guest or put the guest network on a dedicated firewall in case they get on a black list?

This thread was automatically locked due to age.

Parents

+1 BAlfson over 7 years ago

If possible, you will definitely want to masq your guest network with a public IP used only for it.

Also, if you're running the guest network through a Web Filtering Profile, you will want to use the new capability described in How to change the outgoing interface for Web Filtering. Rather than use the suggested method of enabling this capability, do the following as root:

cc set http enable_out_interface 1

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 B.R.O. over 7 years ago in reply to BAlfson

Awesome thanks! Here are the main steps I did to hopefully achieve my goal of keeping the network separate with a different public ip in case they get on the black list.

1. I created an additional address on the WAN bridge

2. Created a web filter profile called guest wireless

3. For Allow networks = Network Object of Guest Network Definition and under Optional: Interface for outgoing traffic: select interface Network = additional address on WAN bridge in first step.

Masquerading Rule: Guest_Wifi_VLAN->WAN Bridge + Guest Public IP

Then Firewall Rule
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 B.R.O. over 7 years ago in reply to BAlfson

Awesome thanks! Here are the main steps I did to hopefully achieve my goal of keeping the network separate with a different public ip in case they get on the black list.

1. I created an additional address on the WAN bridge

2. Created a web filter profile called guest wireless

3. For Allow networks = Network Object of Guest Network Definition and under Optional: Interface for outgoing traffic: select interface Network = additional address on WAN bridge in first step.

Masquerading Rule: Guest_Wifi_VLAN->WAN Bridge + Guest Public IP

Then Firewall Rule
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data