There was a thread on the old forum for this, but since we can't post over there anymore I am posting a new thread here:
We want to start implementing "Guest Wireless" for some customers and are in the middle of testing. When enabling wireless protection, the wizard automatically creates a "Wireless Guest Network". Couple things we noticed, is that a user connected to this network could still PING devices on the "Internal" network. Under Network Protection>Firewall>ICMP we have Unchecked "Gateway forwards pings" and now the only device that resonds is the Sophos UTM, so we beleive this is all set? The next issue we ran into is this: Under Web Protection>Web Filtering>Global, if we add the Wireless Guest Network to the Allowed Networks, then any device on the Internal network is "reachable" from the Guest network. But if we remove the Guest wireless Network from the allowed networks, it seems like that removes the ability for someone on the Guest network to reach a device on the Internal network. We understand that now the Guest network isn't going through the Web Protection. What Problems/Security issues do we potentionally have by doing this and how do we seperate the networks if both are added to the Allowed Networks tab. We have read the document "Configure HTTP Proxy for a Network of Guests - V9.3 EN.pdf", but it seemed like most of that document was created before the wizard was put in place????
This thread was automatically locked due to age.