I have an SG210 with two wifi networks running off AP30s. The "corp" network is bridged to the internal network and this works fine. The "guest" network is a separate zone with is own DHCP server. All this was setup using the wizard.
Everything seems to work fine.
However, I've been doing some testing and I'm confused.
1) On a laptop connected only to the "guest" network I can browse the internet as expected - this is expressly allowed via the firewall rule that was created during the install of the "guest" network:
Wireless Guest Network (Network) > Web Surfing (http, https, http proxy and http webcache) > Internet IPv4
I then deactivated this firewall rule and I expected to no longer be able to browse websites on the "guest" network, but this is not the case... I can merrily browse away. How? The only other rule for the Wireless Guest Network is to allow Email protocols out.
2) I presumed that devices on the "guest" network were not able to access anything at all on the internal network, but it seems they can via http and https: i.e. on a laptop connected only to the "guest" network, I can access the web config page of my network printers on the internal network via http or https. I though it might be the default rule allowing traffic (i.e. the "internetl IPv4"):
Wireless Guest Network (Network) > Web Surfing (http, https, http proxy and http webcache) > Internet IPv4
But disabling this rule does nothing and I can still access the web config page of a network printer on the internal network. How? Am I naively thinking that by default all traffic between "guest" and internal network should be dropped, or is it setup differently?
This thread was automatically locked due to age.
