Announcement

Collapse
No announcement yet.

A secure guest wi-fi

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A secure guest wi-fi

    Hello,

    I am studying and came across to an author who talked about giving wifi access to people outside your company, as a "guest wifi".

    Since my real experience was a while ago and now I am studying server stuff (Exchange, AD, ....) I hadn't thought about this.

    I made a drawing regarding this guest wi-fi , which I attach.

    Would that set-up be suitable and secure?

    Thanks in advance!
    Attached Files
    -
    Madrid (Spain).

  • #2
    You can actually purchase devices that do this for you. We have SonicWALL SonicPoints at the moment and will be going to Aruba shortly.

    But to answer your question yes it does depending on the configuration of your firewall.

    Comment


    • #3
      Thanks a lot Wullieb.

      1- What do you mean: "...devices that do this for you..." ? . I mean, a simple Access point would not do that ?, attached through a cable to the firewall?. I am not an expert, sorry if the question is too basic.

      2- Would it be too much to ask for you to elaborate on "...depending on your firewall..." ? . I used to work with ISA Firewall, 2004 and 2006, and a bit with ForeFront.

      Thanks!
      -
      Madrid (Spain).

      Comment


      • #4
        [QUOTE=loureed4;n494409]1- What do you mean: "...devices that do this for you..." ? . I mean, a simple Access point would not do that ?, attached through a cable to the firewall?. I am not an expert, sorry if the question is too basic./QUOTE]

        More advanced AP's can create multiple networks that you can segregate clients and staff into. Have a look at Aruba, Merwaki, etc.

        Originally posted by loureed4 View Post
        2- Would it be too much to ask for you to elaborate on "...depending on your firewall..." ? . I used to work with ISA Firewall, 2004 and 2006, and a bit with ForeFront.
        Not sure what i can elaborate on. If your firewall can handle the fact that you will have a separate network sending traffic down it then it will handle your guest network.Most firewalls do but requires rules, etc. setup on them. Its not simply a case of plug in a WAP some where and set up the access point then walk away. You will have some configuration that must be done on the firewall to handle this.

        Comment


        • #5
          Firewalls like ISA Server and Forefront TMG, and indeed any firewall that supports multiple networks, will allow you to setup a segregated subnet for a guest WiFi. I think the point wullieb1 was making is that many edge devices with built-in WiFi now have this functionality built-in, I've used many Watchguard XTMs for this purpose in addition to the vendors he mentioned.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Thanks Wullieb1 and cruachan.

            Yes, I studied ISA and TMG and it was fairly easy to permit traffic from guest to external only: http, https, and dns, so that the guests can access the internet.


            -
            Madrid (Spain).

            Comment


            • #7
              Ubiquiti's Unifi range has built in "guest network" functionality, with segmentation from corporate networks. you can even do "voucher based" systems or have a terms and conditions website, etc

              I looked at your image, and it should be straight forward. Assuming somethingl ike a fortigate or sonicwall, connect the GuestAP to a separate interface on the firewall. Create a separate zone and allow NAT etc. You may be able to apply speed profiling aswell..

              Then ensure traffic is only allowed from Guestzone to Internet, all traffic should be blocked from LanZone to GuestZone or GuestZone to LanZone.
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Thanks tehcamel, what is Ubiquiti's Unifi ?
                -
                Madrid (Spain).

                Comment


                • #9
                  Originally posted by loureed4 View Post
                  Thanks tehcamel, what is Ubiquiti's Unifi ?
                  A quick reference to my friend Mr gives quite a lot of information:
                  https://www.google.co.uk/search?q=Ub...oBA&gws_rd=ssl
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    www.ubnt.com. Market themselves as enterprise grade wireless (and switching, voip, ipcam) solutions. Everything gets managed from a single "unifi" console (which doesn't need to be running permanently, runs on java)
                    I haven't put it up against something like Meraki, but I beleive the pricing to be far better (non-subscription based, for a start)

                    Essentially:
                    1. install the unifi software. You can put this on a workstation temporarily, or setup a permanent server, depends on your need. Even use Amazon or Azure. Initially, and for ease, itshould be on the same subnet.
                    2. Configure your wireless network settings using the GUI
                    3. Unpack the wireless AP, plug it in using PoE adaptor if neccessary.
                    4. In the Unifi GUI, see the new AP and "Adopt" it. It will configure itself accordingly. Rinse and repeat for however many APs you have.

                    Then, when you want to make a change, change it in the gui. Once. all the APs will accept the change and reboot themselves if necessary.

                    It also has Zero Handoff, so wireless devices can roam.
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Thanks both the Camel and Ossian!

                      P.S: Ossian, I know what you mean by "your friend google", but sometimes one would like opinions on the subject, new opinions, apart from those appearing on google, otherwise, google would bring the same results over and over, and nobody would contribute to populate new aspects or opinions any more.
                      Last edited by loureed4; 26th November 2015, 12:19.
                      -
                      Madrid (Spain).

                      Comment


                      • #12
                        I think his point was.. you were asking what it was, rather than opinions or reviews.. It's one thing to say "oh yea, I know what unifi is, what has your experience been like" but it's a different thing to just say "What is unifi?"
                        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                        Comment


                        • #13
                          Originally posted by tehcamel View Post
                          I think his point was.. you were asking what it was, rather than opinions or reviews.. It's one thing to say "oh yea, I know what unifi is, what has your experience been like" but it's a different thing to just say "What is unifi?"

                          Yes, I apologize. I often use google before asking questions, really. My bad.
                          -
                          Madrid (Spain).

                          Comment

                          Working...
                          X