NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network
I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access ...
OK - I am hoping for some (possible) help here... I am very concerned about this. I have around a dozen or so small mortgage offices (only a couple of users at each), where I have the Orbi RBR50 plus satellite installed. in all cases, the networks are IPV4 only, and IPV6 is disabled. All of the units have the absolute latest firmware to-date (2.1.4.16). At each location, I have the private network on subnet 192.168.0.X, and on the Orbi, the network is in ROUTER MODE on subnet 10.0.0.X. I have discovered that, even with the option DISABLED in the guest network settings, that ANYONE who connects to the guest network can easily and readily access ANY of my servers/resources on the 192.168.0.X subnet! I was pretty shocked. I managed to connect to the guest network, and easily not only PING one of the servers, but was able to RDP onto the server, as well as access the shared data volume.
This is completely unacceptable - and this is at all 12 locations. Again - with only 2 or 3 people on-site, I saw no reason to go beyond the RBR50 + Satellite units for these tiny offices. And I assumed that correctly having the guest network set-up would keep access to the wired 192.168.0.X network secure. Again - IPV4 ONLY, in ROUTER mode. Is there a fix here? I am already running firmware 2.1.4.16. The thought of having to replace all of these, because of a glitch with Netgear, is ridiculous. I loved these so much, that I also bought this for my own home, and for friends' homes. One note - I was promised over the phone when speaking to Netgear for general product info, that the guest network would be isolated! Ugh..... now what?
If anyone has any ideas or advice, it would be so very much appreciated... more than you know. Thank you very much in advance for any help you can give...
I see there was mention of this issue being resolved in the PRO version. Not sure if this has populated to the Home version. I presume you are using the PRO version? Or Home? It's not recommended to use Home products in a business setting. Things test to lead to products not working as well for the Business environment. Business envrionments need more than Home class products for safter and secure operations. You may need to look into better business solutions for your needs if your using a Home class system. If your concerned about this, you'll need to disable the Guest Network feature on your systems.
Mister-Mike wrote:
OK - I am hoping for some (possible) help here... I am very concerned about this. I have around a dozen or so small mortgage offices (only a couple of users at each), where I have the Orbi RBR50 plus satellite installed. in all cases, the networks are IPV4 only, and IPV6 is disabled. All of the units have the absolute latest firmware to-date (2.1.4.16). At each location, I have the private network on subnet 192.168.0.X, and on the Orbi, the network is in ROUTER MODE on subnet 10.0.0.X. I have discovered that, even with the option DISABLED in the guest network settings, that ANYONE who connects to the guest network can easily and readily access ANY of my servers/resources on the 192.168.0.X subnet! I was pretty shocked. I managed to connect to the guest network, and easily not only PING one of the servers, but was able to RDP onto the server, as well as access the shared data volume.
This is completely unacceptable - and this is at all 12 locations. Again - with only 2 or 3 people on-site, I saw no reason to go beyond the RBR50 + Satellite units for these tiny offices. And I assumed that correctly having the guest network set-up would keep access to the wired 192.168.0.X network secure. Again - IPV4 ONLY, in ROUTER mode. Is there a fix here? I am already running firmware 2.1.4.16. The thought of having to replace all of these, because of a glitch with Netgear, is ridiculous. I loved these so much, that I also bought this for my own home, and for friends' homes. One note - I was promised over the phone when speaking to Netgear for general product info, that the guest network would be isolated! Ugh..... now what?
If anyone has any ideas or advice, it would be so very much appreciated... more than you know. Thank you very much in advance for any help you can give...
Hello! Well, I wish I was advised to buy the Pro. The offices are small, only a couple of users each.... and I was ready to purchase whatever was recommended. No one mentioned a Pro system. So now I will need to look into upgrading... however I can't believe there isn't an answer to this. Because - regardless, this is also completely unacceptable in ANY home environment. An isolated guest network is just that - an isolated guest network, whether in a home or wherever. I am not opposed to buying Pro versions, but I need some type of stopgap/workaround in the meantime if possible...
I would disable the Guest Network. If you just got the Orbis, you should check into returning them after looking into the PRO version...
Something to ask NG about and see.
Mister-Mike wrote:
Hello! Well, I wish I was advised to buy the Pro. The offices are small, only a couple of users each.... and I was ready to purchase whatever was recommended. No one mentioned a Pro system. So now I will need to look into upgrading... however I can't believe there isn't an answer to this. Because - regardless, this is also completely unacceptable in ANY home environment. An isolated guest network is just that - an isolated guest network, whether in a home or wherever. I am not opposed to buying Pro versions, but I need some type of stopgap/workaround in the meantime if possible...