NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

anschmid's avatar
anschmid
Apprentice
Feb 03, 2017

CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network

I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access ...
Troubleshooting
Mister-Mike's avatar
Mister-Mike
Aspirant
Aug 27, 2018

OK - I am hoping for some (possible) help here... I am very concerned about this.  I have around a dozen or so small mortgage offices (only a couple of users at each), where I have the Orbi RBR50 plus satellite installed.  in all cases, the networks are IPV4 only, and IPV6 is disabled.  All of the units have the absolute latest firmware to-date (2.1.4.16).  At each location, I have the private network on subnet 192.168.0.X, and on the Orbi, the network is in ROUTER MODE on subnet 10.0.0.X.  I have discovered that, even with the option DISABLED in the guest network settings, that ANYONE who connects to the guest network can easily and readily access ANY of my servers/resources on the 192.168.0.X subnet!  I was pretty shocked.  I managed to connect to the guest network, and easily not only PING one of the servers, but was able to RDP onto the server, as well as access the shared data volume.

 

This is completely unacceptable - and this is at all 12 locations.  Again - with only 2 or 3 people on-site, I saw no reason to go beyond the RBR50 + Satellite units for these tiny offices.  And I assumed that correctly having the guest network set-up would keep access to the wired 192.168.0.X network secure.  Again - IPV4 ONLY, in ROUTER mode.  Is there a fix here?  I am already running firmware 2.1.4.16.   The thought of having to replace all of these, because of a glitch with Netgear, is ridiculous.  I loved these so much, that I also bought this for my own home, and for friends' homes.  One note - I was promised over the phone when speaking to Netgear for general product info, that the guest network would be isolated!  Ugh..... now what?

 

If anyone has any ideas or advice, it would be so very much appreciated... more than you know.  Thank you very much in advance for any help you can give...

st_shaw's avatar
st_shaw
Master
Aug 27, 2018
Mister-Mike wrote:

OK - I am hoping for some (possible) help here... I am very concerned about this.  I have around a dozen or so small mortgage offices (only a couple of users at each), where I have the Orbi RBR50 plus satellite installed.  in all cases, the networks are IPV4 only, and IPV6 is disabled.  All of the units have the absolute latest firmware to-date (2.1.4.16).  At each location, I have the private network on subnet 192.168.0.X, and on the Orbi, the network is in ROUTER MODE on subnet 10.0.0.X.  I have discovered that, even with the option DISABLED in the guest network settings, that ANYONE who connects to the guest network can easily and readily access ANY of my servers/resources on the 192.168.0.X subnet!  I was pretty shocked.  I managed to connect to the guest network, and easily not only PING one of the servers, but was able to RDP onto the server, as well as access the shared data volume.

 

This is completely unacceptable - and this is at all 12 locations.  Again - with only 2 or 3 people on-site, I saw no reason to go beyond the RBR50 + Satellite units for these tiny offices.  And I assumed that correctly having the guest network set-up would keep access to the wired 192.168.0.X network secure.  Again - IPV4 ONLY, in ROUTER mode.  Is there a fix here?  I am already running firmware 2.1.4.16.   The thought of having to replace all of these, because of a glitch with Netgear, is ridiculous.  I loved these so much, that I also bought this for my own home, and for friends' homes.  One note - I was promised over the phone when speaking to Netgear for general product info, that the guest network would be isolated!  Ugh..... now what?

 

If anyone has any ideas or advice, it would be so very much appreciated... more than you know.  Thank you very much in advance for any help you can give...

If I understand what you wrote correctly, you have Orbi in Router mode behind another router, with the 192.168.0.x subnet on the WAN side of Orbi.

 

If so, the behavior you report is not a glitch with NETGEAR.  The behavior is as expected, and is due to the way you have Orbi setup.

 

Guest isolation pretains only to the LAN side of Orbi and does not affect traffic heading to the WAN side of Orbi. The PRO would behave no differently. Also, Orbi's guest isolation only pertains to wireless clients, not wired machines.

 

If you want to maintain two separate networks, then you need a router that supports multiple subnets and IP-based firewall rules to control traffic between subnets. If your current router doesn't support this, you could buy a cheap router that does and run the Orbi in Access Point mode behind that.