NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network
I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access ...
User00 wrote:
As of 11/25/18 - the problem still exists. Although I'm in AP mode - realizing that it's not actually separating the two networks is enough for me to return this device.
As you see form reading this thread, Netgear does not intend to change this for the consumer class Orbi system.
schumaku wrote:
As you see form reading this thread, Netgear does not intend to change this for the consumer class Orbi system.
FWIW, I opened a ticket with Netgear explaining the issue and asking if this was by design or a bug. They asked me to send them my config and they will put it in their test environment to confirm. To me, if that would allow one engineer to see the problem in action and then be able to fix it - i'll keep the setup.
Of course, now as I'm in the process of changing the SSIDs and passwords of the config - I ran into another weird bug - where the satellite only seems to sync the base password, but not the WiFi settings unless I perform a factory reset.
So for me, fixing these two issues (and maybe adding an option to remotely reboot the satellite without having to upload a firmware) - then you have a decently solid product.
So response from Netgear support (had to be escalated) was that because the SSIDs are indeed on the same network - the broadcast NMAP/Fing traffic cannot be prevented. However, because they are blocked from actually making any connections to those devices then that's sufficient for Guest isolation. If you are able to make a connection to any device, then they'll investigate further.
So while, it's not necessarily a deal breaker for some - I wish they would mention this on the product page without having the users discover it on their own.
Yeah... this is making me seriously consider returning this whole thing and going back to a convoluted but secure setup. I've been on the openwireless.org train for a long time now and I'm not hopping off just because Netgear can't manage to do with this router what they've done plenty of times before.
You can't very well label it a setup that only businesses use when you and your competitors have included it on many consumer routers for years. The fact that it *is* available on this architecture but in the "Pro" form is just insult to injury. This isn't DynDNS or high-end QoS, it's security.
