NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Micro Segmentation with Orbi RBR50
Can RBR50 plus satellites be set up with micro Segmentation to isolate my SmartThings network? If so, how? If not, is the newest ORBI better suited?
Honestly, after using Google to find information on "micro segmentation", I learned almost nothing. "Better than firewalls, VLANs, Access Control Lists." Wow! But, what IS it? No idea.
Orbi does not support internal firewall rules or internal VLANs, and has only a primitive "yes/no" access control. I think there is zero chance that this "wonder technology" is supported by ANY residential class WiFi router.
If the goal is to prevent someone who compromises one IoT device from using it as a platform to attack other devices on the local network, then the Guest network appears to be the only mechanism offered on the Orbi platform (and most other residential WiFi routers). The "Help" found at the bottom of the Orbi Guest setup screen does not exactly match the current choices, so I am not 100% certain of how Guest devices are controlled. From reading the setup screen the choices are:
- Guest devices can access only the Internet. Not any other devices. Not on the primary network. Not on the Guest network.
- Guest devices CAN access the primary network, Guest network, and Internet.
Thus, a device connected to Guest is pretty much "isolated". If someone compromises an IoT device, they can attack the Internet, but not me.
You can ask on the Orbi WiFi 6 forum if that product has more advanced features: https://community.netgear.com/t5/Orbi-AX/bd-p/en-home-orbi-ax
CrimpOn wrote:.......
You can ask on the Orbi WiFi 6 forum if that product has more advanced features: https://community.netgear.com/t5/Orbi-AX/bd-p/en-home-orbi-ax
An additional functionality in Orbi AX is that the guest network has its own subnet that is different than the subnet of the main network.
ekhalil wrote:
An additional functionality in Orbi AX is that the guest network has its own subnet that is different than the subnet of the main network.It would be nice if this feature will trickle down to non-AX Orbi in future FW update.
Good to see someone is talking about this basic feature missing in Orbii RBR50.
I see this option - "Allow guests to see each other and access my local network" in guest network settings... Cant this be used to bring the segmentation when all LoT devices are moved to Guest network?
Using the Guest network for IoT devices and not allowing them to communicate with the primary network or other devices on the Guest network appears to isolate them from the primary WiFi network. This, of course, assumes that ALL interaction with the IoT devices is through some sort of "cloud" connection. In essence, when each IoT device is powered up and connects to WiFi, it opens a TCP connection to its "cloud". When the user app wants to interact with the device, that communication goes through the cloud, not directly from a device on the Orbi primary network to the Orbi Guest network.
This would not work for me. My IP cameras are set to FTP recordings to my home server, which is not open to the internet. If my cameras were on the Guest network, I could "remote" to them using their cloud connection, but would have to open an FTP port through the Orbi and use DDNS to get my recordings. Too much bother (and "more risk").
p.s. I have read more articles on "Micro Segmentation" and still do not understand anything about it, except that what the Orbi does is "not that."
