NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

tachyon_pulse's avatar
tachyon_pulse
Aspirant
Jan 27, 2015

Configuring static route

Device: FVS318N - Prosafe Wireless N VPN Firewall Firmware Version : 4.3.1-22 I'm having problems getting a static route configured. I am logged into the router from 192.168.2.100 and from the...
fordem's avatar
fordem
Mentor
Feb 02, 2015
tachyon_pulse wrote:
Yes, each of the segments are each separate VLANs (192.168.1-4.0/24). I am not multi-homing. I was uncertain about the implications of the "Enable Inter VLAN Routing" checkbox. Is it an all or nothing or does it just allow you to then configure specific routes?

If you don't enable InterVLAN routing you won't be able to pass traffic between the VLANs, and as far as I can tell, it is all or nothing - one of the quirks about routers is that they "learn" the route between directly connected networks, meaning that you do not configure them - and there appears to be no way to create VLAN/VLAN rules to control the traffic - I had a discussion with support on this and it's being treated as feature request, but there is no guarantee that it will ever become a feature.

For my Internet of Things segment, I was hoping to achieve the equivalent of wireless client isolation for both wireless and wired nodes on that segment (client isolation feature is only for WiFi clients).

Question about your comment ''"Regarding your "internet of things" - there's no way, at a network level. to prevent the individual devices from seeing one another on the network, you'll have to control access on the individual devices, through the use of firewalls or similar.' Is the FVS318N even capable of this? I would think that given the potential risk of putting some vendor's internet enabled black box appliance on your network that could be used as a 'spy or pivot point for network exploitation, isolating their visibility on the network would be desirable. I'm not paranoid because I've seen it done in penetration tests


I have no doubt that what you are describing can be done, but, the first thing you need to do to protect your network is physically secure it - it is rapidly becoming standard enterprise practice to use some form of network access control to prevent users from connecting devices not approved by IT, but if IT approves such a device then it will connect and can potentially be used to snoop.

There are a multitude of ways to deal with these issues, but I doubt you will find them available at this price point.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More