This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
So, first off, I am coming at this from the Meraki and Sophos back ground. So bear with me 🙂
In either Sophos or Meraki you could setup guest wifi on a separate ip range that would then be NATed and sent out to the world. So for instance. Client Connects to guest and is assigned IP in guest range that's handled in the WiFi portal. Lets say 10.0.0.0/24. So client gets 10.0.0.2/24 address.
Internal network is set to 172.16.0.0/16. With the access point assigned an IP address of 172.16.0.50.
Client on 10 range access a website and that's NATed to the 172.16.0.50 IP address and sent into the domain network. Which in turn is treated like normal network traffic and sent out to the web. Returning traffic does it's normal route back.
This has the effect of keeping the "guest" device completely off the domain network. Both Sophos and Meraki work this way.
Dues to requirements and time constraints, I am trying to do the same with WAX630 Access Points and the Insight portal. But I have hit a brick wall.
Is this even possible with Netgear kit? Is there another solution am missing?
Right now a "Guest" device could scan they network they are on and discover all the devices on that network.<insert concerned look> I know theres a client isolation option, but thats only for other SSID'd, not the network.
Ideally Guest devices would never touch the domain network for anything other then traversing after being NATed. DHCP would be contained within the AP's and DNS could be served from google or someone else. But now it just seems I have to use my own DHCP server. So that means individual traffic from a device is lose on my network.
Thanks for any replies. Maybe am being stupid and I have just missed something.
Netgear does offer industry standard VLAN config for the Smart Switches, and for the SSIDs to VLAN matching. This does combine well with any industry standard security appliance supporting multiple local networks, ideally with VLAN support, and subnets. Management can be done on cloud managed APs and switches by each single device Web UI, and by Netgear Insight.
So from my current point of view it's more like Sophos then Meraki. That's ok, I can work with that. I have other things preventing that kind of solution this side currently. But that's just a matter of time for me. I now have a direction to go in and a solid plan.
