We use all 4 possible networks on our Orbi Pro Wifi6 setup.
The default VLAN (1) is for network management purposes. Then we have VLAN 20 where the employee devices and their data reside, VLAN 30 where some media devices are placed and 40 for the guest network.
My question: when setting up VPN, it connects to VLAN 1 only. Is there any way to configure it to connect to VLAN 20 instead?
In Netgear's terminology (the way I understand), the network 1 is for network management and the normal business activities, on- and off-site, and direct port forwarding from the Internet. The employee network is intended for BYOD, so for on-site, and potentially with limited access. This is why the VPN is predefined for the network 1.
Writing of "network" here, because the design does date from the original Orbi Pro which has four predefined networks (even named accordingly). This design (VPN and port forwarding just to the network 1) was carried forward with the VLAN-enabled newer Orbi Pro WiFi 6.
While this change makes the management more complex having to select the "target" network resp. VLAN, technically there should not much stopping this. @BruceGuo can you please elaborate? And yes, I understand this is a design change, requiring a product management take to enhance.
Hi Thank you for clarifying. The explanation makes sense. That said: with the product geared at smaller businesses, the way the networks are split doesn’t necessarily make too much sense, especially when it comes to VPN. VPN (with the exception of Netgear’s Business VPN service) is mostly used on mobile devices (such as mobile phones, tablets and laptops). In a lot of businesses, these are categorized as BYOD. As auch, the VPN service should connect to the “Business” network / VLAN id in my opinion.
Having both employee computers and the network infrastructure in the same network isn’t necessarily a good idea and seems somewhat old fashioned tbh.
Anyway, I suppose what I’m trying to achieve isn’t possible at the moment. I’ll have to look into routing and port forwarding then to at least make the NAS and the printers available via VPN
@dawiz22 wrote: As auch, the VPN service should connect to the “Business” network / VLAN id in my opinion.
This is what netgear had in mind, too - the trusted systems, the management, he VPN, and the port forwarding are aimed to the same network. Yes, these devices are designed for the small business market, without IT staff, without a dedicated management VLAN. Throw-in network component with no need for a wired backhaul, with no need for complex management. That's why the community title does clealry talk of Orbi Pro - WiFi for Small Business.
@dawiz22 wrote: Having both employee computers and the network infrastructure in the same network isn’t necessarily a good idea and seems somewhat old fashioned tbh.
That's why Negear consider the BYOD to be used on a dedicated network of course. Only the trusted business-owned computers and the management are on the same VLAN.
For most owner-managed networks, an dedicated admin VLAN would be ways over the head - say when adding or discovering newly added devices for example.
@dawiz22 wrote: Anyway, I suppose what I’m trying to achieve isn’t possible at the moment. I’ll have to look into routing and port forwarding then to at least make the NAS and the printers available via VPN
There is some work-in-progress firmware allowing the discovery - we talk of multicast type designs, like UPnP SSDP - which should allow the discovery and access of NAS, printers and the like residing on a different VLAN without breaking a leg, AFAIK this has not made it into a production-ready/up2date firmware yet. If and how this will be extended into the VLANs - no idea. @BruceGuo
Yes, of course I would like to see the ability for multiple VPNs into other networks than just the default one. This is something non-IT-people could manage, too.
