NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
anschmid
Feb 03, 2017Apprentice
CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network
I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access ...
johngm
Mar 29, 2018NETGEAR Employee Retired
Sorry that you haven't gotten a response on this sooner and thanks to shumaku for forwarding it on to the "Connect with the SMB GM" area which I am regularly monitoring.
Next let me start by saying I am sorry that you had a bad experience with a support representative. We take the quality of the support experience very seriously here at NETGEAR and if you can provide any information on the specifics of the call or a ticket number I would be happy to investigate and get back to you.
With regards to the concerns you have about OrbiPro, OrbiPro uses SSID isolation to provide a secure guest, employee and management domain. Within both the base station and satellites, OrbiPro will assure that all guest and employee SSID traffic is exclusively routed to the Internet through WAN port on the base station. This effectively prevents a person on the guest WiFi (or the employee Wifi for that matter) from being able to “snoop” or penetrate the traffic traversing the hardwired ports or the management Wifi. The current firmware does block all Layer 3 and unicast traffic from being bridged or routed between the guest, employee and management network. So communication between wireless stations is effectively blocked. Clients within the Guest network are also blocked from communicating with each other, so client isolation is supported. I recently became aware that the current 2.1.3 release does, however, allow multicast and broadcast discovery protocols (UPnP, bonjour, LLDP) to bridge across SSID’s. While this doesn't permit any traffic snooping or network penetration, it violates your privacy by unintentionally allowing guests to see some of the devices that are on your management network. This is a defect and we will immediately fix it in our next release of the code.
As I mentioned above, I am sorry that you had a bad interaction when you attempted to contact us and make us aware of the issue with this product. Myself and my entire team are strong advocates for the power and effectiveness of tools like this community versus the traditional (and largely inefficient) models built around call centers. I hope that you give NETGEAR another chance and utilitize our communities to get the most out of your NETGEAR products.
John