|
Is it a common/accepted practice to run a public guest WiFi off the same firewall as the internal one(s) or should I push our contractor to keep it on a separate box? The ISP provides us multiple public IPs/ethernet ports on the router so it wouldn't be hard to just set up an extra device. Our venue has ~250 devices (peak), 40 Unifi APs, 500 Mbit WAN and the firewall is pfsense on a quadcore machine. This of course all assumes the setup is done by certified professionals. My worry isn't so much about security but about something on the guest lan causing resource problems on the firewall that potentially takes all other internal networks down. The contractor thinks it'll be fine with one box. Any thoughts would be welcome.
|
# ¿ Oct 30, 2018 20:11 |
|
|
# ¿ Apr 26, 2024 19:28 |
|
redeyes posted:Just get a seperate router. Costs what, $100 bux at most?! Their main argument is maintenance overhead and the fact the same WiFI will eventually provide access to the internal LANs via a seperate WPA2 encrypted SSID anyway (which I'm hesitant about due to security concerns ). redeyes posted:Yeah and what if a guest downloads the latest blockbuster movie torrent on your business IP address. Not good things anyhow. It's pretty easy to get pfsense to NAT one interface out through its own external IP (using multiple virtual IPs on one physical WAN interface) but I think you all are right despite the argument of the contractor, for now I'll sleep better knowing that the guest network is on its own box.
|
# ¿ Nov 1, 2018 12:27 |