Guest Networks vs. Monitoring
Router: Nighthawk X4 R7500
Firewalla is in DHCP mode
Router: Netgear WNDR3700 reconfigured as WAP
Firmware: DD-WRT v3.0-r30880 std (11/14/16)
Connected via ethernet (Not WAN port) no DHCP
So prior to installing Firewalla, I get some basic security through isolation by having most of my IoT products run on a Guest Network. Since installing Firewalla I've had issues with these devices being able to access the internet (addresses by turning monitoring off). On the WAP I have the addition issue of devices connecting to the Guest Network not seeing the Internet at all regardless of whether monitoring is tuned off or not.
I'm going to play with turning Monitoring off for the WAP. Wanted to see what your thoughts were there. Do you monitor devices that are part of the network infrastructure itself?
Second, I wanted to ask the question as to what is the better approach. It is better to have some of these devices in isololation on seperate network, or is it better to have them monitored on the open network? There may be a feature request here to have "Internet Access Only" as a device option within Firewalla where you provide the isolation.
I look forward to your response, thanks!
That setup was pre-Firewalla. That was my first basic attempt at sandboxing the IOT devices. It did not work for all of them, especially anything that seems to use HomeKit. Wink and its devices, Nest, and anything that did not require NAT Loopback worked fine.
Anything on the guest network now is not monitored by Firewalla. A copy of the 2nd guest network replicated on my Wireless Access Point (not the main Wireless Router) can't connect to the internet at all.
I don't know what the best approach is. Waiting for the Firewalla team to respond, but I can imagine bugs and new builds are a higher priority. I'm ok switching them to in the main network and monitoring them in the short term.
We were hoping others can jump in :). Here is my personal thoughts on this
- Isolation at the network layer is always good. This compartmentalizes the problem.
- Isolation also creates a problem of managing the devices. It may be hard to talk to guest network devices or the reverse.
So if you have time to play with these things, then yes, guest isolation is a good idea.
Please sign in to leave a comment.