Guest Networks vs. Monitoring

Follow

Saurabh Shah

• January 11, 2018 17:48

 Current setup:

Router: Nighthawk X4 R7500
Firmware: V1.0.0.118
Firewalla is in DHCP mode

Router: Netgear WNDR3700 reconfigured as WAP
Firmware:  DD-WRT v3.0-r30880 std (11/14/16)
Connected via ethernet (Not WAN port) no DHCP

So prior to installing Firewalla, I get some basic security through isolation by having most of my IoT products run on a Guest Network.  Since installing Firewalla I've had issues with these devices being able to access the internet (addresses by turning monitoring off).  On the WAP I have the addition issue of devices connecting to the Guest Network not seeing the Internet at all regardless of whether monitoring is tuned off or not.

I'm going to play with turning Monitoring off for the WAP.  Wanted to see what your thoughts were there.  Do you monitor devices that are part of the network infrastructure itself?

Second, I wanted to ask the question as to what is the better approach.  It is better to have some of these devices in isololation on seperate network, or is it better to have them monitored on the open network?  There may be a feature request here to have "Internet Access Only" as a device option within Firewalla where you provide the isolation.

I look forward to your response, thanks!

0

• 

  Saurabh Shah

  • January 11, 2018 17:55

  Confirmed that setting the WAP to Monitoring Off had no effect

  0

  Comment actions Permalink
• 

  Stew Stryker

  • January 14, 2018 17:36

  Saurabh, I was interested in your technique of isolating your IoT devices on the guest network. Did you get that working while still monitoring their activity with Firewalla? 

  I'm interested in trying the same, but need the connectivity to be solid.

  Thanks in advance,

  Stew

  0

  Comment actions Permalink
• 

  Saurabh Shah

  • January 14, 2018 18:16
  • Edited

  That setup was pre-Firewalla.  That was my first basic attempt at sandboxing the IOT devices.  It did not work for all of them, especially anything that seems to use HomeKit.  Wink and its devices, Nest, and anything that did not require NAT Loopback worked fine.

  Anything on the guest network now is not monitored by Firewalla.  A copy of the 2nd guest network replicated on my Wireless Access Point (not the main Wireless Router) can't connect to the internet at all.

  I don't know what the best approach is.  Waiting for the Firewalla team to respond, but I can imagine bugs and new builds are a higher priority.  I'm ok switching them to in the main network and monitoring them in the short term.

  Thanks,

  Saurabh

  0

  Comment actions Permalink
• 

  Stew Stryker

  • January 14, 2018 22:37

  Thanks for the reply.

  I would hope they'd suggest that the Firewalla should be sufficient for protecting your IoT devices, since that's the whole point, right? ;-)

  All the best,

  Stew

  0

  Comment actions Permalink
• 

  Saurabh Shah

  • January 25, 2018 14:34

  Firewalla guys.  Any thoughts on the orginal question?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 25, 2018 18:28

  We were hoping others can jump in :).  Here is my personal thoughts on this

  • Isolation at the network layer is always good.  This compartmentalizes the problem.   
  • Isolation also creates a problem of managing the devices.  It may be hard to talk to guest network devices or the reverse.

  So if you have time to play with these things, then yes, guest isolation is a good idea.  

   

   

  0

  Comment actions Permalink

Please sign in to leave a comment.