Best way to configure Netgear RAXE290 behind Firewalla Gold
Hi all,
Up to yesterday, I was using and Apple Airport Extreme behind my Firewalla in AP mode. I had a VLAN setup for my guest network where they were isolated from my main network and another network for work, where no rules applied. This system has a crazy amount of security on it already, so for the sake of keeping things simple, it was mostly in bypass mode allowing work to fully manage it, without the ability to access my local network.
Now with the Netgear everyone sees everything, so trying to figure out how I limit this applying the same rules as previous.
I tried to run the Netgear in AP mode as I did with my Apple Airport, but most advanced features were disabled. With the Netgear in Router mode, the advaned features are enabled, but not exactly sure how to segregate what's coming in on the Netgear. One thing I see is the Netgear is assigning it's own IP addresses, so I'm not getting the separation I'm looking for. Another thing was the apple by default would assign the guest network vlan 1003. I defined this within firewalla to prevent that network from accessing internal resources. I used VLAN/Bridge setting on the netgear with the name or the guest network and VLAN 1003 ID, assigned to 2.4Ghz (for now, only allowing the guest network to be on 2.4) and lost internet connectivity on all systems.
Anyone have a good guide or done the same to share where may be the areas I should be looking at.
Thanks.
-
I think you probably want the Netgear in AP mode behind FWG in Router mode, something like this.
-
I have it that way now, but I lose all the advanced settings, so I can't define separate VLANs. I guess If I could have visibility into how Netgear is identifying the guest VLAN internally, I could at least define that in the Fireewalla and be good to go. I don't recall how we identified the VLAN ID of the Apple Airport. It's been so long, but I'm thinking it was command line or a separate tool!
-
Most gear is not like the airport. Airport, like a lot of Apple stuff, hides complexity and detail (like the fact it uses VLANs) from users. N
This article covers the basic setup for VLAN with Firewalla. https://help.firewalla.com/hc/en-us/articles/4408644783123-Building-Network-Segments
Looking at the manual for that Netgear, it is a little odd. It talks about VLANs but only in a particular context of VLANs for things like streaming TV from your ISP and doesn't say if they work in AP mode. It does not say it supports 802.1Q which is the standard VLAN spec. You may need to confirm with them that you have VLAN capability when in AP mode. I think it should work, but I have not tried VLANs on that netgear. etgear may not be using VLANs for guest networks. Often that isn't how Guest networks are created.
-
Yeah, that’s where I’m stuck. Most of the Netgear capabilities are disabled in AP mode, so I’m not sure where to go with it. Apple did hide the VLAN, but it worked like a charm with the Firewalla rule created. Seems odd a powerful unit like the Netgear is I can’t get it to hand off the guests to an alternate VLAN in AP mode. It will isolate the two in router mode, but then it won’t work with the Firewalla.
Please sign in to leave a comment.
Comments
8 comments