FWG installation question
I'm switching over to Gold Plus from Purple and have a basic question about setup. Would there be any security benefit from having my personal computers and phone on a VLAN instead of the main LAN? On the purple, I've had my devices on the main LAN, and I have VLANS for kids, streaming, and IoT. I'm wondering if moving my personal computers and phones over to a VLAN would be any more secure from a kid plugging an ethernet cable into the FWG? I realize MAC address quarantine should catch this, but I wonder if the password required on a VLAN would offer an additional layer? At the moment, I haven't really dealt with the issue as the FWP is pretty well hidden, but I don't think I will be able physically to lockdown the FWG.
On a related note, is there any prospect of being able to lock a port of the FWG to a specific device, like an AP, and prevent anyone plugging in at all, the way a managed switch can do?
-
1. VLAN's are used to do segmentation, and segmentation can be used to isolate devices. So yes, it will benefit. Please see https://help.firewalla.com/hc/en-us/articles/4408644783123-Network-Segmentation
2.There is no passwords on VLAN. To prevent kids plug their devices to the firwalla, you can just not configure extra ports. Leave them open, so they don't connect to your WAN.
3. You can block ports, see the network segmentaiton and rules
-
What happens if someone unplugs the ethernet cable attached to my AP's and plugs it into a laptop? If it's using a randomized MAC address, I assume it goes into the quarantine. If it's a laptop using an approved MAC address, does it connect to its VLAN, with its associated rules?
Ideally, I'd like to decide which devices can connect via ethernet and which are by wifi. Maybe this will be clear when I'm working with the Gold, but I'm trying to see how to manage risk of kids messing with the box. It's not so easy literally to lock things up.
Please sign in to leave a comment.
Comments
2 comments