Adding Groups to AP7 SSIDs
@Firewalla:
When creating an SSID on an AP7 (or the later ceiling mounted version), will we be able to add multiple groups to it, or is it one SSID per group?
-
If you use PPSK (we call it personal key, you can do something like)
SSID + Personal key1 -> group1
SSID+ Personal Key2 ->group2
The limit is 20 I believe.
You can also do
SSID1 -> group1
SSID2 -> group2
And we also have in experimental mode (preview, and not guaranteed to be perfect)
SSID + personal key1 -> VLANx
SSID + personal key2 -> VLAN2x
You can find more examples in https://help.firewalla.com/hc/en-us/articles/36297022580499-Firewalla-Tutorial-Microsegmentation-and-Segmentation-with-AP7
-
Yes. You just need turn on VqLAN at the group level.
The key to microsegmetnation is
1. Groups + VqLAN turn on = block all local traffic
2. Use SSID or SSID+Personal key to dynamically assign devices to Groups
(2) is optional, if your devices are fairly static. (Group membership is static)
-
@Firewalla: I think it's all starting to click. Please confirm this is correct:
1. You can leave the Group field blank in the SSID when creating it. If you leave this field blank, all connecting devices would be put into the Quarantine group (if Quarantine is set up) or just show as an ungrouped device. You could then manually assign devices to a group, and then set up VqLAN security on that group
2. The first two examples you provide above are if you want to dynamically assign devices to groups
The ability to assign devices to VLANs by SSID + personal key will be really nice!
Please sign in to leave a comment.
Comments
5 comments