Results 1 to 7 of 7
  1. #1
    Master Untangler
    Join Date
    Mar 2017
    Location
    France, Paris
    Posts
    122

    Question wifi networks with different rules (ssl inspector on and off) with one access point.

    hi all

    so here is my problem:
    at my office, already wired, we have a firewall, which i don't like (watchguard huuugh !) with an access point connected to a switch for the wifi.

    I am thinking of replacing the watchguard and the access point with untangle. (qotom (multiples nic, but only on chinese resellers) or zotac box (2nics, but on amazon)) and a new wifi access point.

    My questions are :

    For now, we have 2 wifis networks :
    one for us at the office, with specific rules (ssl inspector, AV, etc....)
    one for the guest (no ssl inspector, less rules, etc...)

    How to do that with untangle ? How can I have 2 separate wifis networks but one with ssl inspector on (which means installation of certificates) and one without ssl inspector (guest).

    If i bought a zotac box, there will be only 2 NICS.
    if i want to manage separate networks, Access point must be directly plug to the untangle box right ? it can't be plug into the switch ? (switch can manage vlan tho)
    With the watchguard, as it is a specific access point for the watchguard, it can be plug in the switch, and then the watchguard recognize it and can manage it.

    i know some access point can manage different networks. But the problem is with ssl inspector : i have to install certificates on one network and no certificates on the other one.


    Is it possible with one access point to manage 2 networks FROM the untangle to be able to have different rules on each network ?
    Because if i manage the 2 networks FROM the access point it will be the same rules on the untangle ? right ? so no possibility to have one with ssl inspector and one without ?

    ps : wiring is already in place and can't be change. I can replace devices (watchguard and access point), but can't add much devices.

    thanks in advance
    sorry for my english. I hope i'm clear enough for you to understand :-)

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    There are many boxes with more NICs than the zotac box. If you are limited to just two NICs, you could use VLANs with a VLAN capable switch to create separate LAN networks for those access points. One the LANs are separate (NICs or VLANs), use Policy Manager rules to have separate policies for for guest and office networks.

    https://wiki.untangle.com/index.php/Policy_Manager
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Mar 2017
    Location
    France, Paris
    Posts
    122

    Default

    hi
    thanks for the answer.
    You said "those access points". But if we only have ONE access point, can we have multiple wifi networks with different rules for each network ? (one with ssl inspector on, one with ssl inspector off, etc....).
    (for me the answer is no, as the different networks will be managed by the Access point, and not by the untangle box). But am I right ?

    ps : many boxes ? except qotom, which is only available through chinese resellers....can't find them (at least here in france).

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    How does the access point separate the two wifi networks? VLANs? Which access point are you using?

    Sorry, I'm not sure what network appliances are available in France.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler
    Join Date
    Mar 2017
    Location
    France, Paris
    Posts
    122

    Default

    for now i use a watchguard access point.

    But i will buy a new one. (tp link eap225 or similar).
    on the tplink (which is an access point i know because i'm using it at home) the separation is done by the access point itself. But not with vlan. you can create multiple wifi ssid, and "isolate" them. i don"t know how it works.

    But i'm pretty sure, for what i want (be able to have different rules on each network), it will not be ok. (but again, i could be wrong, because i'm a total noob, that's why i'm asking).

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    Let me look into the new access point and I will get back to you.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Master Untangler
    Join Date
    Mar 2017
    Location
    France, Paris
    Posts
    122

    Default


    thanks

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2