March 16th, 2004, 12:40 AM
where shold a access point be in the network
we bought a access point 801.11g which we want to use for the clients in the office so they can surf the web. there's a switch which connects buncha computers w/ one AD intergrated domain controller the internet is connected through a Watchguard HD Firewall. The whole network is on 255.255.255.0 subnet mask -192.168.111.1 firebox- -192.168.111.2 DC-
-192.168.111.7- access point
... how can i make sure that the ppl can only get on the internet and not see inside of our network ... is there a specific setting...
March 16th, 2004, 12:57 AM
In an ideal situation, you'd hang the AP off of a DMZ interface of your firewall. I'm not familiar with the Watchguard line, but a quick look at their website indicates that most of their boxes have more than enough interfaces to handle this type of configuration. You can then allow clients who connect to your AP to either VPN into your internal network (if the FW supports it), or just allow the clients on the DMZ access to the outside world to surf the net.
March 16th, 2004, 01:10 AM
no there's no dmz port on the firebox... but what do you mean about the vpn into the domain... i don't want them in the domain... i want them to surf the net only ....
March 16th, 2004, 01:19 AM
Then the only good way to implement this will be to put the WAP behind it's own firewall. Then you can limit the places that the WAP-connected clients can go.
March 16th, 2004, 04:23 AM
The firewall should have some configuration options which should allow outbound traffic through, eg net surfing, while preventing external access.
March 16th, 2004, 05:45 AM
Can you define a DMZ Ip Address with your firebox? On my linksys router, I am able to specify a DMZ ip address in my domain. If the switch has any software interface, I would look around in that. Other than that, you could either go with the firewall option that venom stated, or you hook it up behind another computer that has its permissions set to only view the net. Just tossing out another idea.
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
March 17th, 2004, 07:00 AM
I can't be much help as I am only familar with Cisco products, and I wrote a firewall so I could do stuff like that.