Results 1 to 7 of 7

Thread: where shold a access point be in the network

  1. #1

    where shold a access point be in the network

    we bought a access point 801.11g which we want to use for the clients in the office so they can surf the web. there's a switch which connects buncha computers w/ one AD intergrated domain controller the internet is connected through a Watchguard HD Firewall. The whole network is on 255.255.255.0 subnet mask -192.168.111.1 firebox- -192.168.111.2 DC-
    -192.168.111.7- access point

    ... how can i make sure that the ppl can only get on the internet and not see inside of our network ... is there a specific setting...

  2. #2
    Junior Member
    Join Date
    Mar 2004
    Posts
    7
    In an ideal situation, you'd hang the AP off of a DMZ interface of your firewall. I'm not familiar with the Watchguard line, but a quick look at their website indicates that most of their boxes have more than enough interfaces to handle this type of configuration. You can then allow clients who connect to your AP to either VPN into your internal network (if the FW supports it), or just allow the clients on the DMZ access to the outside world to surf the net.

    --Ben

  3. #3
    no there's no dmz port on the firebox... but what do you mean about the vpn into the domain... i don't want them in the domain... i want them to surf the net only ....

  4. #4
    Junior Member
    Join Date
    Mar 2004
    Posts
    7
    Then the only good way to implement this will be to put the WAP behind it's own firewall. Then you can limit the places that the WAP-connected clients can go.

    --Ben

  5. #5

    Security

    The firewall should have some configuration options which should allow outbound traffic through, eg net surfing, while preventing external access.

  6. #6
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Can you define a DMZ Ip Address with your firebox? On my linksys router, I am able to specify a DMZ ip address in my domain. If the switch has any software interface, I would look around in that. Other than that, you could either go with the firewall option that venom stated, or you hook it up behind another computer that has its permissions set to only view the net. Just tossing out another idea.
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  7. #7

    Message

    I can't be much help as I am only familar with Cisco products, and I wrote a firewall so I could do stuff like that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •