Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 5822 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG85 and Google wifi setup - what is the best way?

ADogNamedGromet

Hi  I have a basic home office  set up.  I am trying to figure out the best way to set these up.

Modem  --->  XG85 firewall ----> 8port Gigabit Smart switch (TP-link) --(one in each port)--> several hardwired pcs,  Google wifi,  Two magic jacks,    (chrome casts to the wifi) (lots of android devices to the wifi)

Hardwired and wifi printers too.   Raspberry pi (retro pi) and gaming stations like Xbox  

 

Both the office and the house have to function nicely.

 

My main concern right now is the first 4 things there up to the Google wifi.  

We have to at least have fast and good wifi that is secure.  From reading other posts I have read a triple or double nat to the Google Wifi point is recommended,

and not being in bridge mode to the Google wifi point.  as to not loose the functionality of the Google device.   (which has really nice features like being able to shut off kids devices.)

 

Later I  want to set up a login of each person and scanning of their packets for nastys.  So I may enable deep packet scanning and some restrictions for the kids.

 

Does anyone have experience with Google wifi.  They are nice and packed with features.

Thanks Rick M

   

                                                                  



This thread was automatically locked due to age.
  • +1

    Rick,

    Generally speaking, You probably want your modem in Bridge Mode and your Sophos XG Firewall in Gateway Mode.  This will allow you a great amount of flexibility and oversight.  Depending on the overall design of your network, you may need to get a Managed Switch too.  There are ways that one can lump devices together so policies may be applied to them in groups whether or not users are assigned to them or someone logs in on them, such as: putting devices that don't get internet access in a separate network than devices that do, or putting devices that only children use into their own group that is separate from a group of devices that only adults use.  If users are sharing devices, you may be able to block a specific user's traffic from a specific device at specific times - depending on the device.

    Now, depending on your overall needs, Google Wi-Fi may or may not be a great fit here, as it must operate with a dual NAT. As Google admits, networking through dual NATs can cause problems for many users and their needs - especially when it come to gaming, home automation, and other technologies and features.  This means You may not be able to properly monitor and control your home security systems or access control systems because they may not be able to communicate properly through Google Wi-Fi. Your XG Firewall may not be able to control usr access, networking/IP assignment, device security, and security concerns on devices and networks behind the NAT and security system of your Google Wi-Fi.  

    Double and triple NAT doesn't make your network any more or less secure.  A NAT merely translates the address of data packets from one network to another, so switches know where to send the data on the next leg of the trip.  Security is separate, and it depends on how things are arranged in coordination with each other; such as: the settings on each device, the settings at each NAT/Gateway, and the settings of other devices along the way (UTM, Firewall, Switch, etc).  The problem is that NAT often operates in a security device.  The more Security/NAT devices your traffic flows through, the more your bandwidth and speed can be negatively affected.  Your data may end up running slower and slower as it goes from one network to another, depending on switch settings, filtering, traffic-shaping, and access policies at each NAT/Gateway device or in other devices along the way.

    Security features and network management compliment and affect each other to determine your overall network design.  So, In order to best advice you we will need to know other things (ideally, this would be done face-to-face and on location):

    Is there any way you would like your devices to be arranged or grouped together?  Are there any certain policies or restrictions you definitely want to deploy?

    What model of modem do you have?  Is it in Gateway mode?   Is it in Bridge Mode?  or  Is it in some other mode?

    Is your XG Firewall in Gateway Mode, or is it in Bridge Mode?

    What model is your switch?  Is it managed, or is it unmanaged?  Is any device wired directly to your XG85, or is everything wired to the switch?

    Do you need the coverage range of the mesh-networking in Google Wi-Fi?  In other words is Mech-Netowking the best or easiest way to provide Wi-Fi across the area you need it, or can you run a Cat5/6 cable to the locations where you need to place a Wi-Fi AP?

    Does Google Wi-Fi turn off your kids devices, or does it merely shut down their communication?