Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 1012 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN for guests

Simon Denham

Hello,

The intention here is to put all the mobiles phones onto an SSID Guest network (VLAN7?) with no access to the business IT assets, while leaving an SSID MGMT (untagged) for the laptops.

How do I configure the SG115 UTM to only allow VLAN7 access to the WAN and to prohibit access to anything on the LAN, (printers, files etc) and still be subject to corporate web policy.(alcohol, violence etc)?

DHCP is on the server, the SSID Guest is tagged VLAN7, the switch ports for the AP and the UTM are tagged for VLAN7. the UTM LAN port has an entry for VLAN.

Alternatively, should the "Guests" be on a different IP range to corporate? e.g. guests = xxx.yyy.7.zzz corporate xxx.yyy.6.zzz

I am fairly vague about VLANs, specifically where the tags are applied (switch or AP)

Many thanks in advance.



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    If you have Sophos Access Points, you could configure a separate zone guest wireless network. 

    Separate zone (default): The wireless network is handled as a separate network, having an IP address range of its own. The user who connects to this network can't access another internal network unless you allow them with a firewall rule. 

    For web filtering, you could add this new separate network under the Web Filtering Global setting > Allowed Network and configure web filtering policies. 

    If you do not have Sophos AP, you can configure VLAN for your guest network. Without allow, firewall rule guest users won't be able to access other internal resources. 

    However, ensure that the guest network is different than your corporate network. 

    Thanks,

  • 0 in reply to FormerMember

    Upon closer inspection, the UTM is a DHCP for different IP range than corporate and the interface in for VLAN7, so all I had to do was set the SSID for VLAN7 and all the phones connected correctly to the non-corporate network.

    Thanks for the push.

Unfiltered HTML