I have several interfaces on my fw - inside, outside, DMZ, and WiFi. The folks on the WiFi side are typically road warriors needing to get into my inside network. They'll use x509 certs to get host to net access.
However, visitors to our site will get WiFi access and they will only get traffic routed to the outside.
How do I set up packet filters to allow my WiFi employees access to my internal network while at the same time prohibiting unauthorized (unauthenticated) WiFi clients access there. In other words, I have two populations of users on my WiFi network -- the ones who have the "secret keys" get access to outside AND inside but the poor slobs^H^H^H^H^H visitors are allowed access to just the internet.
I have a Masq rule for the WiFi like this:
WiFi_Network__ -> All/All Masq_Outside
if I make a packet filter for the WiFi_Network__, though, I really want it to say WiFi_Network__ -> . If I put WiFi_Network__ Any Any Allow, whoops, I lose my job!
Is there another completely different architecture I should use to do this?
Bill
This thread was automatically locked due to age.
