So we are in the process of upgrading our wireless and I am debating if any other changes should be made to our existing settings, during the downtime. Just looking for any leaks.
Currently, this is what is configured using 3 SSIDS.
SSID: Staff (staff access to internal res)
- network: bridged to a local_net_vlan, shares lan subnet
- Intra-BSS: disabled
- security: wpa2-enterprise (radius to win-ad, security group)
SSID: Factory (a separate vlan with access to a few secure internal res, no internet)
- network: bridged to a factory_net_vlan, seperate subnet
- Intra-BSS: enabled
- security: wpa2-personal passkey
SSID: Guest (a separate vlan with no access to internal res, only internet)
- network: bridged to a Guest_net_vlan, seperate subnet
- Intra-BSS: enabled
- security: wpa2-personal passkey
Network Config
- Accesspoints are plugged into a trunk port, with port-isolation enabled.
- Accesspoints have a separate vlan for management.
- Guest/Factory uplink port is only the UTM Firewall. No isolation for staff vlan on same vlan.
- UTM is configured to block communcation of guest-to-guest, factory-to-factory to stop clients connecting to eachother via the utm itself.
So based on the above and strict ACL's on what each subnet can access, there shouldn't be any client-to-client leaks on factory and guest correct?
No comments:
Post a Comment