So, the powers that be demand a guest network for Internet access for visitors at multiple locations. Our first plan was using controllers so we could centralize that access and run it through content filters and firewall and the like.
Well apparently a controller is very expensive and we’re forbidden from buying one.
So now the guest network will just be a separate vrf at each location that will just dump directly out the Internet.
But how concerned should we be about no content filter for this traffic? It’ll at least be behind a basic stateful firewall with permit any out deny any in, and source nating.
There’s also one little thing. Powers that be shut down the idea of a captive portal because it’s too much hassle. They want it to be an open network no need for a password, because it’s too much hassle.
What risks does this present? If faced with these stipulations, what steps would you do to increase the security posture. I’m looking for advice, and tips and tricks from the pro’s, because this feels like it might be a really bad idea.
Thanks!
No comments:
Post a Comment