Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.300 BETA (closed)
Reload this Page Wireless (4th interface?) 'how-to' concerns
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-24-2008, 03:20 AM
Robert Kaye's Avatar
Junior Member
  
Join Date: Mar 2007
Location: Winterset, Iowa
Posts: 19
Default Wireless (4th interface?) 'how-to' concerns
HISTORY
Hi everyone, i've been away from the forums for awhile, it's nice to see so many familiar names still around... We're looking for a new firewall at work, so I thought I'd come back to my old haunt(s).

Part of the feature set we're trying to fulfill is to have ye' ole basic wired firewall, but they also want to be able to provide wireless access to employees (wherein they want to allow wireless employees to access parts of the trusted network *panic*), and also have some bandwidth dedicated to the general public as a community hotspot.

A couple of firewalls have a fourth type of interface (untrusted/red, trusted/green, dmz/orange, blue/wifi) wherein wireless is the second dmz.

SUGGESTION/PROBLEM
I dont see these related topics addressed in the install process: Multiple DMZs, adding a wireless hotspot, where a wireless router should be placed (i know this might seem trivial to you, but a collegue at a diff 1000-person company added a wireless router *inside* the trusted, thinking that if he merely set the router to allow only certain mac addresses that was ok), and specificly the idea of "trusted" wireless routers.

With the free public hotspot movement, it seems remiss not to wave a flag.
Last edited by Robert Kaye; 09-24-2008 at 03:30 AM.
  #2 (permalink)  
Old 09-24-2008, 07:01 PM
Moderator
  
Join Date: Jul 2001
Location: southern California
Posts: 5,156
Default
Multiple DMZs are allowed.

Recommend either:
put an AP in a DMZ, and let everyone connect to it, and employees use a VPN client to get into the internal network(s).
or
2 DMZs, 2 APs, one public, one private using WPA etc.

Barry
__________________
http://DealBert.net
Home & business end-user since v1.x
  • ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  • ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  • ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
    Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
    Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb
  #3 (permalink)  
Old 09-24-2008, 08:58 PM
Wizard
  
Join Date: Oct 2005
Posts: 2,431
Default
What Barry said. We often have customers that want to be able to use Wireless in their conference room, etc... so we often use an access point with WPA, with no access allowed to the internal network or WANs. If it's an employee that needs access to internal resources, we slap the OpenVPN client on the laptop and have them connect through the wireless that way.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
  #4 (permalink)  
Old 09-24-2008, 10:12 PM
Robert Kaye's Avatar
Junior Member
  
Join Date: Mar 2007
Location: Winterset, Iowa
Posts: 19
Default
Thanks Barry & Bruce, a single WPA with employees using VPN will work perfectly.
  #5 (permalink)  
Old 09-24-2008, 10:54 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
Bruce, why the OpenVPN client for a Windows laptop? We've set up L2TP over IPSec since XP and it's been totally without problems. I admit to ignorance on this issue.

Thanks - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
  #6 (permalink)  
Old 09-25-2008, 02:01 AM
Wizard
  
Join Date: Oct 2005
Posts: 2,431
Default
There have been different problems with L2TP in the past. I rather like the OpenVPN (SSL Client) as it uses certs in addition to user authentication.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
  #7 (permalink)  
Old 09-25-2008, 04:14 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
OK, it sounds like we each have solutions we're comfortable with.

As always, thanks for your time and knowledge here. - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 09:46 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.