• Creator
  • #3962923

    Wi-Fi access point with limited web traffic


    by _maxim_ ·

    Hi all,

    it has been asked by a local ONLUS to install a wi-fi access point for 40-50 persons who can navigate only on a certain web sites.

    If I am right – but ask for the help to experts- in order to LIMIT the web traffic to 2-3 domains, a Firewall must be coupled to a managed Switch before driving the Access Point. So far as I know, there is no access point on the face of the earth, no matter how expensive and advanced, which includes FW and VLAN functions such as to exclude ALL sites EXCEPT a few. I mean, I haven’t been able to find it on the marker.

    That said, I wanted show a practical example of the problem so we can compare ourselves on certain data.

    Essential prerequisite: users who connect to the wi-fi will only be able to browse the website (including minisites from the same domain), and access to Google Play, Apple Store to update the apps.

    1) The antenna to cover the user area could be a NETGEAR WAX620 or UBIQUITY U6 Lite (PoE).

    2) The Firewall could be a Nethesis Security Box S20

    3) Switch managed could be a NETGEAR PoE + GS308EPP

    Could this solution work?

    If so, are there cheaper hardware solutions? Let’s say that the 8 ports of the switch are sufficient, the PoE + is needed because in the point where the antenna will be installed there is already a network cable (but not the power supply).

    I accept advice!

All Answers

  • Author
    • #3962975
      Avatar photo

      I would be guessing.

      by rproffitt ·

      In reply to Wi-Fi access point with limited web traffic

      You haven’t seen “linux firewall appliances”. I read your post and immediately thought we would either get a Cisco solution or for those that want to get deep into the guts, a linux firewall appliance.
      To be clear this appliance is inserted after the internet connection and before the usual switch and WiFi access points.

      As to the Nethesis I leave any questions about that device to its maker. If they don’t answer questions, they don’t deserve the sale.

      • #3963201

        Reply To: Wi-Fi access point with limited web traffic

        by _maxim_ ·

        In reply to I would be guessing.

        Interesting! I must say that I have not considered “linux firewall appliance” and I am not documented about it.

        Indeed, if you can give me some suggestions, as long as it is a hardware to install and not a PC to configure (because they don’t want a PC-based solution), I gladly accept it.

        As well as the indication of a Cisco solution, it sounds interesting.
        Did you have a specific CISCO model in mind?

        Thank you so much for your help, very appreciated!

        • #3963256
          Avatar photo

          What is a PC?

          by rproffitt ·

          In reply to Reply To: Wi-Fi access point with limited web traffic

          Firewall appliances and even firewall “boxes” are usually PCs in disguise. They are usually loaded with a system to hide all that Windows or Linux PC interfaces but if you are looking for a firewall appliance that has no characteristics of any PC heritage I fear there is nothing like that on the market.

          Moving on. What you are asking for appears to be in these appliances. And learning the usual iptables, rules and more like most IT staff is standard fare. Company management usually doesn’t deal with such so we don’t expose them to the guts of the network instead taking their requests and making it happen. If they don’t want a PC then we find something that doesn’t look like a PC and move forward. We in the field know it’s a PC under the hood.

    • #4003790

      Reply To: Wi-Fi access point with limited web traffic

      by Johnharper2020 ·

      In reply to Wi-Fi access point with limited web traffic

      You may have to use a true proxy firewall. Most traffic is encrypted so you get very little insight into the traffic.

      Is this a bring your own device (BYOD) situation or are the devices provided by the organization ?

      Device based software may be the best option if the devices are provided.

Viewing 1 reply thread