A

8 Messages

 • 

170 Points

Mon, Sep 13, 2021 6:32 PM

Guest WLAN exception

Hello,

I have two WLANs in my zone. One for our employees and one for guests/ employee mobile devices.

We wanted to have a Guest WLAN that was isolated and we wanted mobile devices on it as well. The issue I am having is that when people are not at their desk but a different office or building, they cannot access their email (we have an on-site email server). 

I have tried to do a whitelist exception but cannot because I am running DHCP/ NAT services. Is there another option? I was thinking maybe a L3 Access Control policy?

Responses

Official Rep

 • 

1.2K Messages

 • 

16.6K Points

9 d ago

Hi,

In this case you can create a standard WLAN and then create the isolation using L3 ACLs. This is the only way.

8 Messages

 • 

170 Points

8 d ago

Ok, that is what I was starting to think...

I do have a question though, I am using a Virtual SmartZone, On the L3 Access Control, can I do a range of IPs? or would this have to be a 1:1?

8 Messages

 • 

170 Points

7 d ago

I guess what I am trying to figure out is

1) Do I NEED to use the source/ destination ports? 

2) Source IP: Is this the Network ID/ Subnet or the device IP and Subnet?

3) Destination IP: Destination IP/ Subnet of Server I am trying to get to?

Official Rep

 • 

1.2K Messages

 • 

16.6K Points

5 d ago

Hi Ashour,

If you use the toggle button, it will change the setting between single port/IP vs range.

For example, if you Turn Off the Source IP button, it will let you define single IP address. If you turn it On, you can configure whole subnet.

If you don't want to define any ports, you can leave it, because it is not a mandatory field.

If you use the combination, then access rule will be more specific.

For example, if you use source and destination both addresses, then system will allow/deny the traffic based on source and destination IP.

If you just use source or destination IP, then rule will be applicable accordingly.

Important Announcement