I'm not new to networking, but I never dealt with firewalls and vlans (aside from default SPI firewalls)
So I have a company that has a wifi 6 pro unifi AP and even though I set it up months ago with AP isolation, I realize now that doesn't mean anything for local resources from the private network. Oops.
So, I've been doing some reading and I ran into some videos some with seemingly an older firewall interface, and some with a newer one that has the established/related checkboxes. But it might have been another unifi device. There is no separate unifi switch here. It's unneeded. I plan to just plug the AP into eth4 and setup the vlan, rules, then put the vlanid into the guest network. But this AP also had a regular non-guest network too. Will assigning the guest vlan to eth4 not allow regular network traffic for the private network.
Will not using 'related' on the firewall rule for the guest create problems? I don't want any uninitiated traffic into the guest. Of course, I have to allow dhcp right? I think those initial requests are uninitiated because they're multicast. The video i watched had rules that had the private network access the guest devices, I don't even want that. So do I just add a rule to drop 'new' incoming into the guest network, or would that also cause issues with dhcp. Would I put rules to allow the dhcp (and I guess DNS?) port to pass through ahead of the 'new' packet block (and malformed packet block)?
An example is here: https://www.youtube.com/watch?v=fQJe4RCWoaQ&t=221s
this confuses me. Why is the rule applied to traffic out? Shouldn't we want established/related traffic in? and not new traffic?
So I have a company that has a wifi 6 pro unifi AP and even though I set it up months ago with AP isolation, I realize now that doesn't mean anything for local resources from the private network. Oops.
So, I've been doing some reading and I ran into some videos some with seemingly an older firewall interface, and some with a newer one that has the established/related checkboxes. But it might have been another unifi device. There is no separate unifi switch here. It's unneeded. I plan to just plug the AP into eth4 and setup the vlan, rules, then put the vlanid into the guest network. But this AP also had a regular non-guest network too. Will assigning the guest vlan to eth4 not allow regular network traffic for the private network.
Will not using 'related' on the firewall rule for the guest create problems? I don't want any uninitiated traffic into the guest. Of course, I have to allow dhcp right? I think those initial requests are uninitiated because they're multicast. The video i watched had rules that had the private network access the guest devices, I don't even want that. So do I just add a rule to drop 'new' incoming into the guest network, or would that also cause issues with dhcp. Would I put rules to allow the dhcp (and I guess DNS?) port to pass through ahead of the 'new' packet block (and malformed packet block)?
An example is here: https://www.youtube.com/watch?v=fQJe4RCWoaQ&t=221s
this confuses me. Why is the rule applied to traffic out? Shouldn't we want established/related traffic in? and not new traffic?
