09-13-2021 11:32 AM
I have two WLANs in my zone. One for our employees and one for guests/ employee mobile devices.
We wanted to have a Guest WLAN that was isolated and we wanted mobile devices on it as well. The issue I am having is that when people are not at their desk but a different office or building, they cannot access their email (we have an on-site email server).
I have tried to do a whitelist exception but cannot because I am running DHCP/ NAT services. Is there another option? I was thinking maybe a L3 Access Control policy?
09-13-2021 01:09 PM
In this case you can create a standard WLAN and then create the isolation using L3 ACLs. This is the only way.
09-14-2021 12:11 AM
Ok, that is what I was starting to think...
I do have a question though, I am using a Virtual SmartZone, On the L3 Access Control, can I do a range of IPs? or would this have to be a 1:1?
09-15-2021 09:17 PM
I guess what I am trying to figure out is
1) Do I NEED to use the source/ destination ports?
2) Source IP: Is this the Network ID/ Subnet or the device IP and Subnet?
3) Destination IP: Destination IP/ Subnet of Server I am trying to get to?
09-17-2021 07:45 AM
If you use the toggle button, it will change the setting between single port/IP vs range.
For example, if you Turn Off the Source IP button, it will let you define single IP address. If you turn it On, you can configure whole subnet.
If you don't want to define any ports, you can leave it, because it is not a mandatory field.
If you use the combination, then access rule will be more specific.
For example, if you use source and destination both addresses, then system will allow/deny the traffic based on source and destination IP.
If you just use source or destination IP, then rule will be applicable accordingly.