Guest Network Isolation for IOT - Best Practice

Spartacus

Occasional Visitor
So conventional wisdom seems to indicate (if you don't want to do a two router setup) that isolating IOT devices on a Guest Network provides at least some enhanced security...check. I also thought it best to isolate my old HP AIO printer since it's not up to par with current security standards. The trouble is: Now I can't print to it from my Windows laptop. I've set it up for IPP and it seems my Mac can print to it but not my Windows Laptop. Are there some things I should consider in this setup? What's best practice and how the heck can I isolate the printer but still print to it? Any assistance would be greatly appreciated.
 

eibgrad

Part of the Furniture
Isolating it and having access to it is a contradiction! But in practice, it's NOT uncommon to make exceptions, although personally I'd never consider placing my network printer on the IOT network. Too much hassle. But if you do, then how you make an exception depends on your router's firmware, and how that isolation is enforced. Sometimes the firmware makes it easy, sometimes difficult, and other times impossible. Just depends. Since you provided no details, there's not much more advice I can provide.
 

Spartacus

Occasional Visitor
Isolating it and having access to it is a contradiction! But in practice, it's NOT uncommon to make exceptions, although personally I'd never consider placing my network printer on the IOT network. Too much hassle. But if you do, then how you make an exception depends on your router's firmware, and how that isolation is enforced. Sometimes the firmware makes it easy, sometimes difficult, and other times impossible. Just depends. Since you provided no details, there's not much more advice I can provide.
Your point is valid and yes, this would be an exception. That said, given your reply, perhaps it makes more sense not to isolate the printer and simply use the firewall rules on the device to prevent access to it's web server. What information is necessary to help determine my best course of action?
 

eibgrad

Part of the Furniture
Your point is valid and yes, this would be an exception. That said, given your reply, perhaps it makes more sense not to isolate the printer and simply use the firewall rules on the device to prevent access to it's web server. What information is necessary to help determine my best course of action?

What are you using for a router? Stock or third-party firmware?
 

eibgrad

Part of the Furniture
I have an Asus ZenWifi XT8 router using stock firmware.

Does it provide a user configurable firewall? I know most (perhaps all) ASUS routers have a Network Services Filter feature for blocking internet access by local devices, iirc, based on its MAC address.
 

Spartacus

Occasional Visitor
Does it provide a user configurable firewall? I know most (perhaps all) ASUS routers have a Network Services Filter feature for blocking internet access by local devices, iirc, based on its MAC address.
It does but then again so does the printer itself. I gather the printer is simply to avoid compromise of it's server and setting it on the router is all that's needed. That said, I'm not the most knowledgeable when it comes to firewall settings.
 

ColinTaylor

Part of the Furniture
If you just want to stop the printer accessing the internet you can block it from doing so in the GUI. Just click it's entry under Client Status.

Untitled.png
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top