As mentioned in another thread, I will like to upgrade from an Asus AC66U to a Netgear Orbi to fully resolve Wifi deadspots. Almost everything is ready (e.g. possible locations for the satellite and the router, site survey to ensure feasibility) but there is one last challenge: Guest Network with pfSense.
Before I got my pfSense machine, my setup was like this:
Fiber + Cable Internet Modems (i.e. dual WAN) => Asus AC66U in router mode (wireless devices connect to this) => Managed Switch => other wired devices (e.g. computers, NAS)
Guest network on the AC66U can work as intended; users on the guest SSID cannot connect to other devices but of course can still connect to the Internet.
But, I am currently using pfSense as my router as I need some of the packages like HAProxy for work purposes. Right now it is also aggregating a fiber WAN and a cable WAN from the same ISP (i.e. dual WAN). So my setup is like this:
Fiber + Cable Internet Modems => pfSense => Managed Switch => Asus AC66U in AP mode (wireless devices connect to this) + other wired devices (e.g. computers, NAS)
I got the needed pfSense capabilities, but guest network on the AC66U is now broken as users on the guest SSID can connect to other devices on the network regardless of their SSIDs.
I have consulted many pages such as this: https://www.snbforums.com/threads/guest-network-not-restricting-local-network-access.22659/ but this is still unresolved (e.g. guest network having no Internet). Furthermore, seeing how I need the Orbi to solve Wifi deadspots, most solutions will not work as they are not for the Orbi.
At the same time, I noticed that while I need pfSense's pfBlockerNG and general firewall capabilities for the entire network, I will need the other capabilities like HAProxy just for wired devices. Furthermore, all guest devices are wireless so far and for wireless devices, as long they can connect to the Internet in their respective SSIDs, I am ok.
So, I am thinking of doing this setup:
Fiber + Cable Internet Modems => pfSense => Managed Switch => Asus AC66U/Netgear Orbi in router mode (wireless devices connect to this) + other wired devices (e.g. computers, NAS)
Then set it such that both pfSense (192.168.1.x) and the Orbi (192.168.0.x) will be DHCP servers.
I have briefly tested this. At least I can connect to the Internet on my wired and wireless devices, and when on the guest network, I will not be able to connect to other devices. This is what I wanted, but I am unsure what other side effects will there be as my other wired devices are not online yet (still upgrading them as we speak) and I needed to revert to previous setup as right now my family is using the Internet and I need to rush back to my work.
So in the meantime, do you all think this will cause any issue? Are there any better ways to get what I need?
Thanks!
Before I got my pfSense machine, my setup was like this:
Fiber + Cable Internet Modems (i.e. dual WAN) => Asus AC66U in router mode (wireless devices connect to this) => Managed Switch => other wired devices (e.g. computers, NAS)
Guest network on the AC66U can work as intended; users on the guest SSID cannot connect to other devices but of course can still connect to the Internet.
But, I am currently using pfSense as my router as I need some of the packages like HAProxy for work purposes. Right now it is also aggregating a fiber WAN and a cable WAN from the same ISP (i.e. dual WAN). So my setup is like this:
Fiber + Cable Internet Modems => pfSense => Managed Switch => Asus AC66U in AP mode (wireless devices connect to this) + other wired devices (e.g. computers, NAS)
I got the needed pfSense capabilities, but guest network on the AC66U is now broken as users on the guest SSID can connect to other devices on the network regardless of their SSIDs.
I have consulted many pages such as this: https://www.snbforums.com/threads/guest-network-not-restricting-local-network-access.22659/ but this is still unresolved (e.g. guest network having no Internet). Furthermore, seeing how I need the Orbi to solve Wifi deadspots, most solutions will not work as they are not for the Orbi.
At the same time, I noticed that while I need pfSense's pfBlockerNG and general firewall capabilities for the entire network, I will need the other capabilities like HAProxy just for wired devices. Furthermore, all guest devices are wireless so far and for wireless devices, as long they can connect to the Internet in their respective SSIDs, I am ok.
So, I am thinking of doing this setup:
Fiber + Cable Internet Modems => pfSense => Managed Switch => Asus AC66U/Netgear Orbi in router mode (wireless devices connect to this) + other wired devices (e.g. computers, NAS)
Then set it such that both pfSense (192.168.1.x) and the Orbi (192.168.0.x) will be DHCP servers.
I have briefly tested this. At least I can connect to the Internet on my wired and wireless devices, and when on the guest network, I will not be able to connect to other devices. This is what I wanted, but I am unsure what other side effects will there be as my other wired devices are not online yet (still upgrading them as we speak) and I needed to revert to previous setup as right now my family is using the Internet and I need to rush back to my work.
So in the meantime, do you all think this will cause any issue? Are there any better ways to get what I need?
Thanks!
