Firewall help

InnovativeWorks

InnovativeWorks

Member
Reaction score
7
Location
72390
A client has a small office with two laptops and an office printer. An ATT dsl modem/ wireless router is used for internet. The printer is patched to an Netgear wifi extender in a separate room so it can be on the network and shared. Thus both laptops are connected to the wifi extender so they can utilize the printer.

Now a hardware firewall would like to be implemented. I was thinking about getting a something like the Fortinet FortiWiFi-60D and connect the extender to it. What do you all think?
 
Ok.... so there is a wireless extender connected wirelessly to the wireless router? And this extender has a port and then is connected to the wireless extender?

Why can't the laptops print to the printer when they are connecting directly to the wireless on the router? How are you making sure the laptops are only connecting to the extender?

99.9% of hardware firewalls can do routing. Disable routing on the modem, connect the firewall to the modem, and then connect switches, wireless APs, etc downstream from there.
 
trevm999 said:
Ok.... so there is a wireless extender connected wirelessly to the wireless router? And this extender has a port and then is connected to the wireless extender?
Click to expand...
Correct the wireless extender is connected wirelessly to the ATT modem. The printer is connected to the port on the wireless extender.

trevm999 said:
99.9% of hardware firewalls can do routing. Disable routing on the modem, connect the firewall to the modem, and then connect switches, wireless APs, etc downstream from there.
Click to expand...
Ok thank you. Do you have any suggestions for a firewall?
 
Personally I think that's a pretty pricey solution for a business that size. What industry are they in? If I remember correctly that product requires an active, paid subscription to use all of it's features.
 
Markverhyden said:
Personally I think that's a pretty pricey solution for a business that size. What industry are they in? If I remember correctly that product requires an active, paid subscription to use all of it's features.
Click to expand...
To be specific, the client is owns a daycare and a construction company. Both are in the same building sharing the internet. One laptop he uses for construction and the other is for the daycare( teachers clocking in/out, accepting payment,etc.) What firewall solutions do you suggest?
He is also planning on getting a onsite server in the future. As of yet, I do not know the function(s) of the server.
 
Depending on which model ATT gateway you have (like an NVGsomething)...there are ways to get it to pass the public IP to the WAN port of your own proper biz grade firewall, we always...always...put our own managed biz routers behind the ISPs supplied gateway and it (the iSP gateway) to bridged or public IP passthough mode. This avoids double NAT.

I don't like wireless range extenders, we use Ubiquiti Unifi for our wireless...a Unifi POE switch for the LAN and some Unifi APs and a Unifi Cloud Key for management.

Untangle is the UTM firewall we use, else...if the client doesn't want a UTM...we use Unifi gateways.
 
What are they trying to accomplish with the firewall? Are they trying to secure the LAN more since the plans for the server will require a higher level of trust in the LAN? If this is the case, then UTMs like Untanged, Sophos, or a packages enhanced pfsense (not recommended if you're looking for a turn-key solution), are what they want (Palo Alto if they're wanting to put some serious cash down)

However, you're relying on trust on the LAN, then you need to look at LAN accessibility too. Are staff able to connect to the wireless? Should the two business have some segregation on the network?
 
InnovativeWorks said:
To be specific, the client is owns a daycare and a construction company. Both are in the same building sharing the internet. One laptop he uses for construction and the other is for the daycare( teachers clocking in/out, accepting payment,etc.) What firewall solutions do you suggest?
He is also planning on getting a onsite server in the future. As of yet, I do not know the function(s) of the server.
Click to expand...

Construction. Probably no statutory data protection. But the daycare probably has PII. How are they accepting payment? If they are processing CC information on the laptop then they have to address PCI as well.

How is their email being handled? Another thing you need to be asking about, data backup.

How long have they been around? Do they anticipate any growth, meaning hiring? Do they have a website(s)?

I have no idea how much networking knowledge you have so I''m just going to cover some boiler plate.

UTM, Unified Threat Management, is a set of features which is used at the network edge to increase security. This can include anti-malware, anti-phishing, various network breach attack vectors, etc, etc. Due to it's nature, having to receive updates, you have to pay for a subscription. As I mentioned above, it's not cheap. A 60D with a 3 year sub is over $1000.

The 60D is a combination of firewall and UTM. I've only worked with them once, I was not happy, and swapped them to something else. But it was a very specific issue. I was using point to point VPN and we could not get the tunnel to properly handle VoIP traffic from the remote office to the VoIP server in the main office.

Like many on here I like Ubiquiti products. But, at the moment, they do not have a firewall with integrated WiFi. If it was me I'd get a ERL3 for an edge device and a UAP-AC-LR for wireless. I'd handle the UTM threats locally on the machines due to site size. Make sure their email is on a reputable provider with anti-spam turned on. A good, managed anti-malware like Bit Defender Gravity Zone. You could sign up for Kabuto to provide a MSP service including managed AV. Browser plugins, like adware blockers, and hide IE.
 
Markverhyden said:
Like many on here I like Ubiquiti products. But, at the moment, they do not have a firewall with integrated WiFi. .
Click to expand...

Technically they have, and still do.
Most computer peeps know the Unifi lineup, and some know the EdgeMax lineup. But not many know of the airMax routing products...designed for WISPs. There was the old "airGateway"...I have one of the none LR models. Not really useful for normal router/gateways...more usable as a "bridge".

And then there is the airCube. I got an airCube AC soon as it hit the Beta store last fall. It's officially out now. It looks similar to the central cube unit of the Amplifi...a tad smaller. Can be centrally managed by WISPS via UNMS. (the multi tenant web management tool to manage air and edge products for MSPs and WISPs).
AirCubeBottom.jpg AirCubeBox.jpg AirCubeFront.jpg AirCubeRear.jpg WebAdmin.png
 
Thank, forgot about the airCube, got to get one of those now. That would do the trick. I did get an Amplifi when it came out, worked great, and have installed a few of those. But the feature options are a lot more limited so they're not going to cut it for most businesses.
 
trevm999 said:
What are they trying to accomplish with the firewall?
Click to expand...
I brought up getting a firewall. By chance the businesses get targeted by a hacker or virus, they would have some sort of defense.
trevm999 said:
Should the two business have some segregation on the network?
Click to expand...
You just gave me an idea...Off to google

Edit: That's not going to work because both of them still have to use the same printer. Unless there is a way for devices on different VLANs to use the same printer.
Markverhyden said:
I have no idea how much networking knowledge you have so I''m just going to cover some boiler plate.
Click to expand...
Thank you because I have limited networking knowledge.
 
Last edited:
Markverhyden said:
forgot about the airCube, got to get one of those now
Click to expand...
Be aware that Ubiquiti is rolling out EOL for older equipment in Unifi 5.6.29, though the airCube is not old, just thought I'd through that out there.

Anyway, OP, surprised that no one has mentioned a pfSense box. Dirt cheap to do.
 
Your PCMD said:
Be aware that Ubiquiti is rolling out EOL for older equipment in Unifi 5.6.29, though the airCube is not old, just thought I'd through that out there..
Click to expand...

airCube JUST came out...when I purchased it back in Oct or first week of November it was still in the Beta store. It's in the air family, not Unifi...so Unifi cannot manage it, but UNMS does.

Only EOL equip I have out there are 2x of the first square outdoor Unifi AC APs.
 
Your PCMD said:
I know. Thats why I pointed it out that it wasn't old. Also, UNMS is still in beta, however, EOL profiles may be in the stable public release.

As far as Unifi, I have 24 AP-LR v2's deployed and I hope and prey they don't add those to the EOL list.
Click to expand...

I have not seen an official list of their sunsetting schedule yet. I've seen enough people ask about the first gen Unifi APs...we have several hundred of the those out there. But I'm a pretty good replacement cycle anyways with our MSP clients...upgrading all the time to the ACs simply for the reason of performance via features such as bandwidth steering, and as we constantly phase in new Unifi or Edge switches...since new models down the road will be dropping passive POE. Less clunky POE injectors.
 
InnovativeWorks said:
IYou just gave me an idea...Off to google

Edit: That's not going to work because both of them still have to use the same printer. Unless there is a way for devices on different VLANs to use the same printer.
Click to expand...

If it was me I'd probably not worry about splitting the two businesses network wise. Especially if it looks like they are not going to hire a bunch of people. You can split it and still have both side print but I'd look at it as a lot of work for nothing. But you should mention it to the customer anyways.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Torn between gateways for an ultra simple office setup.
Replies
5
Views
325
thecomputerguy
thecomputerguy
InHomeComputerHelp.com
[REQUEST] Netgear Extender no internet
Replies
4
Views
647
nlinecomputers
nlinecomputers
NETWizz
Ticket of the Week
Replies
1
Views
537
callthatgirl
callthatgirl
V
Ubiquiti dropping connections
Replies
9
Views
1K
YeOldeStonecat
YeOldeStonecat
HCHTech
No internet
2
Replies
25
Views
4K
YeOldeStonecat
YeOldeStonecat
Back
Top