Hi everyone,
Since our company uses our Public IP address as a way of accessing external resources that hold sensitive data, I was wondering would it be possible to have a different Public IP address for our Guest Network so that those connected to it wouldn't be able to access these resources?
Thanks for your help.
@David_Boyle Have you looked into vlan tagging? This seems perfect for what you are looking to do as you would just assign different Public IPs to each vlan.
https://n22.meraki.com/WL-MA-OB-wireles/n/LaNi3cw/manage/support?utf8=%E2%9C%93&kb_article=2063
Hi David
MR on its own may not be able to do so.
However it can segregate traffic as @vassallon suggested by tagging the SSID to appropriate VLAN.
Once the traffic is segregated your gateway appliance shall route the subnets to desired WAN interfaces.
If you are using MX as your gateway appliance
Security & SDWAN->SD-WAN & traffic shaping may help you to do so.
You could also create MR firewall rules to block access to those sensitive assets.
If you use a bridged wifi network for your corporate devices and a nat wifi network for your guests, then the guests will be natted behind the ip address of the access point (the corp bridged clients will be on your lan ip subnets).
You can then nat outbound through your main internet facing firewall for external services (internet) on a different ip address for the source ip's of the access points, therfore your guest clients will go outbound on a different public ip to your bridged corporate clients (assuming you nat them on a different public ip)
Thanks for the reply. So I do currently have the main network on Bridge mode and Guest network on NAT mode.
Do you have any documentation on how the second part of your reply is done?