An Integrator wanted to offer a "protected" WiFi connection for children in a client's home. The "protected" WiFi connection would need to be automatically restricted with content filtering while the standard WiFi would have greater or unrestricted access to Internet services.
The system integrator deployed a stock FIREFX R Series Network Guardian (FXNG-G6) security appliance as the network's primary router/firewall with minimal custom configuration. The five pre-configured VLANs were utilized in the following way.
- VLAN 1 (The LAN port) was used to handle all normal unrestricted network/computer traffic.
- VLAN 100 (OPT 1 port) was used to offer "protected" WiFi access to children in the household.
- VLAN 200 (OPT 2 port) was used as a guest WiFi access.
- VLAN 300 (OPT 3 port) was used for the security system cameras and DVRs.
- VLAN 400 (OPT 4 port) was used for appliances, IoT devices, and control systems.
Wireless Access Points (WAPs) were configured to advertise three secured SSIDs; "H_Wireless" for VLAN 1 traffic, "K_Wireless" for VLAN 100 traffic, and "G_Wireless" for VLAN 200 traffic. The network traffic on VLAN 100 was "protected" via DNS filtering using the procedure described in the Network Guardian guide. As a result, traffic from children's devices was restricted to what the parent's deemed safe sites.
Network traffic on VLAN 200, the guest network, was isolated from the homeowner's private networks. With the intrusion detection/prevention system actively monitoring all traffic. This configuration limits the chance of a guest's dirty PC or mobile device from spreading its malware and viruses to the homeowner's network devices.
The system integrator was able to install the system in under a few hours with intermediate technical skill. The customer mind was put at ease with the increased security and protection for his children. The results of increased security were seen immediately by the customer when the dashboard displayed multiple rejected connection attempts from other continents and blocked attacks from both the IPD/IDS (SNORT) and the firewall. The customer and system integrator were both happy to have secure VPN access to the router and network, allowing remote access for service and convenience.