03-08-2014 10:17 AM
Is there a way to check and customise the firewall rules created by enabling guest policy (not the portal)? Does it show up in any config / properties file on the controller or only on an Access Point?
I'd like to check if it prevents Wi-Fi clients from becoming DHCP and DNS servers on a given VLAN. If guest policy does not already do this I may make it a Feature Request instead.
More broadly it would be usual for DHCP and DNS to be provided only by a wired device so would want the ability to block it being served by any wireless device (regardless of guest policy). We do have switches that can do DHCP snooping but many deployments won't have this option.
12-02-2014 03:33 PM
Don't like to BUMP stuff too often but any official answer (or has anyone delved into this themselves)?
I assume it results in etables rules. I need to see what's going on as with guest policy enabled I can sometimes still see other guests in FING and similar tools.
Also I'll need to be able to confirm to the enterprise / management that we can mitigate against known risks as per the previous posts (the obvious case being wireless clients serving DHCP offers to each other) - in order to be able continue using or buying more of these.