Hey fellow system admins! I'm reaching out for your expertise on how to better secure and manage our corporate guest wireless network. Recently, we've had issues with abuse on this network, and I'm looking for strategies to control and monitor use more effectively. What kind of policies or restrictions do you implement for your guest networks? For instance, do you block access to social media, games, or VPNs? I find VPNs to be a tricky situation, especially since we sometimes have vendors on-site who need to use the guest network to connect to their headquarters. Currently, our guest network operates on a separate VLAN with some web filtering, but our filtering is pretty lenient at the moment. Additionally, do you impose bandwidth limits or use captive portals for guest access? Any insights would be really appreciated!
3 Answers
We use Ubiquiti UniFi for our guest Wi-Fi. It has a captive portal where guests agree to terms before connecting. We limit the internet speeds to about 5 Mbps up and down per session, and we have strict filtering options implemented through a UniFi Gateway. Although the specific policies were decided with corporate and SecOps, they're somewhat relaxed until there's misuse.
Our guest network is quite straightforward: Wi-Fi access only, with device isolation and no filtering, since we feel it's not our job to monitor guests too closely. Just internet access, really.
We have a captive portal that includes an Acceptable Use Policy (AUP), along with web filtering and rate limiting. Guests get timed out every 4 hours, which helps keep things in check.
Don't you think some filtering could prevent bandwidth hogging or malicious use? You might be held accountable by the ISP for any issues that arise.