How to Set explicit Firewall Rules for Wlan devices?
im using a Fritzbox 3490 as an Access Point in my Lan network. The Fritzbox AP is connected to a switch where the Lan Interface of my PFsense is connected to.
Until now i didnt configure anything in my Pfsense, but my Wifi devices already get an IP from the Lan Network and can use the Internet connection.
Problem here: I dont want, that all wifi devices can access devices on my LAN Network on every port, so i want to create specific rules (for example, only smb access from wlan to lan network is allowed). My Pfsense Firewall only has 2 Lan Ports which are already used for LAN/WAN.
How can i accomplish this goal?
I read about making an own network for wlan via vlans and add this vlan network as a new interface to my pfsense. Is this the only way to accomplish my goal or are there other ways?
Problem is, that my switch im using atm doesnt support vlans, so i would have to buy a new one with vlan support.
yeah you need vlan and eventually put the access point to another network so you can make rules or buy a new network card where you can plug the AP, the last would be less expensive but again maybe the position would be not so ideal if it's far away from the switch
OK, thanks for the fast response.
The new network card would be an option, too thats right.
But i think if there is no other Software solution for this scenario its anyway time for me to replace my old (not manageable) switch with an up to date smart/managed switch with vlan support.
I just wanted to make sure there is no other Software solution for this scenario before buying.
Thank you very much !
One more question. I dont really understand why in Pfsense there is under "Interfaces" an own Tab for "Wireless Interface".
Is it meant for build in wireless card which are installed on the pfsense Hardware itself, or should i use this even when an Access Point like my Fritzbox is connected to the Interface?
The wireless tab is for wifi hardware in the pfSense box, yes.
It depends what the Fritzbox can do. If you can set that up to use a VLAN directly that traffic will probably pass your unmanaged switch and you can then connect to it using a VLAN interface in pfSense.
You could do something even more unconventional like setup a tunnel of some sort between the Fritzbox and pfSence to separate the traffic that way. A VPN if it can do that or even PPPoE can work.
A managed switch is a better way to do it but it depends how much you want to save money or like playing with network config.