I want to implement an "Intranet" Wi-Fi, with full access to our network, and a "Guest" Wi-fi with access only to the public Internet.
The DAP is connected to a ZyWALL USG50 router/firewall with VLAN support.
My first question:
(1) Am I right that the "Guest" mode settings won't really help here, because they assume that the LAN connection of the DAP goes straight to the broadband connection; since it really goes to a router, once a packet is allowed out the DAP's LAN port, any meaningful security has to be implemented at the router, right?
This is where VLANs should come in. I believe I am properly tagging outbound packets as VID1 (for intranet network) and VID2 (for guest network). Second question:
(2) Can I set the default gateway to be different for the two SSID/VLANs? The firewall wants VLAN traffic to hit a virtual interface dedicated that VLAN... but that requires different default gateways per SSID.
Please feel free to ask clarifying questions; I'm trying to keep this minimalist because I have so many questions floating around in my head
Thanks in advance,