PFSENSE Rules
PFSENSE Rules
However, connecting LAN requires being physically near a LAN port, while WiFi allows you to be outside the building. My main goal was to gather more feedback from the person about why they chose this approach to determine if it was truly necessary or just what they wanted, not to imply that blocking is impossible with the right tools. Perhaps I should have been clearer.
In a business environment, users can manage their WiFi completely independently, even when using public networks without needing passwords or login pages. The network will be divided from the main system, with strict limits on data flowing in and out of the gateway. Each access point will enforce isolation so devices can't communicate within the same WiFi group. Network managers decide what functions are available on the equipment, and leaving an open WiFi connection on the same segment as a LAN is considered risky. High-end enterprise gear offers extensive control but comes at a higher price.
I understand your point about how the wording influenced my reply. Essentially, I’d focus on safeguarding the other LAN segments. Regarding Wi-Fi, it’s wise to be cautious—don’t rely solely on WPA2. Enhanced methods like EAP/LEAP would add better protection. Physical security remains a significant concern, often overlooked. Dropping a network isn’t secure by any stretch, especially when people bypass access controls. Open networks in main VLANs without NAC or port security are risky. I’ve witnessed bad behavior, such as badge scanning and unauthorized entry despite warnings.