Data on the mobile backup networks is limited and expensive, so if the primary WAN connection drops would like to restrict users on the guest network from using mobile data. Could you advise the steps to set this up? RUTX50. Thank you :-]
There was a similar case here. Could you please take a look at it and tell if that is what you were looking for?
Additionally, just in case you need it, I will leave a link to our wiki article here that demonstrates how to configure a guest network.
This advice has been very helpful!
For anyone else who may be wanting to set up the same thing, I followed the instructions on the similar case using the link provided, but for the rules I used a source address of 192.168.0.1/24 for the users who are allowed to use the mobile data during failover, and for the guests on the guest network I used a source address of 10.10.10.0/24. This works because connections to the guest network use a different range of IP addresses if you set the guest network up using the guide on the wiki here.
My only issue has been that users on the guest network are still able to access addresses such as 192.168.1.1. The firewall traffic rule does not appear to be working. There is a parameter in the traffic rule settings called “Match” that can be set to “DSCP” or “Mark” and once selected there are “Extra arguments” to enter. Do I need to select one of these parameters so the rule works? If so what “Extra arguments” should be entered? The screenshot in the wiki guide doesn’t show this setting.
The basic idea is to either use explicit traffic rules, or assign the guest network to a different firewall zone and manage access that way. The article about the Guest WiFi here has an example. If you are using wired VLANs, the approach is similar. You need to assign it to a different zone and allow traffic from this zone to WAN.