Despite Airtame only being able to handle one WiFi and one ethernet connection at a time, there are various methods to allow your internal and guest users to stream to a single Airtame device without needing to switch the WiFi they are using.
The method presented in this article is our most recommended method as it is the most secure and all the security is handled by your firewall using a "Demilitarized Zone" or DMZ. The Airtame will have 1 IP address that will be accessible from your internal and your guest network. The setup and configuration will vary from vendor to vendor but the overall steps are as follows:
- Create a new VLAN on your firewall, create the IP addressing for this new subnet and assign that VLAN to a new traffic zone on your firewall, e.g DMZ.
- Now create the security rules in the rulebase of the firewall. The rules should only allow access from the internal and/or guest network zones to new traffic zone. Allowing traffic between your internal networks and guest networks is not advised. The graphic below dictates which ports are required to be open for the new traffic zone.
3. After adding the applicable firewall rules, you will need to configure the routing on your firewall/security appliance. The process for doing this will vary from vendor to vendor. Below are the links to the configuration guides from various vendors.
Configuring Static Routes for Palo Alto Security Appliances
Configuring Static Routes for CheckPoint Security Appliances
Configuring Static Routes for Cisco Security Appliances
4. The next step will be to configure the network services such as DHCP and DNS on your firewall. Configuration steps will vary from vendor to vendor, so be sure to check your administrator guides. Below are links from various vendors.
Configure DHCP on Palo Alto Appliances
Configure DNS on Palo Alto Appliances
Configure DHCP on CheckPoint Appliances
Configure DNS on CheckPoint Appliances
Configure DHCP on Cisco Security Appliances
Configuring DNS on Cisco Security Appliances