|So, where would you put the wireless network? If it's in front of the Untangle box then how would you go about that?|
Before I say anything else, I want to reiterate I'm unfamiliar with an "untangle" box. It sounds like a linux based firwall to me. So I don't know if your multi bridge is a requirement of untangle.
I not only would, I have, put our wireless behind our firewalls. We offer a "internet only" guest type wireless LAN presently in our network that resides inside our firewalls.
Thanks to VLAN's and routing we can segment it away from internal resources and only allow external (internet) access through that VLAN/Subnet.
Also, on the point of VLANing... what has subnetting got to do with VLANing? I thought creating VLANs allowed you to logically order and group devices on the same network. Hmmmm...
What you say is true, but it isn't all VLAN's are good for. We use them extensively to segment our network.
It would make no sense to create say, 10 VLAN's within your network, and have the same subnet on all 10 VLAN's. Unless you have so small a number of clients and servers that you don't need more than say 200 IP addressses. If you do have few clients, it would provide a simple way to segment.
However, if you have need for more than 254 IP addresses within your network, you have no choice but to subnet. Why not combine subnetting with VLAN tagging?
Multiple subnet's means routing. VLAN tagging is faster than routing and using VLAN tags in conjunction with your subnets also helps to relieve some of the routing load off your routers. Remember, when a router gets a packet, it has to open it, read the destination address, make changes, recombine the packet and then send it off. A router looks at the VLAN tag attached too= the outside of the packet and tosses the packet in the right direction. This is much faster So to me it makes sense to use VLAN's in conjunction with subnets considering VLAN tagging reduces load on routers and improves overall network performance.
Some may be slightly offended by the above statement but not I , sir! I feel it's just your way and, well, we all have our ways... don't we?
Well I'm glad you didn't get offended. That was not my intention. I tend to be rather direct and to the point and don't waste a lot of time fancying what I'm saying up. I've often been called rude and abrupt because of it. All I can tell you is, my point was, you saw something that was new to you, and struck you as intreaguing and you want to try and use it. I have no beef with that.....but, as per my two golden rules, I don't believe you need it. There is a world of difference between what we need and what we want.
I'm sure you'll agree it would make more sense to get your setup working and lab the "new" technology out before trying to deploy it. I realize you had it working fine at one location before trying to bring up the second and then deploy the "new" technology to interconnect the two sites. Me, I'd have left that alone, set up an encrypted VPN tunnel, got the two sites communicating and then I'd have hit the lab with a router or two and figured out if this was viable or not. And, if viable, then I would ask myself, "Is it necessary"
Personally, I hate trying to reinvent the wheel. If I have a setup that's reasonably simple (ie: not complex) that means it's easier to maintain and troubleshoot. The more bells and whistles you put on something, the more things you have that can go wrong and when something does (and something always does go wrong....right....lol) it's that much more to have to wade through to find the problem and resolve it.
It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.