Looking for a suitable device for a small network

Rudolf Posts: 2
edited April 2021 in Switch
Hello there.

I have a simple problem, yet require your help.

I need to combine 4 elements into a network:

1. A router provided by my ISP, which holds the Internet connection. Its configuration is very limited - no VLANs, no advanced firewall configuration, no guest Wi-Fi, etc. For the sake of argument, we assume it cannot be replaced.

2. A local network connected through an unmanaged switch. All devices require communication with each other and with the Internet.

3. A single workstation. Requires communication with the local network above (specifically with just one computer in that network), but it must not be connected to the Internet.

4. Guest Wi-Fi access point - the other way around, obviously. Internet access, but no LAN access.

To sum it up, the following communication must be allowed:

1 to 2 and 4
2 to 1 and 3
3 to 2 (or rather a single device in 2)
4 to 1

My question is: which device (a managed switch, I presume) can I buy cheaply (tiny business) in order to make it work as simply as possible?

Everything was working on Zyxel ZyWALL 5, but without an extra router from the ISP (Internet connection was handled by ZyWALL directly). Number 4 was connected to a WLAN port, with firewall allowing WLAN to WAN, but dropping WLAN to LAN. Number 3 was in LAN, but any attempt of communication with WAN from its IP was being dropped. I cannot do that so easily after adding an external router. Also, at this time I need gigabit ethernet.

I will appreciate any and all suggestions.


  • Daniel_LU
    Daniel_LU Posts: 16  Freshman Member
    edited June 2018
    if you want to buy a USG NEXT GEN firewall, i should know how many devices are connected to your network (Servers, VOIP phones, PCs, nas, rdx, WIFI devices like smartphones, laptops.....)

    For example, you have 50 devices then you have to buy a USG-210 because if you went to buy a USG-110 that supports up to 50 devices it would saturate. USG-210 supports up to 100 devices.

    You always buy a device that supports at least twice the number of devices you have in your network.

    From the usg-110 up there is not built-in wifi but you have to buy an access point.

    If you purchase an AP-type NWA5123-AC, the firewall also acts as an AP controller and you can manage 2 APs and from the third AP, you need additional licenses.


  • Zyxel_Ryan
    Zyxel_Ryan Posts: 66  Zyxel Employee
    Hi guys, 

    Thanks for @Daniel_LU 's suggestion. 
    I would like to ask @Rudolf
    How many clients do you have in Local Network and Guest-WiFi, respectively? 
    Besides, how large will your wireless network be?


  • Rudolf
    Rudolf Posts: 2
    Thank you for your kind replies.

    My network is really small - about 20 devices including 2 or 3 on Wi-Fi. Guest Wi-Fi will occasionally serve one or two devices, staying empty most of the time.

    Would Zyxel USG 20 do the job? Or maybe something even cheaper?
  • Zyxel_Ryan
    Zyxel_Ryan Posts: 66  Zyxel Employee
    edited June 2018
    Hello @Rudolf

    Yes, I think USG20W-VPN is a good idea. 
    The general setting concept will be like below: 
    1. lan1: Local Network and Workstation.
    2. Block lan1 to wan with IP of Workstation so that workstation will not be able to access internet, but only to local network. 
    3. Bind Guest WiFi on lan2.
    4. Block lan1 to lan2 and also lan2 to lan1 so that Guest WiFi can access the internet, but not the local network.