This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

GUEST WIFI for new client

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GUEST WIFI for new client

weezy
L3 Networker

‎01-05-2026 05:49 PM

Hi All,

 

 

I just have a question. We have a new client on office and they will be using their own domain and laptop. They will connect to our GUEST internet and will use it to access their internal network.

 

The thing is client wants to have a dedicated guest vlan for them. We have an existing GUEST VLAN for our clients and this new client doesn't want to access sites such as google.com as the Product manager insisted it to us and client wants only to access their tools. The guest WIFI is just internet only, they are not integrated to our AD. When the user was provided a credential they are using the cisco ISE generated UN.

 

We have a global security that blocks URL domains, we don't do URL whitelisting or filtering on our PA 850 even though we have license.

 

If they insist to create a new guest. Can you guide me how to create it please? your help is greatly appreciated.

 

Our setup is collapse core

 

we have active passive setup for PA850, 2 core switches, Cisco WLC 3504 old model and CISCO ISE.

 

am I going to create a new guest VLAN on our cisco core switch as well as on cisco ise? how about on WLC?

 

Thank you for your answers.

 

 

 

 

0 Likes Likes
3 REPLIES 3

Raido_Rattameister
Cyber Elite

‎01-06-2026 06:23 AM

How is client lan and your infrastructure connected together?

Do they have their own firewall?

How will they filter that only their employees from general guest wifi can access their domain network?

 

If additional SSID and vlan is not an option then client laptops should run GlobalProtect with always-on setup and without split tunneling to allow secure access to their network and Internet traffic filtering.

Principal Architect @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes

weezy
L3 Networker
In response to Raido_Rattameister

‎01-06-2026 05:21 PM

They have their own, so technically they will use our internet to access their tools,VPN. It was a guest traffic only. Take note guest users are not integrated on our active directory. They just got their own UN and Password on cisco ISE.

0 Likes Likes

Raido_Rattameister
Cyber Elite

‎01-07-2026 09:07 AM

If client has their own firewall then all you provide them is access to wifi.

It is up to client IT to set up always-on VPN on their employee laptops to force all traffic to be routed into tunnel and this allows them to filter their internet traffic on firewall under their management.

 

No need to integrate with your AD.

Principal Architect @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes
  • 259 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks