Managing the Secure Zone

February 26, 2024

About the Secure Zone

  • All devices connected to the Secure Zone have local network access to each other unless they are in an unapproved state or are blocked. 
  • When Limited access for new devices in the Secure Zone is enabled, unapproved and blocked devices will need to be approved before being shared. 
  • All Ethernet devices are added to the Secure zone automatically. If the Pods and Ethernet ports are easily accessible by unauthorized people, it is imperative to enable Limited access for new devices for the Secure Zone. 
  • Device Groups in the Secure Zone help organize devices but do not designate local network access within the zone. 
  • Devices connecting to the Secure zone are recognized based on their MAC addresses, so it is imperative that any devices you connect to the zone do not use a Private Address (Random MAC address), to maintain their sharing settings.
  • Secure Zone devices or Device groups can be shared with specific employees, providing local network access between Secure zone devices and designated employee devices. There is no way to share access with guests. 
     

Connecting devices via Ethernet versus WiFi

You will enjoy slightly faster speeds on your devices when you hardwire them to a Pod by Ethernet cable. An Ethernet-connected device's connection to a Pod will not be limited by its own WiFi capabilities or the WiFi environment. Connecting devices using Ethernet when possible can also improve the overall performance of the rest of the WiFi network since you are removing it from the shared WiFi medium. Just keep in mind that an Ethernet-connected client will still be limited to the performance of that Pod's backhaul connection to the rest of the network. 
 
Devices use different MAC addresses for WiFi and Ethernet. This is important to keep in mind, particularly when it is assigned to a person or shared since the same device will be recognized as two separate devices on the network based on the MAC used.  
 
IMPORTANT: Any devices connected via Ethernet are added to the Secure Zone and can communicate with any other devices within this zone. Because of this, it is important that you place your Pods in areas where your guests do not have easy access to them. If you cannot prevent physical access to the Pods, it would be a good idea to disable the Ethernet ports on the Pods. 
 

How to Disable the Ethernet ports on your Pod

1.   Tap on the Gear icon on the Homepage in the WorkPass app. 
2.   Scroll down and tap on Pods.  
3.   Tap on the Pod you wish to disable the Ethernet ports on. 
4.   Tap on the ellipses to bring up the option for that Pod. 
5.   Switch off the LAN Ethernet ports toggle switch. 
6.   Tap on Disable in the pop-up to confirm. Your network may temporarily go offline. 
 

Sharing Secure Zone devices with employees

1.   Tap the zone icon and ensure you are in the Secure Zone
2.   Tap on the ⋮ next to the device or device group you wish to share. Unapproved devices must be approved before being shared.  
3.   Tap on the Share access option and then choose the employee who you want to have access, or a specific (unassigned) device. 
4.   Tap on Done to save.  
 

Creating device groups

Device groups make it easier to share local access to multiple devices in the secure zone at the same time with your employees.
 
1.   Navigate to the Secure Zone
2.   Tap on the ⋮ at the top-right of the Secure zone screen and the Create a device group. You can also create the group directly from a device by tapping on the ⋮ next to the device and then New group
3.   Enter the new name for the group and Save.
4.   Tap on the ⋮ next to the device you want to add to the groups and then tap Change group
5.   Choose a group and then tap to finish. 
 
Notes on device groups

  • Device Groups in the Secure zone help organize devices but do not designate local network access within the zone.
  • Once a device is blocked, all group assignments will have to be redone once unblocked.
  • A device cannot be added to more than one group at a time. Although, while in a group, a device can still be shared with employees as an individual device if needed. 

 

Limiting network access for new devices in the Secure Zone

AK-Fi Work has the ability to limit network access for any new devices that connect to the Secure Zone. When enabled, this feature blocks local network access for all new devices access until manually approved. 
 
Unrecognized devices will still connect, but only have access to the Internet until approved. This protects your network if the password for the Secure zone SSID becomes compromised. 
 
1.   From the home screen tap the Gear icon on the top-right to access the Settings page. 
2.   Tap on Secure Wi-Fi to bring up the additional options.
3.   Slide the Limited network access for new devices toggle to the On position.