I'm not a networking expert by a longshot, but I know enough that I don't think this will work. However, I do love being enlightened. I need a guest network, inside of a production network, where the guest can access only the internet.
Our current setup is as follows. IPs are just examples.
Internet - let's say 74.125.140.138
Managed firewall - I don't have direct access to change this - Network IP 192.168.1.1
Production Network - 192.168.1.0/24
Guest Router - WAN IP 192.168.1.100 - Network IP 192.168.20.1
"Guest network" - 192.168.20.0/24
Now, the theory behind this was that guest gets a 192.168.20.* address, so they shouldn't have any access to our servers and such in the 192.168.1.* network. However, this doesn't work at all since the guest router has it's WAN network as our internal network. So obviously, it just forwards any request for our servers directly without fuss.
Is there any way to get this to work as a guest internet-only network without messing with our actual firewall?