I'm preparing to start a consulting startup in China, and this question is about its internal networking.
Here is a list of features that I need:
1. WiFi access to both internal and guest networks, internal using certificates, and guest using passwords.
2. Isolated zones (guest, internal, test gears, process control), with internal having access to all but guest, and guest has access to nothing but Internet.
3. Internal network can access an external VPN server to circumvent great firewall, and internal network has its own VPN server to allow working from home.
4. Test gear network and process control network can receive incoming connections from internal, but not initiate connections to internal, except for certain DMZ rules.
5. All services and employee computers are on internal network.
-----------------------------------------
I made an illustration for this, and my question is, is this achievable with macOS (with Server app, but without a Linux VM)?
Red is danger, green is safe, other colors are different zones that shouldn't access the green zone, but should also not be accessed from the red zone.