Hi everyone,
I have lost myself in the networking rabbit hole… Read quite a few posts, watched YouTube videos, … So I thought I could share my plan here and get some feedback, if I am over complicating things.
I have pulled the trigger on a Unifi network and am waiting now on my delivery of my UDM SE, APs and L2 Switches. I wanted to take more control of my network and make it more secure. That being said, the most security will be reached, once I am enhancing my docker networks (which will be done at a later stage). This is setting up the basics.
Networks I want to introduce (Subnets and VLANs):
- Networking (LAN)
- Router, UDM, APs, …
- Anything network related should live in this network
- Servers (LAN)
- My NAS, Hypervisor, Pi, VMs, …
- Trusted (LAN/WLAN)
- Main home network for PCs, Laptops, Tablets, Phones, …
- Media (LAN/WLAN)
- TV, PS4, Alexa, Soundbar, …
- Reson not putting it on IOT or Trusted, I need the Guest network able to reach it and don’t want them to reach my Trusted network. IOT I want to be quite limited.
- IOT (WLAN)
- Vaccum, Photovoltaics, …
- Guests (WLAN)
- Anyone visiting
In the following diagram you can see my thoughts on how I intend to configure the Firewall. Who can talk to who…
Maybe this diagram is a little clearer:
Old diagram
Is this overkill? Am I blind and missing something?
Looking forward to your feedback and criticism.
Edit: Indication if just LAN, WLAN or both
Edit2: Second diagram, which might be a bit clearer
My advice would be to consider throttling the bandwidth on the guest network and also block ports and use a restricted dns server with that vlan.
You can’t vet everyone’s devices so you want to be proactive.
