Hi everyone,
I have lost myself in the networking rabbit hole… Read quite a few posts, watched YouTube videos, … So I thought I could share my plan here and get some feedback, if I am over complicating things.
I have pulled the trigger on a Unifi network and am waiting now on my delivery of my UDM SE, APs and L2 Switches. I wanted to take more control of my network and make it more secure. That being said, the most security will be reached, once I am enhancing my docker networks (which will be done at a later stage). This is setting up the basics.
Networks I want to introduce (Subnets and VLANs):
- Networking (LAN)
- Router, UDM, APs, …
- Anything network related should live in this network
- Servers (LAN)
- My NAS, Hypervisor, Pi, VMs, …
- Trusted (LAN/WLAN)
- Main home network for PCs, Laptops, Tablets, Phones, …
- Media (LAN/WLAN)
- TV, PS4, Alexa, Soundbar, …
- Reson not putting it on IOT or Trusted, I need the Guest network able to reach it and don’t want them to reach my Trusted network. IOT I want to be quite limited.
- IOT (WLAN)
- Vaccum, Photovoltaics, …
- Guests (WLAN)
- Anyone visiting
In the following diagram you can see my thoughts on how I intend to configure the Firewall. Who can talk to who…
Maybe this diagram is a little clearer:
Old diagram
Is this overkill? Am I blind and missing something?
Looking forward to your feedback and criticism.
Edit: Indication if just LAN, WLAN or both
Edit2: Second diagram, which might be a bit clearer
A guest vlan only has access to the internet by definition. If you want your friends to access your media, just create an additional wifi ssid in your internal network for that purpose. That way, you can have your media in your internal network and avoid apps connectivity issues (ex : soundbar app requires your phone or tablet to be in same vlan to manage it).
😊