Hi everyone,
I have lost myself in the networking rabbit hole… Read quite a few posts, watched YouTube videos, … So I thought I could share my plan here and get some feedback, if I am over complicating things.
I have pulled the trigger on a Unifi network and am waiting now on my delivery of my UDM SE, APs and L2 Switches. I wanted to take more control of my network and make it more secure. That being said, the most security will be reached, once I am enhancing my docker networks (which will be done at a later stage). This is setting up the basics.
Networks I want to introduce (Subnets and VLANs):
- Networking (LAN)
- Router, UDM, APs, …
- Anything network related should live in this network
- Servers (LAN)
- My NAS, Hypervisor, Pi, VMs, …
- Trusted (LAN/WLAN)
- Main home network for PCs, Laptops, Tablets, Phones, …
- Media (LAN/WLAN)
- TV, PS4, Alexa, Soundbar, …
- Reson not putting it on IOT or Trusted, I need the Guest network able to reach it and don’t want them to reach my Trusted network. IOT I want to be quite limited.
- IOT (WLAN)
- Vaccum, Photovoltaics, …
- Guests (WLAN)
- Anyone visiting
In the following diagram you can see my thoughts on how I intend to configure the Firewall. Who can talk to who…
Maybe this diagram is a little clearer:
Old diagram
Is this overkill? Am I blind and missing something?
Looking forward to your feedback and criticism.
Edit: Indication if just LAN, WLAN or both
Edit2: Second diagram, which might be a bit clearer
Nice thinking 😊
That being said, network vlan are gr8 for Network security. Since you plan on using L2 switch, having many vlan will require going back to router every time you initiate communication between 2 vlans.
Here’s my 2 cents:
Happy design!