Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Home network segmentation | Is it overkill or necessary

    L2/Switching/VLANs
    3
    4
    616
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NinthWave
      last edited by NinthWave

      I have asked about the same subject on another forum (not pfSense) but I'd like more input before I make my mind.

      So I am a home user with my girlfriend and her kid. I have been reading on how to protect my home network from ransomware and sure, I'd like to limit this possibility as much as possible.

      If one is googling for network protection and VLAN, sure he will get a lot of documentation of how it is absolutely necessary. But as I am not a networking expert, I just can't be sure wether it is or not.

      Actual setup and possible configuration
      So here is a picture of my actual network in which all hosts are in the same subnet 10.0.0.0/24.

      The grey shaded area represent physical rooms while the colored shaded area represent segmentation I should go with if I were to follow what I gathered on the subject.

      Any thoughs on that will be much appreciated.

      Thanks.

      [EDIT]
      My question is not how to segment this.

      It is : is it overkill or is it really useful. And if it's overkill, what would be a more sensible config.

      a386991e-c464-4b5b-8fe6-aecd5d79c8e2-image.png

      bingo600B JKnottJ 2 Replies Last reply Reply Quote 0
      • bingo600B
        bingo600 @NinthWave
        last edited by

        @ninthwave
        This looks a bit like my setup šŸ˜€

        Why do you specify adult & kid in the same vlans ?
        It would prob be easier to have kids in one vlan & adults in another , then it's easy(ier) to filter kids.

        I ended up putting the WiFi printer in the "Phone Vlan" , and denying it access to the Inet. This was due to the Wife wanting to print from her phone šŸ¤• , and the phone would not see the printer on another vlan. And PC's etc have no issue seeing the printer on the "phone vlan"

        /bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        N 1 Reply Last reply Reply Quote 0
        • N
          NinthWave @bingo600
          last edited by

          @bingo600 said in Home network segmentation | Is it overkill or necessary:

          Why do you specify adult & kid in the same vlans ?

          There is only one PC for adult and one PC for the kid.

          I would believe I present as much risk as the kid since it is not impossible that I click an attachment in an email. But I am not sure.

          And a single firewall rule can keep the kid from accessing the router.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @NinthWave
            last edited by

            @ninthwave

            One very important thing, don't let them run as Admin!!! Most people get a Windows computer and run as Admin, which leaves the computer wide open for malware. Run as a user and only use the Admin account when necessary. This is the way things are normally done in the Linux/Unix world.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.