Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Could a Netgate be used to protect my Home LAN from my Home Lab?

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 3 Posters 897 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      vargas
      last edited by

      I am in the process of setting up a Home Lab.

      I will be testing nefarious websites. Some of which could be malware-laden. I don't want the nightmare scenario of other devices on the network getting infected ransomware or any other wormable malware.

      Would a Netgate Firewall make sense?

      johnpozJ S 2 Replies Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @vargas
        last edited by

        @vargas sure pfsense allows for easy firewall between devices on different networks. Like your normal network from your "lab" network(s)

        Can be used to filter traffic where can go, where can't go on the internet, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        V 1 Reply Last reply Reply Quote 1
        • V Offline
          vargas @johnpoz
          last edited by

          thanks @johnpoz.

          What would be the best way to do this with pfsense?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @vargas
            last edited by

            @vargas not sure what you mean "best" way? You can run pfsense pretty much on anything.. old pc, as a vm or sure yeah buy a netgate appliance.

            I have a sg4860 in my house.. Run multiple vlans and do isolation for my iot devices from my normal stuff. Multiple wifi vlans, etc.

            I don't have a "lab" since to me is a lab you something you fire up to "test/play" with something specific.. If its your "production" network its not really a "lab" ;)

            While I lab stuff all the time, its pretty much all done in vms on my "production" network - just isolated from day to day stuff "normally"

            My switches and AP allow for vlan anything I need off and isolate it for "testing/playing"

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            V 1 Reply Last reply Reply Quote 0
            • V Offline
              vargas @johnpoz
              last edited by

              @johnpoz said in Could a Netgate be used to protect my Home LAN from my Home Lab?:

              My switches and AP allow for vlan anything I need off and isolate it for "testing/playing"

              Great, so what is the difference between VLAN segmentation and firewall segmentation?

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator @vargas
                last edited by johnpoz

                @vargas nothing really ;) You can filter traffic at pfsense unless the traffic is being routed through pfsense.. You could bridge to isolate devices on the same L2 network.

                But in general devices on the same network would need to run their own host firewall to prevent or allow traffic from other devices on their same network. Pfsense does not get involved communication between devices on the same network.

                Putting devices on their own vlan also creates a different broadcast domain. So only devices on that specific network would ever see broadcast or multicast from devices on the same network.. So even if allowed all traffic between vlans - they wouldn't really be able to do any sort of L2 discovery to find other devices on the network..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07 | Lab VMs 2.8, 25.07

                1 Reply Last reply Reply Quote 1
                • S Offline
                  SteveITS Rebel Alliance @vargas
                  last edited by

                  @vargas Even the devices that have switches, like the 2100, can be configured to treat the ports as independent ports. At that point the ports are configured as separate networks, and you just put in a rule to block traffic from LAN to LAB and vice versa.

                  Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
                  Upvote 👍 helpful posts!

                  1 Reply Last reply Reply Quote 1
                  • V Offline
                    vargas
                    last edited by

                    Thanks Jon and Steve - I very much appreciate your informative answers!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.