<![CDATA[Home network segmentation | Is it overkill or necessary]]>I have asked about the same subject on another forum (not pfSense) but I'd like more input before I make my mind.

So I am a home user with my girlfriend and her kid. I have been reading on how to protect my home network from ransomware and sure, I'd like to limit this possibility as much as possible.

If one is googling for network protection and VLAN, sure he will get a lot of documentation of how it is absolutely necessary. But as I am not a networking expert, I just can't be sure wether it is or not.

Actual setup and possible configuration
So here is a picture of my actual network in which all hosts are in the same subnet 10.0.0.0/24.

The grey shaded area represent physical rooms while the colored shaded area represent segmentation I should go with if I were to follow what I gathered on the subject.

Any thoughs on that will be much appreciated.

Thanks.

[EDIT]
My question is not how to segment this.

It is : is it overkill or is it really useful. And if it's overkill, what would be a more sensible config.

a386991e-c464-4b5b-8fe6-aecd5d79c8e2-image.png

]]>https://forum.netgate.com/topic/166961/home-network-segmentation-is-it-overkill-or-necessaryRSS for NodeFri, 12 Jun 2026 15:12:11 GMTSun, 03 Oct 2021 18:56:08 GMT60<![CDATA[Reply to Home network segmentation | Is it overkill or necessary on Sun, 03 Oct 2021 20:47:23 GMT]]>@ninthwave

One very important thing, don't let them run as Admin!!! Most people get a Windows computer and run as Admin, which leaves the computer wide open for malware. Run as a user and only use the Admin account when necessary. This is the way things are normally done in the Linux/Unix world.

]]>https://forum.netgate.com/post/1004230https://forum.netgate.com/post/1004230Sun, 03 Oct 2021 20:47:23 GMT<![CDATA[Reply to Home network segmentation | Is it overkill or necessary on Sun, 03 Oct 2021 19:21:57 GMT]]>@bingo600 said in Home network segmentation | Is it overkill or necessary:

Why do you specify adult & kid in the same vlans ?

There is only one PC for adult and one PC for the kid.

I would believe I present as much risk as the kid since it is not impossible that I click an attachment in an email. But I am not sure.

And a single firewall rule can keep the kid from accessing the router.

]]>https://forum.netgate.com/post/1004224https://forum.netgate.com/post/1004224Sun, 03 Oct 2021 19:21:57 GMT<![CDATA[Reply to Home network segmentation | Is it overkill or necessary on Sun, 03 Oct 2021 19:14:52 GMT]]>@ninthwave
This looks a bit like my setup 😀

Why do you specify adult & kid in the same vlans ?
It would prob be easier to have kids in one vlan & adults in another , then it's easy(ier) to filter kids.

I ended up putting the WiFi printer in the "Phone Vlan" , and denying it access to the Inet. This was due to the Wife wanting to print from her phone 🤕 , and the phone would not see the printer on another vlan. And PC's etc have no issue seeing the printer on the "phone vlan"

/bingo

]]>https://forum.netgate.com/post/1004221https://forum.netgate.com/post/1004221Sun, 03 Oct 2021 19:14:52 GMT