Insolation of insecured wireless
I am running enterprise security on mine access points. I am thinking about getting few wifi devices such as thermostat that only works with wap. So I was thinking about adding additional access point and insolating it from rest of system. How I can acomplish this with pfsense. my pfsense firewall has two open network ports.
Should be easy - Interfaces->assign a new OPT1 to a space NIC. Give OPT1 a different subnet. Plug the WAP-AP into that NIC, and give it an IP in the new subnet. Connect your sensor devices to the WAP-AP.
Assuming you just want to connect in from devices elsewhere (e.g. from devices on the LAN) to read the sensors, then you should be able to have no pass rules on OPT1. That way someone else who connects to your WAP-AP will get nowhere except for your sensors. If they are just sensors, then who cares if they know your fridge temp. If the sensor also lets you switch off the fridge, then there is a bigger problem, don't want the neighbours doing that for a prank.
On LAN put whatever restrictive or permissive rules you like to let things get to OPT1 subnet.