Not all internet devices are the same, and sometimes treating them differently may increase the security and performance of your network. So, you can create many networks with network segmentation instead of having one big flat network at home/work. Each network can be governed by its own rules. This is just like adding rooms and doors (with locks) in the real world.
Use cases for network segmentation include:
- Creating a network for kids or employees with their own rules and policies. You can limit access to the Internet, filter content, monitor activity, and more.
- Creating a network for work-from-home access with VPN client enabled.
- Creating a secure guest network to apply high-level protection to your guests and manage their activities in real time.
- Isolating IoT devices into their own network to prevent unnecessary communication.
If you want to learn about the details of how to implement network segmentation, please see our article on Building Network Segments. Network Segmentation is only available on the Firewalla Gold and Firewall Purple.
Kids' or Employees' Network
At home, you can create a network segment for kids with parental control rules and features. Depending on the situation, you can configure it to be able to access other networks or restrict it from accessing other devices and resources.
If you use Firewalla in your office network, you can create a network to manage employees' network access. You can apply rules and features based on company policies. You can also monitor the network segment as a whole, including alarms and settings.
VPN Network for Working from Home
Firewalla's built-in VPN client makes it convenient to work remotely through a VPN. In this case, you can create a network with a VPN connection configured and only include devices that you need to use for work. This way your work communication is always protected and will not interfere with your other devices' activity.
You can also use network segmentation to create a secure guest network. You can apply features or rules just to your guest network segment, such as porn block or Family Protect. You can also block guest devices from talking to any local networks while allowing devices from local networks to talk to devices inside the guest network.
With New Device Quarantine turned on, all new devices joining the network will be automatically placed into a Quarantine Group, and an alarm will be generated. You can turn this feature on for specific networks to help you build a super-secure guest network segment for home and work.
For devices that only need access to specific services, such as some IoT devices, you can isolate their traffic from the rest of the network. This reduces your risk exposure in case your IoT devices get compromised. Once you set up an IoT network, you can restrict access by setting rules to:
- Block Traffic from & to the Internet.
- Block Traffic from & to all local networks.
- Allow access to ports required by specific services (IP addresses and ports).
Read our article on Building Network Segments for a full tutorial on how you can create and manage subnetworks.