Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

New Network Config - FWG Deployment Questions

Follow
Avatar
ED

Hi All - Getting ready to buy equipment to start building out my new home network, but first a few questions before I start buying hardware.  My question is leading practice around the hardware and FWG setup:

1 - Is it better to run one trunk to FWG and connect to a single 16 or 24-port managed POE switch?

2 - Is it better to run two trunks to FWG and connect them to two smaller managed POE switches?

3 - Is it better to run Synology NAS/Surveillance Station on its own trunk and bypass the switch/switches all together?  I'll need to VPN into the Synology to view my cameras - not sure this makes any difference?

4 - Is there a smarter/cheaper way to do what I'm doing?  Devices on the Home VLAN will need to be able to access devices on the IoT VLAN (e.g., home client will need access to Synology to view cameras).

I want to have 3 VLANs (Home, IoT, Guest) defined as:

Home - Most clients will live here.  They will have internet.  Synology, Laptops/Desktops, Network Printer, HomeKit/Homebridge, Sonos, etc.

IoT - Only devices I don't trust will live here.  They will NOT have internet, but will need to be accessible from devices on Home VLAN.  POE Security Cameras, Govee LED Lights, Lutron Caseta, etc.

Guest - Access to internet, but cannot see devices on Home/IoT.

0

Comments

3 comments

Sort by Date Votes
  • Avatar
    Firewalla

    1,2: what is better, depends on your traffic pattern. 

    (1) a single switch is optimized for network traffic between your devices (not going to firewalla) while (2) multiple switches is optimized for you to manage traffic between the segments, but not speed, since all traffic are inspected between the two segments)

    (3) likely same as (1)(2) question, it depends what you want to do with the traffic.

    If you have a gold, you really don't need VLAN's, each port can be a segment, so you have 3 of them already. 

    0
    Comment actions Permalink
  • Avatar
    ED

    Thank you for the swift response.  Considering only 1-2 devices will really be leveraging the NAS, cross-network traffic should be pretty minimal so I'm proceeding with one larger switch (instead of two smaller ones).

    0
    Comment actions Permalink
  • Avatar
    w m

    So i trunk and run everything off a switch with POE and really don't have any major speed issues; however i live in an apt have around 30 some devices.

    I originally wanted to separate into separate LANs as oppposed to using VLANs; however wouldn't that then require 2 APs as you can't route to LANs into a single AP that supports multiple networks?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post