Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

New User - FWP network setup/segmentation

Follow
Avatar
Chris Regan

Hi All,

I know this has been covered but I'm new to network config and am left with questions despite reading previous posts. I'd like to put my smarting hub and 3 wifi-connected "IoT" things - 2 alexa devices and a nest thermostat on the same on a VLAN; my TV/video on a VLAN; 

My set-up

FWP  --> USw-8-PoE lite (unifis 8 port switch). the ports on that swatch are as follows:

1 - LAN from Firewalla

2 - one Unifi wireless AP 

3 - 2nd Unifi wireless AP (6 lite)

4 - USW Flex Mini, 4 port --> 3 TV and lorex NVR

5 - Smartthings Hub

6 - network storage device

7-empty

8 - PC running the unifi controller for now

The TVs video seem easy - just create a VLAN in FWP (VLAN 20) and a new network on the unifi controller mapped to the one created in FWP, assign it to port 4, and *poof*

Same for the smartthings hub on port 5 (VLAN 10). 

Can I just then create a wifi SSID "IoT-wifi" and assign it to VLAN 10 and connect the alexa's and nest thermostat to it and be good? I assume I'd have to leave the unifi switch ports set to "all" since they also carry default (LAN) wireless devices as well

Do I need rules in the FWP to restrict the VLANs access to other VLAN and LAN

What other common blocks/allows or other rules might I need to add?

I realize this is pretty simple, but again, I'm new, and all the stuff I read gets me part way to understanding but then raises more questions too, so I'm hoping to get some patient input here.

thanks!

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Michael Bierman

    The port from Firewalla to the switch will be a trunk port. That means Firewalla and the switch will include all the VLANs and LANs. You may use the ALL setting in this scenario. Traffic to the APs will be trucked as well, but need only include the VLANs for the Wi-Fi networks. This might be “all” but that depends on your set up.

    As for rules, you need to figure out which VLANS deed access to what.
    Does the network need any LAN access? Only internet? Does it need access to VLAN A but nothing else? Is access one way or bidirectional? This will depend on what’s on each network. Rule of thumb is in general, assume devices AP on the same network can see each other. Traffic between networks you can control.

    https://help.firewalla.com/hc/en-us/articles/4408644783123-Network-Segmentation

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post