I'm attempting to deal with various WiFi devices (IoT, printers, TVs etc) that I want to lock down as much as possible and came up with the attached firewall zones that seem to be working so far.
I have 3 WiFi networks configured:
- normal devices (computers etc)
- IoT devices
- local network devices
I want WiFi network 2 to only be able to get out to the Internet and not see other local devices or the LAN. WiFi 3 shouldn't see anything... mainly this is for devices like printers that will accept incoming requests but shouldn't be able to initiate connections. For wifi networks 2 and 3 I have the networks set to isolate. Wifi 1 is set to the 'lan' zone, 2 is set to the 'guest' zone and 3 is set to the 'local' zone. I just wanted to see if this seems like a reasonable way to accomplish it? Is there anything else I should be looking at?
For other devices, I only want them to be able to see the Internet since they are only functional in that mode and local network access is pointless (the fun of IoT: have a device in your house that only talks to a remote server and then you have to contact the server to find out what the thing in your house is reporting... grr) and I don't want them to be able to poke around my network. So that's why I was asking: does this configuration sound like it will do what I want or do I just have an illusion of it doing what I want (i.e. not testing the right things) and is there a better way to do it?