I have a variety of IoT devices (appliances) on my home network. The ones I am concerned about are for swimming pool controls (e.g., filter pump, etc.) and a new oven for the kitchen. I also have a couple TiVos, ethernet-enabled Blu-ray players, etc. I anticipate more devices in the future (cameras? doorbell? coyote sensors? whatever?).
Some devices support manual network configuration with dedicated IP addresses. Others are DHCP only. Some devices are WiFi only. Yet other devices are both WiFi-only and DHCP-only. I don't mind experimenting a little bit, but I don't want to leave them permanently on the home LAN for a long time, waiting for them to be compromised and attack my computers on the LAN someday in the future.
The LAN runs from a consumer-grade unmanaged 24-port switch behind the UTM. The 24-port switch connects to the LAN side of the UTM. There are four WiFi access points connected to the switch, which are all consumer-grade routers that are configured as bridges (no NAT, no DHCP, no routing) and as unmanaged switches. The UTM is the DHCP server.
-> What is the best and easiest way to isolate IoT devices/appliances from the rest of the LAN?
I wonder about how a VLAN (or multiple VLANs, one per IoT device??) might work. How do I prevent the IoT devices from seeing the other sensitive devices on the switch? Can a non-managed switch handle multiple LANs simultaneously? (E.g., a 192.168.20.x and 192.168.30.x on the same unmanaged switch?). Is it reasonably secure to assume that the IoT devices won't find the devices on the other "LANs" that are connected to the same switch?
Are there alternatives other than VLANs (assuming that VLANs would work)?
How do I configure the UTM to isolate those IoT devices from the rest of the LAN?
This thread was automatically locked due to age.