(Solved) How to maximize use of 4 port firewall for home

Hi,

this does not sound like a home use to me?

Next, the APs you plan on using cannot be managed by the XG so they will be just unmanaged APs. The three SSIDs will all be connected to the same network address range unless you use Sophos APs then you can build seperate networks for each SSID.  The streaming devices assuming they are 4k TVs will require considerable bandwidth.

With the amount of devices you are asking about you will saturate your VLANs so you are better off planning to spread the devices across the 3 remaining NICs and try to load balance. All these devices streaming assuming from the internet will saturate your WAN link and if they are streaming from the NAS remember that you will have double traffic on the linksand through the XG. Also the XG might run into performance issues because you are using a low performance CPU.

Ian

It's definitely home use :D

And since it's home use, Sophos APs are relatively expensive, and Unifi isn't.  I don't use Sophos to manage the APs.  Unifi has it's controller, that I have running as a docker container on my NAS.  As stated, I created 3 VLANs on each AP, so that if I'm near AP1, I can connect to 3 different VLANs.  When I'm near AP2, same SSIDs are presented.  Each SSID have different subnets, e.g. 192.168.10.1, 192.168.20.1.  I configured the same on my switch.  I created different firewall rules on Sophos XG, so that VLAN2 and VLAN3 are allowed/ restricted to access certain network resources.  Currently though, both APs plug onto the same switch, and tagged.  But only 1 port connects switch to my firewall, which has only 1 port.  

I only have 1080p TVs.  

I am indeed worried I'm saturating my VLANs, though maybe not at all times.  At 2.4 GHz, each of my AP can only provide 300 Mbps.  That's theoretical.  Our walls are thick and made of hollow blocks.  I was told while streaming shows to ipad, there's buffering.  

If I don't connect the APs to firewall directly, how do I go about spreading the devices?  Each AP tagged with a port on my switch, then connect the tagged port to a port on my firewall?  

"...will saturate your WAN link and if they are streaming from the NAS remember that you will have double traffic on the links..."  What do you mean by double traffic?  

I'm gonna use a Core i3-4160T with 8 GB memory.

Double stream of traffic over the same VLAN, coming from NAS going to TV.

What device is providing the DHCP function, if it is the XG the devices will pickup an existing assignment regardless of which VLAN they are on.

Ian

The XG is the DHCP server.

Sorry, still don't get this- Double stream of traffic over the same VLAN, coming from NAS going to TV.

Do you mean the same SSID providing internet from WAN, is also the same SSID serving up shows from the NAS?

I have assumed that the TVs will be streaming from the NAS not the internet.

Ian

That's another topic for me to create after this :D . (What policies to create to secure home network when you have TV box that requires access to internet, and to NAS)

TV Box has Youtube, so stream from the internet.  TV Box also has Kodi, stream from NAS.  

Hi,

U suggest you search the forums because there are a number of posts about streaming and security.

Ian

Jang430,

if the thread has been resolved, please mark the solution and open a new one. One thread --> One question.

Thanks