Author: Jacob Language: text
Description: VLAN is not for security, so how to secure my network? Timestamp: 2016-09-15 16:51:32 +0000
View raw paste Reply
  1. Hi Chris and Allan thanks for the great show (I recently became a patreon to support the show :D).
  2.  
  3. I have a question regarding to home VLAN network setup. I have a reasonably configured home network: Ubiquity Unifi Gateway, 2 x Unifi Switches and few Unifi wireless points and cameras). I have VLAN configured and different devices connect to different VLANs (e.g. servers run on VLAN 10, work computers on VLAN 20, other home devices on VLAN 30 etc...).
  4.  
  5. I understand VLAN is not a mechanism for security, i.e. put devices on different VLANs will not give you isolation (because the Unifi devices are Lv3 switches and route packets between VLANs by default). I am wondering what is the best way to properly separate them?
  6.  
  7. I think maybe I can configure the firewall on each port on all my switches, but that doesn't sound scale-able or easy to manage; or maybe I should get a simple device to act like a gateway+firewall for a VLAN which essentially make the Unifi switches routers, but that doesn't sound right either as if I have 2 ports on the same switch running the same VLAN then my solution will require a lot of this kind of firewalls and ends up becomes unmanageable again.
  8.  
  9. I see a lot of people are talking about VLANs and how VLAN brings security and isolation, so I feel like I may be missing something? I don't have VLAN security configuration experience so I am keen to understand how to properly setup security between VLANs. Thanks very much!
View raw paste Reply