New to network security

Please be patient I am still learning. Need some help. I got my pfsense box up and ready. Now the question is how to implement it right. A little back ground on my home network. I am currently using an asus router for everything but I have run out of wired ports on it. I have a 24 port switch that I want to take advantage of to fix the port problem. I want to use the pfsense box for router and firewall and turn my current asus router into an access point. I also have several servers. What I am not sure about are all my smart lights, light switches and echos. Servers I can port forward but how do I set up the later. Am I going to go through and set up each light and switch?


I hope you are not port forwarding your servers and lights to the WAN.

I do something similar

  1. Dedicated pfSense appliance as firewall, DHCP/DNS/NTP/VPN server, etc.
  2. ISPs fiber optic modem is in bridge mode, thus pfSense gets assigned WAN IP address
  3. Installed OpenWRT on Linksys WRT3200ACM so all ports assigned to LAN, disable FW/DHCP/DNS, thus WRT3200ACM is regulated to a simple AP.
  4. Connect switch to LAN side of pfSense
  5. Connect WRT3200ACM to switch
  6. All devices on same sub-net to keep it simple

I have a plex server and I host a game server. So I will need those two to about to be accessible from the internet. My other servers I want to only be accessible for local.

What the king of rock and roll (elvisimprsntr) posted makes perfect sense and you should have no problem keeping local local and create the specific rules for your plex and game server requirements forwarded to static IPs on the lan side.