Newbie: Help me design my home network

Newbie here. I have been watching Tom’s videos for a while and it’s time to chime in.

I am moving to a house that has a Frontier Fios 1GB fiber connection and I want to make sure that I get the most out of it.

I was able to get the installer to drag the fiber optic cable from outside the house into a pantry that I am converting to a server room.

In the room he installed a ONT and a separate Wifi router/switch.

I am under the impression that I can get them to come back and bring a SFP device and I can bypass all the supplied hardware and plug it directly into something like a pfSense Netgate appliance.

If so my next question would be is a Netgate 6100 appliance way overkill for a residential situation? I will have hard wired 4k TV’s around the house, maybe 20-30 IOT devices and 12-16 4K POE security cameras and a Synology NAS.

I edit 4K video on my PC and store the data on the NAS units. I am also an occasional Youtuber and will be uploading videos.

The house is currently undergoing a remodel and a rewire. I pulled Cat7a everywhere to help future proof things and I don’t want to worry about distances and noise.

I am also installing a number of Unifi wifi access points on the ceiling and plan to use a Gen 2 Cloud Key for those.

I want one network for all my IOT devises, one for the cameras, one for guests and one for my PC’s and NAS drives.

In addition to my on-site NAS I also have another identical NAS off site that I back up to so they will need to be able to talk to each other.

Is the pfSense Netgate 6100 firewall overkill and is going with internal 10gb connections overkill for PC’s to NAS units? I don’t want to throw away money but I don’t want any issues and security is my #1 concern.

If my PC and NAS are on one network and my cameras are on another how does my NAS get access to the cameras to record the footage? How does my cell phone gain access to cameras and IOT to manage them if they are on separate networks?

Thanks everyone for the help!


For what it’s worth …

If you’ve got the cash for the 6100 it does sound like you will be able to plug your fibre straight in an SFP port/module, I don’t have such a connection only seen it on youtube.

Hopefully have double runs of cable between your switch and endpoints, you can then have switches downstream connected over a LAGG back to your main switch. Then you have both redundancy and double bandwidth for not much extra cost or effort.

I’d make sure you buy switches with LACP.

If you want to split your network, you can use vlans, then have rules enabling whatever flow of traffic you want.

PfSense also has an excellent implementation of OpenVPN, easy to set up if you want to sync to an off site NAS.

I’d also make sure your AP supports multiple SSiDs as it’s then likely to support vlans.

10G is pretty expensive but if cost is a constraint then probably it’s ok to buy just a main switch supporting 10G, Netgear make a few.

I do think you will need to invest time in understanding pfSense, it might take a while.

Thanks for the reply.

Between the server cabinet and each of the two places that I plan to set up a desk I am pulling [6] cables to a Keystone faceplate behind each desk. This gives me redundancy and places to plug in network items without having a switch at each desk. The access points that I am running are Unifi Access Point WiFi 6 Lite.

10GB internal between my PC to my NAS is probably the only high speed connection that I need.

Is there an option that requires less work than pfSense that works well? I don’t do the network thing for fun or as a hobby and once it’s set up I want to forget about it. I also don’t want to spend dozens of hours learning how to set it up and get it working.

Maybe I am overthinking this? I was thinking about just going with Unifi products but I don’t need any of the video parts of it and I keep finding people having speed issues with a 1GB internet connection.

It’s easier to buy an Asus router some now have a 10g wan. They have a good implementation of openvpn, forget about vlans and segmentation. Keep everything on the same network, anything you don’t trust use the guest network. They’ll work and you can leave it.