I believe I’m saturating my Bidefender box2. Looking to upgrade to the Netgate 6100. I haven’t setup Vlan’s before so wanted to get your feedback on the overall home network setup. The bitdefender box2 only has 1 LAN port so today i plug into netgear 24 port switch. I have 1Gb internet. Attached is how i think the best way to hook up the Netgate 6100 without new additional hardware. I’m using my old netgear routers as access points and unfortunately they don’t support VLAN in access point mode. Plan to setup the correct firewall rules to use the Workstations as admin to all the other VLAN’s but not the other way around. Is the Netgate 6100 the right device or are there other recommendations? Not sure if it’s best to put the plex server behind the switch at 1Gb or leave it behind the Netgate at 10Gb since i transfer edited home videos to it often.
For what it’s worth these are my thoughts.
That 6100 looks pricey, it looks like it can handle 1Gb WAN but it probably also depends on what else is running on pfSense. I do not believe it has a builtin switch, some Netgate devices do.
I would consider, say a Lenovo i3 compact desktop that can take a couple of half height quad NIC cards, that will cost 25-50% of the 6100, with a bit more horsepower, if it isn’t power hungry, then I’d say it’s a better option.
Personally I can never quite tell what box will support a 1Gb WAN, though I don’t have that problem thus far.
With respect to your setup, I would pass everything through the switch with an LACP LAGG between the switch and router. Your 10Gb Plex I would directly connect to from your device to move videos on a 10Gb connection, with a 1Gb connection to the switch you can can also setup a LAGG if you really have so much traffic from many sources.
If you have a Netgear Pro switch, then you can do LACP, if it’s a Plus model then it still does aggregation just not LACP.
If you still want to connect directly to the 6100 you have to put them on their own network, I don’t think you can put it in a vlan as such (might be wrong), it’s not a problem, just use static routes to access those networks.
The other thing you need to consider is that if you currently only have a single switch, then you might snooker yourself when trying to configure pfSense. I have Netgear switches too, I needed to configure pfSense with the vlans on, then configure my switch with vlans, then connect the two. Not sure if that was just me or what, but you might need your switch on both the existing set up and while setting up pfSense or people will start shouting 
I presume all devices are on the same subnet, so when switching over to vlans, you need to set the IP on the cams first, unless you have a dumb switch lying around, otherwise you won’t be able to access the cams easily to get them on the vlan.