Video Suggestion: pfsense / unifi - how to separate IOT products but still maintain access to them

Hi there, love your channel, i’ve been subscribed for ages, and really like the content you’re putting out. I have an idea for another video which I think is very appropriate given the timing and the fact that even the FBI has just come out with warnings finally that people need to put their smart products on separate networks to help protect their data.


I am running Pfsense and a ubiquiti Wireless AP.

WAN: incoming

IPTV: straight out to set top box (i needed to add a vlan for it to work with the incoming wan connection)

LAN: out to several switches - regular internet/network access

WIFI1: Usual

Wifi2: Guest network

My question is this: If I want to add another wireless network for the smart devices, let’s say WIFI3: IoT

I can do that in unifi, but can someone explain to me what I need to do in pfsense to keep the network separate from LAN. Do I just use Vlans to enable this? Or what’s the best practice?

Also conceptually, if I do this. Let’s say my home-assistant server, and/or my phone/ipad is on the usual LAN/WIFI1 network, does this mean they will not be able to interact with say a smart plug or alexa app on IOT? Assuming this is the case, how do people overcome this limitation?

I would also go so far as to widen this further and say if i then add an additional CCTV network out of the pfsense box (I would like to keep that separate again), how would i then have my home-assistant server/computer/phone etc interact with that?

Not sure if you think this would be a good topic or not, but if you have any ideas or can point me to an online resource i’ll follow up there.

I cover that in this video, just skip the part where I talk about the VOIP phones, unless you have them :slight_smile:

Hello, have a look at my video here. It covers basic firewall rules on pfSense :slight_smile:

Thanks guys, i’ll watch them both. Appreciate the pointers!