So, currently it seems the way to set up your network is to have a separate network for your IoT things (Amazon echos, Google Home, untrustworthy IP cameras, etc).
Then, you explicitly create firewall rules allowing your laptop or whatever will be managing these devices through their web interfaces.
Then, when you think about it… does your IP camera need to talk to your Echo? Does your Chromecast need to talk to your thermostat? Maybe some of your audio stuff like Sonos would need to talk to each other to synchronize music across multiple rooms… but aside from that why have anything on your network talk to anything else?
Should each client be on it’s own VLAN for security purposes? Other than a NAS, what business does my wife’s laptop have talking to my laptop anyway?
Am I thinking about this wrong?
Is there a way to do this with my UniFi gear?
Is that what the difference between a “guest” and “corporate” network is in UniFi terms?
Sounds like you are overthinking it, but yes can isolate devices so they only have access to the outside world using the UniFi guest WiFi option. This would block devices ability to move laterally through the network at all. I don’t think that feature is supported on the UnIFi switches as it requires routing rules at the switch port level, but other higher end switches do support this. Creating VLANs for each device would work, but would be cumbersome to manage, but if you have the time and you enjoy it, have at it!
