Tips for managing safe and insecure PC mixes [closed]

security networking local-area-network vlan pfsense

I'll assume that all the PCs and printers are connected to managed switches that are VLAN-capable. If that is not the case, there is little you can do until you change that.

At each site, create three VLANs: Work, Home and Guest. Trunk the 3 VLANs across the fiber link and to the firewall, so the firewall is the default gateway for each VLAN.

You can then assign each port to the correct VLAN, depending on the type of device on that port.

Now you can create policies on the firewall to isolate each VLAN. As a start, I suggest you allow all VLANs to reach the Internet, but don't allow devices in one VLAN to reach another. That way, you can keep home and business devices separate.

Related

How to make sure script is always running?
Why does dig not show the authority section and how to make it show the authoritative name servers that hold the DNS query`s answer?
USB 3.0 Card for HP Proliant DL360 G7 and G8
Providing Guest VM to connect to Internet through Host on ESXi with only one adapter
Answer "yes" to ssh-copy-id first time run by script?
How to tell what computer has a file open on a network share?
Easy way to limit file size (stdout) on a shell script level?
Fail2Ban blocks ip in ignoreip list
How do I get the SharedPreferences from a PreferenceActivity in Android?
Disable input conditionally (Vue.js)
How to create an HTTPS server in Node.js?
Exit Shell Script Based on Process Exit Code [duplicate]