[andrewnicolalde]

I currently rely pretty much exclusively on my Unifi gateway’s not-great IPS/IDS system, which allegedly receives updated threat intelligence feeds periodically. Outside of actual intrusion detection, I prevent my IoT devices (which are located in their own VLAN) from contacting the internet wherever possible, and entirely block any inter-VLAN traffic other than responses to connections initiated from devices residing on a “trusted clients network”, which hosts my phone, laptop etc.

[nanidin]

> their own VLAN) from contacting the internet wherever possible, and entirely block any inter-VLAN traffic other than responses to connections initiated from devices residing on a “trusted clients network”, which hosts my phone, laptop etc.

I am interested in this kind of setup but lack relevant experience. Is this stuff you set up in the stock Unifi admin pages?

[andrewnicolalde]

Rest assured it is not that difficult :). Correct, I've configured several firewall rules on the UniFi web UI, since I have a UniFi router/firewall (in my case a USG). If you'd like some help, feel free to reach out to me on keybase! I'm andrewnicolalde on there.

[n0on3]

many sort-of-recent home network equipment support this stuff or equivalent (i.e., multiple networks) just as a configuration from their admin UI. You don't really need relevant experience to set this up, just very basic networking knowledge and will to occasionally shake your head at the web-based-admin-user-experience of the box.