Hi, my network has grown over a couple of years to five AVM Fritzboxes running 90+ IPV4 nodes in the network. The amount of Fritzboxes is due to the building situation and WIFI coverage and the simplicity of using their MESH technology.
Wrt firewalls so far I solely rely on the FW built into the 7590AX, for DNS a PiHole is used.
Now I am thinking about increasing security for my core PCs, Server and NAS devices, by putting those behind an IPFire, where the IPFire shall remain behind the Fritzbox router, i.e. not become an exposed host. I’d also like to keep my WIFI devices else it would require four additional WiFi access point which I want to avoid. Due to the lack of cabling I also have to deal with the caveat to run all traffic over the same layer two switches, red and green traffic .
Here is a simplified schema of the network Left is as-is right is to-be
I am aware I would need to drill some holes to allow admin PC to work across all LAN segments, but that is config stuff and shouldn’t be a big deal.
However before I start to finally implement an IPFire I’d like to ask you if this setup makes sense at all or if the switch issue would limit the increase of security I hope to get.
Update: Just figured out VLAN switches are quite cheap meanwhile, so replacing the switches would be an option.