Trying to do the impossible

[Martin Jones]

TrueNAS Core 12.2
Gen 8 Microserver
Unifi Security Gateway/WIFI access point/layer 2 switch managing VLANS
Main LAN
IOT VLAN
Camera VLAN
Guest VLAN

I am no networking GURU by any stretch of the imagination but after years in the IT industry, I have taught myself how to accomplish the following. I have a Unifi gateway managing my network which includes having all of my IOT's, including my Microserver, on an IOT LAN. The Microserver manages TrueNAS core, Plex server and home assistant. Also at some point soon I want to add Zoneminder to the list to handle the camera's for my new house. There is also a guest network. These are all locked down using Unifi security and only the main LAN is able to access all of the other VLAN's.

What I want to do now is to move my Unifi controller to my microserver which is always on. Currently the Unifi controller is on my windows LAPTOP and is causing me issues, but I'm worried about security. My thought is that I have to move my Microserver back over to the main LAN so that the 192.168.1.1 network remains the control. Unfortunately what do I do with the IOT's and Camera's on a separate VLAN.

I understand that TrueNAS can handle VLANs but I really don't understand how I can utilise this to solve my problem.

Finally my question, can I segregate TureNAS the same was as I've segregated my network? and allow Unifi to still handle the security? Or am I barking up the wrong tree? Can someone point me in the direction of some sensible knowledge? Thanks as always

 

[Heracles]

Hey @Martin Jones,

To build such a segregated network, you would need an actual firewall like pfSense. Either as an hardware appliance like the SG-100, a dedicated old computer or a virtual appliance in a type 1 hypervisor, such an infrastructure firewall is what you would need for that. Using it, you can then create and manage all the vlans and subnets you wish.

IoT devices are often loaded with spywares and are low security. I would surely not put them in the same segment as a TrueNAS server.

Here, I have many segments and TrueNAS is in a dedicated one (Data). I also have ZoneMinder and all the cameras are in another vlan, IoT. ZoneMinder connects to them and grab the content to save it in TrueNAS.

 

[Patrick M. Hausen]

@Heracles is right about the segregation. I would recommend OPNsense to achieve that. TrueNAS is not suitable for this task. But ... you can create all the VLANs you need and attach jails and/or VMs to each VLAN as you see fit. So you can at least run the Unifi controller in a jail on your TrueNAS. The security gateway - no.

 

[Martin Jones]

I

Hey @Martin Jones,

To build such a segregated network, you would need an actual firewall like pfSense. Either as an hardware appliance like the SG-100, a dedicated old computer or a virtual appliance in a type 1 hypervisor, such an infrastructure firewall is what you would need for that. Using it, you can then create and manage all the vlans and subnets you wish.

IoT devices are often loaded with spywares and are low security. I would surely not put them in the same segment as a TrueNAS server.

Here, I have many segments and TrueNAS is in a dedicated one (Data). I also have ZoneMinder and all the cameras are in another vlan, IoT. ZoneMinder connects to them and grab the content to save it in TrueNAS.

I'm so sorry, I thought I'd thanked you for your reply. I read it and obviously forgot.