Currently have gigabit fios to the home. With remote work taking over the home, I need to segregate work from home. home=5 wired clients(1 NAS, 2 pcs and 2 consoles) and 2 access points(a bunch of iPhones,tablets and iot devices)
Work will be 3 pcs which will need to provide an open port for remote ssh access.
Work pcs should not be able to access home pcs. However, a home pc should be able to access a work pc.
My initial idea is to get an edgerouter 4 to connect to the outside line.
The lan side of the edgerouter would connect to a switch which would serve the ‘business’. One to the switch ports would go to the internet port of the Verizon router. Then I would map a dmz port from the edge router to the Verizon router ip. The edge lan would be 10.0.0.0 and its DHCP server disabled. All business clients would have static ip addresses. The Verizon router lan would be 192.168.1.0 with DHCP enabled. The Verizon router ip would be 10.0.0.10.
The Verizon router also has a cable connection in addition to ethernet. Apparently, tv programming comes in over the cable. This is why the verizon router has to be the internal network. Somehow the cable programming is mapped to the verizon router ip and all the devices on the verizon lan can get to it.
Is this architecture double natted? The ‘inner’ network is mapped to a dmz port from the outer network so the verizon router should think it’s connected directly to the outside world.
Is this enough information for someone to give a good response? I do not know what advantage I would get from running pfSense on something like this:
instead of the edge router. And then of course other recommendations like a cisco 340 might be an option.
Most of the bandwidth will be consumed by the home pcs