I’ll admit up front to being a little afraid about network security. This is based not on paranoia but on the old adage that a little knowledge is a dangerous thing.
I have a little knowledge.
So, I have a Unifi USG which has two LAN ports. The second one can be configured as a separate VLAN.
Am I right in thinking that with a single rule in the firewall prohibiting VLAN 1 from talking to VLAN 2 they would be as isolated from each other as is possible without an ‘air gap’?
I’m thinking that this second VLAN could be used for a single sever that I could open to the internet and could host things such as a Jitsi server.
That way my concerns could be removed reduced, knowing that anything ‘important’ like my HA server is protected.
Yes. Although the firewall probably rule should point in both directions, depending on what connectivity you need. But in general a VLAN can be seen as a separatephysical LAN even though it shares the same physical medium to transport the data.
…creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.