I am redoing my entire home network and am trying to build it a bit more secure.
Currently I have a main (general user) network under the primary router then a secondary router & subnet built off of it for all my home automation/etc devices. I can access my Hass.io (SSL) and ZM installs remotely.
I would like to have a single network (1 subnet) (purchased 2 nighthawk routers for coverage) that handles everything but definitely want to make sure that my Hassio (rPi3) and ZM (server) are protected.
What is the best way to go? I see a lot of discussions about NGINX but I do not fully understand. I have extra hardware lying around to which I could dedicate to running this but is it needed? I am particularly concerned about unauthorized access to my camera system. (I know I need to make it SSL).
I have also been advised before about splitting my ip allocation up (normal vs home automation) but for the life of me i cannot wrap my brain around it.
Please, any advice or input is welcome. I do not mind reading up (and have read mosts of the discussions here) but I really need a plain, simple explaination or how-to.