cancel
Showing results for 
Search instead for 
Did you mean: 
Replies are disabled for this topic. Start a new one or visit our Help Center.

Separate network for insecure IoT device

Lebesgue
Community Member

Dear community.

I'm running a pfSense router/firewall in front of my Google Nest mesh network and have dedicated WLAN interface for this one.

Works OK except for double NAT and having to setup port forwarding for specific cases.

Bridge mode would make it straightforward to separate WLAN devices but is for some reason not supported by Google Nest with a mesh network.

Thus is anyone aware how to separate insecure IoT devices (CCTV cameras in this case) in Google Nest? 

1 Recommended Answer

MichaelP
Diamond Product Expert
Diamond Product Expert

You can set up a single Nest WiFi Router in bridge mode in one Google Home, and another Nest WiFi Router in mesh (+ NAT/router) mode in another Google Home. That one can have secondary / mesh points, but those won't be talking to the one in bridge mode. You won't get clean hand-offs between them even if you configure them to use the same SSID and password. They will all be sharing a single 5GHz channel, though, so be aware of that when planning for capacity (they'll share it "nicely", at least).

View Recommended Answer in original post

6 REPLIES 6

MichaelP
Diamond Product Expert
Diamond Product Expert

I know some people have put their IoT devices on a Guest WiFi network. That will keep them separate from the main WiFi network, but it also means you can't really change the Guest WiFi network password very often.

Hi and thanks for proposal.

Changing guest WiFi password infrequent is not an issue but the guest WiFi feature only caters for granting/restricting access to other devices on the Google Nest WiFi mesh network.

I want to e.g. prevent these from accessing the Internet or certain domains/regions altogether, direct these through VPN etc. 

MichaelP
Diamond Product Expert
Diamond Product Expert

You should be able to "pause" devices on the guest network, which will block them from accessing the internet (though an IoT device that is isolated on the guest WiFi and blocked from the internet may not be all that useful). But, you won't be able to limit which domains they can access (which is hard anyway, due to many IoT devices using their own DNS resolution). At the end of the day, Nest WiFi is focused on ease of use and covering 99.99% of typical consumer use cases. It's just not geared towards more fine-grained or low-level controls.

Lebesgue
Community Member

Thanks again. 

I get the point although I am not entirely sure about this being a 0.01% use case.

I do have one idea however I want to explore - just got to think of it. It *should* be possible to run existing mesh network with only one router thus freeing up the other, creating a new home in the Google Home app and assign the router in bridge mode thus connecting to same pfSense router on new WLAN-IoT interface (CCTV do not need mesh or same coverage).

If it works I may even be inclined to purchase a third set of router + WiFi point/speaker set. 

MichaelP
Diamond Product Expert
Diamond Product Expert

You can set up a single Nest WiFi Router in bridge mode in one Google Home, and another Nest WiFi Router in mesh (+ NAT/router) mode in another Google Home. That one can have secondary / mesh points, but those won't be talking to the one in bridge mode. You won't get clean hand-offs between them even if you configure them to use the same SSID and password. They will all be sharing a single 5GHz channel, though, so be aware of that when planning for capacity (they'll share it "nicely", at least).

Moved:

MichaelP
Diamond Product Expert
Diamond Product Expert