dominikhoffmann
This is why I recommend to my clients more advanced, professional routers, like the ones from Netgate, running pfSense software. Combined with VLANs and separate Wi-Fi access points that allow the configuration of multiple SSIDs, I set up my clients’ main LAN, a guest network and an IoT network. Unfortunately, I am not sure, whether having full access from the main LAN to the IoT subnet and none in the reverse direction is sufficient firewalling. I would like to see Apple provide concrete guidance.
Isolating IoT from the rest of your home network is a best practice and should be standard in this day and age. Apple, let’s be open about it, so that any router manufacturer can implement these best practices without requiring certification.
