IoTs on a Balance 20

I have a Balance 20. I have two DSL modems with Wifi capability built in on the WAN side of the Balance 20. Wifi is currently disabled on both. Both are also capable of two isolated SSIDs.

On the LAN side of the Balance 20 I have three access points along with my internal network. Two of the access points are capable of multiple SSIDs/VLANs. The third has more basic features capable of one SSID.

I have multiple IoT devices across all three access points. I utilized the VLAN capability on the two access points to isolate and forward to the Balance 20 LAN/VLAN ports. The IoTs on the third access point however are currently uninsolated from the remaining network.

My question is, can the unsecured IoTs be moved to the WAN side of the Balance 20 and connected to one of the Wifi Modems? Is there a better way of accomplishing this isolation?

I apologize if anything is unclear.

Thank you!

Don’t see why not. The WAN side APs would become a kind of wireless DMZ. Think its an elegant approach.

Define better. I suppose if you had a VLAN on the Balance 20 which they connected to (via the simple single SSID perhaps) that was firewalled and blocked inter VLAN access so they could only get to the internet, those IoT devices would then have failover / load balanced internet access - that’s the only real benefit I can think of.

Thank you for your help, Martin! I think I’ll utilize the first approach and move the IoTs to the WAN side.