I have the balance itself at 192.168.1.1
- LAN ports 1-6 are set to untagged vlan, 192.168.1.0/24 for important devices (most secure)
- LAN port 7 is set to wifi vlan 10.0.0.1/24 with a basic unmanaged access point connected (less secure devices)
I’d like to achieve:
- 192.168.1.0/24 to route enforced over speedfusion all important traffic, and isolate this for security from the wifi vlan.
- Most wifi devices on 10.0.0.1/24 to route over priority wan 1, then wan 2.
- A couple wifi devices within the 10.0.0.1/24 subnet to route over speedfusion
The dhcp server on the wifi vlan could be set to hand out ips from 10.0.0.128 - 10.0.0.255 netmask 255.255.255.0 (?)
Then manually configure a couple wifi devices as 10.0.0.100, 10.0.0.101
Then set outbound rules:
- source 192.168.1.1/24 : enforced speedfusion (this rule could be eliminated? Is there any difference in performance if it’s matched first or last in the rule list for the core services which are the main concern?)
- source 10.0.0.128/25 : priority wan 1, wan 2
- source any destination any : enforced speedfusion
- https persistence (default rule, not sure if this is needed or could be eliminated?)
or could I reduce rules to only:
- source network 10.0.0.128/25 : priority wan 1, wan 2
- source any destination any : enforced speedfusion (which will include any non-dhcp clients on the 10.0.0.1/24 subnet and all most important machines on the 192.168.1.0/24 untagged vlan.)