@Smisc 

As best I can tell, this is how IoT Network currently works^. This current option offers essentially no security from IoT devices interacting with main network devices. If that cheap Tuya light switch I bought off ebay decides to start hitting my Network Attached Storage because it has a modified malicious firmware, I have no ability to stop it which is sort of the point of a separate IoT network.

This is what we really need, which is the ability for IoT devices to behave similarly to the Guest network mode, but without the ability to communicate amongst one another. Main, IoT, and Guest can all reach the internet, but only specific devices manually configured to be "Shared" can communicate with either IoT or Guest **from** Main. This allows printers, smart TVs, Home Assistant OS, etc to function properly while maintaining security so that IoT Device 1 (a Light Switch) can't reach IoT Device 2 (a 3D Printer) for example on its own network.

  @Smisc can't you just select "Device Isolation" for each of the devices you want to be protected from?

  @raven-au 

raven-au wrote

  @Smisc can't you just select "Device Isolation" for each of the devices you want to be protected from?

 

Based on the app description and documentation I can find, Device Isolation acts like an extra "Guest Network" option, in that all isolated devices can still access the internet. The isolated devices can also all communicate with each other freely which is less than ideal, but would totally be a viable/workable option for me **if** it were possible to have one isolated device still accessible from the home network. As it currently stands, Device Isolation is essentially "Guest Network 2" and doesn't fix the primary problem outlined above of needing to run Home Assistant OS from my main network for reverse proxy and forward authentication while reaching all my lightbulbs/switches/speakers/etc safely for example.

Effectively I want to be firewalled from these devices on a dedicated (ideally 2.4ghz) network, but one (or more) trusted device(s) should still be able to punch-through and act as intermediary. This also applies equally to more common devices than Home Assistant OS/Phillips Hue such as network Printers and Smart TVs that I want to allow guests to print/cast to.

  @Smisc I have a similar problem.  I have several guests staying here for the holiday, and I put them all on the XE75's Guest network.  However, my one printer is on my main network, and I have no way to provide them access to it on the Guest network (without switching the printer's network connection also to Guest).  I've read online that many router company softwares provide this type of access for printers, but I don't see a way to do it on the Deco app.  Did you get any solution to this problem?