There are two buildings connected by an optical fiber, each with 3-10 PCs but in a mix of PCs used in a business context and some in homes.
Unfortunately, when the network was designed years ago, no one took steps to keep the two environments separate.
Building A
There are servers, printers, work PCs, guest PCs, personal smartphones.
Here is also the only Internet connection used by both buildings.
It was solved with a firewall (pfsense) separating the office LAN and a network segment with a different Access Point for smartphones and guest PCs. There are two DHCPs to keep the two networks separate.
I would like guests to be able to use the working printers on the LAN and I don't know if a rule in the firewall will suffice.
Building B
Here, too, there are printers, work PCs, smartphones and guest PCs.
Here there are also homes with personal PCs, xBoxes, SmartTVs, etc.
Only the DHCP of the LAN in Building A is used
So with more security problems and therefore I need to separate the three environments (works, guests and homes) without modifying the network cabling.
I don't know if it is enough to create VLANs, in any case to connect to the Internet or to the servers in Building A the traffic must always pass through the single fiber.
It must also be taken into account that we have no management possibilities in the houses. There is a network point, but we don't know how it will be used; therefore the check must take place upstream of the network point.
Here, however, I could mount a second pfsense firewall.
Thanks in advance for any advice.
