We would like to set up a work station which can be accessed from the internet but will not be able to access any other system on the network. The plan is to use a VLAN to do this. The network uses a PFsense router and a GS308E switch. The question is there a clean way to allow the other systems on this network to access this system while it can not access them?
This is more a question on how to create another network (VLAN, IP subnet) for the isolated system in question on your security appliance, with port forwarding to make the ports required for the unknown service to become available just on that PC and dedicated IP subnet; then configure a trunk port to connect the main VLAN (untagged) and the additional VLAN (tagged), plus an access port only for the additional network (and nothing else). Assuming there is no dedicated port available on the security appliance where only that network and VLAN can be configured on it's own.
No rocket science, basic networking and PFsense knowhow required. Once you figured out on how you implement this additional network on your PFsense security appliance, we're happy to help with the GS308E for e.g. a trunk config carrying the main untagged plus the additional VLAN (tagged), plus an pure access for just for the additional VLAN. Keep in mind we're Netgear community here, and most don't know much (or anything) related to PFsense.
