Honestly I'd never just bundle up everything in the same Network.
Define an IP range for your printers, one for your WLAN devices, one for your Guest network, one for your normal users and one for your admins.
Get a Linux server and slap some easy to use firewall on it (PFSense is okay, OPNSense is also okay). Then grab a VLAN capable switch and assign VLANs to your defined ranges.
Don't forget to assign VLANs to your internet lines and hook those up on your switch. Then assign your VLANs according to your respective users and build a firewall for their needs.
For example:
- Printers don't need to surf the Internet, don't open connections from those to anywhere (Maybe for firmware updates). Just incoming connections to that zone
- Your guest network doesnt need any access to anything but a DNS Server, and ports 80 and 443 to the internet. Maybe also dedicate an internet line to this.
- Your admins should be able to access everything in your network.
- Access for your office users should be limited to stuff they actually need
- Internal WLAN Devices should be similar to normal user access. Maybe consider an Administrator WLAN.
This may be a bit much input and a very rough idea of what to do, but if you do it correctly now you'll be a lot happier later on.