Home Router " Isolate device " function.

[malsori]

I just wanna start with by saying that im doing this because I think is fun, its a hobby and I love learning about network. So as of right now, I have a router that kinda sucks, but it does the job for most home networks. Its a Tp-link axe5400. I was thinking about security when I was playing on my game server. What I did was port forwarding the game server so my friends and only them have the ability to connect to the server from specific IP, but since im connecting through lan, then it kinda dosent matter how many firewall I have if something gets planted on my gaming server since im on the same network, and since my router dont support Vlan or other advanced tech then I cant protect my network on that level I woulve liked to. But then today I stumbled upon a function in the router called Isolate device. When I Isolated my game server (no other settings exist) I assumed the server gets on another subnet? So when I tried to connect to the server, it said offline. But my friends had no problem connecting to it. So I guess I have to take the wan "route" to reach the server which is good and what I want for better security since I need to game to be accesble for my friends. The problem is now, since I cant change firewall settings or any other settings that I know of that could route me through the wan to connect to my server, then how do I do it without losing latency. I cant VPN to my own network when Im already on it. I do not wanna connect to another VPN then back because it feels unnecessary and waste. Maybe its a dumb question but I honestly dont know how to make it work. I tried to connect to my wan ip but I get the same result since it knows somehow its on my network anyway? I dont know. Could someone maybe explain if im totally wrong here or not and maybe a good solution.

[Electronics Wizardy]

Is this a device on wifi or wired? Generally with a home network the router doesn't touch traffic within the same l2/subnet so the router couldn't isolate a device without making a new subnet and setting up rules between the networks.

 

Generally if you want to do this type of stuff you want a higher end router that gives you more options. I'd argue that for home use isoloading isn't really needed, as the other devices aren't that easy to break into typically.

[malsori]

Everything is wired. 

I understand, I just like to learn about security and think this kind of stuff is fun

[LIGISTX]

On 9/14/2024 at 9:09 AM, malsori said:

Everything is wired. 

I understand, I just like to learn about security and think this kind of stuff is fun

The only correct way to deal with this is with vlans, or all together separate physical subsets with firewalls between them. 
 

The easiest way is vlans. All traffic between vlans goes through the firewall, but you’d need a router with this capability, and switches that support vlans if you need switches in the system. 
 

It’s all rather easy, but it’s certainly a step up from basic networking. YouTube will be your friend to learn, and then once you feel comfortable with how it works in theory, you can purchase some hardware and give it a go. Probably will cost anywhere from 250-500 bucks and will take some learning.