Well with the news of the new cyber security issue facing the US that came out today. See here While I am confident that where I work has things in place to help prevent this, one can never be to paranoid. So to protect my home network just in case, I setup a VLAN for my work computer (VLAN 10) I have blocked both ways, devices on my home network can not access the “work” network I setup on VLAN 10, nor can devices (well just device, the work laptop) on the “work” network can not access my home network. I have a drop from work lan -> home lan and also a drop from home lan -> work lan. With 2 more rules, requests to my DNS server only on port 53 from work lan -> home lan, and an Allow Estabished and Related rule so that if a request is made the DNS server can respond. I have tested if I can connect to my work place’s VPN (that all I really care about for the work laptop to connect to, as once that in place all traffic from the laptop goes to my work place) So now from my work laptop I can not ping any IP on my home network, nor can I ping my work laptop from my home network.
This should 1) protect my home network just in case (I doubt it will happen) and 2) if my home network gets compromised (I also doubt this will happen) it should help protect my work system from it. Also to go with this, my guest WiFi network is also off of either of these 2 network, so if I have a guest over that has a compromised devices (this is my biggest fear, as not all my friends are tech savy) it will not be on either my home network nor my work network.