Installing a Netgate 1100 pfSense+ Security Gateway to a office network
-
Good Morning,
I hope you're all doing well. This is my first time posting on a forum, so I apologize if I'm not creating the correct topic. I recently purchased a Netgate 1100 device to use as a firewall for site restrictions and basic user IP address reporting. However, I'm encountering an issue. We already have an LTE router connected to the switch that assigns DHCP leases to endpoints, and there's a MikroTik Router for VoIP traffic via the switch.
When I connect and run the basic setup of the Netgate device, everything goes down. Our phones, network, and internet stop working. Could anyone provide guidance on how to set up the Netgate specifically for these required features without disrupting the existing network? I'm not extremely knowledgeable about these devices, so any assistance would be greatly appreciated.
Thank you,
Sanjdbn -
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
We might need a diagram here . How exactly are these connected? How did you add the 1100?
3 routers in one network like that could certainly be a problem if they are connected wrong.
Steve
-
Hi Steve, thank you for your response, i appreciate it.
I will do my best to type out the setup but failing to make sense i will draw it out.
The network is a flat network, 1x HP Unmanaged switch with 16 ports used that go to network points where a Voip phone is plugged into the point and from the voip phone an RJ45 cable to the desktop PC for network/internet for that same user.
Also connected to the HP switch is an LTE router that supplies internet and IP addresses via DHCP.
Then there is a Mikrotek Vibe that is used solely for the Voip phones to distribute the calls to user extension numbers, this is connected to the HP switch and also to the LTE router for internet to place calls. The phone company could of separated this router somehow and ensured it works only for the phones as there is no conflict with the LTE router and everything (calls, internet and network) works fine daily.
I connected the 1100 with one cable from WAN on the 1100 going to the WAN port on the LTE router and the other cable from the LAN port going to the HP switch. This resulted in the entire network going down but i could log into the 1100 via 192.168.1.1 as the network setup is default 192.168.1._
Please let me know if this is suitable for you or if i must draw the setup. I truly appreciate your help
-
@sanjdbn said in Installing a Netgate 1100 pfSense+ Security Gateway to a office network:
one cable from WAN on the 1100 going to the WAN port on the LTE router
WAN goes "towards Internet"...surprised an LTE router has a WAN port? Unless it can also connect "not over LTE"? Anyway, don't use that port.
Since it's LTE you're presumably not replacing that router. The pfSense would therefore go between it and your network, so pfSense WAN connects to LTE LAN. Note either your LTE router LAN subnet needs to change or your office subnet needs to change since no router can have the same subnet on both sides of the router...it won't know where to send packets. You will have double NAT but it should work to connect out.
-
If you insert the 1100 between the LTE router and the switch when the LTE router was previously handling DHCP then it will break that. Everything on the network will start using pfSense or DHCP with the default subnet, 192.168.1.0/24.
What subnet are you using currently?
Are your VoIP phones using a VLAN? They probably are and that will be a different subnet.
-
Hi Steve,
Thanks for getting back to me, and I'm sorry for my late reply. I've got a few more questions about the setup process. Should I still plug the PfSense's LAN cable into the network switch? Also, I noticed that the 1100 Netgate uses the 192.168.1.1 subnet. Is it right for me to think that I should change the LTE router's subnet to something else to prevent any issues? Eg:192.168.2.0/24
Can you just let me know if this plan sounds good?
Once im done on the cable and subnet changes, I'm also a bit unsure about how to set up the Netgate device. I just clicked through the setup without really understanding it. Should I turn off the DHCP because the LTE router is handling IP addresses? I'm not sure what to enter for manual settings either. What I mainly want to do is block certain websites and have some general reports.
I'm sorry if I'm not fully grasping all of this; Netgate and firewalls are pretty new to me. I really appreciate your patience and help.
Thanks,
Sanjay -
Hello,
I'm sorry for the late response. I appreciate your reply.
There's a bit of an issue: the LTE router uses the 192.168.1.0/24 subnet, and the PfSense Netgate is also on 192.168.1.1, which seems to be causing a conflict. Also, I have a hunch that the phone company might have set up the MikroTik to use a different subnet.
I have to get the Netgate set up by tomorrow, so I'm feeling a bit anxious. I could really use some guidance on the setup process once I log into the GUI. I'm not fully grasping this yet, as I'm new to both PfSense and firewalls. Thank you for your patience
Regards,
Sanjay -
Yes, you will need to change either the LTE LAN or the 1100 LAN to some other subnet. You can't have the same subnet on the 1100 WAN and LAN.
You should also make sure it's not using the same subnet as a VoIP VLAN if that exists. Check the switch and Mikrotik router.
Steve
-
Thank you. I am going to do this. May i ask, what will be the most simple way to setup via the GUI? There are a lot of options there that require data to be filled in and i did get puzzled. Am i correct in saying that this setup will now route traffic through the 1100 so do i need to switch off DHCP on the LTE router? Or leave that on and make changes on the 1100?
Thank you for your patience
-
@sanjdbn I thought you were using the LTE for Internet? If so it would need to connect to pfSense not the office network. Daisy chained. It would need DHCP on unless you configure a static IP on pfSense WAN.
Netgate support/TAC has a “zero to ping” free support for getting people going on new purchases, that might be appropriate.
-
Yup leave DHCP enabled on the LTE router so the pfSense WAN can pull a lease from it. Just make sure to change the subnet so there's no conflict.
And (just to be clear
) I expect there to be a VoIP VLAN configured on the switch and Mikrotik router and you should check to see what subnet that is using. -
So should the setup on the netgate 1100 also stay on the default DHCP? I will make sure to change the subnet on the LTE, keep the DHCP on and also look at the Mikrotek IP details so there is no conflict with the Voip.
Thank you so much for all your help. I really appreciate it and I truly value your advice. I also will contact Netgate if I have further issues when I’m setting up tomorrow.
-
The 1100 LAN should still have DHCP enabled, yes. That is what will serve as DHCP server to devices in the internal network.
-
Thank you so much.
