Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New pfSense User Question (set up multiple ports)

    Scheduled Pinned Locked Moved General pfSense Questions
    portsswitching
    6 Posts 4 Posters 297 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spotlizard
      last edited by

      Hello everyone,
      I have, what I hope, is a simple question but I didn't see a post that specifically addressed my question, so my apologies if this has been asked/answered previously.

      I have a pretty simple, flat, home network. I have an ISP modem connected to my existing router (Asus AX89) using a 2.5G port on both ends. The Asus is currently handling security (firewall), routing and DHCP.

      In the past 12 months, I've seen a pretty big increase in intrusion attempts against the Asus and while it does an 'adequate' job of keeping these things out I'd like to take the next step and put a 'proper' firewall in place, so I ordered a mini PC and plan to stand it up with pfSense CE. I plan to keep the Asus in charge of routing and DHCP for the time being. Ultimately, I will properly segment my network with switches and VLANS as time (and money) permit.

      The mini PC has 6 2.5GG ethernet ports on it and what I'd like to do is to plug the Asus into one of the 4 available LAN ports after I have installed and configured pfSense (the other 2 ports being WAN and LAN. It will still be part of the main network. I just want to keep utilizing the 2.5 gig speeds it offers.

      My question is: Do I need to make any configuration changes inside pfSense to allow traffic across the ports (i.e. the Asus can see all of my internal devices and they can see it and LAN traffic continues to flow as it does right now)? I saw some articles regarding ports and switching but didn't know if mt use case falls under that or not.

      My sincere thanks in advance for any advice you can offer

      S stephenw10S 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @spotlizard
        last edited by

        @spotlizard Interfaces on pfSense are separate unless bridged. It’s recommended to use a switch instead of bridging in software.

        The Asus would be behind pfSense? So anything behind the Asus would be on its LAN.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        S 1 Reply Last reply Reply Quote 1
        • S
          spotlizard @SteveITS
          last edited by

          @SteveITS Thank you so much for following up.

          Yes, the ASUS would be behind pfSense.

          I'll look into bridging the ports to see if it would be worth my time. In time I will be updating my switches to 2.5G so nobody dies if I don't use 2.5G right now

          Cheers

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @spotlizard
            last edited by

            @spotlizard said in New pfSense User Question (set up multiple ports):

            Do I need to make any configuration changes inside pfSense to allow traffic across the ports (i.e. the Asus can see all of my internal devices and they can see it and LAN traffic continues to flow as it does right now)?

            If all those devices are behind the Asus router then no.

            If you plan on moving anything to one of the other pfSense interfaces then yes.

            S 1 Reply Last reply Reply Quote 0
            • S
              spotlizard @stephenw10
              last edited by

              @stephenw10 Good to know. Thank you sir

              1 Reply Last reply Reply Quote 0
              • JonathanLeeJ
                JonathanLee
                last edited by

                I would use snort also :)

                Make sure to upvote

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.