Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installation Help

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bainwave
      last edited by

      Hi,
      Am new to this.
      Looking for an advise about the deployment of pfsense in my co..
      Here goes my scenario….
      I have 3 broadband connections (with different speeds).
      All the 3 are used for different live applications. (No back up line for me)
      My questions are...
      1. If i need to configure pfsense, my machine should have minimum of 4 (3 for wan and 1 for lan) Ethernet cards. Am I right?
      2. All the 4 Ethernet cards must be configured at the time of installation or can i configure other wan Ethernet cards, once pfsense is deployed with one wan port?
      3. My users strength is nearly 100 including servers and users. What should be minimum configuration of my machine which can handle all the users.
      4. Can I establish a connection with an other firewall (Fortigate) which is in other location, with this pfsense?

      Thanks in advance for all those who helped me in this..

      Bainwave

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @bainwave:

        1. If i need to configure pfsense, my machine should have minimum of 4 (3 for wan and 1 for lan) Ethernet cards. Am I right?
        2. All the 4 Ethernet cards must be configured at the time of installation or can i configure other wan Ethernet cards, once pfsense is deployed with one wan port?
        3. My users strength is nearly 100 including servers and users. What should be minimum configuration of my machine which can handle all the users.
        4. Can I establish a connection with an other firewall (Fortigate) which is in other location, with this pfsense?

        1. Yes BUT you can also use multiple VLANs and a VLAN capable switch to reduce the number of physical interfaces you need.
        2. No, you can configure interfaces any time after installation.
        3. Depends on how much data you want to push through the pfSense box and the distribution of packet sizes. For the same amount of data small packet sizes cost more CPU than larger packet sizes.
        4. In principle yes. What kind of connection?

        1 Reply Last reply Reply Quote 0
        • B
          bainwave
          last edited by

          Thanks bob for your speedy help.

          few more questions still hunting me..
          1. I have  CISCO Catalyst 2950G switch, can I club all my 3 broadband connections with a single NIC?
          if yes, how could I achieve this?

          All my broadband connections are having a pool of (20) public ip's.

          2. Now can i configure all my public ip's into this pfsense in order to run my show?

          Am in a work group environment, can I control the users & computers from this pfsense?

          Once again Thanks for your advise.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            1. You your swith support vlans you can setup your pfsense with one nic

            2. You can apply your ips on pfsense, one network per interface using ip alias or carp.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • D
              dreamslacker
              last edited by

              @bainwave:

              Thanks bob for your speedy help.

              few more questions still hunting me..
              1. I have  CISCO Catalyst 2950G switch, can I club all my 3 broadband connections with a single NIC?
              if yes, how could I achieve this?

              All my broadband connections are having a pool of (20) public ip's.

              2. Now can i configure all my public ip's into this pfsense in order to run my show?

              Am in a work group environment, can I control the users & computers from this pfsense?

              Once again Thanks for your advise.

              1. You need to setup VLANs on pfSense upon the first boot up.  Configure 1 VLAN each for the 3 WANs and 1 LAN.

              If for example, you use VLAN 10, 20, 30 and 100 for WAN 1, 2, 3 and LAN respectively; then you continue with the interface setup assigning VLAN 10 for WAN, VLAN 100 for LAN; the remaining interfaces can be configured from the webgui.

              Let's assume you use ports 1, 2, 3 on the switch for WANs 1, 2 and 3 respectively.  You'll then need to configure Port 1 to be native VLAN 10, Port 2 to be VLAN 20 etc.  Now, these ports need to strip the VLAN tag on egress and tag on ingress (default VLAN ID per port).

              Next, assuming Port 4 is connected to pfSense, you'll need to trunk VLANs 10, 20, 30, 100 to Port 4.
              The rest of the ports that are connected to LAN will then need to be in VLAN 100 (tag on ingress aka default VLAN ID) and strip the VLAN tag on egress.

              eg.
              In priviledged access mode type:
              vlan database
              vlan 10 WAN1
              vlan 20 WAN2
              vlan 30 WAN3
              vlan 100 LAN
              exit
              copy running-config startup config

              configure terminal
              interface fastethernet0/1
              switchport mode access
              switchport access vlan 10
              interface fastethernet0/2
              switchport mode access
              switchport access vlan 20
              interface fastethernet0/3
              switchport mode access
              switchport access vlan 30
              interface fastethernet0/4
              switchport mode trunk
              switchport trunk allowed vlan 10,20,30,100

              interface fastethernet0/5          <–--  repeat bolded section for all the ports you need to be on LAN
              switchport mode access
              switchport access vlan 100

              end
              copy running-config startup-config

              After that you can configure the remaining VLAN interfaces in pfSense for your WAN2 and WAN3 links accordingly.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.