New pfSense design build for lab/home network - Critique needed
-
Wanted to get some expert opinions about my network re-design with pfSense as my new outer perimeter firewall, coming from my crappy dlink 855 router I had running as my perimeter.
I drew up a basic design as to how I plan to re-design it here: http://www.gliffy.com/pubdoc/4008046/L.png (please forgive the "noobness" of the design)
My new design is putting pfSense 2.0.1 on a supermicro atom board I got with 2x intel gigabit nics onboard. My plan is to have 1 interface for WAN and the 2nd interface as my LAN interface going to the SG300 on it's own VLAN and subnet. The rest of my network, I want to have behind my L3 SG300 switch so the switch handles all the internal traffic between my home network/lab network/DMZ, etc. all the internal stuff is being handled by SG300 and only having them go to the pfSense box if they need NAT/Internet access.
I originally wanted to trunk my interfaces from the SG300 to the pfsense box but if I do that, won't the traffic that get's switched from one vlan/subnet to the other occur on the pfsense box hence slowing me down? Will my original plan of putting everything behind the switch work?
Thanks in advance.
-
I originally wanted to trunk my interfaces from the SG300 to the pfsense box but if I do that, won't the traffic that get's switched from one vlan/subnet to the other occur on the pfsense box hence slowing me down?
Yes, but depending on the volume of such traffic you may not notice it.
Will my original plan of putting everything behind the switch work?
Yes.
-
Thanks Wally!