Is this Correct method to install pfsense

doktornotor

No!!! Do NOT bridge anything on pfSense. Set up the ADSL modem as bridge, set up WAN as PPPOE on pfSense.

Abhishek

I checked the My Router's Manual ,sadly it doesnt support Bridge mode (Netgear Wndr3300 ) , actually we are getting Cisco 1841 Router very very cheap , so kindly advise me how to setup

doktornotor

Netgear WNDR3300 is not a DSL modem at all… I really have no idea what are you talking about.

Abhishek

Sorry ISP kept their This Device [PIC1] –-> Connected to WAN PORT ---and LAN port connected to switch

WNDR3400V3

SZ847V350W_back.jpg_thumb

11.png_thumb

vbentley

I hope this diagram helps. My parents have this setup.

Where I have shown an ADSL router, that's your ISP's blue box.
The cable that you have shown plugged into the yellow port should go into (1) the WAN interface on pfSense instead.

You can make your pfSense into a Wireless Access Point with a USB 2.0 WLAN adapter as I have drawn in (3), or just plug your Netgear Access Point/Switch into (2) the pfSense LAN interface.

Either way you will need a PC with two Ethernet interfaces.

![Simple pfSense.jpg](/public/imported_attachments/1/Simple pfSense.jpg)
![Simple pfSense.jpg_thumb](/public/imported_attachments/1/Simple pfSense.jpg_thumb)

Abhishek

Ok , so according to the diagram i should configure my network like this , but what if i dont want PFsense to do routing (because i get cisco 1841 15.1 ios ) Router and want pfsense to do only packet filtering (filter inbound and outbound based on Rules also snort ids /ips to work )

123.jpg_thumb

vbentley

How many separate internal networks do you have?
How many networked devices do you have?
A few years ago I regularly drove 700 miles overnight UK to Switzerland with one stop in Luxembourg for fuel. Did it there and back with an overnight stop a few times.
What percentage of traffic travels between these networks?
What internal network applications do you have that require wirespeed network routing decisions (assuming your Cisco can make routing decisions faster than it can take packets from one interface and push them out of another)?
What if your pfSense host can route faster than the Cisco?

We can't decide for you if it is better for you to have a dedicated router.

If you need the Cisco router, use pfSense as a screening router / packet filter with just two interfaces WAN and LAN.
Connect LAN to a router interface on the Cisco.
Connect each of your other networks to separate routable interfaces on the Cisco.
Set your DHCP to deliver a Cisco interface as the default gateway.
Configure your Cisco for the routing decisions / policy you require.

With careful use of VLANs you should be able to minimize the routing decisions in your network.

Abhishek

How many separate internal networks do you have? Single 192.168.1.0/24
How many networked devices do you have?60 wired device & 10 wireless device (linux server/windows server/ubuntu /android phones/iphones/win 7 )

Wan Speed ? 5Mbps
active number of devices at a time ? 50-60 (wired+ wireless)

type of wan traffic (VOIP traffic & web traffic

Abhishek

i found another post similar to mine

http://hardforum.com/archive/index.php/t-1434501.html

but which is more powerfull

Cisco 1841 vs PFsense on E5800 2GB Ram sata hdd ,1x 1Gbps & 100Mbps NIC
( ISP net speed is 4Mbps )

want i want from pfsense is IP based net usabled report (bandwidthd in promescous mode)
block sties like facebook to specific group (cisco can also do based on ACL i guess)
snort (IDS /IPS)

========================================================

One final question if i run PFsense box as router will E5800 2GB Ram able to handle 60+ devices smoothly ? 4Mbs connection with snort IDS ,bandwidthd , maybe betther than 1841 cisco router?

vbentley

@Abhishek:

How many separate internal networks do you have? Single 192.168.1.0/24
How many networked devices do you have?60 wired device & 10 wireless device

With a single network range the only routing decision that will be made is this:-

If the packet is not for my network, where does it go? Answer: Default Gateway.

You don't 'need' an additional router if you have pfSense as your Default Gateway.

vbentley

@Abhishek:

Wan Speed ? 5Mbps

With a WAN speed of 5Mbps and a LAN speed of 1000Mbps there is going to be a lot of buffering either in hardware or in the protocol stack for packets that pass between these networks.

A long, long time ago, when 10Mbps LAN speeds were common, Cisco routers had the equivalent processing power of a 16Mhz intel 386sx. It really doesn't need a powerful CPU to move packets in and out of a slow speed network. What will take CPU is packet inspection.

An intel E5800 with 2x 64-bit 3.2Ghz cores and 800Mhz bus will be idling most of the time running pfSense. Snort will give it more work to do but it will depend on the rules you select. This is a powerful machine for pfSense.