Can anyone point me in the right direction on how to configure pfSense behind my current home network? I've searched the forum, and the web, and unable find what I'm looking for. I did ask the wife if I could disconnect the family for a few hours a week, but that did not go over very well. I've attached a crude topology of what I plan on doing and look forward to pestering all of you in the near future.
You're going to want to swap the positions of the wifi router and the pfsense box. Just turn off all of the routing functions of the router and use it as an access point.
EDIT: I see now that you are trying to avoid downtime by putting pfsense behind the router. I would recommend against doing that and just practice in Virtualbox.
If you're trying to setup with minimal downtime I would recommend installing Virtualbox on a computer, installing pfsense to it and getting the bulk of your settings completed there.
Once you have it set up the way you think you need it, then save the configuration file. Then install pfsense to the actual box youll be using, import the configuration file and hopefully all is up and running, if not then you can start troubleshooting from there but you should be pretty much ready to go.
A lot of what you want to accomplish you can do simply by reading the pfSense documentation, reading the info panes in the program itself and searching the forums.
You aren't looking to do anything crazy so you should have no trouble finding all of the information you need to get it up and running.
@pfBasic advice is good. To get going quickly, you can allocate your 4 physical ethernet ports like:
Port 1: WAN - cable up to modem
Port 2: LAN - use for the "wide open" subnet, since LAN comes "wide open" by default.
Port 3: OPT1 - use for the "management" subnet - can set it up later.
Port 4: OPT2 - mess about setting up VLANs after getting the box in and the basics working.
For a first try, you can plug the WAN of the Wireless router (Netgear) into pfSense LAN. It will get DHCP from pfSense LAN, and the family will be still functioning. That will minimize downtime, then some time later you can put the Netgear WiFi directly onto LAN.
- If you are going to have a specific management subnet, then you will want to block access to pfSense webGUI from the "wide open" subnet - otherwise why bother with a management subnet?
- Remember to power-cycle the modem, or do something to make it forget it was connected to the Netgear WiFi box, otherwise when you conect pfSense to it, it might not want to play.
Sorry for the late reply, I was able to convince my wife to allowing to move the pfSense box behind the modem. Everything is working well and look forward to starting the rest of my project. Thank you all for your input.