New to pfSense - Setting up 1st network



  • I am going to be setting up a network in a small office. We have a Charter Cable modem, our BRAND NEW SG-4860 security appliance/router, an 8-port Netgear GS108E v2 switch, a QNAP TVS-671 NAS, a Canon ImageRUNNER Advance C350iF multi-function Copier/Printer/Fax machine, an Epson PowerLite 5535U WUXGA 3LCD Projector, an Ubiquiti Unifi UAP-AC HD Acess Point, and 4 various desktop computers. We have the AP for our laptops and phones mainly. My question is this, how should I set this network up? I am doing this over the next 2 or 3 days. We have spent all that we can, for now, no new switches or anything for a bit. Cabling is all Cat 6A and completed! We must be on the same network, share files with each other and the NAS, and be able to show a presentation from our laptop to the projector. I am including a screenshot of the router we bought as well as the network diagram of our idea that we settled on. I color coded the cables on the drawing to and from the router and switch. Pink colored cables all go to the switch, the others to the router directly. I wish to use all 5 LAN ports on the router. I read somewhere on the documentation that 1 port is LAN and the others are Opt1-Opt4. Can the "Opt" ports be used as multiple LAN ports? Do they automatically get an address from the LAN? Okay, I guess lots of unanswered questions still….
    ![Screen Shot 2017-05-06 at 8.17.28 PM.png](/public/imported_attachments/1/Screen Shot 2017-05-06 at 8.17.28 PM.png)
    ![Screen Shot 2017-05-06 at 8.17.28 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-05-06 at 8.17.28 PM.png_thumb)
    ![Gear Floorplan - Page 1.png](/public/imported_attachments/1/Gear Floorplan - Page 1.png)
    ![Gear Floorplan - Page 1.png_thumb](/public/imported_attachments/1/Gear Floorplan - Page 1.png_thumb)


  • LAYER 8 Netgate

    A far-better option would be to just connect everything to the switch and the switch to the LAN port on the router.

    The router has router ports, not switch ports.

    Looks like you should have purchased a 16-port switch instead.



  • You are right, we should have bought a switch! This one is borrowed from a friend to get us up and running. I was able to find it with a few calls, in about 6 hours. It was the only one available to us at this time. We bought the router a month back when we decided to each get out of our current leases and lease one building together. It was a VERY expensive move for each of us. We will each save some money per month but to sign the lease and get in was 1st, last, + deposit, remodel, paint, wiring….blah, blah, blah. Very excited! We are just photographers, a video editor, and a an event coordinator who are friends trying to make life a little easier. We have each brought equipment to put this office together and make things work. I had the most interest in the network and how it would go together, I got the job LOL! I can see the light at the end of the tunnel!

    I just have to figure out how to configure this router so that there are 5 working LAN ports for now.


  • LAYER 8 Netgate

    Do this but with 5 member interfaces instead of just 2.

    https://www.infotechwerx.com/blog/Creating-a-Simple-pfSense-Bridge



  • Put the hosts with the most traffic (PCs, NAS, AccessPoint, …) on the switch and the lower traffic devices on the bridged interfaces (printers, MFCs, etc).
    On the other hand, a new, unmanaged 16 port gigabit switch is cheap ($30.00) these days:
    http://www.ebay.com/itm/152537225588
    If your time is worth anything to you then go for the switch, it's worth it!


  • LAYER 8 Global Moderator

    Yeah you need a switch!  For the money you spent on what surely is overkill for your small setup with 4860, you could of gotten shitton of switch ports on a fully managed switch for the matter.  2440 prob would of been better pfsense box for smb setup..



  • We tried several different paths to get things working on the 4860. When the truck showed up with equipment from one of the other offices, there was a 24-port Netgear switch in there with the server and UPS! Bridging the ports on the 4860 did work, but seemed to hinder the performance. We were getting several noticeable network delays. The switch has solved our problems. I am glad too, we had more equipment arrive that I didn't know was coming. Thanks to everyone for the ideas and help!


  • LAYER 8 Netgate

    ASICs FTW! (you really do not want to "switch" in software)

    Glad it all worked out.



  • Thank you, Derelict! I really appreciate all the help and advice. Either way you look at it, you got me in there working and messing around. I have learned quite a lot in the last few days. I have a long way to go but am in the right direction at this point!


  • LAYER 8 Global Moderator

    " but seemed to hinder the performance. "

    Who would of thunk it ;)

    Which is why you don't try and use a $750 router/firewall as a switch… When you could get better performance out of a $30 switch...



  • I think he got it already.



  • Johnpoz, I was not "trying to use a $750 router/firewall as a switch. That was never our intention. It was a solution provided by another member to try. I thanked him for the help. It was appreciated.
    I also never intended to buy a $30 switch or even a $300 switch for that matter. They may serve a purpose in most networks around the world but don't fit our needs. That is why I stated that "We have spent all that we can, for now, no new switches or anything for a bit." Our intentions were to spend around $2000 for a switch. Why get a switch with SFP+ when we have a cable modem? There has been a plan in place and construction to build fiber out to us for two months now.

    We bought the router specifically when we were going to use it for 5 separate networks, which worked perfectly. The problem arose when it was decided to have a group room which included the server, NAS, Printers, Copier, Projector, and various other things that we all chose to share. We were able to create firewall rules to allow communications between networks but didn't like how it worked. We apparently had the option of setting up VPN's between networks, but that seemed like a lot of work for the end result.

    Plans and ideas have changed more than just this once. The Netgear XS728T (not $30) that came in with the server was never intended for a SOHO when it was bought either. It was purchased for and set up in a business complex which had fiber connectivity throughout as the backbone. Now it just happens to be here. Our building was wired with Cat 6A because it was decided that at some point, we may use the bandwidth. As the server, NAS and 2 workstations have 10GB ethernet connectivity and the big RAID10 is all SSD, the file transfer rates are well above a 1GBps connection.


  • LAYER 8 Global Moderator

    "Our intentions were to spend around $2000 for a switch"

    That is s pretty hefty switch.. So you were going to do 10ge or something?

    "Why get a switch with SFP+ when we have a cable modem?"

    Because you wanted to use some SFP+ modules to connect to say another switch in another building via different fiber modes or copper even.  Not sure what that has to do with your isp connection via cable modem?  SFP or SFP+ are very common on switches for uplinks.  Even your cheaper $100 switches can use sfp modules.

    " They may serve a purpose in most networks around the world but don't fit our needs."

    What???  Did you mean to say every network everywhere? ;)


  • LAYER 8 Netgate

    Unless one has a specific need to push around a lot of data locally (10G), a SOHO generally does not need to spend $2000 on a switch.


  • LAYER 8 Global Moderator

    No – not unless they have money to burn ;)  That is going to be 10ge switch or some serious port density..

    Shoot you could get a Cisco 2960X 24 ports with 4 sfp+ and 300W of POE power for 1800 from CDW..

    For a soho wanting to do 10ge you could get  Netgear 16port 10ge copper (XS716T-100NES) for like 1200...

    $2k is a lot of money to spend on switch for a soho/smb that is for sure..



  • HAHA, you're both right, of course. We have one video editor with two systems in his office and his very own ductless mini-split for A/C. He Films in 8K and edits down to 4K and sometimes 1080p for certain clients. The RAID10 on his server is all SSD and he is pushing 30-70GB in every file transfer The rates I was seeing earlier were over >=2GBps. He is fine tuning everything in his setup as I do other stuff.

    Yes, the switch does have multiple SFP+ for connecting the fiber in, out to the server and the other 2 ports were for failover on two other switches. I didn't get to see the whole network previously, but it was fast! I on the other hand, only do photography work, maybe a YouTube video now and again LOL. I can transfer 250 edited photos from my DAS to the NAS in under a minute 90% of the time. Stuff waits on me, most of the time LOL. The switch we are using is 10GB already but that is what we were buying. Netgear XS728T from B&H Photo https://www.bhphotovideo.com/bnh/controller/home?O=&sku=1197586&gclid=CP_y2JSL5tMCFUKSfgodlpgPFg&is=REG&ap=y&m=Y&c3api=1876%2C{creative}%2C{keyword}&A=details&Q= if that link works. Either way, we don't need to buy it since we have one already.

    Anyway, thanks for the help and ideas. Who knows what this will become in the end. We technically have 8 larger offices that can be filled with a networking closet on the other side of the building. We have room for expansion!


  • LAYER 8 Global Moderator

    So you were doing 10ge or need to do 10ge?  And you tried to connect your stuff via bridge on 1ge interfaces??  I am really freaking confused here..

    2GBytes/ps would have to be 10ge.. Even then that's really on the high end!!

    Are you saying that is what it use to do, until you came in and F'd it up???  You have no hardware that could do a 2GBps file transfer..  when you say his server?  You mean his workstation?  Or some server directly connected to his workstation via 10ge??



  • @johnpoz:

    …when you say his server?  You mean his workstation?  Or some server directly connected to his workstation via 10ge??

    Didn't he mention that the new server arrived and along came the Netgear 10G switch?
    So I'd assume workstation <-> server traffic.


  • LAYER 8 Global Moderator

    Your right he did mention a XS728T..  But sounded like he was doing his 2GBps before he setup pfsense? ;)

    What is the new config/drawing?


Log in to reply