Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Getting extra nic worth it ?

    Scheduled Pinned Locked Moved Hardware
    6 Posts 2 Posters 867 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Actionhenk
      last edited by

      Hi,

      Im new to pfSense and am wanting to learn more about it so i can secure my home network better. Also im quite interested in how the technology works.

      For my home network I have a basic isp modem/router which I cant replace. Ive turned off everything possible on it. Behind the router I have a server with w10 and hyperv running pfsense and a server 2016 trial.

      So far I have  setup pfsense with 2 virtual nics using hyperv. Security wise im not sure if an extra physical nic + switch for my server would benefit security in the network, if it does why ?

      Would it be worth the money since pfsense is running on the same physical machine as my dc/fileserver ?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        I'm not sure how you are doing NAT right now, using 1 physical interface? Using VLANs?

        1 Reply Last reply Reply Quote 0
        • A
          Actionhenk
          last edited by

          I have setup hyperv with 2 virtual switches. One on 172.x.x.x for lan, the other to 192.x.x.x where my wan is at. Seems to work..

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            @Actionhenk:

            I have setup hyperv with 2 virtual switches. One on 172.x.x.x for lan, the other to 192.x.x.x where my wan is at. Seems to work..

            I'm still not sure what your network layout is, what nics you have or what you are trying to do.

            I'm imagining: [ ISP CPE ] – [ Hypervisor Box NIC 1] – [ pfSense NIC 1 ] – [ pfSense NAT ] – [ pfSense NIC 2 ] – [ Hypervisor Box NIC 2 ] – [ Switch / Your Lan / Whatever ]

            1 Reply Last reply Reply Quote 0
            • A
              Actionhenk
              last edited by

              What you thought is right. That is what i currently have. It is working but i would like to know what the benefit would be switching over to physical nics.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                @Actionhenk:

                What you thought is right. That is what i currently have. It is working but i would like to know what the benefit would be switching over to physical nics.

                So you already have 2 physical NICs and they are connected to the 2 virtual switches? In that case you probably won't see much benefit from adding more interfaces.
                What you probably should do is measure what line rates you get.

                Example:

                • iperf between outer subnet and inner subnet on the physical ingress and egress ports
                • iperf between pfSense LAN (virtual) and physical LAN (so one iperf instance on pfSense, and one on a LAN box)

                if you get good NAT speeds, you probably don't need to change anything, if you get bad NAT but good LAN-LAN, you probably need to tweak your settings, but if you get bad LAN-LAN and bad NAT, you may need better interfaces indeed.

                What network cards are you using at this moment?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.