Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help need: how to setup CP - with one or two pfSense boxes?

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    3
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unguzov
      last edited by

      I have these requirements to build my network setup:

      1. Internet uses only one WAN (static IP).
      2. Users from office LAN needs to connect without restrictions to Internet. Traffic shaper must be active.
      3. Guests can access only internet via access point and can't see LAN users. All guests must be limited (shaped) and will get only part of the internet traffic (WAN is only one and shared for office and guest users).

      So what is the most stable configuration? Use one pfSense box with one WAN and two LAN interfaces or two pfSense boxes (one for router and second just for CP)? I do not want to run in problems with traffic shaping and complicated NAT and firewall rules just to save money for second pfSense box….

      Option 1:

      INTERNET ---> (WAN) pfSense ------> (LAN) ---> office users
                                          |
                                          +----->(OPT1) -->(CP)---> Access point (internet only, do not access LAN)

      Option 2:

      INTERNET ---> (WAN) pfSense 1 ------> (LAN) ---> office users
                                          |
                                          +--> (OPT1)---->(WAN) pfSense 2 ---> (LAN) -->(CP)---> Access point (internet only, do not access LAN)

      1 Reply Last reply Reply Quote 0
      • M
        Monoecus
        last edited by

        I think that the first version is fine for you. The drawback with both versions is that you do not have any traffic shaping on the OPT with pfSense 1.2.1. However, as you need Shaping only on the LAN for now, that first version is safe. In case you need Shaping on all Interfaces, wait for the version 2.0.

        For the access points. Just make sure that they cannot connect to LAN, by blocking access to LAN.

        1 Reply Last reply Reply Quote 0
        • U
          unguzov
          last edited by

          @Monoecus:

          I think that the first version is fine for you. The drawback with both versions is that you do not have any traffic shaping on the OPT with pfSense 1.2.1. However, as you need Shaping only on the LAN for now, that first version is safe. In case you need Shaping on all Interfaces, wait for the version 2.0.

          For the access points. Just make sure that they cannot connect to LAN, by blocking access to LAN.

          It is important to use traffic shaping for LAN and guest users. I need to limit guests to 30% from total bandwith AND use traffic shaper to distrubute fair these 30% to all guest users.

          So I will use Option 2 until version 2.0 comes out.

          Thanks for the help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post