Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Splitting one network into two with Pfsense VM?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 514 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lennydk87
      last edited by

      Hello,

      We got one physical network:
      192.168.1.0

      And we want to split this one network into two:
      192.168.1.0
      192.168.200.0

      With the help of a virtual PFSense router, how is this possible?
      I should say that we have a DHCP server on 192.168.1.x network, that is setup to give adresses on 192.168.200.x, so a DHCP relay should do it.

      But how is this doable?

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        PFsense being virtualized doesn't change anything from at a high level from a design perspective, it just adds some complexity to the details underneath.

        You have multiple options. However, several decisions will need to be made to determine which path to go down. One of those decisions is whether your end goal is performance or security.

        Basically, you can separate the networks physically with all separate equipment or you can install a managed switch and use VLANs. Everything kinda branches off from there after this decision is made.

        L 1 Reply Last reply Reply Quote 0
        • L
          Lennydk87 @marvosa
          last edited by

          @marvosa
          Thanks for your anwser.
          I want performance, and of course some kind of safty.
          I want all the client to access the servers, as they can do that today.

          The reason we want to do this, is we're running out of IP adresses in our subnet, and we want to move clients (all with a DHCP address) to the new subnet.
          Should we give the new subnet a different Vlan than the current (Server subnet)?

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by marvosa

            whoa, just noticed I never responded... what did you end up doing?

            To answer your question:

            Should we give the new subnet a different Vlan than the current (Server subnet)?

            In general, yes, it's a good idea to have your workstations on a different VLAN than your servers. There are many reasons... one example would be... let's say one of your workstations gets infected and it's trying to infect other devices via broadcast discovery... well... the infection won't spread to your servers because they're in a different broadcast domain.

            Personally, I use different VLANs for everything... workstations, servers, printers, wireless, management, etc. It makes auditing easier and can help you with deployment, etc if you start implementing things like SCCM. Although, this may also be overkill depending on your environment and what your objectives are.

            My performance vs security comment had to do with where to terminate your VLANs (switch vs firewall).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.