Splitting one network into two with Pfsense VM?

  • Hello,

    We got one physical network:

    And we want to split this one network into two:

    With the help of a virtual PFSense router, how is this possible?
    I should say that we have a DHCP server on 192.168.1.x network, that is setup to give adresses on 192.168.200.x, so a DHCP relay should do it.

    But how is this doable?

  • PFsense being virtualized doesn't change anything from at a high level from a design perspective, it just adds some complexity to the details underneath.

    You have multiple options. However, several decisions will need to be made to determine which path to go down. One of those decisions is whether your end goal is performance or security.

    Basically, you can separate the networks physically with all separate equipment or you can install a managed switch and use VLANs. Everything kinda branches off from there after this decision is made.

  • @marvosa
    Thanks for your anwser.
    I want performance, and of course some kind of safty.
    I want all the client to access the servers, as they can do that today.

    The reason we want to do this, is we're running out of IP adresses in our subnet, and we want to move clients (all with a DHCP address) to the new subnet.
    Should we give the new subnet a different Vlan than the current (Server subnet)?

  • whoa, just noticed I never responded... what did you end up doing?

    To answer your question:

    Should we give the new subnet a different Vlan than the current (Server subnet)?

    In general, yes, it's a good idea to have your workstations on a different VLAN than your servers. There are many reasons... one example would be... let's say one of your workstations gets infected and it's trying to infect other devices via broadcast discovery... well... the infection won't spread to your servers because they're in a different broadcast domain.

    Personally, I use different VLANs for everything... workstations, servers, printers, wireless, management, etc. It makes auditing easier and can help you with deployment, etc if you start implementing things like SCCM. Although, this may also be overkill depending on your environment and what your objectives are.

    My performance vs security comment had to do with where to terminate your VLANs (switch vs firewall).

Log in to reply