4. how to deploy pfsense in the current network?

how to deploy pfsense in the current network?

  • S

    I'm new to pfsense. I have look through this forum in search on how to deploy pfsense to our current topology. We are running a school with mostly with ubiquiti hardware such as USG pro4, switches, APs and cameras.

    Our goal to have pfsense mainly to block websites and contents filtering. Our current ubiquiti USG could not do so.

    Can pfsense deploy behind the USG according to our setup in this diagram?

    unif pfsense.jpg

    If so, what should I do from there? If not, what is the best solution?

    Thanks

    0
  • Netgate Administrator

    It depends how you're filtering. It won't be firewalling in that situation. It could run as a DNS server connected like that and then filter DNS queries using DNS Blacklist in pfBlocker-NG.
    If you run Squid/Squidguard for web filtering via a proxy you could have the USG redirect all http/https traffic to it. It would be better to connect it directly to the USG on a separate interface to avoid asymmetric routing if proxying transparently like that.
    If non-transparent you can have it connected as show and clients will just connect to it directly.

    Steve

    0
  • S

    Thanks @stephenw10 for your reply. I am trying to digest what you said. Do you recommend that pfsense to connect directly to the USG and from the pfsense to the switch or USG LAN1 to the switch and LAN2 to the pfsense?

    unif pfsense2.jpg

    or

    unif pfsense1.jpg

    0
  • Netgate Administrator

    It's impossible to recommend how you connect it without knowing exactly what you are going to be doing with it.

    If you want to filter general traffic using firewall rules then obviously it must go in-line with the traffic like in your second diagram. Though I would just replace the USG with pfSense in that case.

    Steve

    0

  • I would just remove the USG in your diagram 3, OR if you want to use the USG, switch places with the Pfsense. Make the Pfsense your 1st entry. Otherwise you have to make rules in Pfsense for the management interface of the USG,and maybe issues when the USG wants to communicate with the other Unifies underneath the Pfsense.

    0
  • M

    Another vote for replacing the USG with PFsense. I haven't seen anything in your diagrams that would warrant having two firewalls in your environment.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy