1. Home
  2. pfSense® Software
  3. Installation and Upgrades
  4. SG-1100 and Unifi Dream Machine

SG-1100 and Unifi Dream Machine

  • A

    Ok....a bit sick of being told 'dont do it'.....kind of just looking for a solution from the brains trust instead of being told to re-evaluate my setup.

    I have a UDM and an SG-1100 - the reason i have the SG-1100 is because PiHoles are junk largely, and the UDM doesnt quite do everything....so i need both.

    Can someone help me get this thing working right? I have spent 6 hours today routing, un routing, setting vlans....nothing is working. There has to be something super simple im missing.

    Basically - i want the SG-1100 sitting behind the cable modem, doing the hard security work, while the UDM sits behind it (receiving WAN traffic...which is currently does not) and does all the vlan routing/DHCP etc.

    Hopefully there are some smart people out there that can figure this out.

    Thanks

    0
  • johnpoz
    LAYER 8 Global Moderator

    Why would you be setting vlans?

    Out of the box this would just work - in a double nat.. Are you trying to use your sg1100 as a transparent bridge firewall? Are you trying to setup udm as such? Does your isp setup some tags on their connection that you would need to play with vlans?

    Out of the box you connect them together making sure you don't overlap networks and would work right out of the box

    internet - publicIP (wan - sg1100 - lan) -- 192.168.1/24 -- (wan UDM lan) 192.168.2/24 -- devices

    0
  • A

    sorry - been away for work.

    I am trying to get the SG1100 to work as a transparent firewall....but for whatever reason as soon as i configure it as per the instructions on the netgate forums - it stops working.

    So - i guess the real question is - can the SG1100 ACTUALLY be used as a transparent WAN-LAN firewall without NAT- i.e

    Cable Router - Wan SG1100 - firewall bits n pieces (No NAT) - Lan out - internal router (NAT)

    WITHOUT NAT - as i would prefer my internal router to do NAT - i dont have any issues with it working now - so id prefer not to change as i have everything working fine.....i literally just wanna throw the SG1100 in front so i can use PFBLOCKER, etc to try and get rid of some of the everyday crap bombarding our devices, and so i have a VPN endpoint for work.

    As my cable router is ISP Dynamic IP - how is the SG1100 able to get the upstream router when its dynamic in that circumstance. I think this is where the problem is - because we dont get assigned static upstream IP's....the SG1100 has no idea where to send it - because there is no way for me to get the upstream router details.

    Any help would be great.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy