How To Setup SD-1100 w/Ubiquiti ER4+ES10
-
I'm trying to put my SD-1100 behind my Ubiquiti router & switch devices like this:
<Internet> ^ v Motorola MB8600 Cable Modem (MB8600) ^ v Ubiquiti EdgeRouter 4 (ER4) ^ v Ubiquiti EdgeSwitch 10 (ES10) ^ v Netgate SD-1100 (IDS/IPS) ^ v Ubiquity UAP-AC-LR (Wireless AP) ^ v <LAN>Up until recently, I have had the SD-1100 behind the MB8600 followed by the ER4 & then ES10. I believe Double NAT'ing was at play, among a few other poor configurations.
Given that the ER4 and ES10 are far more capable performance-wise with routing, the SD-1100 should be behind them. How should an SD-1100 be configured to support this topology? ...static IPs on both its WAN+LAN ports? ...external/internal bridge?
-
Bridging will not be any faster than routing. In fact it's often slower.
But if you want to configure the SG-1100 as a transparent device that's what you'd have to do.
https://docs.netgate.com/pfsense/en/latest/bridges/index.htmlYou might consider just disabling NAT so it's purely routing, which would be faster.
Or just running it as an IDS only using a mirror port on the switch.
Steve
-
Pure routing sounds like the way to go @stephenw10. Thanks!
