Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Design Business Network 1HQ and 30 BO

    Scheduled Pinned Locked Moved
    General pfSense Questions
    2
    2
    157
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      olli2023
      last edited by olli2023

      Dear Community,

      I would like to design a business network. There are about 30 sites in total.
      1 main site with about 60 employees, there services like AD, DNS, DHCP, file server, certificate server,terminal server, Wifi Enterprise etc. are run. These services should also be made available to the 30 branch offices which have approx. 4 devices/persons per location.

      My idea, since the main site provides too little bandwidth, also a cloud pfsense which is controlled by the branch offices. Is this even necessary when running small pfsense devices at the branch offices?

      The following should be implemented, the branch offices should route directly to the internet via the small pfsense devices (which hopefully can be synchronized with the pfsense from the main site, i.e. rules etc.) and when internal services are controlled, access them via the pfsense in the main site.

      For example, can you still provide Wifi Enterprise WPA3 via the main site but route it directly to the internet instead of via the main site?

      Any suggestions would be greatly appreciated and thank you in advance.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I'm not sure how much help a cloud based concentrator would provide here unless you also moved other resources to the cloud and the HQ becomes just another site. That way if the HQ connection goes down the other sites remain up.
        Sure you can authenticate APs across one route whilst routing traffic from wifi clients over a different route.

        Currently there is no official central management for pfSense so much of this would be manual setup. Though you can have each site pull alias lists from something central and use those is rules for common requirements.

        Steve

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.