Installation Help



  • Hi,
    Am new to this.
    Looking for an advise about the deployment of pfsense in my co..
    Here goes my scenario….
    I have 3 broadband connections (with different speeds).
    All the 3 are used for different live applications. (No back up line for me)
    My questions are...
    1. If i need to configure pfsense, my machine should have minimum of 4 (3 for wan and 1 for lan) Ethernet cards. Am I right?
    2. All the 4 Ethernet cards must be configured at the time of installation or can i configure other wan Ethernet cards, once pfsense is deployed with one wan port?
    3. My users strength is nearly 100 including servers and users. What should be minimum configuration of my machine which can handle all the users.
    4. Can I establish a connection with an other firewall (Fortigate) which is in other location, with this pfsense?

    Thanks in advance for all those who helped me in this..

    Bainwave



  • @bainwave:

    1. If i need to configure pfsense, my machine should have minimum of 4 (3 for wan and 1 for lan) Ethernet cards. Am I right?
    2. All the 4 Ethernet cards must be configured at the time of installation or can i configure other wan Ethernet cards, once pfsense is deployed with one wan port?
    3. My users strength is nearly 100 including servers and users. What should be minimum configuration of my machine which can handle all the users.
    4. Can I establish a connection with an other firewall (Fortigate) which is in other location, with this pfsense?

    1. Yes BUT you can also use multiple VLANs and a VLAN capable switch to reduce the number of physical interfaces you need.
    2. No, you can configure interfaces any time after installation.
    3. Depends on how much data you want to push through the pfSense box and the distribution of packet sizes. For the same amount of data small packet sizes cost more CPU than larger packet sizes.
    4. In principle yes. What kind of connection?



  • Thanks bob for your speedy help.

    few more questions still hunting me..
    1. I have  CISCO Catalyst 2950G switch, can I club all my 3 broadband connections with a single NIC?
    if yes, how could I achieve this?

    All my broadband connections are having a pool of (20) public ip's.

    2. Now can i configure all my public ip's into this pfsense in order to run my show?

    Am in a work group environment, can I control the users & computers from this pfsense?

    Once again Thanks for your advise.



  • 1. You your swith support vlans you can setup your pfsense with one nic

    2. You can apply your ips on pfsense, one network per interface using ip alias or carp.



  • @bainwave:

    Thanks bob for your speedy help.

    few more questions still hunting me..
    1. I have  CISCO Catalyst 2950G switch, can I club all my 3 broadband connections with a single NIC?
    if yes, how could I achieve this?

    All my broadband connections are having a pool of (20) public ip's.

    2. Now can i configure all my public ip's into this pfsense in order to run my show?

    Am in a work group environment, can I control the users & computers from this pfsense?

    Once again Thanks for your advise.

    1. You need to setup VLANs on pfSense upon the first boot up.  Configure 1 VLAN each for the 3 WANs and 1 LAN.

    If for example, you use VLAN 10, 20, 30 and 100 for WAN 1, 2, 3 and LAN respectively; then you continue with the interface setup assigning VLAN 10 for WAN, VLAN 100 for LAN; the remaining interfaces can be configured from the webgui.

    Let's assume you use ports 1, 2, 3 on the switch for WANs 1, 2 and 3 respectively.  You'll then need to configure Port 1 to be native VLAN 10, Port 2 to be VLAN 20 etc.  Now, these ports need to strip the VLAN tag on egress and tag on ingress (default VLAN ID per port).

    Next, assuming Port 4 is connected to pfSense, you'll need to trunk VLANs 10, 20, 30, 100 to Port 4.
    The rest of the ports that are connected to LAN will then need to be in VLAN 100 (tag on ingress aka default VLAN ID) and strip the VLAN tag on egress.

    eg.
    In priviledged access mode type:
    vlan database
    vlan 10 WAN1
    vlan 20 WAN2
    vlan 30 WAN3
    vlan 100 LAN
    exit
    copy running-config startup config

    configure terminal
    interface fastethernet0/1
    switchport mode access
    switchport access vlan 10
    interface fastethernet0/2
    switchport mode access
    switchport access vlan 20
    interface fastethernet0/3
    switchport mode access
    switchport access vlan 30
    interface fastethernet0/4
    switchport mode trunk
    switchport trunk allowed vlan 10,20,30,100

    interface fastethernet0/5          <–--  repeat bolded section for all the ports you need to be on LAN
    switchport mode access
    switchport access vlan 100

    end
    copy running-config startup-config

    After that you can configure the remaining VLAN interfaces in pfSense for your WAN2 and WAN3 links accordingly.


Log in to reply