Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense as ethernet router? versus cisco sg-300….

    Hardware
    3
    4
    3038
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ineti last edited by

      Hi,

      I'm currently using a cisco-sg-300 in layer-3 mode. It is very fast but not the best solution for my internal firewalling.
      I'd like to use the cisco as a layer-2 switch und I'd like to do my pfSense box the internal subnet routing (much smoother firewalling in pfSense).

      Would a Atom D525 be sufficient to da gigabit routing?

      Have a look at my current layer-2 und layer-3 layout at those links:

      http://www.köller.de/pics/layer3.png
      http://www.köller.de/pics/layer2.png

      the pfsense box is in subnet 10.1.5.0 aka vlan5 and just doing the outbound traffic…It has 2 NICs...I would just add another dual gigabit card to it...

      So the new topology would be:

      10.1.2.0 (Servers)---------------> pfSense
      10.1.3.0 (cabled clients) ---------------> pfSense
      10.1.4.0 (wifi) ---------------------------> pfSense

      pfSense should do the routing and firewalling; the cisco sg-300 would go to layer-2 mode and host some vans tagged and untagged...

      I'd like to abandon the cisco as a router not only because of it's crappy rule setting but also because it doesn't do IPv6 routing, that my ISP will enable soon in native mode...Sure I could use the pfSense for internal ip6 routing and the cisco do the ip4 routing, but I don't want to service two systems...

      I hope someone can help me.

      Marcus

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        @ineti:

        Would a Atom D525 be sufficient to da gigabit routing?

        No.  ;)
        You will get something like ~550Mbps with a D525.
        Instead you should use one of the low end Sandybridge CPUs which are similarly priced and only consume slightly more power. E.g.:
        http://forum.pfsense.org/index.php/topic,45439.0.html

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke last edited by

          But you should ask yourself if it is neccessary that there is an avarage of gigabit bandwidth used or if gigabit is only a peak. But the CPU is to low for that - you are additionally using a proxy and VPN which need CPU power.

          1 Reply Last reply Reply Quote 0
          • I
            ineti last edited by

            Thanks for the fast replies.

            I think I'll stay with my current setup and use the cisco for ip4 routing…I need the gigabit speed to access my file servers in 10.1.2.0/24 in a proper way.
            I'll just add another NIC to my pfsense and let it do the ip6 traffic....

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy