New pfSense design build for lab/home network - Critique needed



  • Wanted to get some expert opinions about my network re-design with pfSense as my new outer perimeter firewall, coming from my crappy dlink 855 router I had running as my perimeter.

    I drew up a basic design as to how I plan to re-design it here: http://www.gliffy.com/pubdoc/4008046/L.png (please forgive the "noobness" of the design)

    My new design is putting pfSense 2.0.1 on a supermicro atom board I got with 2x intel gigabit nics onboard.  My plan is to have 1 interface for WAN and the 2nd interface as my LAN interface going to the SG300 on it's own VLAN and subnet.  The rest of my network, I want to have behind my L3 SG300 switch so the switch handles all the internal traffic between my home network/lab network/DMZ, etc. all the internal stuff is being handled by SG300 and only having them go to the pfSense box if they need NAT/Internet access.

    I originally wanted to trunk my interfaces from the SG300 to the pfsense box but if I do that, won't the traffic that get's switched from one vlan/subnet to the other occur on the pfsense box hence slowing me down?  Will my original plan of putting everything behind the switch work?

    Thanks in advance.



  • @vsecgod:

    I originally wanted to trunk my interfaces from the SG300 to the pfsense box but if I do that, won't the traffic that get's switched from one vlan/subnet to the other occur on the pfsense box hence slowing me down?

    Yes, but depending on the volume of such traffic you may not notice it.

    @vsecgod:

    Will my original plan of putting everything behind the switch work?

    Yes.



  • Thanks Wally!


Log in to reply