Hardware Setup - Flowchart
-
I am new to pfSense but have been through the Cisco CCNA classes, so hopefully am not a complete idiota here.
My equipment:
- SMC DOCSIS 3.0 Commercial Cable Modem - Comcast
- Cisco SG 300 Managed Switch - 10 port
- Network Appliance - AMD Quad Core, 8 GB DDR-3 RAM, 1 TB WD Green HDD
- 2 Intel Gigabit NIC's + onboard NIC - I plan to use only the 2 PCI-e Intel NIC's, not the onboard NIC
I assume I should connect;
- CAT-7 ethernet cable from Comcast modem to one of the NIC's
- Ethernet out the other NIC to the Cisco Managed Switch –> 5 computers and file server
Point of confusion: Since I have ethernet out the DOCSIS modem (MDI/MDIX ports), I don't have a serial connection per se, so that would obviate the need for a WAN connection?
Note: I do not intend to set up VLAN's now. Just want to get started with pfSense firewall and NAT, then will add modules later (SNORT, etc.)
-
You probably don't need to use anything as high spec as cat7 ;), but yes that's correct.
Point of confusion: Since I have ethernet out the DOCSIS modem (MDI/MDIX ports), I don't have a serial connection per se, so that would obviate the need for a WAN connection?
I'm not sure quite what you mean here. No, you don't have a serial connection. Perhaps you mean you don't have a PPP connection such as PPPoE? That's fine, your WAN interface will use DHCP to get its IP from the modem (or whatever upstream device is handing them out). You still have a WAN interface.
I guess the terms WAN and LAN are just used by convention, they could equally be labelled External and Internal or Public and Private.Note: I do not intend to set up VLAN's now. Just want to get started with pfSense firewall and NAT, then will add modules later (SNORT, etc.)
This is definitely the way to go, one step at a time. :)
Steve
-
Hey, Steve, thanks for the response. Btw, please accept my apologies for not getting back to you sooner but I have had an absolutely awful middle-ear infection that is just now beginning to clear up.
-
I knew the reference to CAT-7 would bring out the minimalists. 8)
-
Also, further reading of the pfSense manual revealed just how silly my question was. Basically, it should be ethernet from Comcast modem to NIC which is then within the pfSense setup designated as the WAN card and so on.
-
Since I am such a newbie with pfSense, I believe it's probably wise for me to setup up the router and firewall first and then do the VLAN configuration later. Agree?
-
Also, I think the VLAN's should be configured on the pfSense Network Appliance and not on the Cisco Switch which is a Layer 3 switch and thus capable of elementary routing. I think it's just better to keep things all together on the network appliance. Will probably need to purchase multi-port ethernet NIC's to do that - but later after I get the basics up and running.
-
-
Yes definitely setup a basic configuration first, get that working as you expect it then add more complex elements like VLANs or packages. One step at a time! ;)
You need to do the routing between VLANs with pfSense if you want to apply any filtering. Conversely if you don't need filtering between them a layer 3 switch will be much faster and will remove a large load from the pfSense box.
Steve
-
will remove a large load from the pfSense
Certainly makes sense but following up my pfSense box has 8 GB of DDR3 RAM, a Quad-core AMD, i.e. lots of resources compared to what a normal person would use.
(correct, I do no qualify as "normal")With such profligate resources at pfSense's disposal would it still be wise to use the Layer 3 switch to do the VLAN's?
-
Ah, yes. Much faster was probably not the right term. Using the switch will still be faster but your hardware should have no issues getting close to wire speed. It will be slowed by the fact that all the traffic has to share a single Gigabit connection between the pfSense box and the switch.
Since you already have both bits of hardware just try it and see. ;)
Steve
-
all the traffic has to share a single Gigabit connection between the pfSense box and the switch.
For that reason plus the ease/simplicity of configuration, I believe it's best to configure the VLAN's on the Network Appliance and just add the required number of NIC ports to the Cisco Managed Switch, taking care to tell the switch ports what VLAN owns them.
