Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Seeking advice on new pfsense environment

    General pfSense Questions
    3
    4
    598
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cookiesowns last edited by

      Heyo!

      Wondering if the wonderful pfsense community could guide me on the right track.

      I'm looking to replace a sonicwall device acting as our edge router/firewall. It's doing DHCP, DNS, and firewalling right now.

      The new setup will consist of 2 switches and 1 router ( pfsense box )

      My plan is to run 3-4 vlans, 1 vlan for the wireless clients, 1 vlan for the master workstations, 1 vlan for management/servers, and 1 secure vlan. ( maybe VPN )

      I was hoping to have pfsense handle the DHCP assignment, firewall, QOS based on subnets, and maybe snort / squid as a pure edge device.. but I'm in a dilemma.

      After some researching it appears that pfsense isn't capable of setting up DHCP per subnets if the vlans aren't created on the pfsense box… so I'm unsure on how to go about this now.

      VLAN's WILL be created on the core switches, and inter-vlan routing will be handled there. Default gateway for non LAN traffic will be defaulted to pfsense...

      1 Reply Last reply Reply Quote 0
      • G
        G.D. Wusser Esq. last edited by

        You could still create the VLANs on the pfSense, and you do not have to route them anywhere, you can point the interface to a custom Gateway, right?

        1 Reply Last reply Reply Quote 0
        • B
          bennyc last edited by

          I agree you should let the L3 switch do the intervlan routing. Way more efficient…

          About the DHCP: I can recommend this bounty: https://forum.pfsense.org/index.php?topic=65736.0
          Marcello made a small change to the code, and his solution works nice for me. He also pushed it to be included in the 2.2 branch (well, 3 times or so, I'll be thankfull for his persistence somewhere in the future), and I'm hoping it will be a future-proof modification.
          (it's almost unbelievable it's not a standard feature :D)

          my 2cents...

          When in doubt, see: https://tools.ietf.org/html/rfc1925

          1 Reply Last reply Reply Quote 0
          • C
            cookiesowns last edited by

            @G.D.:

            You could still create the VLANs on the pfSense, and you do not have to route them anywhere, you can point the interface to a custom Gateway, right?

            I guess I could, but I'm not 100% sure what you're getting at.

            You mean create multiple vlans with different gateways, assign dhcp per vlan, and point IP-helper or DHCP w/e on juniper to each individual gateway?

            I guess this could work, and just NAT the primary VLAN and point default route on the switch to that pfsense gateway right?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post