Seeking advice on new pfsense environment
-
Heyo!
Wondering if the wonderful pfsense community could guide me on the right track.
I'm looking to replace a sonicwall device acting as our edge router/firewall. It's doing DHCP, DNS, and firewalling right now.
The new setup will consist of 2 switches and 1 router ( pfsense box )
My plan is to run 3-4 vlans, 1 vlan for the wireless clients, 1 vlan for the master workstations, 1 vlan for management/servers, and 1 secure vlan. ( maybe VPN )
I was hoping to have pfsense handle the DHCP assignment, firewall, QOS based on subnets, and maybe snort / squid as a pure edge device.. but I'm in a dilemma.
After some researching it appears that pfsense isn't capable of setting up DHCP per subnets if the vlans aren't created on the pfsense box… so I'm unsure on how to go about this now.
VLAN's WILL be created on the core switches, and inter-vlan routing will be handled there. Default gateway for non LAN traffic will be defaulted to pfsense...
-
You could still create the VLANs on the pfSense, and you do not have to route them anywhere, you can point the interface to a custom Gateway, right?
-
I agree you should let the L3 switch do the intervlan routing. Way more efficient…
About the DHCP: I can recommend this bounty: https://forum.pfsense.org/index.php?topic=65736.0
Marcello made a small change to the code, and his solution works nice for me. He also pushed it to be included in the 2.2 branch (well, 3 times or so, I'll be thankfull for his persistence somewhere in the future), and I'm hoping it will be a future-proof modification.
(it's almost unbelievable it's not a standard feature :D)my 2cents...
-
@G.D.:
You could still create the VLANs on the pfSense, and you do not have to route them anywhere, you can point the interface to a custom Gateway, right?
I guess I could, but I'm not 100% sure what you're getting at.
You mean create multiple vlans with different gateways, assign dhcp per vlan, and point IP-helper or DHCP w/e on juniper to each individual gateway?
I guess this could work, and just NAT the primary VLAN and point default route on the switch to that pfsense gateway right?