Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Location of a new PFSense appliance

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a4consulting
      last edited by

      Hi all,

      Normally, I religiously use Sonicwall or Cisco ASA appliances for security but, since Ive closed my office and now working from home, I've decided to cut costs and go with a PFSense rack mounted appliance.

      Never used this sort of firewall before so my questions is, where would the ideal location of the appliance should go?

      My initial thought are to have it in the same wiring as a VPN firewall/concentrator where one NIC goes to the router, and the other NIC to the switch.

      Or could I just simple wire both NIC's to the router or switch then, configure it as a DCHP/Firewall appliance?

      Basically the deployment situation is that I want my development Server Running Windows server 2008 and my MAC PRO behind a firewall and, allow certain TCP/IP addresses and Ports be allowed to be accessed from the DMZ/Internet.

      Can I please ask for some pointers/ configuration tips please.

      Thanks

      1 Reply Last reply Reply Quote 0
      • U
        userkiller
        last edited by

        You would use Wan the first Ethernet port as the in link from your router,  Lan1(your local connection going from your firewall to a small switch or server) you can get a small switch and enable DHCP on lan1 and that should automatically assign an IP to all the servers connected to your switch.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          KISS = Modem > pfsense WAN(s) > Switche(s) > Clients.

          1 Reply Last reply Reply Quote 0
          • A
            a4consulting
            last edited by

            @kejianshi:

            KISS = Modem > pfsense WAN(s) > Switche(s) > Clients.

            Precisely what I was planning and instinctively thought. Install it in the same way you would a VPN concentrator.

            KISS = Modem > PfSense from the wan of the MODEM Router > Switch > Server & Clients.

            (do I have to fit a WAN NIC Card to the PFsense to go from the appliance to the switch?  Or will a standard NIC card suffice.  Also, With it being a physical operating system, how will speed be a factor? And I'm assuming I can still use the DCHP Reservation from the Modem router and no configure the PFSense to assign IPs?

            Apologies for all the Questions on this, and it would be probably easier to go out and deploy a sonic wall but the sheer cost in this is prohibitive..

            thanks

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              In most cases at home, WAN or LAN NIC cards, its all the same.  Just get yourself at least two nice compatible Intel NICs (can be on a single card).

              Not sure about you second question, but you can get gigabit throughput pretty cheap.  Possibly even rummaging in a junk yard for hardware.  haha.

              Sure - You can get your DHCP IPs from your modem, no problem in most cases.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.