Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup for hotel

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 898 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      khansen
      last edited by

      I have a few design questions if anyone can provide any input.

      I am working with a local private hotel that has the following:

      Internet provider 1 - 5 IPs main connection
      Internet provider 2 - 5 IPS backup connection

      Internal:

      Public wifi
      Private network
      POS system has own firewall required (separate IP ?)
      Directv DRE system has own firewall required (separate IP ?)
      PMS system, most likely part of the private network

      I am planning on using the C2758 with additional interfaces added.

      1 - should each ISP be setup on only one interface with all IPs configured as subinterface and pass through to the other firewalls or should there be a switch between ISPs and pfSense so that each firewall is assigned own IP

      2 - would it be easier to manage if each internal network be assigned to separate interfaces or VLAN them? The POS will have to have access to the private to communicate with the PMS system for foodservice billing, the public wifi will need access if possible to parts of the private network (the rooms have automation controls for lighting, audio, TV, shades, etc. that is controlled by Crestron system, and they want to give guests ability to BYOD and connect and control room functions.

      Appreciate any input.

      Kurt

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        the public wifi will need access if possible to parts of the private network (the rooms have automation controls for lighting, audio, TV, shades, etc. that is controlled by Crestron system, and they want to give guests ability to BYOD and connect and control room functions.

        What you do is dependent on whatever security measures are in place by these Crestron people.  How do the users authenticate so they can only control their own room?  Last name/room number on a web page?  Are they expected to install an app?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.