Hardware Advice



  • Hi all, I'm looking to set up an inline bridging firewall / IDS between my ADSL Modem and Wireless Router (which acts as my main router / gateway).  What I'm envisioning is pictured below:

    I'm thinking of using the Supermicro A1SAi-2550F motherboard with 8GB (2x4GB) of RAM, this also has 4 x Gigabit LAN ports so I could use 2 of them for the connection to Modem (WAN) and Wireless Router (LAN), and connect another back to my switch in order to administer the box.

    Is what I'm hoping to do feasible and will the hardware cope with a line up to 200Mbps download?  (Note; although my line is currently ADSL and around 8Mbps I'm expecting a fibre upgrade soon.  My modem can do both ADSL and VDSL/FTTC).

    I'm completely new to using pfsense and using this as an opportunity to learn as well as improve my home network security.



  • Hi all, I'm looking to set up an inline bridging firewall / IDS between my ADSL Modem and Wireless Router (which acts as my main router / gateway).

    Hello, but this would be mostly going to bring you only much
    more problems earliyer or later, for sure there are some cases out there to realize it
    likes you want to do it, but yours is a tiny simple setup that can be much better, only
    in my opinion, solved out.

    I would suggest to set it up like this or likes shown in the next line:
    My suggestion:
    Internet –- modem --- pfSense --- LAN Switch --- Wireless router as WLAN AP
    Alternatively:
    Internet –- modem --- WLAN Router --- pfSense as a transparent firewall --- LAN Switch

    I'm thinking of using the Supermicro A1SAi-2550F motherboard with 8GB (2x4GB) of RAM,

    You will be better to go with the Supermicro A1SRi-2558F related to the support of the AES-NI and Intel
    QuickAssist the A1SAi-2550 is ablsolutely identically the the A1SRi, but it comes with AES-NI and turbo
    boost instead of the Intel QuickAssist technology.

    I'm completely new to using pfsense and using this as an opportunity to learn as well as improve my home network security.

    And pointed to this circumstance I will more suggest you to go not with a bridged firewall or put it
    inside behind of the WLAN router.

    this also has 4 x Gigabit LAN ports so I could use 2 of them for the connection to Modem (WAN) and Wireless Router (LAN), and connect another back to my switch in order to administer the box.



  • If I use the 2558f, and can I utilise that as the gateway / router and then have it link to the Switch and Wireless Router in AP mode as two separate LAN's with their own subnet?

    _____
                                  |        WiFi AP
    Modem –-- pfsense |
                                  |____Switch



  • Actually, please ignore my previous post.  I think I'll just go from the pfsense box to the Switch and setup seperate VLAN's using the Cisco Switch instead.  At least that way I can get the switch to do what it does best and not play around with the pfsense box trying to act like a switch.

    Thank for advice!



  • @OpenFerret:

    Actually, please ignore my previous post.  I think I'll just go from the pfsense box to the Switch and setup seperate VLAN's using the Cisco Switch instead.  At least that way I can get the switch to do what it does best and not play around with the pfsense box trying to act like a switch.

    I don't understand why you would add this level of complexity with VLAN while your previous approach was perfect.
                                  _____
                                  |        WiFi AP
    Modem –-- pfsense |
                                  |____Switch

    This is better because pfSense will bring benefit to both LAN and WLAN, segregate each and isolate both from internet without the potential burden with VLAN.

    If you intend to deploy later on VPN, AES-NI or AMD CPU is a good advice as state above.
    No need to deploy up to 8GB unless you intend to run HTTP proxy (Squid) with lot of cache.



  • Thanks Chris!



  • @OpenFerret:

    Actually, please ignore my previous post.  I think I'll just go from the pfsense box to the Switch and setup seperate VLAN's using the Cisco Switch instead.  At least that way I can get the switch to do what it does best and not play around with the pfsense box trying to act like a switch.

    Thank for advice!

    Yes thats might be right! And the WLAN can also be split into several VLANs with his own IP address range
    that would you bring up to build a guest and private WLAN.

    If I use the 2558f, and can I utilise that as the gateway / router

    Yes you can easily install pfSense on it and it came along with AES-NI and Intel QuickAssist that might
    be much better as AES-NI and TurboBoost, the TurboBoost would be better for the device to use it as a NAS
    or server running servers like Apache or similar.

    and then have it link to the Switch and Wireless Router in AP mode as two separate LAN's with their own subnet?

    Yes for sure you will be able to do so, this was the most common way to use it before VLANs were in the network game!
    So if your Switch will be able to support VLANs it would be better to go with them, because you will be able to set up VLANs for private usage and connect to the entire network (LAN) and another one only for WLAN Guests with connect
    to the Internet only!

    This is better because pfSense will bring benefit to both LAN and WLAN, segregate each and isolate both from internet without the potential burden with VLAN.

    If no internal (private) and external (guest) WLAN must be exist it would go, but in any case as todays hardware
    will be able to do it, I would never connect all devices directly to the pfSense! If he is able  to take a small Layer3
    switch in the game this would be the best structure then to connect all the devices to that switch and with then two routing points in the entire LAN structure you will be speed up many things and a single failure or miss config. in the pfSense will not be smash down the entire LAN WAN network.

    If you intend to deploy later on VPN, AES-NI or AMD CPU is a good advice as state above.

    The C2558 "Rangeley" platform will be coming along with both AES-NI and QuickAssist.



Log in to reply