SG-2440



  • I'm new to PFsense and I'm looking at purchasing an SG-2440.

    My question is, can I use this to create 2 completely separate local networks that can share the same internet connection?

    We are about to have Ultra Fast Fibre installed in to our building (200Mb/s Down and Up) and have been told we need a Router than has an Ethernet WAN port which can connect on PPPoE.  From there I would like to create one network for me and a separate one for my tenant.

    My LAN will feature several PCs, a NAS, some Media Players and use an Apple Airport Extreme as a wireless access point.

    My Tenant has a PC, games console and uses a Netgear Wireless Access point.

    We currently have two separate wi-fi networks, but he can see all my attached computers, media players etc (they're password protected so he can't access.)  Due to the sensitivity of some of my work, it is important that my tenant can not even see what is connected in my LAN.  My work is insisting on this before they let me take home some new toys…

    Can I set up an SG-2440 for this?  I realise i may have some learning to do, but want to know if it's possible before I invest in the hardware.



  • Sure, that's a common situation. The hardware we sell are all multi-port firewalls, not a switch like consumer grade routers (where you can't do that with their ports).

    If you're not familiar with commercial-grade firewalls you'll have a bit of a learning curve, but what you're talking about there isn't all that complicated. The included support incidents with the hardware would probably suffice to get you enough guidance to get that up and going.



  • Excellent - thanks cmb.

    One thing that confused me was the labeling of the ports on the back.  What's the difference between LAN and OPT1, OPT2?  For my use, would they effectively be the same thing?



  • @oxonrich:

    Excellent - thanks cmb.

    One thing that confused me was the labeling of the ports on the back.  What's the difference between LAN and OPT1, OPT2?  For my use, would they effectively be the same thing?

    They are. OPTionally, if you need LAN2 and LAN3, then you would enable these ports.  You would place each of these on a separate subnet and block it entirely from the other if you don't want your tenant to see anything on your network at all.



  • I'm new to PFsense and I'm looking at purchasing an SG-2440.

    Would be a real good choice.

    My question is, can I use this to create 2 completely separate local networks that can share the same internet connection?

    For sure you are able to set it up in any way you want, using VLANs or only by strictly plain routing
    Plain routing and firewall ACLs

    • WAN Port = Internet
    • LAN Port 1 = Tenant´s network 192.168.2.0/24 (255.255.255.0)
    • LAN Port 2 = Your network 192.168.3.0/24
      Using VLANs:
    • WAN Port = Internet
    • LAN Port 1 = VLAN10 - Tenant - 192.168.2.0/24 (255.255.255.0)
    • LAN Port 2 = VLAN20 - own network - 192.168.3.0/24

    We are about to have Ultra Fast Fibre installed in to our building (200Mb/s Down and Up) and have been told we need a Router than has an Ethernet WAN port which can connect on PPPoE.  From there I would like to create one network for me and a separate one for my tenant.

    As shown above no problems with this.

    My LAN will feature several PCs, a NAS, some Media Players and use an Apple Airport Extreme as a wireless access point.

    pfSense offers more than one way to secure your WLAN over a Captive Portal for guests and
    a radius server for your own.

    My Tenant has a PC, games console and uses a Netgear Wireless Access point.

    Doesn´t matter in which way it will be separated, you also can set up each SSID in one VLAN
    and so you both will be separated each from another one! Or you will be are able to use only
    one WLAN with one SSID and you will be enabling the WiFi client separation so no one is able
    to reach the devices of the other side. I personally would prefer the other way with the own
    VLANs for each SSID.

    We currently have two separate wi-fi networks, but he can see all my attached computers, media players etc (they're password protected so he can't access.)

    With more or less time and money this will be for the most real guys that would be have a look inside
    of your network not the problem, but if you are working together with certificates and a radius server
    or a Captive portal for your guests it would be more save and no one get access without a certificate.

    Due to the sensitivity of some of my work, it is important that my tenant can not even see what is connected in my LAN.  My work is insisting on this before they let me take home some new toys..

    Both the WLAN and the LAN are able to run in different VLANs and with matching firewall rules or ACLs
    it would not be able to have a look to the other side. You will have only some things on your side!

    • the pfSense box
    • a network Switch where all is connected to
      This should be under your control at your home side or in your apartment.

    Can I set up an SG-2440 for this?

    Yes for sure, I personally would be save more money and want to go with the SG-4860 variant
    which is coming up with a Quad Core CPU @2,4GH and 8 GB of RAM. The rest will be nearly
    identically only two LAN Ports more.

    For the start with pfSense you have three most common ways to get fast informations about;

    • 2 books are out about pfSense to help you getting starting right
    • the pfSense on-line Doc´s pages with useful tips and step by step examples
    • this forum

    I realise i may have some learning to do, but want to know if it's possible before I invest in the hardware.

    The hardware is combining the best of both worlds PC Engines APU and the Supermicro boards.
    The hardware it selfs will be not being a brick if you stack with pfSense!
    It will be able also to run, pfSense, OPNSense, IPFire, IPCop, Untangle UTM, Sophos UTM,
    ZeroShell, perhaps ClearOS, OpenBSD, SmoothWall, and for sure many more firewall or router
    distributions likes OpenWRT or DD-WRT. But it is a very powerful hardware with AES-NI and
    intel QuickAssist support that will be future proof.



  • Thank you both for your help.

    I got completely distracted with work and forgot to come back and check the forum but I really appreciate your help.

    Cheers.


Log in to reply