Location of pfSence in Network

[Benjamin_ONeal]

Hello everyone.  I have a HP Server with 2 gigabit LAN built in but it also had a PCI-X card with 2 gigabit connections on it.  I know i can run pfSence on this card to add a firewall other than the routers one but will it's location make a difference.  Currently I have the phone cable come into a router, the WIFI goes to Phones and Wife's Laptop, the only LAN in use goes to a Netgear switch that has my PC and FreeNAS Server, Playstation, and Soon security camera's.  I know if I run the cable from the router to the switch through pfSence it will protect the server and everything on the switch but not the WIFI. Is there another way to set this up that will protect everything? Any Help is Appreciated.

[MCManiac52]

Your best bet would be to buy a separate wireless access point. The Ubiquiti AC lite are a good choice and aren't too expensive, they offer great coverage and very fast speeds. Then you would need to disable the WiFi on your router, put it into modem only mode. Connect the PfSense firewall to 1 lan port on the router, then run another lan cable from the pfsense box to the switch. If your router doesn't have a modem only mode, put the PfSense box's static IP address for the WAN connection into the DMZ section of your current router.

Any questions, please let me know.

Corban

[Benjamin_ONeal]

Yes excellent idea, this could also work with another router couldn't it, either way i'd have all traffic running through the router firewall and the pfSence firewall that would have to keep the freeNAS server safe.  Thanks

[MCManiac52]

1 minute ago, Benjamin_ONeal said:

Yes excellent idea, this could also work with another router couldn't it, either way i'd have all traffic running through the router firewall and the pfSence firewall that would have to keep the freeNAS server safe.  Thanks

Yep, any router would work, this is how I had mine setup for 2 years, I had my ISPs modem with a lan cable going to an old PC running pfsense and then a switch connected to that. I wasn't able to replace my ISP router because they don't allow that (Sky UK) and it also doesn't have a modem only mode, so i had to use the DMZ, but that worked with no problems so you should be all good.

[Benjamin_ONeal]

Thank you.

[Benjamin_ONeal]

The pfSence won't use much resources will it. This is my storage server with plex.

[MCManiac52]

2 minutes ago, Benjamin_ONeal said:

The pfSence won't use much resources will it. This is my storage server with plex.

if you're planning on having both running on the same machine, I recommend virtualising the servers and turning the physical machine into a host, either using VMware ESXI (free version) or microsoft Hyper-V, you can then what resources each machine gets.

[Benjamin_ONeal]

I'm running freeNAS so pfSence will be in a jail which is the same as a vm but for programs.  If I give it 2GB Ram, 1 3ghz Core, and 5GB HDD should that do?

[MCManiac52]

1 minute ago, Benjamin_ONeal said:

I'm running freeNAS so pfSence will be in a jail which is the same as a vm but for programs.  If I give it 2GB Ram, 1 3ghz Core, and 5GB HDD should that do?

that would be plenty yes, if you start going above 20 or so devices maybe add more ram. PfSense isn't a program, it runs as it's own operating system based of FreeBSD, so you'd need to set up a full VM. Unless there's been an update that i'm not aware of which is entirely possible.

[Benjamin_ONeal]

Cool, I'll run a VM then and give it the Gigabit card. Thanks again

[MCManiac52]

17 minutes ago, Benjamin_ONeal said:

Cool, I'll run a VM then and give it the Gigabit card. Thanks again

No problem, if you have any other questions or issues please let me know