Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Redesigning network for lab and gaming, cisco switch, pfsense router

Posted on 2016-10-02
9
Medium Priority
?
338 Views
Last Modified: 2016-10-30
So this is a bit of a mixed question so I will try to explain the best I can.  I am planning a redesign of my home network using pfSense, Untangle, and a Cisco switch.  The objective is to have 3 separate networks - gaming, WiFi, and lab.

I previously set this up successfully using a Cisco 1841 router, but due to its age and limitations, I am replacing it with pfSense, mainly due to the uPnP capability for the gaming network.  So most of the work is already done.

The pfSense hardware has 4 NICs - WAN, LAN, OPT1, and OPT2.  The focus would be OPT2 for the gaming network.  First, I would set OPT2 to support uPnP.

Next, the switch is Cisco SG300-20 running in layer 3 mode.  I created a VLAN30 for it for the lab network for my servers and workstation, and it routes to the LAN port on the router.

So part 1 of the question is, can the SG300-20 have a separate gateway for the gaming network which would route to OPT2, such as VLAN 40?  I want to keep the gaming and lab networks completely isolated from each other for security reasons.  The switch has a feature called private VLAN settings, is this where the gaming VLAN should be created?

Part 2 is, since the switch is in layer 3 and VLAN 40 routing to 10.0.0.1 first before out to the Internet, will my Xbox One still get an Open NAT and will the WII U have all 65535 UDP ports open with the OPT2 interface set to uPnP in pfSense?

I have attached a diagram to help illustrate the goal.
redesign.pdf
0
Comment
Question by:bigeven2002
  • 6
  • 3
9 Comments
 
LVL 47

Expert Comment

by:Craig Beck
ID: 41825932
Don't use the switch to route your traffic. I'd use the pfSense for that so you can firewall each VLAN.

It doesn't matter how many hops you make; NAT will be detected.  uPnP will open as many ports as needed as long as they're not in use.

What is Untangle doing?
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41826296
Thanks for the reply.  Untangle is the UTM that is in bridge mode between the router and the lab network to add protection to the servers and workstation.
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41826304
More specifically it is doing IDS, 2 antiviruses, ssl inspect, and web filtering.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
LVL 17

Author Comment

by:bigeven2002
ID: 41826922
If it helps, the reason for layer 3 mode on switch was to minimize broadcast traffic to the utm and router.
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 41828095
Have you thought about using the firewall as the gateway for the gaming network and using the switch as the gateway for everything else?
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41828502
Yes, that was going to be my backup plan if I could not get this proposal to work.  I wanted to visit this idea in the question first since I had the available ports on the layer 3 switch and could theoretically use vlans and multiple gateways from it.

The backup plan would require me getting a quad port nic for the router or an additional switch.  The Xbox and Wii U are just two of the consoles I would connect.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 41829406
Ok, well I suppose it depends if you want to be able to do any of the UTM stuff to your gaming traffic before it gets a chance to get to the other VLANs.  If you're not bothered, simply use ACLs at the L3 switch.

Does your Untangle and pfSense hardware not support 802.1Q?  If it does you can use a single interface and pass multiple VLANs over a single link.
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41831124
Nah, I just want Untangle filtering traffic to the lab network so it won't scan anything from the game network.  Both appliances are custom builds so not sure how I would identify this 802.1Q feature.

pfSense router is using a MITAC PD11BI CC Mini-ITX motherboard with J1900 Celeron CPU and 8 GB Ram.  Also added a 2-port gbit nic to the PCI-e x1 slot.  All 4 nic ports are the realtek 8111G chipset.

Untangle is running on an old ASUS P5BV-M motherboard (not to be mistaken with P5B-VM) with a X3220 Xeon CPU and 8 GB ram.  The two nics in it are broadcom BCM5721 chipset.

If they do support this then how would this be setup via single interface?  Sorry, I'm a bit new to this.
0
 
LVL 17

Author Closing Comment

by:bigeven2002
ID: 41865675
I went with the backup plan.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question