Solved

Advice on setting up a new network for a small business

Posted on 2016-11-04
3
43 Views
Last Modified: 2016-11-22
The company is moving into a new location and planning on putting in some new equipment.

I currently have a pfSense Firewall that has been working great for us for the past year after our SonicWall died and would like to keep it.

We've acquired for the new office the following equipment.

1 x ERPro-8 EdgeRouter 8-Port Advanced Network Router
3 x EdgeSwitch 48 Lite 48-Port Managed Network Switch
1 x Ubiquiti Networks EdgeSwitch ES-48-500W 48 Port PoE Gigabit Ethernet Switch
5 x Ubiquiti Networks UAP-AC-PRO-5 UniFi Access Point Enterprise Wi-Fi System

We will have 2 Fiber connections, a 1000/200 that will be used for general internet traffic and a 200/200 that will be used for a few Site to Site VPN and 10-15 VPN users.

I know that the EdgeRouter can also act as a UTM box, but I would really like to keep the pfSense box in place and have moved it from a Whitebox PC to a Dell PowerEdge 1950 III with Dual X5450 CPU's, 32GB RAM, (2) 73GB 15K drives for OS and (2) 146GB 15K drives for DATA and a Quad Intel I350-T4 PCI-E Network Adapter.

Our internal network will have about 100 PC's and 50-75 mobile, tablet, gaming devices.

What I'm trying to figure out is what would be the best solution for maximum throughout.

WAN <--> pfSense(NAT/Firewall/VPN/IDS) <--> EdgeRouter (as router only) <--> LAN (4-6 VLAN)

or

WAN <--> EdgeRouter (as router only) <--> pfSense(NAT/Firewall/VPN/IDS) <--> LAN (4-6 VLAN)

Or, do I ditch the EdgeRouter or pfSense and just have one?  I'm still learning more about Networks and VLANs ramping up and fast as I can.

Any suggestions are greatly welcomed and truly appreciated.

Thank you!
0
Comment
Question by:albelo
3 Comments
 
LVL 6

Accepted Solution

by:
Rob Leaver earned 400 total points
Comment Utility
In my opinion, i would ditch the pfSense. The edge router, is basically a mini linux server this giving you the ability to set firewall rules, NAT, VPN, DDNS ect. It depends on how well you know how to config the edge routers to get the most out of them. You can have this be your primary router and firewall then vlan your switches out to your network accordingly.

I guess it just depends whether or not you want your edge router doing everything or split that work between two devices or not. Either way....i guess. however if you are going to use both devices, then WAN > pfSense > Edge router will be optimal as this will be processing your traffic, ingoing and outgoing from the outside world and leaves your router to soley do its job..routing..

--Rob
0
 
LVL 20

Assisted Solution

by:masnrock
masnrock earned 100 total points
Comment Utility
I would ditch the pfsense and let the EdgeRouter do the work. Without the pfsense, you have a complete network. And on top of that, it simplifies the network from a management standpoint.
0
 
LVL 5

Author Comment

by:albelo
Comment Utility
Thanks Rob and masnrock for your replies.  I think I've decided to go the route of WAN <-> pfSense <-> EdgeRouter <-> LANs due to the ability to perform suhc things as Gateway AV, blocking ads, and dropping blocks of IPs based on country that EdgeRouter can't do without really digging into the CLI and adding packages via JSON.  This will leave the EdgeRouter to handle throughput and VLANs internally.

Thanks again for your suggestions.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now