Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Advice on setting up a new network for a small business

Posted on 2016-11-04
3
Medium Priority
?
231 Views
Last Modified: 2016-11-22
The company is moving into a new location and planning on putting in some new equipment.

I currently have a pfSense Firewall that has been working great for us for the past year after our SonicWall died and would like to keep it.

We've acquired for the new office the following equipment.

1 x ERPro-8 EdgeRouter 8-Port Advanced Network Router
3 x EdgeSwitch 48 Lite 48-Port Managed Network Switch
1 x Ubiquiti Networks EdgeSwitch ES-48-500W 48 Port PoE Gigabit Ethernet Switch
5 x Ubiquiti Networks UAP-AC-PRO-5 UniFi Access Point Enterprise Wi-Fi System

We will have 2 Fiber connections, a 1000/200 that will be used for general internet traffic and a 200/200 that will be used for a few Site to Site VPN and 10-15 VPN users.

I know that the EdgeRouter can also act as a UTM box, but I would really like to keep the pfSense box in place and have moved it from a Whitebox PC to a Dell PowerEdge 1950 III with Dual X5450 CPU's, 32GB RAM, (2) 73GB 15K drives for OS and (2) 146GB 15K drives for DATA and a Quad Intel I350-T4 PCI-E Network Adapter.

Our internal network will have about 100 PC's and 50-75 mobile, tablet, gaming devices.

What I'm trying to figure out is what would be the best solution for maximum throughout.

WAN <--> pfSense(NAT/Firewall/VPN/IDS) <--> EdgeRouter (as router only) <--> LAN (4-6 VLAN)

or

WAN <--> EdgeRouter (as router only) <--> pfSense(NAT/Firewall/VPN/IDS) <--> LAN (4-6 VLAN)

Or, do I ditch the EdgeRouter or pfSense and just have one?  I'm still learning more about Networks and VLANs ramping up and fast as I can.

Any suggestions are greatly welcomed and truly appreciated.

Thank you!
0
Comment
Question by:albelo
3 Comments
 
LVL 6

Accepted Solution

by:
Rob Leaver earned 1600 total points
ID: 41874458
In my opinion, i would ditch the pfSense. The edge router, is basically a mini linux server this giving you the ability to set firewall rules, NAT, VPN, DDNS ect. It depends on how well you know how to config the edge routers to get the most out of them. You can have this be your primary router and firewall then vlan your switches out to your network accordingly.

I guess it just depends whether or not you want your edge router doing everything or split that work between two devices or not. Either way....i guess. however if you are going to use both devices, then WAN > pfSense > Edge router will be optimal as this will be processing your traffic, ingoing and outgoing from the outside world and leaves your router to soley do its job..routing..

--Rob
0
 
LVL 32

Assisted Solution

by:masnrock
masnrock earned 400 total points
ID: 41877172
I would ditch the pfsense and let the EdgeRouter do the work. Without the pfsense, you have a complete network. And on top of that, it simplifies the network from a management standpoint.
0
 
LVL 5

Author Comment

by:albelo
ID: 41877606
Thanks Rob and masnrock for your replies.  I think I've decided to go the route of WAN <-> pfSense <-> EdgeRouter <-> LANs due to the ability to perform suhc things as Gateway AV, blocking ads, and dropping blocks of IPs based on country that EdgeRouter can't do without really digging into the CLI and adding packages via JSON.  This will leave the EdgeRouter to handle throughput and VLANs internally.

Thanks again for your suggestions.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question