Solved

Advice on setting up a new network for a small business

Posted on 2016-11-04
3
162 Views
Last Modified: 2016-11-22
The company is moving into a new location and planning on putting in some new equipment.

I currently have a pfSense Firewall that has been working great for us for the past year after our SonicWall died and would like to keep it.

We've acquired for the new office the following equipment.

1 x ERPro-8 EdgeRouter 8-Port Advanced Network Router
3 x EdgeSwitch 48 Lite 48-Port Managed Network Switch
1 x Ubiquiti Networks EdgeSwitch ES-48-500W 48 Port PoE Gigabit Ethernet Switch
5 x Ubiquiti Networks UAP-AC-PRO-5 UniFi Access Point Enterprise Wi-Fi System

We will have 2 Fiber connections, a 1000/200 that will be used for general internet traffic and a 200/200 that will be used for a few Site to Site VPN and 10-15 VPN users.

I know that the EdgeRouter can also act as a UTM box, but I would really like to keep the pfSense box in place and have moved it from a Whitebox PC to a Dell PowerEdge 1950 III with Dual X5450 CPU's, 32GB RAM, (2) 73GB 15K drives for OS and (2) 146GB 15K drives for DATA and a Quad Intel I350-T4 PCI-E Network Adapter.

Our internal network will have about 100 PC's and 50-75 mobile, tablet, gaming devices.

What I'm trying to figure out is what would be the best solution for maximum throughout.

WAN <--> pfSense(NAT/Firewall/VPN/IDS) <--> EdgeRouter (as router only) <--> LAN (4-6 VLAN)

or

WAN <--> EdgeRouter (as router only) <--> pfSense(NAT/Firewall/VPN/IDS) <--> LAN (4-6 VLAN)

Or, do I ditch the EdgeRouter or pfSense and just have one?  I'm still learning more about Networks and VLANs ramping up and fast as I can.

Any suggestions are greatly welcomed and truly appreciated.

Thank you!
0
Comment
Question by:albelo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
Rob Leaver earned 400 total points
ID: 41874458
In my opinion, i would ditch the pfSense. The edge router, is basically a mini linux server this giving you the ability to set firewall rules, NAT, VPN, DDNS ect. It depends on how well you know how to config the edge routers to get the most out of them. You can have this be your primary router and firewall then vlan your switches out to your network accordingly.

I guess it just depends whether or not you want your edge router doing everything or split that work between two devices or not. Either way....i guess. however if you are going to use both devices, then WAN > pfSense > Edge router will be optimal as this will be processing your traffic, ingoing and outgoing from the outside world and leaves your router to soley do its job..routing..

--Rob
0
 
LVL 29

Assisted Solution

by:masnrock
masnrock earned 100 total points
ID: 41877172
I would ditch the pfsense and let the EdgeRouter do the work. Without the pfsense, you have a complete network. And on top of that, it simplifies the network from a management standpoint.
0
 
LVL 5

Author Comment

by:albelo
ID: 41877606
Thanks Rob and masnrock for your replies.  I think I've decided to go the route of WAN <-> pfSense <-> EdgeRouter <-> LANs due to the ability to perform suhc things as Gateway AV, blocking ads, and dropping blocks of IPs based on country that EdgeRouter can't do without really digging into the CLI and adding packages via JSON.  This will leave the EdgeRouter to handle throughput and VLANs internally.

Thanks again for your suggestions.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question