Solved

Advice on setting up a new network for a small business

Posted on 2016-11-04
3
136 Views
Last Modified: 2016-11-22
The company is moving into a new location and planning on putting in some new equipment.

I currently have a pfSense Firewall that has been working great for us for the past year after our SonicWall died and would like to keep it.

We've acquired for the new office the following equipment.

1 x ERPro-8 EdgeRouter 8-Port Advanced Network Router
3 x EdgeSwitch 48 Lite 48-Port Managed Network Switch
1 x Ubiquiti Networks EdgeSwitch ES-48-500W 48 Port PoE Gigabit Ethernet Switch
5 x Ubiquiti Networks UAP-AC-PRO-5 UniFi Access Point Enterprise Wi-Fi System

We will have 2 Fiber connections, a 1000/200 that will be used for general internet traffic and a 200/200 that will be used for a few Site to Site VPN and 10-15 VPN users.

I know that the EdgeRouter can also act as a UTM box, but I would really like to keep the pfSense box in place and have moved it from a Whitebox PC to a Dell PowerEdge 1950 III with Dual X5450 CPU's, 32GB RAM, (2) 73GB 15K drives for OS and (2) 146GB 15K drives for DATA and a Quad Intel I350-T4 PCI-E Network Adapter.

Our internal network will have about 100 PC's and 50-75 mobile, tablet, gaming devices.

What I'm trying to figure out is what would be the best solution for maximum throughout.

WAN <--> pfSense(NAT/Firewall/VPN/IDS) <--> EdgeRouter (as router only) <--> LAN (4-6 VLAN)

or

WAN <--> EdgeRouter (as router only) <--> pfSense(NAT/Firewall/VPN/IDS) <--> LAN (4-6 VLAN)

Or, do I ditch the EdgeRouter or pfSense and just have one?  I'm still learning more about Networks and VLANs ramping up and fast as I can.

Any suggestions are greatly welcomed and truly appreciated.

Thank you!
0
Comment
Question by:albelo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
Rob Leaver earned 400 total points
ID: 41874458
In my opinion, i would ditch the pfSense. The edge router, is basically a mini linux server this giving you the ability to set firewall rules, NAT, VPN, DDNS ect. It depends on how well you know how to config the edge routers to get the most out of them. You can have this be your primary router and firewall then vlan your switches out to your network accordingly.

I guess it just depends whether or not you want your edge router doing everything or split that work between two devices or not. Either way....i guess. however if you are going to use both devices, then WAN > pfSense > Edge router will be optimal as this will be processing your traffic, ingoing and outgoing from the outside world and leaves your router to soley do its job..routing..

--Rob
0
 
LVL 28

Assisted Solution

by:masnrock
masnrock earned 100 total points
ID: 41877172
I would ditch the pfsense and let the EdgeRouter do the work. Without the pfsense, you have a complete network. And on top of that, it simplifies the network from a management standpoint.
0
 
LVL 5

Author Comment

by:albelo
ID: 41877606
Thanks Rob and masnrock for your replies.  I think I've decided to go the route of WAN <-> pfSense <-> EdgeRouter <-> LANs due to the ability to perform suhc things as Gateway AV, blocking ads, and dropping blocks of IPs based on country that EdgeRouter can't do without really digging into the CLI and adding packages via JSON.  This will leave the EdgeRouter to handle throughput and VLANs internally.

Thanks again for your suggestions.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Communicating machines through cross-over cable? 5 96
Will this machine do 4K video? 4 42
Move WSUS to Server 2016 3 42
Sonicwall TZ215 and VoIP for One User 6 12
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question