Hello everyone I’m looking for some guidance, I currently have a edgerouter 4 with a wan and a lan connection ( had dual wan with fail over but the second lan just died on me), that router is connected to a small 5 port dumb switch and then to different components and a unifi AP.
The thing is that I want to add a firewall and a pihole, the pihole will be a raspberry 4 that I have that I wanted it to run pihole, plus probably a small k8s for testing. And o have a Synology with a VM that I wanted to run a firewall probably pfsense.
Now the thing is do I connect the pfsense after the router? And have the Synology Nas be a bridge in the network? Basically router to Nas and Nas to switch, or i have Nas to router and router to switch?
You typically want a firewall to terminate your WAN interface, so essentially, your firewall becomes the router. If you want to keep the edgerouter in place, you’d want to chain it like this:
ISP/WAN → Edgerouter (WAN interface) → Edgerouter (LAN) → Firewall → internal network
I would try to avoid this setup, though, as you will need routing between the router and the firewall, and depending on how many public IP addresses you have available, it could mean that you will introduce a double-NAT setup.
I understand, is it possible to make the pfsense just a firewall? I want is an added layer of security just to learn and in case for my home network and lab.
ISP/WAN → Firewall → Edgerouter (WAN interface) → Edgerouter (LAN) → internal network
Maybe like this? given that due to my dumb ISP they provided was a router/modem combo, that cannot be put in bridge mode
Without knowing more details about your network, it’s hard to give any advise. You can chain it like you said, but then your Firewall would only be controlling the internet uplink and you can’t use it segment your internal network (if you wanted to do that).
The Edgerouter is the router/modem combo your ISP gave you?
Also worth noting: pfSense can be run in transparent mode, where it acts like a bridge. Never done that, so can’t really comment if it’s any good, but it’s possible.
Not knowing what the Edgerouter in your setup does, my setup would look like this:
Internet → ISP Router → Firewall → local networks
Cheers