So I’m actually newbie at installing anything and recently we have ordered a Managed switch and Unifi Equipment. The problem is that after initial setup we were forced to use it on production and then problems happen haha.
If it’s possible to ask for advise about creating a separate network (physically too) to test new equipment before running in production.
My setup could be like this:
Wireless router (which is connected to the main LAN but with DHCP) then connect a test pfSense box then the managed switch then the UNIFI. Or hotspot a phone then use it as a WAN connection ? Thanks for the tips!
The PFSense box will be your firewall connected to the WAN. Connect the managed switch to the PFSense box via the LAN side. Then connect both the wireless router (set it up as an access point) and the UNIFI to the managed switch.
I think how it’s done depends on you. Either way works, Your’s or Grants are both valid.
Are you after testing out the equipment only, or the setup from pfSense on up?
If you’re only after the equipment , Grants suggestion of using a physical interface makes more sense as there’s less to deal with configuration wise. If you’re after the setup from pfSense on out, than your’s makes more sense as it allows the test pfSense to be segmented itself as you can denote it a static ip and such on the wan side and work from there.
All depends on what you want in the end. On my home set up, I just toss stuff on a switch and vlan it out for set up and testing. If you end up with any new FW rules, you can just copy them to wherever they need to end up later.
Gotta love Linux & BSD, always several ways to skin a cat.
Thanks, how can I separate the WAN connection for my pfSensebox? Is it possible to use our internet connection but with a separate network? for us to not affect the corporate network?
Depends which way you wanna work the test bench… Like I said above, choose which way you wanna run it first…
If you use a physical interface to just test equipment, you can use the FW and vlans to run it however you want.
If you use your idea of using a separate pfSense testbench, then just define the uplink port (your wifi router/ap) a /29 and let dhcp do whatever it wants, fw out everything, and let the test pfsense grab dhcp for the wan side, then run a different ip network on the lan side and run that pfsense however to test with. In the end, you’re gonna want to static out a couple ips so your ap/pfsense aren’t ‘lost’, but thats easy.
Up to you. Either way negating the existing network isn’t hard with FW rules. Broad strokes are easy, details are a pita. lol
Thank you so much sir for the detailed information… I’ll go and try the separated pfSense bench connected to a router with dhcp…