Currently I run a complete Unifi setup. All hardware from the UDP-Pro to the APs and switches. I have a need to use a couple static IPs in the network and need to make a change. I am very familiar with the Unifi controller and what it can do but I know it has its limitations…
My question is pretty simple but it has variables that I’m not sure how to address…
I’m looking at a pfSence appliance as the new firewall to replace the UDM-Pro and adding a Cloud Key for the network controller.
I run a few VLANs that need inter-VLAN routing ACLs in place (Isolation, limitations, etc) that is currently handled by the UDM-Pro. I can easily recreate these VLANs as ‘Switch Networks’ and move the virtual IPs of the VLANs from the UDM-Pro down to the USW-Pro-48 which will start to handle the VLAN routing but I’ve heard that the VLANs now become open to themselves and will not follow routing rules.
I could create the VLANs on the pfSence and let it handle all the routing but this seems silly as the USW-Pro-48 should do all that work. That’s what its made for.
Also… i have a 10G uplink from the USW-Pro-48 to the UDM-Pro. I would loose that moving to a pfSence.
So my question is…
- Is replacing the UDM-Pro with a Cloud Key & pfSence the way to go?
- Is forwarding all traffic to the firewall for inter-VLAN routing ideal? seems inefficient to me