I’m helping a friend set up his network. He has a large house with a high-speed internet connection and recently started working remotely. If I help him get everything set up, he’s agreed to let me keep a server there for website hosting, apps, etc.
I’ve configured a Netgate 2100 at my house, but his setup will be larger (cameras, IoT locks & plugs, multiple DVRs, printers, etc.). I’m unsure whether he should get the Netgate 4200 or 6100. He mentioned possibly adding a second internet connection in the future for dual WAN.
What would be a reason to choose the more expensive 6100?
I haven’t set up VLANs in my own network, but he’ll need them to keep his remote work connections segregated. He has four switches spread throughout the house, each quite far from the others.
Would it be better to get Layer 3 switches so VLAN routing can be handled at each switch for areas far from the firewall i.e. for exterior cameras?
How many wires would need to run to each switch for trunk lines, etc.?
If anyone can recommend a brand that works well with Netgate firewalls, preferably one allowing me a single view of each switch from an HTTP server, that would be great.
okay, he wants the WAN connections to go through protonVPN so that every device in the network has it’s traffic encrypted. Would the more expensive firewall provide a better connection?
Is doing something like this unnecessary or not recommended? Would this reduce network speed and cause issues with devices?
Thank you for the response, Lawrence! I really appreciate it.
Any traffic going through a VPN will need to be encrypted and decrypted. In the real world it’s tough to see why there is a performance hit compared to traffic going through the ISP. Also depends on the servers being connected to, levels of configuration on the server etc.
It makes sense to setup vlans so that you can compare with the ISP, you’ll find some things might not work over a VPN such as gmail, financial sites etc.
Not too different to my setup, I keep one port my router on the LAN (not a netgate device), that way if I mess anything up I can plug into pfsense directly and fix things.
The picture looks good. From my perspective you are worrying too much about speed. In the picture I honestly don’t see anythign that would require 10Gbps, unless your friend would do such a thing as video editing between some of the Home PCs.
To be explicit: your friend does not seem to even have a server and a dedicated storage device. Depending on the workloads on such devices you may need redundant switch connections or even 10Gbps. But in the setup as the picture suggests you friend wouldn’t even begin to feel an improvement of the LACP links and also not of 10Gbps or L3 switching. If he is not planning to do more ambitious things in his network he can as well buy 1Gbps L2 switches (e.g. Unifi) and spend less money. Unifi is a good choice because it keeps the VLANs consistent across the switches, APs. You need to manually ensure that the VLANs are consistently configured in the netgate pfSense.
You are mentioning a high-speed uplink to the ISP, but in the picture it looks more like a cable networt connection. Do you know the actual up/down speeds of the ISP connection? This would be relevant for how powerful the netgate firewall device would need to be regarding VPN performance. Also Relevant for that would be if this VPN only uses OpenVPN or also offer WIreguard, as both have very different performance requirements.
Regardings VPN and from what you are describing it does not seem that any VPN would be a problem. The IPTV or streaming stuff wouldn’t care about the increased latency due to the VPN connection. You only would want to understand whether the VPN bandwidth would be capped and lower than the ISP connection.
I would suggest remote management facility and reliability for the network should be a higher priority than 10Ge speed. As previously discussed, video editing or similar workloads may dictate 10Ge if you have a NAS with 10Ge.
Personally I went with TP-Link Omada SDN Network due to budget constraints. If I had the cash I would not repeat the experience. The documentation varies from great down to WTF. For example, the selection could be AEP, Gateway or AEP plus Gateway but no explanation of what are the tradeoffs between these selections. Other than the warning Gateway loses some unspecified facilities. Absolutely no info on what is lost if you include Gateway. Also has some not so obvious limitations on configurations. If you have multiple WANs don’t try to install a second router onto a network.
On the plus side I would not go back to my old setup. Support has been good and responsive. Equipment has been reliable. Configuration is simple
@xerxes Thank you for the response. lol, I guess his 800mb download speed seems high-speed to me compared to my 75mb . Yes, this is just a regular cable connection. I quickly put that diagram together, so it doesn’t represent the entire system. He has several cameras linked to an alarm.com computer. I also plan to set up a homelab to experiment with hosting Django apps and websites where users can create accounts, connect, and perform database reads and writes from the internet, hosted on a Proxmox server. What kind of demand would that place on the system? Would a 10GB connection be beneficial for this setup, or am I really limited by my ISP? I plan to invest in Layer 2 UniFi switches.
@PDP11 Have you had experience with Unifi? I will have a netgate firewall and unifi switches. Thank you for sharing your experience.
You need to think in N-S traffic (traffic to/from the Internet) and E-W traffic (traffic that stays in your own homelab / own network). For N-S traffic you do not need 10G if you have a normal ISP. 10G is normally only of interest within your own network E-W traffic. Most client applications cannot saturate a 10G link. Also if you have the Proxmox storage on the same machine you will not need 10G. If you have more than 1 hypervisor you may work with shared storage an on separate NAS, with am unrouted storage VLAN between the hypervisors and the storage, so that you can quickly migrate VMs between hypervisors and still have fast disk IO. For this you want to plan for 10G, i.e. at least 3 ports: 2 or more hypervisors, 1 storage server.
From what I hear from your side I’d say, if the budget is limited, you dont need to plan for 10G, but I’d buy a Unifi switch with a few 2.5G ports, and maybe later a NAS with 2x 2.5G ports.
If money is not a limiting factor, by all means, get a 10G switch. Keep in mind, mostly the storage and the hypervisors will benefit from that. You do not wanto to route that traffic. If you want a netgate appliance that doesn 10G you will spend a lot more money, but i don’t think you will need that.
Thank you for your input. I’ve decided to buy the Netgate 4200 and the three switches listed below for the network. I understand that the current setup won’t fully utilize 10Gbps since there are no dedicated storage servers or high-demand tasks, so the 2.5G options should meet our needs.
Switch Lite 8 PoE / US Version
SKU: USW-Lite-8-POE
. Yes, this is just a regular cable connection. I quickly put that diagram together, so it doesn’t represent the entire system. He has several cameras linked to an