Man, this forum (and this thread in particular from last week) is exactly what I was looking for.
My small business just moved to a new commercial location, and I’m taking the opportunity to overhaul our airquotes infrastructure.
Previously, that was a Comcast Business modem/router/gateway/wifi/firewall all-in-one-garbage-device. Which, jokes aside, actually worked pretty well for a small office of about 10 employees. I let the Comcast box do our internal DHCP and act as our wifi AP. We also have a small Synology NAS, which I have had configured to run internal DNS, and as an OpenVPN server (just via port fwds off the Comcast box).
In any case, for our new office, I’d like to expand our capabilities, and the tenant setup in the OP (of linked) is kinda where I’m headed. We still will have Comcast as our ISP, but I want to just swap their box with a straight modem, or put their box in bridge mode and ignore all it’s features.
modem -> USG-Pro OR pfSense -> unifi managed switch, cloudkey gen2 -> a couple of unifi APs and 8-port managed switches
The new location is much larger than our old one, but the building only has a few existing Cat5e runs spread out pretty sparse. So the plan is to drop the 8-port guys at each cable run, and feed user workstations and benches from there. I’d also like to have our internal vlan, a guest vlan, and one for our lab/test systems, and long term planning of a vlan for some security camera.
Originally, I was going to go with a USG-Pro instead of the pfSense, so that I could manage the entire network on the one platform. However, after doing more research and catching a few of Tom’s relevant videos, it looks like I’d have some potential issues with the USG-Pro:
- Using OpenVPN (though maybe i could continue to use it via my NAS, since I can’t on the USG?)
- In the future we will likely expand to get a small block of static IPs instead of just our 1, and it sounds like the USG-Pro can’t support multiple IPs coming in through 1 port?
I have some familiarity with the Unifi stuff already; and networking and firewall whatnots in general, but I don’t have any firsthand experience with pfSense.
- Are there any further caveats with going the USG-Pro route that I’ve missed?
- If I have all the other UI stuff (cloud key, switches, APs), can I still manage all of that cleanly through Unifi, if I go the pfSense route (and just manage pfSense own it’s own)?
Thanks all, for reading and for any advice or suggestions in advance! Just stumbled in to this community today, and it been a great help so far!