Hi, I’ve been researching pfSense a lot and am new so please forgive my newbie questions.
I’m coming from a network as follows:
Current Setup
- 100Mb from ISP to a router that handles wireless
- From the router I have a 24 port unmanaged switch with about 15~ clients on it. They are not all active at once.
- There’s probably 5 wireless clients
- Off of the 24 port switch is a 8 port PoE switch for security cameras and security computer
Future Setup
- 100Mb from ISP to a Netgate 2100 or 3100?
- From Port 1 of Netgate to a EnGenius EWS7928P Layer 2 switch or Unify USW-Pro-24 Layer 3. **Will have the same amount of clients
- 5 wireless clients connected to a PoE AP
I want to set up VLANing:
- VLAN1 - Internal Users, access to everything
- VLAN2 - Internet Only / Guest Wifi
- VLAN3 - Security devices, these devices would have no internet access, cannot access other VLANS but can communicate with each other. VLAN1 should have access to these units (but those units can’t see/communicate with VLAN1)
I plan on running or playing with the following packages:
- DHCP
- pfblocker
- Wireguard for just one client
- MAYBE Application blocking, but that’s just experimental
- I’d like to play with Suricata but may not keep it
My understanding is, if the switch is not Layer 3, interlan routing goes up to the Netgate and on the 2100 I wouldn’t get 1Gb? Or would Layer 2 be sufficient?