pfSense Interface + Vlan advise needed


I still a bit new to pfSense but I would like to use it in a small business. I have a Protectli FW6A 6 port device that I have the latest pfSense CE installed. I am seeking advice on configuring the interfaces and vlans. I have two interfaces LAN and OPT1 connected to separate switches, each switch has a collection of vlans for various departments. I need to keep the interfaces separated for security reasons but I do have domain controllers and print servers in each that need to communicate with each other. My question is about firewall rules. Should I leave the interfaces open and focus the rules on the vlans?

1 Like

Tom has a few video

rules are for home user, but you can expand for office use

NOTE : by default pfsense blocks all traffic, so to allow traffic you need to create a rule

Thanks Paul,

I saw these. I’m a bit confused on where the firewall rules should be? The Interface rules or the vlan rules or both? I was planning on opening up the Interface rules between LAN and OPT1 to allow all and focus the rules in the vlans to manage the traffic like RFC1918, allow the used DCs ports, and print services ports. Does this seem reasonable?

Always work on the source interface.

For example you want to block LAN going to guest VLAN. On the LAN interface setup the rule.

Block - source “LAN Net” - any port - destination “guest net” - port any


That’s what I was thinking.