Hey guys, just wondering about this little experiment I did.
I’m in a transitioning phase where I am replacing my USG with a pfSense box. Gradually. I am still alternating between the USG and pfSense to learn how to set things up. Also, I am trying to set things up in a way that I can hot swap between the USG and pfSense.
Normally, in a fully functioning all-UniFi network (USG / US / AP), when replacing a USG by a pfSense router, one needs to set up VLANs on the UniFi controller as “VLAN only” instead of “corporate”. And this works well. The rationale is that UniFi “corporate” networks automatically configure DHCP server, which of course is not required anymore now that DHCP is handled by the pfSense box.
So, the correct way to do it as also shown in Toms videos is:
- pfSense / Interfaces / VLANs -> add VLAN, then enable that interface, then Enable DHCP server, then set FW rules
- UniFi / Networks -> add network type “VLAN only”
- done
This works great!
I found, however, that using “corporate” type VLAN networks work just as well with pfSense as the router.
E.g. On pfSense I have a “VLAN10_Secure_Network” set up, VLAN Tag = 10, DHCP server enabled. On UniFi side under Networks I have a “NW_10_Secure” network, purpose “Corporate”, VLAN 10, Gateway/IP/Subnet 192.168.10.1/24 -> DHCP server enabled by default
This works perfectly fine. This enables me to just hot swap the USG for the pfSense and back (just “plug over” the WAN and LAN ethernet cables from the one to the other and back) and the network simply continues to run. And run well.
Eventually, when I consolidate a definite switch to pfSense and abandon the USG altogether, I will re-configure the UnFi VLANs as “VLAN only”.
However, in this transition phase, are there any drawbacks / caveats by keeping the UniFi networks as “Corporate” for a while?
Thanks!
Pete