Replacing Netgate 6100 with 8200 Fresh Configuration

Networking & Firewalls
1

Overview and question: Replacing current Netgate 6100 with Netgate 8200, fresh setup. Asking for clarification on our DNS setup with an added Active Directory network segment.

Packages Installed:

  1. All device updates
  2. PfblockerNG
  3. ARPWatch
  4. Patches
  5. Traffic Totals
  6. OpenVPN

Current Setup:

  1. Pretty much mirrors the 6100
  2. 4 VLAN Networks – Guest, VOIP, Camera, Main (Active Directory)
  3. DNS Resolver – General DNS setting pointing to Quad9
  4. DHCP Server – All DHCP configs have no explicit DNS setting with the exception of Main(Active Directory) network pointing to the domain controller.
  5. All VLAN traffic flow thru WAN4 (10G) interface

Firewall Rules:

  1. All non Main(Active Directory) networks have an Any rule, a DNS(53) rule and network blocking rules to stay contained
  2. Active Directory network only had an Any rule right now

Not sure to configure:

  1. DNS Resolver – Do I need Host or Domain override entries?
  2. DNS firewall rule on Main(Active Directory) network?

Pretty sure needs configured:

  1. DHCP Main(Active Directory) add DNS IP entry to point to domain controller server
  2. Domain Controller DNS Forwarder needs to point to PFSense

So basically since the 6100 was setup 2-3 years ago the only addition was the domain server and I made no changes to the 6100 so name resolution on the active directory isn’t working so want that corrected before I ship to them. If I missed something or not on the right track, let me know. Thanks

2

If you have Active Directory then it should be doing DNS and DHCP.

3

For all the networks or just the AD client network? The only problem, I am in a different country and afraid making these changes will drop any kind of remote connection to perform the work. Because this will also involve switch work with ports and vlans.

4

Yes, just the systems connecting to AD should be getting DHCP and DNS from AD.

5

I would love to implement this kind of configuration but I can’t chance bringing the network down in any capacity that renders my remote connection disconnected. I’ve not configured this type of setup before so maybe I’m over thinking but with no technical staff on the other end to help me, I’m kind of stuck I think with the setup I know has been working for now.

6

Is everything fine now?

.

For the DNS Resolver, adding Host and Domain Overrides should help with Active Directory name resolution. You might also want to set up a DNS firewall rule for the Main (Active Directory) network to prevent any unwanted DNS queries. The DHCP setting for the Main network to point to the domain controller’s DNS is crucial, as is configuring the domain controller’s DNS forwarder to pfSense. Otherwise, everything looks solid! If you need assistance with writing a network configuration guide, DoMyPaper offers writing services to help explain complex technical subjects in a clear and structured way. Plagiarism-free content is crucial for academic integrity, and https://domypaper.com/ ensures originality in every paper. The writers follow strict quality checks to deliver authentic work.