Thoughts on modifying my current network setup

Hi all,

First post and first time here in the LTS forums but been following Tom on Youtube since 2017.
I’m planning on doing some changes on my network as in the next few month I’ll be getting Fiber to the Home with at least 1Gbs down which will change me from my current ADSL 7.9Mb. I’m currently running a UDMP coupled to a Dell PowerEdge R210II server running Untangle in bridge mode (which itself brings some limitations).

I’m currently using 4 vlans (Ian, IOT, Security, Guest network) and I’m thinking of adding a VOIP but that one can wait.

I was planning to get rid of the UDMP and move the untangle box to the front line but some limitiations with the management of IPV6 makes me think that it won’t cut it and as my ISP is pushing on IPV6 that might bring issues so now hence why I currently run the setup I’m running but as I’m considering s I’l also considering simplifying the internet facing portion of the network I’m looking for possible alternatives; I’ve also consider virtualization on my r710 running proxmox.

Should I keep the current setup or simple cleanup and move to PFSense, I admit that I really like the Unifi dashboard as well as the control center of Untangle but I really want to simplify things.

How does PFSense plays with IPV6, I know that is not very common in the US yet but in Europe and especially here in France, they are pushing it.

Looking forward to hear your thoughts on if I should leave the setup as it is or if I should pull the trigger and simplify the setup, I know they’re a lot of hardcore PFSense lovers here but let’s try to keep this open minded please. thanks in advance

Thanks for posting here, but I can’t offer much help with IPV6 because I don’t use it.

Hi Tom,

Thanks for the reply, IPV6 is not an issue for me, that I can handle, my request is more related to the what would be the best solution for me moving forward; should I leave things as they are (if it ain’t broken don’t try to fix it) or not; from my perspective is a 50/50 hence why I’m asking from advise as there might be a few things that I may have missed in my reflexion.

Sounds like you have the kit to setup pfsense in a VM and inspect it, then either leave it or move the config to a physical box which I always prefer.

Hi Neogrid,

Thanks, yes I have what it takes to give it a try, was just looking for advise from people who were in my position at some point.

It’s worth a shot to try it out in a VM, that way if you like it then keep it there or more it to a physical box. I was in your shoes once with a net gear and openwrt router with vlans and all the stuff but movie to Pfsense it is now so much easier. I stuck mine in a VM and haven’t had any issues since. I did try it all out in a VM with a segmented portion of the next work first then once I was comfortable with it I knew I wanted to have it run the core.

Thanks Stansmith, I’ll give it a try for sure!

Hello and Happy New Year to you all! Hope everyone is staying safe out there!

I’ve been playing with PfSense for the last few months, and the only way I can describe it, it’s à “Beast”; that being said I still find the interface lacking behind compared to Untangle so I’ll keep Untangle as my primary device and most probably get rid of the UDMP unless I can use it behind Untangle once IPV6 is rolled out as at that moment NAT will not be a problem and I might be able to keep the nice unifi layout for internal stuff and have Untangle or Pfsense at the edge of the network (one can dream, right?)

One thing I’m looking to implement and that’s something you guys might be able to help me is DNS lockdown, I’m currently using adguard home(similar to pihole but sleeker from my point of view for those who don’t know it).

Basically, I’m looking to prevent any DNS modifications on the devices, and have it logged when someone tries to do so. Chris @Crosstalks solutions made a video on this some time back but only on the ubiquiti gear EdgeMax and Unifi), and I’m trying to replicate this this on to Untangle and eventually will do so on Pfsense if I eventually move to it in the future.

Any idea of how I could implement this on Untangle and or Pfsense?

Thanks

Forgot to ask, as I’ll be upgrading from a 6Mbts ADSL line to a 1Go Fiber, is 8Go of ram and and xenon E3-1220 enough to handle that speed should I decide to enable IDS/IPS our should I look to upgrade the ram and eventually upgrade the machine?