~ Firewall/Network Upgarde (Software)

# Netgate / Pfsense

Now that the hardware side has been taken care of, I can finally work with on the Firewall.
The plan is to factory reset Pfsense and start fresh.

After holding the reset button till three red led light were flashing approximately 30 second, I let the system boot.

There, I logged in the Pfsense web page and followed wizard.

Once password, IP address and DHCP server were set, I unplugged the ISP Ethernet cable from the firewall so the DHCP got the amended IP.

It all went fine and I started setting dns and so on when I noticed on the dashboard that the embedded 1GB storage was already 88% full. (Now, new machines ship with an embedded 8GB as standard).

Honestly, don’t recall a couple of years ago if the system was much smaller or had the same issue. Thankfully on the Netgate 2100 you can expand the storage capacity with an M.2 Sata 22×40 (max 32bg); and since I had already an 8Gb lying around I decide to upgrade the storage.

I had to say, thanks to the clear documentation provided by Pfsense wasn’t a difficult procedure but was a slightly long one…

Here what you need to do: there is a contact form where you essentially list the machine details so the TAC customer service can send you a reply with a link do download the new firmware, it took around 20min.
As far as I understood Pfsense did so because it stopped Pfsense+ to run on third party hardware.

After downloading the firmware you create a bootable flash drive with Balena Etcher, then you need to plug the stick on the machine and connect the 2100 to your computer via SSH to so you can enter the bios and tell the system to boot via the USB. From there you basically install the system on the new M.2…

For now I didn’t mess to much around the Pfsense software, just set the DNS with Quad9 for both IPV4 and IPV6 and I also installed Pfblocker.

# Unify

With Pfsense configured, I moved on the Unify. I first download and install the Unify Network Controller on the workstation (I was connected via mobile hotspot as for now), plug the two switches and the access point and open the controller.

From there I was able to see the three devices connected, I had to update the two switches first and then I was able to “Adopt” all of them.

The Three devices were adopted fine but you could tell something was wrong in the controller: on the page where it shows you the diagram you could see that the inflow/outflow kept changing. Was supposed to be from Lite 8 switch to the Flex and the U6+ but every so often would change from the Flex to the Lite 8 to U6+. After spending almost an hour trying to find a solution, I recognise the problem was only occurring between the two switches, so I thought that maybe the issue was the controller, you see, being install on the workstation is connected to the flex.
To try out my theory, I had install the controller on my laptop and connect it straight to the Lite 8 and… it did the trick. So apparently the controller has to be connected on the first Unify device from the Gateway device

# Vlans and Rules

To be able use vlans and rules between Pfsense and Unify you need first to set them up on Pfsense. I created first the vlans and relatively tag. In my case I add three networks vlans to the existing one and TAG them:

• 1^st : NAS and workstation
• 2^nd : Iot devices (tablets and phones)
• 3^rd : Guest
• 4^th : My personal computer

I then create individual rules, in my case I wanted 2^nd, 3^rd and 4^th network to be isolated so they can’t communicate with each other especially with the 1^st. But for now the 1^st network can talk to the other one.

Pfsense it’s all set and now I just need to go to Unify and create the the 1 (native) + the other 3, It’s very important to use the same TAG as it is on the firewall as Unify will use it to recognise them.

And that is it, no need to configure rules on Unify because they already on Pfsense.

 # Conclusion

As you can see above, it wasn’t hard but it took a while keep in mind that next I will still need to install a VPN on the firewall, to improve security and anonymity.

For now the network it’s working as it should, Pfsense interface it’s definitely more advance but you have granular control over the settings compare to the Unify which where the interface is very intuitive but with less option. At the end I’m happy that I didn’t bought something like the dream machine as I can learn both systems the current configuration