adding a pfsense firewall to Omada SDN system

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

adding a pfsense firewall to Omada SDN system

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
adding a pfsense firewall to Omada SDN system
adding a pfsense firewall to Omada SDN system
2023-03-06 23:17:03

I am running an Omada system with router, controller, and a L2+ and L2 switch and a few EAPs. The router is directly connected to my modem.

I want to add a pfsense firewall to have more control over the network flow and add more complex policies. How can I do this? Can I add the pfsense in "non-router" mode (without DHCP) between the Omadam router and L2+ switch? 

Or can I replace the router with pfsense and use pfsense DHCP instead of Omada's? 

  3      
  3      
#1
Options
7 Reply
Re:adding a pfsense firewall to Omada SDN system
2023-03-06 23:53:27

netlabguy wrote

I am running an Omada system with router, controller, and a L2+ and L2 switch and a few EAPs. The router is directly connected to my modem.

I want to add a pfsense firewall to have more control over the network flow and add more complex policies. How can I do this? Can I add the pfsense in "non-router" mode (without DHCP) between the Omadam router and L2+ switch? 

Or can I replace the router with pfsense and use pfsense DHCP instead of Omada's? 

  @netlabguy Originally we used the Omada system with an ER7206 router but quickly discovered many limitations. Now we use an OPNsense (pfSense) running in full mode to provide routing, intrusion detection & a good firewall as well as full choice of VPN operations. We still use the OC200, TP-Link switches & EAP's - just not the TP-Link router.  

You could run the pfsense box in firewall only mode, but better to run it as is intended.

  6  
  6  
#2
Options
Re:adding a pfsense firewall to Omada SDN system
2023-03-07 07:41:48

  @GaelForce  Where do you define the VLANs? Can the Omada L2+ switch (TL-SG3428X) be used to define the VLANs? Because all my EAPs and other Omada switches are connected to this L2+ switch.

  0  
  0  
#3
Options
Re:adding a pfsense firewall to Omada SDN system
2023-03-07 08:35:07

netlabguy wrote

  @GaelForce  Where do you define the VLANs? Can the Omada L2+ switch (TL-SG3428X) be used to define the VLANs? Because all my EAPs and other Omada switches are connected to this L2+ switch.

  @netlabguy The OPNsense / pfSense box is used to define the vlans, DHCP servers, firewall rules, etc etc.  The Omada controller is used to configure the switch(s) and EAP's as well as WLAN's.

 

This setup requires some greater effort in setting up than just using a TP Link off-the-shelf router, but has considerably greater control & features for the effort expended.

  2  
  2  
#4
Options
Re:adding a pfsense firewall to Omada SDN system
2023-05-12 08:34:21

  @netlabguy 

You need to select as "VLANS only", instead of interface, and just provide "VLAN ID".

Everything else will be controlled by pfsnse.

  1  
  1  
#5
Options
Re:adding a pfsense firewall to Omada SDN system
2023-05-15 15:48:31

  @netlabguy 

 

You can use OPNsense (I prefer OPNsense Over PF)  as a gateway and leave the Omada in place.

 

Build the Opnsense box with a LAN... Static of your network/32 with no DHCP.  It needs a WAN port to something... another port on your cable modem?

 

Within the Omada LAN settings, you can enter the IP of the OPNsense in the Gateway Settings.  

 

It will push all your traffic to the OPNSENSE box.  

 

Then you will need to set VLAN tags on your OPNsense LAN interface for VLAN support.  

I can not teach anyone anything - I can only make them think - Socrates
  1  
  1  
#6
Options
Re:adding a pfsense firewall to Omada SDN system
2023-07-03 01:28:59

  @kumarullal I am sorry to but in, but you stated that pfsense will be handle everything else, however that doesn't seem to be the case for me.I could be missing a step.

 

I am unable to isolate my vlans via my pfsesne box. Instead I have to add an ACL rule on the omada switch (TL-SG2218 v1. ) to deny communication between Vlans.

 

I think its because the switch is an L3 switch as well?

  0  
  0  
#7
Options
Re:adding a pfsense firewall to Omada SDN system
2023-07-03 07:31:42

MysterB wrote

  @kumarullal I am sorry to but in, but you stated that pfsense will be handle everything else, however that doesn't seem to be the case for me.I could be missing a step.

 

I am unable to isolate my vlans via my pfsesne box. Instead I have to add an ACL rule on the omada switch (TL-SG2218 v1. ) to deny communication between Vlans.

 

I think its because the switch is an L3 switch as well?

  @MysterB All VLAN control & manipulation would be carried out within the pfSense /OPNsense box using the firewall rules as normal.  There should be no need to start introducing ACL rules on the switches.

  3  
  3  
#8
Options