Netgate SG-1000 microFirewall

Author Topic: PFsense & Unifi USG working togeather  (Read 373 times)

0 Members and 1 Guest are viewing this topic.

Offline NoRealSecrets

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
PFsense & Unifi USG working togeather
« on: January 09, 2018, 02:13:15 pm »
Hi All,

I am new to the PFsense product (but like it a lot) and have an existing Unifi network (USG, Switch, AP, CloudKey).
How can I get the PFsense & Unifi to play nice with the following config.

CableModel----PFsense----USG----Switch----(Devices)

Any help or direction is much appreciated.
Thank you.


                                                     

Offline seanr22a

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +6/-0
    • View Profile
Re: PFsense & Unifi USG working togeather
« Reply #1 on: January 10, 2018, 02:35:23 am »
Hi All,

I am new to the PFsense product (but like it a lot) and have an existing Unifi network (USG, Switch, AP, CloudKey).
How can I get the PFsense & Unifi to play nice with the following config.

CableModel----PFsense----USG----Switch----(Devices)

Any help or direction is much appreciated.
Thank you.
                                                   

I'm running a similar setup at three sites.

I have two WAN to the pfsense (loadbalancing/failover)
LAN interface on the pfsense goes to WAN1 on the Unifi Gateway 4(USG) WAN2 unused.
At two of the sites LAN1 and LAN2 on the USG have different subnets with private traffic on LAN1 and guest traffic on LAN2 (I have a firewall rule in the USG dissalowing all traffic between LAN1 and LAN2).
At the third site that don't have any need for guest traffic i'm using LAN2 only for the Cloudkey.

It took me a while to figure out how to setup the pfsense with routing and rules but I found all info needed in this forum. I had to turn off NAT in the USG to make loadbalancing to work. You find all info you need here if you need to do that: https://community.ubnt.com/t5/UniFi-Routing-Switching/Guide-to-disabling-NAT-on-USG/td-p/2012460/page/2


Offline seanr22a

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +6/-0
    • View Profile
Re: PFsense & Unifi USG working togeather
« Reply #2 on: January 10, 2018, 09:35:48 pm »
This is from one of my sites. I'm not a professional in this area in any way but this is how I made it work :)

I have a 50/50 load-balancing setup and as you can see in the Rules/LAN pfsense is doing a good job spreading the load equal to the two WANs

WAN3 is currently disabled.

You might need to zoom in to see everything ...

« Last Edit: January 10, 2018, 11:20:33 pm by seanr22a »

Offline mais_um

  • Full Member
  • ***
  • Posts: 249
  • Karma: +4/-0
    • View Profile
Re: PFsense & Unifi USG working togeather
« Reply #3 on: January 11, 2018, 06:54:34 am »
What is the point to have USG between? i can't get it!

I mean i have one USG but i only will use it if something goes wrong with pfSense and prefere a hyper-v setup first. Maybe i use it if i lose my network cards.

More things between? don't know. Failure points to the network.
« Last Edit: January 11, 2018, 07:02:10 am by mais_um »
pfSense:
ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
NIC's: RTL8100E (Internal ) and Intel® PRO/1000 PT Dual (Intel 82571GB)

Offline seanr22a

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +6/-0
    • View Profile
Re: PFsense & Unifi USG working togeather
« Reply #4 on: January 11, 2018, 07:37:33 am »
What is the point to have USG between? i can't get it!

I mean i have one USG but i only will use it if something goes wrong with pfSense and prefere a hyper-v setup first. Maybe i use it if i lose my network cards.

More things between? don't know. Failure points to the network.

I have a lot of Unifi Access points and other Unifi equipment. With the USG + Unifi management console I have everything I need in one interface including all the network usage statistics I need.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15188
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: PFsense & Unifi USG working togeather
« Reply #5 on: January 11, 2018, 01:06:02 pm »
I have a few unifi AP as well.. I had a usg for a bit... wow did it suck compared to pfsense... As soon as my hardware got here it was back to pfsense, the usg is sitting on the shelf.. Have zero use for it..

What stats are you looking for - the dpi info?  Its pretty much just eye candy as it currently working... Don't get me wrong its slick looking and all, but ntopng information is of way more value trying to troubleshoot or track down something.

But sure if you turned off natting in your unifi you could use it as downstream router to pfsense, and then just use pfsense as your edge firewall/router
« Last Edit: January 11, 2018, 01:17:24 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Gentle Joe

  • Jr. Member
  • **
  • Posts: 44
  • Karma: +2/-0
    • View Profile
Re: PFsense & Unifi USG working togeather
« Reply #6 on: January 15, 2018, 10:10:45 pm »
I have a few unifi AP as well.. I had a usg for a bit... wow did it suck compared to pfsense... As soon as my hardware got here it was back to pfsense, the usg is sitting on the shelf.. Have zero use for it..


Same for me. I look at the USG occasionally [I take it off my shelf], it isn't very capable, it is dumbed down.