Hello all, someone can help me to desing the best config?
MK router : DHCP, DNS, VLANs
Pfsense: Gateway internet, IPS/IDS
Networks DHCP:
10.1.1.0/24 vlan1001
10.2.1.0/24 vlan1002
10.3.1.0/24 vlan1003
If its possible to stick the pfsense after the MT it would solve some issues but is there a way to keep the IPS and IDS functions of pfsense working as intended?
How exactly are these applied ( to outgoing internet traffic or incoming internet traffic for example).
The MT is very flexible on manipulating the path of data!
Its to monitoring all trafic througt internet ongoing and incoming trafic.
My mk its a CRS326 and when i use mangle, or something to manipulate data or setting on packet snnifer my CPU go to 100% and peformance drop a lot. For that reason I want to use the PFsense (PC with a good hardware) like a gateway on all my subnet, but im not sure how to setting on mk.
Hi,
great, BSD again! If you want a simple setup, you use the MT as a switch and configure a trunk between pfsense and MT, with vlan interfaces as gateways. Then you should handle DCHP and DNS on pfsense.
Snort should be run on the WAN interface as it is known to have problems with VLANs.
It would be possible to have DHCP and DNS on MT, but then you need a firewall ruleset on the MT to control traffic between the three inside subnets. Also it would consume more CPU on the MT and less on the pfsense.
Then you need to set the gateway for those networks to the MTs IPs. Also set up a network between the MT and the pfsense like this:
Inet
|
pf 10.0.0.0/12 via 10.200.11.2
|10.200.11.1/28
|
|10.200.11.2/28
MT 0.0.0.0/0 via 10.200.10.1
|
|
10.1.0.0/24
10.2.0.0/24
10.3.0.0/24
Great opportunity to learn subnetting 
BR
Woland
greate! lets try