L3 managed switch vs virtual firewall

Robert T. · 1 Feb 2024 at 16:25

Hi all,

Soon will be upgrading my personal computer and current one will become VMware lab only, and my personal will be general use.
I am thinking about turning one of my currently unused HP gen8 microservers into WSUS/'file server' facing internet wirn Server 2019 on it, current PC would become lab environment turned on only when I want to work on it and my main PC will be main PC..
I was thinking about putting VM Workstation on microserver to run virtual opnsense or pfsense fire4wall to protect all of it, but with 16GB of RAM on microserver - would it run..?? not sure..

So thinking - I can buy fanless managed L3 capable 8-port switch and use ACL's on it to protect microserver abit, plus make VLAN's on switch and segregate rest of network with it...

Questions:
Would it run?
If yes - Which switch to buy? are ubiquiti capable of running without any cloud 'manager' ??

Robert T. · 1 Feb 2024 at 17:42

Well, there's reason for ' before and after file server... :cry:

Not SMB, no... and I think about VLAN's and ACL's as means of near-FW capability.. hence "managed L3 switch"... now than I think about it, are there any small routers with that amount of ports? Have to admit it just came to me so not in subject.. will investigate myself as well..

Don't think Gen8 microservers can support more than 16GB, not touched on them for while, but official support was 8GB's I believe... ? Correct me if I'm wrong..?

Robert T. · 2 Feb 2024 at 17:03

ChrisD. said:
What's the requirements for firewalling your lab?

Literally to learn their intefrace and internal workings, so basically it was "since I already have it, best way to learn it is to route real traffic through it".

Since yesterday I have put my hands on SG300-10 Cisco managed switch thou, not played with it much for obvious reasons, but it seems like it is L3 capable - rudamentary test got me pinging host across from different VLAN, so looking as it may work..

Will be putting it to work soon, as I don't have all pieces yet, but think this will do for moment... and I can always do virtual FW at later time anyways..

Thanks for help, if you have any other thoughts - put it in, there is never enough of good advice..

Robert T. · 3 Feb 2024 at 09:48

ChrisD. said:
This should be a good starting point:

Building a VCF lab with pfSense (Part 1) | Datareload

datareload.com

Yeah, single 8700K with 128GB of RAM will not give me that, but as a starting point - thanks a lot, will be good read. May introduce my second microserver into lab at later time, but it has only 8GB of RAM, so...

And correct WJA96 - it is not a question... fortunately, I do not need new certifications anymore to prove my knowledge, so it's a balancing act between lab complexity, usefulness, but also power consumption for 24/7 computers at home.. hard to keep it upright with all strings attached..

Robert T. · 5 Feb 2024 at 16:49

OK, sold..

Will run one microserver as 24/7 physical FW and use additional NIC's in it to provide filtered VLAN traffic to other Windows computers inside my home..
May use L3 switch as a internal segregation for vSAN, vMotion etc once I get new PC and set up two vCentre lab..

Already installed OS's on both of them over weekend.

Robert T. · 7 Feb 2024 at 16:43

Have FTTP 1gbps, both servers have Intel i3-3240 2core/4threads processors and opnSense unit will have 12GB's of RAM..
I am interested myself, there's option to upgrade to 45W TDP Xeon 4c/8t CPU as well, but will see what those i3's can do.
It will not go live for few weeks thou.. need to wait until I have migrated workloads between HDD's..