Run PfSense with only 1 network port?

[Fritz]

Just watched a YouTube video of a dude setting up PfSense to run on a Wyse Thin Client with only 1 network port. He did this using vlans. I've never heard of this before. Is this practical or is it just smoke and mirrors?

 

[zac1]

Practical? Maybe. Smoke and mirrors? It's VLANs.

 

[Pete.S.]

It's called router on a stick.

It's nothing special. Search for it and you'll find lots of info.
For example: Router on a stick (ROAS)

 

[Pete.S.]

It's useful when you're doing inter-vlan routing.

For example you could have one vlan for security cameras, one vlan for servers, one vlan for clients, one vlan for wifi etc. Then you want to define what traffic is allowed between the vlans.

In pfsense each vlan will appear just as a network interface. So you can setup whatever rules you need. There is no difference between a physical NIC or a VLAN in pfsense after it has been configured.

When you have a WAN connection, router on stick it's not that useful because you have to put the WAN on the same physical switch as the LAN. That's not wise from a security perspective. Better to use a router with two NICs.

 

[Fritz]

It's useful when you're doing inter-vlan routing.

For example you could have one vlan for security cameras, one vlan for servers, one vlan for clients, one vlan for wifi etc. Then you want to define what traffic is allowed between the vlans.

In pfsense each vlan will appear just as a network interface. So you can setup whatever rules you need. There is no difference between a physical NIC or a VLAN in pfsense after it has been configured.

When you have a WAN connection, router on stick it's not that useful because you have to put the WAN on the same physical switch as the LAN. That's not wise from a security perspective. Better to use a router with two NICs.

Thank you sir. That's what I needed to know.