Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Newbie
    Join Date
    Apr 2017
    Posts
    1

    Default Question on Bridge mode

    Looked through the documentation and search the forums but couldn't really find an answer to my problem. I am working on a project where we are using ESXi to virtualize a network. The setup is :
    Project Network Setup.jpg

    I am using Untangle to more monitor the network and use the Apps then a firewall. I don't know if this is the correct setup for this. I setup Untangle in bridge mode. But the problem I have noticed is the VMs on the vlans are no longer getting a DHCP lease from pfSense. I know it is working from Untangle to pfSense, have internet connectivity. I'm not sure if I am missing something in the configuration of Untangle. Any advise on this networking configuration or am I doing this totally wrong and should scrap it.

    Thanks

  2. #2
    Master Untangler deleted_account+152373@untangle.com's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    455

    Default

    Dude why not use UT as router removing pfsense? less complications the better + UT can do it all

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Untangle isn't a bridge, it's a brouter.

    It will not pass VLAN tags, you'll end up having to terminate the VLANs on Untangle, and re-tagging them out the other side. This creates a configuration nightmare.

    If your network is reliant on VLANs, I highly recommend you either replace PFSense with Untangle so you can terminate your VLANs cleanly, or kick Untangle into router mode, disable NAT, and statically route packets around. Otherwise you'll never find the end of the VLAN nightmare.

    Finally I suppose you could use the virtual networking of vSphere to terminate the VLANs on VMWare, and run untagged traffic around the virtual network to make this work. The key is, you need a single IP range that's untagged so you can pass a single untangle bridge. This configuration is also not easy.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler
    Join Date
    Feb 2017
    Posts
    56

    Default

    Get PfSense out of there or you are in for a terrible ride onto the VLAN hell train.

    Been there, done that.

  5. #5
    Master Untangler deleted_account+152373@untangle.com's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    455

    Default

    pfsense is a nightmare, someone recently had pfsense and they had problems with mobile apps load really slow, he asked pfsense forums and all he gets that it cant be pfsense. ok I remove that pf trash and install UT and booommm everything works fine and snappy re installed pfsense to be sure and everything went back to the old problem, put back UT and what everything is fine, when they posted this to pf guys they kept saying its the wifi disregarding that with UT it works fine. So save yourself the nightmares and horrible help of pfsense and use UT believe me there is no advantage to pfsense
    Last edited by Chrismal; 04-23-2017 at 04:12 AM.

  6. #6
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    708

    Default

    Well, I won't agree with that. Pfsense is excellent at what it does, and has many thousands of installs working perfectly fine in the field.

    I've used untangle in bridge mode with pfsense (and with vlans) in the past for years with no issues. Depending on the number of vlans involved it can be tedious to setup though.

    pfsense can still do a number of things untangle can't too... mdns reflection, to name one. And their firewall rule creation is vastly simpler than untangle's use of a combination of both filter rules and the firewall app.

    Each serve a purpose.

    I completely agree though that if you can get what you need done only using untangle, that is much easier and more reliable simply because there are less moving parts.

    Sent from my SM-G955U using Tapatalk
    Last edited by JasonJoel; 04-23-2017 at 07:18 AM.

  7. #7
    Master Untangler deleted_account+152373@untangle.com's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    455

    Default

    well from my last post pfsense was not loading stuff as snappy as UT on same hardware, and also pfsense is good for what it does out of the box but if you start getting issues or start installing packages well there starts the nightmare, have a look at there forums general tab full of posts regarding problems slow downs,disconnects,strange behavior and so on, and not to mention there old dated traffic shaper with very small buffers and can only use ports on IP to shape traffic that is nearly useless today, with untangle complete I do not see any huge reason for pfsense. oh and in UT firewall/filter rules I can create rules using hostname/username and so with pfs its just IP, in there forums some users ask for creating rules by username or hostname , I find this very useful for me
    Last edited by Chrismal; 04-23-2017 at 07:53 AM.

  8. #8
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    708

    Default

    Like I said, each has its use.

    I always had massive problems using the pfsense traffic shaper, so I stopped using it. That is one area in which untangle is definitely superior.

    Sent from my SM-G955U using Tapatalk

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Untangle is a layer 7 device that pokes at layers 2 and 3.
    PFSense is a layer 2/3 device that pokes at layer 7.

    You don't get any more apples and oranges than that. The problem the OP has is Untangle's requirements for layer 7 are messing up his layer 2, and resolving them isn't easy. That doesn't make either product junk, it just means combining them with this network design is inefficient.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Master Untangler deleted_account+152373@untangle.com's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    455

    Default

    Quote Originally Posted by sky-knight View Post
    Untangle is a layer 7 device that pokes at layers 2 and 3.
    PFSense is a layer 2/3 device that pokes at layer 7.
    Agree. I ask you this coz you are highly experienced, do you get situations where UT complete is not enough and would need pfsense?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2