Yes you would create all the VLANs on the switch and the pfSense firewall. The port that the firewall is connected to would be a trunk port with all the VLANs allowed.
Your freenas server would be connected to a network, for now lets say the infrastructure network. In the switch that the...
Sorry, the admin lan should have also be a /27. Pfsense will do the access controls on the communications between the VLANs as long as the pfSense is connected to a trunk port. Everything else you have pretty much nailed.
The above is basically my set up at home. Just add in a vyatta router...
I prefer to use VLAN's when I can. Yes the basis is to increase security and to cut down on chatter. I would prefer not to have others in places they shouldn't be. Like iLO ports, firewall mangement, or management of other devices. Basically I would set it up with the following:
vlan 2 -...
There is plenty of documentation on doing this with any basic distro out there that you choose. It should take you after the basic OS install about 45 minutes to get everything configured, depending on your complexity of your firewall rules. IMO, I would pass any the how to's that says install...
/etc/network/interfaces
auto lo
auto lo inet loopback
auto eth3
iface eth3 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.254
auto eth3:0
iface eth3:0 inet static
address 192.168.1.117
netmask 255.255.255.0
Let the brute force attacks begin. If you want to see something interesting that may change your outlook on what you want do, set up a Kippo honey pot with either an external connection and watch the logs. Setting up a vpn is really the preferred method. Openvpn server at the site you which...
I set up and manage many Snort boxes. After the initial tuning the false positives are pretty low. I primarily use Snort, PulledPork, and Barnyard2. If I can scan the network now and then I will configure and use Hogger.
I've used Base, I've tried Snorby, and used Splunk with the Snort App.
It hasn't removed it from the network. It has just added another virtual interface basically that routes encrypted traffic over the 192 network and gateway over the vpn connection.
If the system at 192 has VNC installed and is running you should be able to connect to it just fine, it's still...
This depends if you are doing a split tunnel. Split tunnel is when you only route over the vpn tunnel to access things on your network. If you force all your traffic over the tunnel then it would all be encrypted over the tunnel to and from your system.