[Solved] 3 WAN's / 6 LAN's - Any recommendations?

[svord]

I have a setup where I have 3 different wans (running a multi-wan setup) and 6 different lans. 

Most of the really solid OPNsense appliances only have 6 ports.  So what is the best way to approach this?  My guess is that vlan'ing is the answer - but it would be good to get some confirmation of that before going down that path as I have limited experience with vlan's.

[bartjsmit]

Yes, VLAN separation meets your requirements. I run OPNsense on an i3 NUC ESXi with one physical NIC and about a dozen VLAN's which appear to the firewall as vNIC's.

Plenty vids on VLAN https://onion.tube/search?q=vlan

[meyergru]

The way to go would be to use VLANs, but since you say you have limited knowledge about VLANs, I do not quite understand what you want to accomplish?

If your aim is to separate 6 physical LANs like in a rental house for different with a LAN connection to their infrastructure, then obviously a VLAN-capable switch is something you probably do not want on top. In that case, you probably want a firewall with at least nine ports.

On the other hand, if all of the network infrastructure behind the firewall is yours, then either you have 6 (V)LANs already or you don't, but why 6 LANs then?

[svord]

If your aim is to separate 6 physical LANs like in a rental house for different with a LAN connection to their infrastructure, then obviously a VLAN-capable switch is something you probably do not want on top. In that case, you probably want a firewall with at least nine ports.

On the other hand, if all of the network infrastructure behind the firewall is yours, then either you have 6 (V)LANs already or you don't, but why 6 LANs then?

My aim is to separate 6 physical LANs and ideally, I would have a firewall with at least nine ports as this makes the most sense to me - but most of the really solid OPNsense appliances that I have found only seem to have 6 ports.  Are there any good appliances available on the market with 9+ ports? If not, then it sounds like vlan'ing is the way forward.

[bartjsmit]

The closest you'll get with an appliance would be a ZimaBoard with USB ethernet adapters and a quad PCI-e NIC but that would not be very tidy.

Mini-ITX tops out at a single PCI-e as well so for small form factor you would have to build something with Mini-ATX or (rare) Mini-DTX, boards. Close to an appliance in size but no longer ready-made.

VLAN is easiest by far and cleanest. It allows you to have groups of networks some distance away over trunk connections. Your megaNIC appliance would need nine devices hanging off it like a spider in a web.

Bart...

[svord]

Thanks Bart & meyergru.  That answers my question.  Appreciate your advice.
Cheers.