I’ve been reading on how people use pfsense mostly as a gateway firewall rather than intervlan routing, as it’s not efficient or not meant to do it etc etc. I’m running this on my home network and currently replaced my gigabit equipment to 10g so my servers have higher thoughput for backups/migrations etc, whatever. Not really for desktops/endusers.

Anyhow, people on this sub and other forums say use the L3 switch to put ACLs and intervlan routing there rather than pfsense which I’ve been doing from the start.

Questions now are, why or what reason do people make VLANS if you’re having laxed ACL vs stateful firewall rules between them, if it’s just simple rules why even have VLANs? I don’t have super complicated rules on pfsense between VLANs but I can’t really see ACL’s doing what I’m doing. Also again if throughput is important between desktops to whatever trusted servers, I’d implement fully 10g or at least 2.5g to desktops but I don’t see that being a use case as we don’t transfer files around much? And gigabit is enough.

So do I really need to push my intervlan routing to the switch? I know it’s more efficient but not sure what ACL’s can do or replace my rules. I can post some vlan rules from pfsense, some are just a few and the most is on the “users” vlan really, just so no one inadvertently connects to a windows server host etc, even though there’s authentication, if bad actors breach user’s devices, it’s easier to access them if there wasn’t any rules.