LAN2LAN vs Double NAT for layered firewall defense
-
Which is easier for upkeep and/or is prone to less user error upon initial setup?
Creating a double NAT utilizing 2 network firewalls within the topology
OR
Creating a LAN-to-LAN tunnel between the 2 network firewalls
?I have never had to have more than 1 firewall before until now, so I am exploiting my options. Any advice or suggestions are welcome as I recover from a brutal sophisticated targeted attack upon me and my family's multi-household digital infrastructure
-
NAT does nothing that a properly configured firewall can't do. Also, you seem to be confusing "LAN-to-LAN tunnel" (VPN) with a firewall. They are completely different things.
I assume you're running pfSense, so you can configure a VPN between it and the other network. Your choices are OpenVPN, Wireguard and IPSec.
-
@JKnott I said what I said, if I wanted a VPN I would have said VPN.
I want to daisy chain 2 different firewall configurations by different builds together on the same LAN before it goes out to the modem's ISP. On top of the double firewall I will be having 2 or 3 VPNs "on" as well but I am not asking how to do the VPN, I am asking how to daisy chain 2 firewalls together as I never have used 2 firewalls at the same time before only 1 but now I want 2 on.
Is this achieved easier through LAN-to-LAN, or a Double NAT, or the 2nd Layer router also has an option called "Site-to-Site"; the pfSense btw is what will be behind the modem while the other firewall will be within the inner part of the LAN
