Do you assign a dedicated interface to manage your Pfsense from the GUI?
-
Hi All,
I recently reconfigured my PS firewall after some catastrophic crash of it. Now all is good again.
But I’m thinking of how to better manage it.
I use my PS mostly as an upstream gateway with filtering, etc. So, I’m rely on static routing.
Now, I have a special VLAN on the switch where my servers, secured work computers and other network equipment located, placing PS here would be logical to me, but I cannot due to static route conflict.I have a free port/interface on it atm.
Thanks.
-
@cuteliquid11 said in Do you assign a dedicated interface to manage your Pfsense from the GUI?:
but I cannot due to static route conflict.
Why would you have a routing conflict? If you have a downstream switch that is doing routing it should be connected via a transit/connector network.. How/Why would there be a routing conflict? You can use any network you want out of all of rfc1918 space.. If something conflicts change what network(s) your using so they don't.
Why do you need a downstream router? Why can pfsense not just route between all your networks.. If you want to use a vpn for some vlan or even just some devices, etc. they can just be policy routed, etc.
A drawing of your network and what your wanting to do would be helpful in figuring out how best to accomplish what you want.
But yes normally you would limit pfsense gui/ssh access to only the network or devices you that should have access. Management of your other devices like switches and AP could all be on what is sometimes called a infrastructure vlan, etc.
-
@johnpoz Thanks for reply. I have that transit network on the Pfsense and on the switch, I did this design long time ago and it was working only if I placed some static route that pointed to a gateway which is linked with an interface OPT1, that's is also physical one (in tagged mode).
I have something similar to infrastructure vlan that I call admin vlan here, I thought that if I add a new interface and set it with that, it will be wise. When I did it and set ipv4 address to assign from my admin/infra vlan, it said that I cannot do it due to overlapping with existing route, something, something... I'm currently accessing its GUI via that transit network.
I can put a diagram later after work.
I kind of like to run vlans on the switch for speed and streamlined logic. -
@cuteliquid11 said in Do you assign a dedicated interface to manage your Pfsense from the GUI?:
switch for speed and streamlined logic.
Yeah I sure wouldn't call that streamlined, and not sure what your using for pfsense but its more than capable of routing at speed.. Now if you wanted devices to talk at like 2.5ge or 5 or 10ge or something ok.. If pfsense couldn't do those speeds..
How is lack of any firewall rules between segments on your switch vs easy clickly clicky easy firewall rules on pfsense streamlined? You creating firewall rules via ACLs? Not sure what switch your using, but those are not anything close to ease rules can be done on pfsense.
If your not firewalling between the segments on your switch, why even segment them? Just put them all on the same vlan, etc.
But you still haven't said what your route conflict is??
Lets take a look at your drawing.. But routing to your downsteam router(L3 switch doing routing) wouldn't cause route conflict..
Here is example of how you would setup downstream router
