Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring Vlans with Wan & Lan

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    4 Posts 2 Posters 566 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nmpuk
      last edited by

      New to pfsense. Trying to setup a two layer firewall with dmz on a test/poc VMware infra along the lines of the below:

      Internet
      |
      intWan0 / 10.0.20.1/24 (Vlan0) (Will be ISP assigned)
      -EdgeFW
      IntLan0 / 10.0.15.1/24 (Vlan1)
      |
      intLan1 / 10.0.14.1/24 (Vlan2)
      DMZFW—intLan2 / 10.0.13.1/24 (Vlan3) — AppServ intLan3 / 10.0.12.1/24 (Vlan4)
      |
      IntLan4 / 10.0.12.2/24 (Vlan5)
      InnerFW
      IntLan5 / 10.0.81.1/24 (Vlan6)
      |
      |
      IntLan6
      CorpNet

      My question is regarding Vlan addressing for the Wan / Lan interfaces. I’ve reviewed the netgate documentation on Vlans and its light in this area.

      Whats the correct procedure for configuring the vlans for the Lan/ Wan interfaces?

      Setting vlans during the installation / cli setup assigning vlans didn’t seem to work, should we be specifying static addresses first at cli then through the gui screen configure vlans and assign to parents and adding routing/ fw rules thereafter?

      Thanks
      Nathan

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @nmpuk
        last edited by

        @nmpuk said in Configuring Vlans with Wan & Lan:

        IntLan0 / 10.0.15.1/24 (Vlan1)
        |
        intLan1 / 10.0.14.1/24 (Vlan2)

        How do you expect these to talk to each other? If they are in different vlans (layer2) and even different networks at layer 3?

        I have a feeling you don't actually understand what a vlan is..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        N 1 Reply Last reply Reply Quote 0
        • N
          nmpuk @johnpoz
          last edited by

          @johnpoz That would be a typo. As you can see correctly shown further down.

          Any thoughts on my question above?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @nmpuk
            last edited by johnpoz

            @nmpuk where are the corrections - that diagram makes no sense..

            DMZFW—intLan2 / 10.0.13.1/24 (Vlan3) — AppServ intLan3 / 10.0.12.1/24 (Vlan4)
|
IntLan4 / 10.0.12.2/24 (Vlan5)
InnerFW

            And here you have the same network in 2 different vlans? and then also '

            Assigning vlans works just fine during first setup.. But it's never going to work like you have it drawn.

            If you can't take the time to actually draw up correctly what you want - how is anyone going to help you.

            So your going to have 3 firewalls running on a VM.. Why would you need to setup vlans in the first place in pfsense? Vlans are when traffic is tagged.. Just put your different interfaces in different port groups.. No real reason to tag anything on pfsense. Only place you would might need to tag is when leaving the vm host, and again no reason to tag that in pfsense. You could but then the port group on your vm host would need to be set to pass the tags.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.