Set-up Question
-
Trying to implement a new firewall and wondering on the set-up . 3 Nic's are set-up, one for WAN, LAN, and one for our POS CC Interface system. The trouble is lying with the POS. Currently it is on a separate subnet, and goes through a router in which it picks up and IP address relevant to the LAN side, points to the default gateway and is plugged into a simple D-link router, with the LAN, then out to the world. How should I set up this NIC through the pfsense firewall–brige? or LAN with default gateway? ?? If I set it up as a bridge, does this take away from being able to traffic shape? I appreciate any help with this, as I'm far from being an expert with routers.
-
I would leave it as a separate subnet and not bridge it (it doesn't sound like it needs to - or should - talk to the LAN). Set up your firewall rules to block traffic to/from the LAN for security and since you probably have fixed endpoints for the POS transactions you can be very restrictive with the traffic coming/going from the WAN too.
-
Would I then set up the firewall rules for the POS interface to be
Block Interface:POS Source:Any Destination:LAN subnet
Allow Interface:POS Source:Any Destination:WAN
??