Dual WAN, 2 ISPs, no load-balancing
-
Hello,
I'm looking at getting a second WAN connection with different ISP. I want to keep my existing connection and would like to split my internet traffic. I don't want to load-balance or do any failover.(Drawing included)
Here is the scenario :
- all my inbound public traffic to my servers go through ISP 1 and the PIX only.
- all my outbound traffic from my LAN goes through pfsense and ISP 2 only.
- my internal traffic ( LAN -> DMZ ) goes straight to the servers without leaving through ISP 2 and re-entering through ISP 1.
Basically, I want to use ISP 1 for my server traffic only, and ISP 2 for my LAN traffic. The EXCEPTION being for when my LAN machines need to talk to my servers.
Thank you.
-
That looks pretty straightforward, you can set up pfsense with a second WAN connection on OPT1, which connects to a 3rd port on the pix, then put DNS entries in the DNS forwarder to give the servers behind the pix off-internet addresses (10.x or 192.168.x) that you can set up firewall rules for in pfsense.
Then traffic for the local servers goes to the pix, everything else goes out through the second ISP connection - just to keep it simple I would set up the pix connection as OPT1.
-
Thank you, I'll give it a try.