What should i do??

iamthed

ok let me explain it again.. 1st look at the picture below..
i want to the PF sense box like topology B
before i'm implementing like topology B.. i want to implementing like topoloy A
it's just for make sure that the firewall is working and reliable..

there is a reason why i'm not using WAN interface.. since internet on building B is depend on building A..
u can see the picture Building A and Building B connect through fiber optic.. i already put on LAN interface the default gateway of my router building.. but it won't connect through internet..
can u solve my problem ?

tq again cry havok

![A or B.JPG](/public/imported_attachments/1/A or B.JPG)
![A or B.JPG_thumb](/public/imported_attachments/1/A or B.JPG_thumb)

Eugene

Iamthed, may I ask you about what position you have at this company please?
Just out of curiosity…
Thanks.

Cry Havok

To be blunt, can I strongly suggest you hire a professional who understands networking. It's pretty obvious that you're very far out of your depth.

If you want to carry on then:

Use a default install of pfSense
Connect the WAN interface to the Cisco switch
2a) If you're not using DHCP, manually configure the IP, netmask, default gateway and DNS servers correctly
2b) Ensure that the LAN interface uses a different IP range to the WAN interface
Confirm that your pfSense host can perform DNS queries and reach the Internet
Connect your test PC to the LAN interface
Configure the firewall rules on the LAN interface to match your business needs

When that works and you can access the Internet from the test PC:

Configure the OPT1 interface with an appropriate IP range, different from that in use on the WAN and LAN
Configure appropriate firewall rules to allow your chosen traffic through
Connect the Wireless subnet to the OPT1 interface

iamthed

@Eugene:

Iamthed, may I ask you about what position you have at this company please?
Just out of curiosity…
Thanks.

i'm just a new network engineer in my company.. why do you ask?

Eugene

@iamthed:

@Eugene:

Iamthed, may I ask you about what position you have at this company please?
Just out of curiosity…
Thanks.

i'm just a new network engineer in my company.. why do you ask?

As I said - out of curiosity… Thanks for your answer.
Network engineer... Hmm... and why did you decide to redesign your network? What is wrong with it you think?

iamthed

actually i'm not redesign it.. but i'm improving it.. since the router act as a router+firewall.. it has a bad effect of QoS.. so i'm thinking to split the firewall and router.. because PFsense very low cost why i didn't changing it to improve my QoS..

are u a fan of PFsense? why u don't tell me the good and bad sides of PFsense..
since i'm new using PFsense

iamthed

@cry havok
i already setup PFsense like ur suggestion but i have a trouble with the bridge LAN interface and WAN interface
see the picture above..
it's listening not established.. i'm gettin frustated !!

the topology is like this

my PC –--- Interface LAN(bridge to WAN) ----- WAN( where is the bridge option?) ------ switch ---- router
LAN interface can ping to google
but WAN interface can't ping to anywhere
can u fix it? tq

interface.JPG_thumb

Cry Havok

Why are you bridging? Why aren't you using routing?

iamthed

because i think bridging is the simpilest method..
ok let put some routing in pfsense..
is static or RIP do u suggest for routing like this?

Cry Havok

I think the amount of problems you're having to get the basics working should have told you by now that if you don't know what you're doing bridging isn't the simplest method ;)

I've already provided my advice earlier in this thread, and I'll quote it here for you:

@Cry:

Use a default install of pfSense

Connect the WAN interface to the Cisco switch
2a) If you're not using DHCP, manually configure the IP, netmask, default gateway and DNS servers correctly
2b) Ensure that the LAN interface uses a different IP range to the WAN interface

Confirm that your pfSense host can perform DNS queries and reach the Internet

Connect your test PC to the LAN interface

Configure the firewall rules on the LAN interface to match your business needs

When that works and you can access the Internet from the test PC:

Configure the OPT1 interface with an appropriate IP range, different from that in use on the WAN and LAN

Configure appropriate firewall rules to allow your chosen traffic through

Connect the Wireless subnet to the OPT1 interface

So, yes, static routing - one single entry for the default gateway (on the WAN interface). Stop trying to run when you haven't even learned to crawl yet. I'd also suggest you talk with the experienced network techs in your company.

iamthed

thx again to cry havok..
i'm not using static route.. because the pfsense crash after i using static route
then i'm using bridge.. and it works now..
lol

however thx cry havok.. regards