Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall design help

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      snowch
      last edited by

      I have three cable lines coming into my network as follows:

      
      -----CABLE1-----FW-----SVR1----LAN
                                      |
      -----CABLE2-----FW-----SVR2----LAN
                                      |
      ------DSL-------FW-----SVR3----LAN
                                      |
      -----CABLE3-----FW-------------LAN
      
      

      CABLE3 is used for general internet access for the LAN.  Each server needs to be accessed from the web.  Each CABLE connection has a (semi) static public ip addresses.  The DSL line has a public ip address.

      The network is in need of a re-organisation because each internet server (SVR1-3) has it's own dedicated connection and thus is a single point of failure.

      How could I setup this network using pfSense to load balance with redundancy?  As CARP requires multiple static ip addresses, I guess I am limited to a cold standby?  Does the diagram below make sense?

      
      -----CABLE1------+
                       |              
      -----CABLE2------+----FW--------
                       |     | LAN   
      ------DSL--------+     |        
                       |     +--------+---SVR1
      -----CABLE3------+       DMZ    |
                                      +---SVR2
                                      |
                                      +---SVR3
      
      

      Many thanks,

      Chris

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.