Is pfSense the right solution for me?
-
Howdy,
I currently have a T1 line with ENDIAN as my firewall/web content filtering/VPN/SMTP proxy for my small network. Works wonderful. We are now ordering a 7Mbps/1Mbps business DSL line to serve as backup and I would like to bond these two connections to get us 8.5Mbps download and 2.5Mbps upload. ENDIAN Community only has failover support, no bonding/load balancing at this time.
So I see pfSense does load balancing and has some very cool features, which gives me the idea to put a pfSense box in front of my ENDIAN firewall to get the load balancing and added security.
My main concerns are that I have an Exchang server onsite, so I need inbound and outbound emails to happen on a specific IP address. From my initial search, this is possible but I need to make sure.
The other option (if possible) would be to connect both WAN links to my ENDIAN firewall and be able to specify IP's/subnets (heavy users) to use the DSL line and the rest of the company use the T1.
This is how my network would look:
[WAN1]
|
|
[pfSesnse]–-----[ENDIAN Firewall]–------[LAN]
|
|
[WAN2]Look forward to hear any feedback!
-
should work if you do right configuration… see the doc of pfsense.
http://forum.pfsense.org/index.php/topic,16923.0.html -
AFAIK
the new release EFW 2.2 can suppport dual-wan
-
I think 2.2 Final only offers failover, not load balancing.
In pfSense, can I have certain users (by IP) have all traffic go out one WAN interface and the others go out the other?
For examplem, make 172.30.100.0/24,172.30.20.55 use WAN1 and the rest of the users go out WAN2.
-
Yes.
-
well, maybe u should try read this first ….
http://foolbaby.wordpress.com/2008/01/06/load-balance-with-2-or-more-red-nic-with-endian-firewall/
http://beni-santoso.blogspot.com/2008/01/setting-multi-wan-pada-efw.html
i think, it is better using 1 distro for ur case... which is, if u wanna using pfsense then u should eliminate EFW. and if u wanna continue using EFW, then pfsense will waiting 4 u...
-
No, using Pfsense instead of EFW only if you want failover and load balancing but if u want to have a content filter . then you need to have EFW or something like smoothwall. i.e. because Pfsense Squid with MultiWAN doesnt works properly. and you will not be able to use squidguard.