Dual WAN & Dual LAN with 3 ports

philpot

I have 2 internet connections (10mbit and 1mbit) currently connected to my pfsense box.

I need 2 internal zones. LAN and DMZ, but I only have one available port on the pfsense box.

I need 1 WAN IP pointing to my small business server hosting remote web workplace and email in the LAN.
I need 1 WAN IP pointing to my web server in the DMZ.

I would prefer both LAN & DMZ to use the faster 10mbit connections gateway, except for the small business server which will use the 1mbit gateway.

My pfsense box has 3 ethernet ports. I have both WAN's plugged into the pfsense box, leaving one port for my internal network.

In order to add a DMZ with my current setup I would need to use VLAN's, but I have read that is not very secure because the LAN and DMZ would both be connected to the same managed switch.

Can I use the managed switch & vlans to combine the two WAN's before reaching pfsense and still retain the ability to use the 3 static WAN IP addresses?

I have an additional 3 ethernet port pfsense box in storage. Could I connect 2 physical WAN's to first pfsense box and one LAN connection to second pfsense box, and then use 2nd pfsense boxes remaining two ports for LAN & DMZ?

My available hardware
1x managed switch gs105e (5-ports)
2x pfsense boxes (3 ports each)
1x Cisco Pix 501 (most basic model, only allows 1 subnet)

Any tips would be greatly appreciated.

alkizmo

@philpot:

I have an additional 3 ethernet port pfsense box in storage. Could I connect 2 physical WAN's to first pfsense box and one LAN connection to second pfsense box, and then use 2nd pfsense boxes remaining two ports for LAN & DMZ?

Yes you could, that would be best.
If you use a switch to combine the 2 WAN using VLAN, then you'd be exposing yourself to the same risks as a VLAN from behind PFSense (afaik, then again i'm not top notch)

philpot

How would I go about assigning the external static WAN IP through 2 pfsense boxes?

philpot

I think this document:
http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

Is kind of in the right direction for what I need. I just need to comprehend it. I'm on 2.0 as well, hopefully they are close to the same.

jimp

There is a guide specific to 2.0 on the wiki.

http://doc.pfsense.org/index.php/Multi-WAN_2.0

philpot

I'm still a bit confused. I took the network example from the 1.2 docs and adjusted it a bit.

The red box is my small business server, it does smtp, remote web workplace and outlook web access.

The blue box is what I would like to use the connection #1 which is the faster connection.

I think I can figure out that much between the 1.2 and 2.0 docs. My question is, what goes in the green circle? Just a regular unmanaged switch and then I add another firewall before the dmz zone?

The second image is what I was thinking originally. Would this setup work?

I'm not even worried about failover or load balancing right now, I just need to get this DMZ sorted.

dmz.jpg_thumb

dmz1.jpg_thumb