Dual WAN & Dual LAN with 3 ports
-
I have 2 internet connections (10mbit and 1mbit) currently connected to my pfsense box.
I need 2 internal zones. LAN and DMZ, but I only have one available port on the pfsense box.
I need 1 WAN IP pointing to my small business server hosting remote web workplace and email in the LAN.
I need 1 WAN IP pointing to my web server in the DMZ.I would prefer both LAN & DMZ to use the faster 10mbit connections gateway, except for the small business server which will use the 1mbit gateway.
My pfsense box has 3 ethernet ports. I have both WAN's plugged into the pfsense box, leaving one port for my internal network.
In order to add a DMZ with my current setup I would need to use VLAN's, but I have read that is not very secure because the LAN and DMZ would both be connected to the same managed switch.
Can I use the managed switch & vlans to combine the two WAN's before reaching pfsense and still retain the ability to use the 3 static WAN IP addresses?
I have an additional 3 ethernet port pfsense box in storage. Could I connect 2 physical WAN's to first pfsense box and one LAN connection to second pfsense box, and then use 2nd pfsense boxes remaining two ports for LAN & DMZ?
My available hardware
1x managed switch gs105e (5-ports)
2x pfsense boxes (3 ports each)
1x Cisco Pix 501 (most basic model, only allows 1 subnet)Any tips would be greatly appreciated.
-
I have an additional 3 ethernet port pfsense box in storage. Could I connect 2 physical WAN's to first pfsense box and one LAN connection to second pfsense box, and then use 2nd pfsense boxes remaining two ports for LAN & DMZ?
Yes you could, that would be best.
If you use a switch to combine the 2 WAN using VLAN, then you'd be exposing yourself to the same risks as a VLAN from behind PFSense (afaik, then again i'm not top notch) -
How would I go about assigning the external static WAN IP through 2 pfsense boxes?
-
I think this document:
http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.xIs kind of in the right direction for what I need. I just need to comprehend it. I'm on 2.0 as well, hopefully they are close to the same.
-
There is a guide specific to 2.0 on the wiki.
http://doc.pfsense.org/index.php/Multi-WAN_2.0
-
I'm still a bit confused. I took the network example from the 1.2 docs and adjusted it a bit.
The red box is my small business server, it does smtp, remote web workplace and outlook web access.
The blue box is what I would like to use the connection #1 which is the faster connection.
I think I can figure out that much between the 1.2 and 2.0 docs. My question is, what goes in the green circle? Just a regular unmanaged switch and then I add another firewall before the dmz zone?
The second image is what I was thinking originally. Would this setup work?
I'm not even worried about failover or load balancing right now, I just need to get this DMZ sorted.