Which structure is best?
-
I have future plans to install VPN.
The image "1.", better do dhcp by the router, or pfsense?
OR
-
pfSense should be your router. Option 1 doesn't make any sense to me.
-
Another vote for option 2. :)
Steve
-
ok, thank you all
-
Option 1 would likely result in double NAT (which is bad).
-
2
-
put a backup firewall would be a good idea?
In this case, it would be nice to have a router?
-
Option 2 is best. Pfsense can handle multiple connections like that just fine and would be best for redundancy and load balancing. Option 1 is certainly doable but you would want to disable NAT on it and just do static routing. This would be similar to using a Cisco router in front of a PIX/ASA firewall (which don't really support multi-wan IIRC). Given that pfsense does support multi-wan, I see no reason to do option 1.
If you had at least a /29 on one of those connections you could do a redundant pfsense setup. Only the circuit with the /29 range would be available on both firewalls, the other circuit would be on the primary firewall only.
