Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Design/Topology Internal/External

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 571 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cornelp
      last edited by

      So,
      I wanted to show a picture of my proposed new design/topology for Firewall layout. I have users connected to a bunch of 2960S, which is then connected to a 3750x. Internal Firewalls are connected to the 3750x, and the External Firewalls (while have the ability to connect to 3750x) are connected to the Internal Firewalls.

      Does this setup seem to be an ok design?
      Has anyone setup something similar?
      Would the VIPs in this case create any possible issues?

      Thanks,
      0_1548176158802_Firewall-Proposal-Int-Ext.JPG

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        While you may have issues with double NAT, this is the standard layout of a CARP HA configuration.

        https://www.netgate.com/docs/pfsense/highavailability/configuring-high-availability.html

        C 1 Reply Last reply Reply Quote 0
        • C
          Cornelp @KOM
          last edited by

          @kom Thank you. Actually that's exactly what we had. But we have to separate the firewalls with DMZs being setup on External Firewalls and Internal Firewalls would have only the internal Networks.
          Just wanted to see if this setup would create any other issue (besides that you mentioned double NAT).

          Thanks,

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.