Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Implement pfSense To Protect Distributed Virtual Private Servers

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.2k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      What's the purpose in doing this? Actually just off-loading the firewall load? Easier management?

      It's going to be difficult to achieve this with VPSs. What you're looking at there is a distributed VPC. There are solutions for that! 😉

      To do this you would need to setup tunnels between the pfSense and the 3 servers. Those should really be encrypted so that's likely going to be higher total load. Then you can forward traffic to them in pfSense. You would only have 1 public IP available for all resources of course, unless you get more IPs at the pfSense instance. The additional latency might affect VoIP badly, depending on actual distance etc.

      Steve

      J 1 Reply Last reply Reply Quote 0
      • J Offline
        jtomelevage @stephenw10
        last edited by

        @stephenw10 said in Implement pfSense To Protect Distributed Virtual Private Servers:

        t's going to be difficult to achieve this with VPSs. What you're looking at there is a distributed VPC. There are solutions for that!

        Thanks for the reply. What is a VPC?

        I was concerned about the SIP latency and it's potential affect on call quality. I also would not like to hinder the web server performance.

        stephenw10S 1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott
          last edited by

          @jtomelevage said in Implement pfSense To Protect Distributed Virtual Private Servers:

          Does this all seem reasonable?

          How are the servers connected? If via the public Internet, each one will need it's own firewall.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          J 1 Reply Last reply Reply Quote 0
          • J Offline
            jtomelevage @JKnott
            last edited by

            @JKnott said in Implement pfSense To Protect Distributed Virtual Private Servers:

            How are the servers connected? If via the public Internet, each one will need it's own firewall.

            All three servers are independently operating and are not currently connected other that the public Internet.

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ Offline
              JKnott @jtomelevage
              last edited by

              @jtomelevage

              Then you can't just use one pfSense intance, as those servers will not have any protection beyond what their own firwall can provide.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator @jtomelevage
                last edited by stephenw10

                @jtomelevage said in Implement pfSense To Protect Distributed Virtual Private Servers:

                What is a VPC?

                Virtual Private Cloud
                Edit: Better link

                Still not sure why you are doing this? I we know what you're hoping to achieve by doing it we might be able to make more helpful suggestions.

                Steve

                1 Reply Last reply Reply Quote 0
                • J Offline
                  jtomelevage
                  last edited by

                  @stephenw10 said in Implement pfSense To Protect Distributed Virtual Private Servers:

                  Still not sure why you are doing this? I we know what you're hoping to achieve by doing it we might be able to make more helpful suggestions.

                  Thanks for the reply. I had not heard of VPC previously, and that looks like a great solution depending on the cost. Right now I think the cost of the above production environment is $60 per month.

                  The reason why is that these servers already exist and have been running well (despite all the attacks) and I was hoping to protect the servers with a single firewall and eliminate the need to manage the individual server's firewalls.

                  John

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    It might be more expensive. Other VPCs are available, I changed out the link.

                    Vultr appears to have some sort of private networking feature that you may be able to use for this. Consolidate all your servers there perhaps.

                    Not something I've ever tried. But multiple servers behind pfSense in AWS or Azure is quite common.

                    Steve

                    J 1 Reply Last reply Reply Quote 0
                    • J Offline
                      jtomelevage @stephenw10
                      last edited by

                      @stephenw10 said in Implement pfSense To Protect Distributed Virtual Private Servers:

                      Vultr appears to have some sort of private networking feature that you may be able to use for this. Consolidate all your servers there perhaps.

                      I did not find the service at Vultr that you refer to. Can you share a link?

                      John

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        I've never used Vultr so I have no way to know if this fits you usage....

                        https://www.vultr.com/docs/configuring-private-network

                        I note that: "Private networks are only available on Vultr compute and dedicated compute instances."

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.