2 Firewalls (not carp) question



  • I want to add another pfsense behind my current pfsense firewall that will do some basic filtering. Anyway, can i put this firewall in and turn on advance Nat then disable all Nat policies and have the main firewall handle this?
    Here is what i was thinking… Will this work?

    (172.20.0.1/25)-----DMZ1
    --wan--PFsense(10.7.2.1/26)  ---- (10.7.2.5/26-wan)PFsense 2 ---then a 192.168.7.1/24 lan network
                          (10.8.2.1/24) ----VLAN

    Ideally have the pfsense box on the 10 do all the natting for the 192.168.7.x/24 network without natting it as I would like to stay away from double natting as much as possible.

    I looked around the forums but want sure how to word this correctly.

    Thanks,

    cconk01



  • Yes, that's possible. Just make sure you put a static route in on the border pfsense that points to the internal pfsense for the internal network. If you wanted, you could just do a transparent firewall if you don't want any routing at all.



  • could i use ospf for this? is there any support on pfsense for ospf?

    Thanks



  • OSPF isn't supported at this time. You only need one static route in this scenario, any routing protocol is overkill.



  • ok. Thanks for the help
    cconk01


Log in to reply