How to Route from One DMZ <> Two Subnets using Two separate Firewalls
-
Sorry for another newbie question & hope this makes sense …
Trying to create a DMZ using two separate firewalls to protect an Industrial control network. I'm using the pfSense WAN and LAN interfaces strictly for management of pfSense. These interfaces are used only for management. The management network is further protected by it's own separate firewall. I then set Outbound NAT to manual so I have full control over the OPT1 / OPT 2 interfaces using Firewall / Routing rules.
See sketch below:
Opt1 / Opt2 are used to separate out the DMZ on each firewall. I can't figure out how to create a static route in pfSense1 so traffic originating from the Industrial Control network to the DMZ has a return path to the originator.SERVER1 can ping Server2 by use of Firewall Rules ... but SERVER2 cannot ping SERVER1 unless a
ROUTE ADD 10.90.0.0 MASK 255.255.0.0 10.95.0.2 METRIC XX
command is done on SERVER2
How can I create this static route on pfSense1? I tried adding a GW-10.95.0.2, and a route of 10.90.0.0/16 to the Opt2 interface without success.
-Private internal Access WAN for Company Personal
SERVER1 NAT
Virtual IP - 10.100.0.10/24
Default GW - 10.100.0.1/24|
|
< >
FIREWALL / ROUTER
pfSense1
Opt1 - 10.100.0.2/24 Next Hop Gateway 10.100.0.1
Opt2 - 10.95.0.1/16
< >
|
|<<<<<<<<<<<<<<<<<<<
-Industrial DMZ NetworkSERVER1
IP - 10.95.0.10/16
Default GW - 10.95.0.1/16|
|
< >
FIREWALL / ROUTER
pfSense2
Opt1 - 10.95.0.2/16
Opt2 - 10.90.0.1/16
< >
|
|<<<<<<<<<<<<<<<<<<<
-Private internal LAN for Industrial Control NetworkSERVER2
IP - 10.90.0.10/16
Default GW - 10.90.0.1