Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Injection of Wan Accelerator Between Subnets

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcamino
      last edited by

      Hello. I am looking for some assistance on if what i want to accomplish is possible.  I have a PFsense system which is serving as both our internet default gateway and our OpenVPN site-to-site server. We have several openvpn tunnels between our various offices. We are looking to invest in a WAAS or WAN Accelerator type product to speed up the file transfers between our sites and our central office.

      The problem we are running into is ho to deploy the wan accelerator with the current network topology.  We can do WCCP or INLINE modes. As far as i can see, PfSense does not support WCCP redirection of traffic. So we are looking at IN-LINE mode of deployment. This leaves us the question of how to physically/logically connect the wan accelerator in our topology.  If we place it on our WAN,It is useless since the openvpn traffic is encapsulated. If we place it on our LAN, it breaks internet traffic. We are looking for some way to place it logically between our LAN interface on PFsense and our OpenVPN interface on PfSense. Any Suggestions on how to inject a device between two interfaces on pfsense?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Placement of such devices is before your routers..

        users –lan -- wanacc -- pfsense -- internet -- pfsense -- wanacc -- lan -- users

        They are transparent to the traffic so how would it "break" your internet?  Other then trying to send traffic to its peer it should not be sending there.  So just create rules on the device to not do that.  What are you looking at for your wanacc Riverbed? Something else?

        Riverbed they are called passthru rules, or bypass.. So setup rules on your wacc to leave the traffic alone that is just to go to pfsense and go out internet and not the vpn connect.  So your optimize traffic would only be traffic dest for the remote location through your vpn connection.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • F
          fgoc
          last edited by

          Facing the same situation we are about to start a PoC for Citrix SD-WAN (basically a CloudBridge VPX appliance) and we been told to use WCCP mode but this does not seem be to supported.

          Anyone out there has configured a CloudBridge VPX with Inline mode behind a pfsense? Any tip or recommendation in similar scenarios would be great.

          CB-WCCP_Config_Mode.jpg
          CB-WCCP_Config_Mode.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Are you asking if WCCP (Web Cache Communication Protocol) a Cisco protocol would be supported or is supported by pfsense?  You would run wccp on your downstream infrastructure that connects your lan to your router.. This is not something you would run on pfsense on your edge anyway.

            You put your appliance in front of your edge router.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • F
              fgoc
              last edited by

              Thanks for your responses.

              Our current setup in a nutshell:

              • Just running Trunk VLANs from the switches (Dell PowerConnect) all the way up to the pfSense VM.
              • Each physical ESXi NIC port is tagged so it can carry all the VLANs.
              • Each VLAN has its own vSphere Port Group and pfSense has a dedicated vNIC “Trunk” with VLAN ID 4095 and then we create other interfaces on top.
              • Single vSphere vSwitch on each host. The edge router is our upstream provider gateway.

              The WAN optimization appliance apparently requires 2 x vSwitches (LAN and WAN) however our WAN uplink is just an access port on the switch and then an interface on pfSense VM. It does not run on a separate vSwitch.

              What is the best method to set this up with the In-line mode?

              ![vSphere - vSwitch.jpg](/public/imported_attachments/1/vSphere - vSwitch.jpg)
              ![vSphere - vSwitch.jpg_thumb](/public/imported_attachments/1/vSphere - vSwitch.jpg_thumb)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.