Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Idea's to setup this environment

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tommie
      last edited by

      Hi,

      we are currently using pfsense for multiwan and firewalling.  However we have some shortcomings in the current setup and want to reconfigure.  However I am not sure on how to proceed.

      We have 2 network cards, each for one WAN link.  Another for the internal network.  However we also have 2 wireless access points.  At the moment, they are connected directly to one of our wan links.  However these wireless access points are only used for visitors.  So we only want http/https but no ftp, etc.  We also have citrixservers and want also these to be accessible from the wireless links.

      For our internal network, we have a dhcp server running.  However the wirless APs have their internal dhcp server, however I want to turn this off and use pfsense for this.  I also want to run a captive portal for users to login.

      So we have 2 wan links, 1 internal lan and 2 AP (should i use two network cards?)

      So I am looking for idea's or experiences with such situations.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        mhab12
        last edited by

        I would go with 4 interfaces (3 NICs)…two WANs, one LAN, one VLAN.  Disable the internal DHCP on the APs.  Use the DHCP from pfSense for BOTH VLAN and LAN, install captive portal and enable it on the VLAN.  Make sure that the two interfaces are on disjoint subnets, you can also set the default rule on both interfaces to prevent traffic from going from VLAN-LAN and vice versa.  LAN becomes VLAN1 (the default VLAN) in a setup like this.

        We only have one WAN here, but use the same VLAN for wireless setup.  If your APs can support it, setup two SSIDs; one on the LAN for your employees to connect to the Citrix servers, and a second on the VLAN for guests to hit the captive portal for web access.

        The full setup would be like this:  WAN1/WAN2 (NIC1/NIC2)-> LAN(VLAN1, NIC3, 10.1.1.1) or guest VLAN (VLAN2, NIC3, 192.168.1.1)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.