Idea's to setup this environment
we are currently using pfsense for multiwan and firewalling. However we have some shortcomings in the current setup and want to reconfigure. However I am not sure on how to proceed.
We have 2 network cards, each for one WAN link. Another for the internal network. However we also have 2 wireless access points. At the moment, they are connected directly to one of our wan links. However these wireless access points are only used for visitors. So we only want http/https but no ftp, etc. We also have citrixservers and want also these to be accessible from the wireless links.
For our internal network, we have a dhcp server running. However the wirless APs have their internal dhcp server, however I want to turn this off and use pfsense for this. I also want to run a captive portal for users to login.
So we have 2 wan links, 1 internal lan and 2 AP (should i use two network cards?)
So I am looking for idea's or experiences with such situations.
I would go with 4 interfaces (3 NICs)…two WANs, one LAN, one VLAN. Disable the internal DHCP on the APs. Use the DHCP from pfSense for BOTH VLAN and LAN, install captive portal and enable it on the VLAN. Make sure that the two interfaces are on disjoint subnets, you can also set the default rule on both interfaces to prevent traffic from going from VLAN-LAN and vice versa. LAN becomes VLAN1 (the default VLAN) in a setup like this.
We only have one WAN here, but use the same VLAN for wireless setup. If your APs can support it, setup two SSIDs; one on the LAN for your employees to connect to the Citrix servers, and a second on the VLAN for guests to hit the captive portal for web access.
The full setup would be like this: WAN1/WAN2 (NIC1/NIC2)-> LAN(VLAN1, NIC3, 10.1.1.1) or guest VLAN (VLAN2, NIC3, 192.168.1.1)