2 Firewall(s) after each other
-
Hi Guys,
At our datacenter we have several pfsense(s) to address our static ip addresses to a specific network or server.
I will try to visualize it:
WAN (VDSL)
|
Firewall 1 (which takes the PPOE session)
|
Static IP 1 –> 1:1 NAT to Firewall 2 for network 192.168.1.x
|
Static IP 2 –> 1:1 NAT to Firewall 3 for network 192.168.2.x
|
Static IP 3 –> 1:1 NAT to Firewall 4 for network 192.168.2.x (for something specific like a webserver)
|
…It really is time consuming to update all the firewalls :)
So my question to you is: Can I optimize the setup by combining firewalls? I tried it myself on a testnetwork by adding extra network cards (2x WAN + 2X Lan) but ended up with an error "You can not set this IP, because network card * already has this network.
Example:
WAN (VDSL)
|
Firewall 1 (which takes the PPOE session)
|
Static IP 1 --> 1:1 NAT to Firewall 2 for network 192.168.1.x
|
Static IP 2 –> 1:1 NAT to Firewall 3 for network 192.168.2.x
Static IP 3 –> 1:1 NAT to Firewall 3 for network 192.168.2.x (for something specific like a webserver)
|
…PS: There is a possibility it already is posted on this forum or on the interwebs, I really don't know which search term to use for this setup :)
Questions? Ask!
-
Not sure why you think you need more than 1 firewall?? Unless your letting the user/customer control the 2nd firewall? After you have done your 1:1 nat??
-
Not sure why you think you need more than 1 firewall?? Unless your letting the user/customer control the 2nd firewall? After you have done your 1:1 nat??
It initially started for our Vlan Setup.
Every firewall took the "firewalling" on his account for every Vlan. Every firewall had an extra network card to hop from Vlan1 to Vlan2 (if that was necessary).
So it kinda grew on us.So VLAN1 had Static IP1
Vlan2 had static IP2
and so on…But for some servers we have 2-3 firewalls in 1 VLAN
Static IP3 is on VLAN3
Static IP4 is on VLAN3 also...But how can we reduce?
-
you can reduce to 1 firewall.. Not sure why you think you need another firewall for more vlans?
"But for some servers we have 2-3 firewalls in 1 VLAN"
That just seems crazy!!!
For your different vlans you can either just use interfaces in the 1 firewall, or just use vlans on top of an existing physical/virtual interface.
