4. 2 Firewall(s) after each other

2 Firewall(s) after each other

  • C

    Hi Guys,

    At our datacenter we have several pfsense(s) to address our static ip addresses to a specific network or server.

    I will try to visualize it:
    WAN (VDSL)
    |
    Firewall 1 (which takes the PPOE session)
    |
    Static IP 1 –> 1:1 NAT to Firewall 2 for network 192.168.1.x
    |
    Static IP 2 –> 1:1 NAT to Firewall 3 for network 192.168.2.x
    |
    Static IP 3 –> 1:1 NAT to Firewall 4 for network 192.168.2.x (for something specific like a webserver)
    |

    It really is time consuming to update all the firewalls :)

    So my question to you is: Can I optimize the setup by combining firewalls? I tried it myself on a testnetwork by adding extra network cards (2x WAN + 2X Lan) but ended up with an error "You can not set this IP, because network card * already has this network.

    Example:
    WAN (VDSL)
    |
    Firewall 1 (which takes the PPOE session)
    |
    Static IP 1 --> 1:1 NAT to Firewall 2 for network 192.168.1.x
    |
    Static IP 2 –> 1:1 NAT to Firewall 3 for network 192.168.2.x
    Static IP 3 –> 1:1 NAT to Firewall 3 for network 192.168.2.x (for something specific like a webserver)
    |

    PS: There is a possibility it already is posted on this forum or on the interwebs, I really don't know which search term to use for this setup :)

    Questions? Ask!

    0
  • LAYER 8 Global Moderator

    Not sure why you think you need more than 1 firewall??  Unless your letting the user/customer control the 2nd firewall?  After you have done your 1:1 nat??

    0
  • C

    @johnpoz:

    Not sure why you think you need more than 1 firewall??  Unless your letting the user/customer control the 2nd firewall?  After you have done your 1:1 nat??

    It initially started for our Vlan Setup.
    Every firewall took the "firewalling" on his account for every Vlan. Every firewall had an extra network card to hop from Vlan1 to Vlan2 (if that was necessary).
    So it kinda grew on us.

    So VLAN1 had Static IP1
    Vlan2 had static IP2
    and so on…

    But for some servers we have 2-3 firewalls in 1 VLAN
    Static IP3 is on VLAN3
    Static IP4 is on VLAN3 also...

    But how can we reduce?

    0
  • LAYER 8 Global Moderator

    you can reduce to 1 firewall..  Not sure why you think you need another firewall for more vlans?

    "But for some servers we have 2-3 firewalls in 1 VLAN"

    That just seems crazy!!!

    For your different vlans you can either just use interfaces in the 1 firewall, or just use vlans on top of an existing physical/virtual interface.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy