Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to protect one host with a DMZ

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    1 Posts 1 Posters 576 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sjflom
      last edited by

      I'm new to the pfSense world and need help deciding the best way to configure the software.  This pfSense firewall IS NOT protecting us from the internet, we have a different firewall doing that on the LAN.

      I have one host that is behind a hardware firewall and this firewall in EOL so I need to replace it.  This host has a MPLS connection (WAN) from a vendor that needs access to the data. We NAT the vendor traffic at the firewall and only allow certain ports to the host in the DMZ from the vendor.  My internal users (LAN) also have access to the data on this one host as well.

      So if I want to restrict traffic from the Vendor, would they still be considered a WAN interface or would I put them in an Option Interface and just not use a WAN interface?

      I'm also unable to check for version updates because I think it is trying to send internet traffic to the WAN but that is the vendor interface and there is no internet access on it.  Can this changed to route the traffic to the LAN?

      Any suggestions to how to best achieve this would be appreciated.

      Thanks
      Scott

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.