No WAN port needed



  • Is it possible to build a pfSense firewall just for testing with no WAN port?  I want to create a distributed switch with no uplinks and either Private VLANs or regular VLANs (doesn't matter) and then use pfSense to do VLAN routing.  I have built a VM to access the applications/servers for testing.


  • Netgate Administrator

    The first configured interface will be labelled WAN by default but you can rename it. It is not somehow special.

    Steve



  • One of the fundamental considerations of a firewall is that there is an inside and outside[1], so regardless of what you name the outside interface, you still need it to face a different direction than the LAN interface.  I'd leave the name alone and just attach that interface to a VLAN named "simulated_WAN".  It will make it much easier to use the documentation and get forum advice if the interface name is still WAN.

    You may find it more useful to put the pfSense WAN interface on your existing LAN, and create a simulated_LAN subnet with a VM client for the pfSense LAN interface.  This way the pfSense WAN interface can reach the Internet, via your existing gateway, and you can test things like DNS caching, pfSense packages and pfSense updates.

    [1] To fend off the pendants (like me), there are also DMZ(s) and multiple WANs and LANs that complicate the concept.  … and bridging. ... and one-armed ... and the Spanish Inquisition!


Log in to reply