Basic questions - Scenario suggestions
-
All,
I'm starting to use pfSense now and would like you to share your thoughts on a project I'm working on.
Being an ISP, our first goal is to provide DHCP and NAT service through pfSense without having to install a router on the client.
The second goal is to provide access to your own pfSense in the cloud. In this case each client runs an instance of pfSense and creates its rules and settings independently of other clients (multi-tenancy).
Our scenario in a summarized way:
We have 2 pfSense installed on 2 different KVM virtualizers. Its WAN interfaces are connected to an edge router connected to the Internet. This communication is done on a network / 29 with public IP addresses where:
pfSense 1 WAN = 200.200.200.1/29
pfSense 2 WAN = 200.200.200.2/29
Router edge = 200.200.200.3/29
Cluster pfSense WAN (Virtual IP) = 200.200.200.4/29The LAN interfaces of pfSense are connected on a switch and arrive in a VLAN / sub-interface to a router connected to the MPLS network. Then we have:
pfSense 1 LAN = 172.16.0.1/29
pfSense 2 LAN = 172.16.0.2/29
Router 1 MPLS = 172.16.0.3/29
Cluster pfSense LAN (Virtual IP) = 172.16.0.4/29Communication between the MPLS routers would be done on this same network 172.16 / 16.
The intention is to use another private network for the end client with DHCP and NAT provided by pfSense.
I actually do not know yet whether the client access gateway could be the same pfSense or would have to be the nearest MPLS router or even if I need or can I configure that other private network network on the pfSense LAN interface without having to use VLANs. I have a problem with DHCP.
Anyway, I am thinking and studying the subject and would like to know if anyone here has a similar scenario or already saw this somewhere or even what they could suggest to meet the goal.
Thank you,
Alexandre
-