pfSense for Squid with only one interface
I want to replace my old squid CentOS box (in production for 600 users) with pfSense as base system and the squid package.
Because I like to separate things squid should not reside on my edge pfSense. There is one very beefy box with VMware vSphere 6.5 where I'd like to install pfSense only for squid.
My edge pfSense already got some DMZ network where the VM pfSense with squid should be connected to. So I would install this VM pfSense with only one vNIC which would then be the WAN interface from pfSense view.
Now before I do the test setup...any traps I can step into because of only having one interface you guys can think of?
Any other suggestions?
Thanks for reading.
That should work fine.
When you install pfSense with only one interface the default allow rule get placed on it and you will be able to reach the GUI etc on that interface by default.
The only thing to watch out for is if you ever add another interface the default rules will move to that and potentially lock you out.
Thanks for your answer stephenw10.
I took a deeper look into the pfSense squid package and now I'm not really sure if I could/should continue with this project because of some limitations.
e.g. non editable
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
is a no go for my environment.
Because the proxy allows traffic on those ports?
You can always block it on the firewall.