Redirecting PC default gateway traffic to the PFsense to another gateway in LAN
maybe someone can help me by hinting at how to approach my configuration problem. All PCs in the LAN use the PFSense as a default gateway for internet access. I have a webfilter appliance connected to the LAN and which is also connected to the internet on a second WAN IP address. Is it possible to redirect the web traffic (port 80 and 443) coming from the PCs and sent to the default gateway (PFsense at 192.168.0.1) to the webfilter (on LAN address 192.168.0.254)?
Thank you for your help and support,
You'll have to connect the filter appliance to a separate interface on pfSense, not LAN. However, this may also be a VLAN hooked up on the physical LAN interface.
After you may add rules to direct traffic from specific source IPs to the filter.
So this device is a "proxy" Why would you not just have the browsers set to use the proxy? You can auto set this via wpad, etc.
What exactly is the his "appliance" running?
But yeah as stated by @viragomann if you do not put the appliance on its own transit network your going to run into asymmetrical traffic flow if you try and redirect traffic there transparently to the client generating the traffic.
If you want to run a proxy - its best to do that explicit vs transparent.
@johnpoz Hi, it's a Sophos XG in a temporary setup. Since I can't change the many pfsenses all at once I need to get the Sophos to start operating as a web filter in a pfsense VPN world before everything has been moved. The PCs have static IPs.
@viragomann Thanks, I may just try that.