Question on multiple WAN IPs
-
I have a block of public IPs from my ISP I want to deploy with PFsense. Do you guys recommend having a PFsense firewall for each WAN IP...or is there a more efficient configuration?
Thanks yall!
-
One firewall should suffice.
-
thanks Jknott...
I would imagine just adding NICs in the WAN vlan, and adding routes to a single PF would be coo, or is there a different approach you would take?
-
You need 1 NIC on the WAN side. You set up rules according to what you want. You haven't said anything about what you're doing. For example, do you have enough public IPs for all your hosts? If so, then you'd create a subnet for those addresses and not worry about NAT.
For example, on IPv6, I get 256 /64 prefixes. Each /64 can be used for a LAN or VLAN. So, on my network, I assign 1 /64 for my main LAN and another for my test LAN. This config means I have a 2nd NIC for my test LAN, in addition to the 1 used for the main LAN.
Without knowing what you're trying to do, it's hard to tell you how to do it.