Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Passthru WAN from PFsense to Other Firewall/Router

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 536 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      authen12
      last edited by authen12

      Hi all.

      I am a newbie in configuring PFsense. Please bear with me. I have a simple question regarding on connecting an Watcguard XTM firebox to a PFsense Appliance (and Vice versa)
      Assume that i have this config:

      PFsense:
      em0 WAN : ..123.5 (Public IP)
      em1 LAN : 172.16.10.1/16
      em2 LAN : 192.168.100.1/24 (Connected to XTM Firebox)

      PFsense gateways:
      Public IP
      172.16.0.1 /16 (LAN Gateway)
      192.168.100.2 /24 ( XTM firebox Eth#2)

      Watchguard XTM Firebox
      Eth#1 Wan : Public Static IP
      Eth#2 LAN : 192.168.0.1/24
      Eth#3 LAN : 192.168.100.4/24 ( Connected to Pfsense em2)

      My question is that, How can i passthru my PFsense WAN Public IP (..132.5) to Watchguard Firebox as an External interface.

      Our XTM firebox use as a VPN server. Since we need an additional security we would like to use PFsense firewall to as External router before entering into our VPN (XTM firebox)

      Here is the diagram

      MODEM/ISP -> PFSENSE FIREWALL - > WATCHGUARD (VPN HOST) -> INTERNAL SERVERS

      Thank you so much.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        You can just port forward the public IP to it for the required VPN ports. Or use 1:1 NAT for all ports. You could easily end up with some asymmetric routing though if the Firebox doesn't handle it correctly.

        Do you actually need a /16 on that LAN interface?

        Do you actually need those LAN side gateways defined in pfSense?
        They would only be required so that pfSense can access 192.168.0.0/24 for example.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.