Multi WAN with Other Back-End Firewalls
-
Hi All,
Full disclosure, this setup it a little outside of what I consider "normal" -- and it's new to me.
We currently have a few networks running in our building (all for different people) but we all share an internet circuit. Long story short, the cable connection was becoming more and more unreliable so we brought in a second carrier with a fiber connection -- but we plan to keep both.
Issue 1: We need something to manage Multi-WAN. Though I feel pretty confident that I can handle this part, It's important for the next part.
While each tenant has their own firewall/network, we are all pulling a public IP of the carriers modem in bridge mode. For the most part this has been working (with the single WAN connection), with one exception -- we need QOS. Phones have been problematic as well as video calls.
Issue 2: QOS / NATing - I'm less sure of my ability here. We need each of the back end firewalls to have a public IP address, but we need to control the traffic a little bit so that no one tenant can take everything
My thought was to replace the current connections from each firewall (that go directly to the cable modem) and put a pfsense box there (pfsense 01 in the image). Then use that box to route the traffic down to the other firewalls.
Course correction and advanced wisdom would be greatly appreciated.
Here is how I would like to see this work...
