Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One or two WAN(s) for my scenario?

    Routing and Multi WAN
    2
    3
    291
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vaz1970
      last edited by

      Hi all,
      I would like a suggestion for the network configuration of my pFsense.
      LAN
      I have two VLANs:
      LAN Client 192.168.100.0/24 (GW INT LAN 192.168.100.1 - pFsense)
      DMZ Server 192.168.200.0/24 (GW INT DMZ 192.168.200.1 - pFsense)

      WAN
      I have 3 routers to reach the Internet (with 3 differente ISPs) all in the same VLAN
      Router A 192.168.50.10 (NAT to ISPa Public IP )
      Router B 192.168.50.20 (NAT to ISPb Public IP )
      Router C 192.168.50.30 (NAT to ISPc Public IP )

      ROUTING
      Lan Client must use Router A or Router B if A fails.
      DMZ Server must use Router C.

      Is it better to have two separated WANs interfaces and then route WAN Client to a Gateway Group (Primary Router A 192.168.50.10, Secondary Router B 192.168.50.20) and WAN DMZ to Router C?
      Or I can get by using just one WAN interface? in this case, how can I manage a WAN with different gateways?
      I have 6 network interfaces, so no problems for HW ports.

      Less is more, of course.. also considering that I would like to implement HA with the CARP protocol beetween two pF.

      Thanks for any suggestions that come

      Ivan

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Vaz1970
        last edited by

        @Vaz1970
        If you have incoming connections on the WANs you have to use separate interfaces. These can also be VLANs on a single network port. But each has to use a different subnet.

        For outbound only, it should also work with a single WAN interface.
        In this case don't state a gateway in the WAN interface settings, but add all in Routing > Gateways.
        You will have to add an outbound NAT rule for WAN manually.

        V 1 Reply Last reply Reply Quote 1
        • V
          Vaz1970 @viragomann
          last edited by Vaz1970

          Thank you @viragomann.
          All ISP routers are on the same /24 VLAN.
          Now I can:

          1. Use two distinct WAN interfaces. In this case, can I use the same /24 subnet and split both outbound and inbound traffic?
          2. If I use only one WAN interface will I have to create two VLANs? Say (192.168.50.x and 192.168.60.x) In one I put Router A and Router B in the other Router C. In this case, if I only have layer2 switches, can I use pFsense for routing?

          Any suggestion for NAT in the best case?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.