PFSense + ISA2006

hayden

Hello all,

I am attempting to introduce the PFSense firewall into my school network. Currently we use the following setup

Internet –> Edimax Load Balancer --> ISA2006 --> Internal Network

I have successfully published several websites and OWA using the ISA 2006.

When I introduce the PFSense it will look something like this:

Internet --> Edimax --> PFSense --> ISA2006 --> Internal Network
                                              |
                                              |
                            DMZ (Web services and OWA)

My question: Does this seem to be a good setup? Will the ISA box have to proxy relay to the PFSense box to have internet connectivity?
Are there any special configurations I must consider?

Thank you in advance.

Supermule

I use this setup currently…..But all my webservices are behind the ISA box. DMZ is used on internal LAN.

Thereby you can use L7 feature to divide traffic to different servers behind ISA.

hayden

Do you have a VPN Setup as well?

Supermule

Yes…

hayden

all behind the ISA? and are there any special configurations I should look out for to have this running seamlessly?

Supermule

The biggest challenge is to configure the ISA. I just forward the necessary ports to the internal LAN and block the rest.

The ISA handles the website traffic and the PFsense handles all internal LAN traffic. Thereby securing the servers even more, bacause you need VPN access to get to the serverlan…