Missing features (IP aliases, crl)



  • Hello at all,

    I am new at the forum. But I have some experiences with linux based firewall systems. At the moment I plan a change to PFSense for our company.
    But I am missing 2 features at the moment:

    1.  I think it should be possible to add additional IPs to a LAN interface (alias) via the GUI. We use it as router with many different subnets on the LAN interface.

    2.  We also work with IPSec and OpenVPN. We often have to revoke a certificate. So I think the CertManager should have such a feature.
    Is there any other way to work with crl (perhaps without the GUI)?

    I am interested in your ideas!

    Maverick



  • I think you can add an IP alias under Firewall -> Virtual IPs.



  • @Maverick:

    1.  I think it should be possible to add additional IPs to a LAN interface (alias) via the GUI. We use it as router with many different subnets on the LAN interface.

    It is possible to do so - but why would you want to do that?
    Your subnets are not separated anymore when you plug them in the same unmanaged switch. You can easily use one (bigger) subnet.
    A better approach would be to either install as many additional NICs in your pfSense as you have subnets or get a managed switch, create VLANs in there and connect one trunk port to pfSense. Configure virtual IFs in your pfSense accordingly. You cannot push full speed traffic through them though (gets routed by pfSense so heavily depending on your hardware size).



  • to Efonne:
    thanks for the hint. It seems to work fine. I tried to find something like that in the interface section.

    to jahonix:
    I know that VLANs would be the best solution. But at the moment not all of our switchs support that. We will change that in the future.
    The users in the different subnets (terminal server) have no rights to change the IP settings. They will not be able to reach a different subnet. We have more than 50 subnets at the moment, so the hint with the separate NICs will not work. The only way to do that at this time is the IP alias, I think. With our linux based router it works fine because the traffic between the subnets is not that much, just the RDP sessions to the different customers.

    Will VLAN work with trunck ports on both sides? Because we work with virtualization.

    Is there something with crl what I have not found jet?

    Maverick


Log in to reply