Network Firewall/Nat Plan Validation



  • Hi Everyone

    I am trying to ensure that I can set up the attached diagrammed network without any "gotcha's" that I have overlooked.

    Verbally, this is the plan:

    The web facing firewall (pfsense) would present external IP's to the web. Internally, there will be several private internal lan's each with their own pfsense firewalls.

    I need to be able to translate the http and https url traffic to any of the internal firewalls and through those to webservers internal to those lan's.

    The left most network would have IIS servers. Would I need to bind the webserver netwaork adapter to the url or would I then be having to bind iis to and internal IP?

    Any thoughts would be appreciated in lieu of physically setting this up to test.

    Thanks,

    Jonathan




  • Ideally you need one external (Internet) IP per web server.  If you don't have that then you can use the likes of HAproxy (search the forum for more) for HTTP, I don't know if it can also work for HTTPS.

    Edit: Corrected product name


  • Rebel Alliance Developer Netgate

    @Cry:

    Ideally you need one external (Internet) IP per web server.  If you don't have that then you can use the likes of HAVP (search the forum for more) for HTTP, I don't know if it can also work for HTTPS.

    I think you mean HAproxy.



  • That'll be it  ::)

    I'll go edit that post (if I still can).  Thanks.


Log in to reply