• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How should my network be setup (properly)?

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 5 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    Treefrog
    last edited by Jun 1, 2010, 5:56 AM

    I've heard many talk about colored zones but im not sure which ones are which.

    Right now I have my PFsense box protecting my active directory, file, and print servers, as well as all computers on the LAN.

    I want to add a webserver and am aware that it should be in a different "zone". It will have its own IP so I was going to use my switch to put it in a separate V-lan and then have another pfsense box that comes before it to protect it… Or can I save money by somehow using my current pfsense box to protect both networks, and is this any less secure?

    ???

    1 Reply Last reply Reply Quote 0
    • D
      dvserg
      last edited by Jun 1, 2010, 9:02 AM Jun 1, 2010, 9:00 AM

      You can add a new physical interface (NIC) in pfSense.
      This additional interface (OPT) may be used as a DMZ for Web servers or other (FTP / mail) services.

      Security will be determined by setting access WAN <> OPT and LAN <> OPT

      SquidGuardDoc EN  RU Tutorial
      Localization ru_PFSense

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Jun 1, 2010, 2:59 PM

        @Treefrog:

        I've heard many talk about colored zones but im not sure which ones are which.

        dvserg covered the multiple interfaces aspect, but a word on colored zones: they are meaningless. Some other firewall packages started referring to certain zones by color to try and make the process "easier" but they are really arbitrary and meaningless. Don't worry about them. :)

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          Treefrog
          last edited by Jun 2, 2010, 2:51 AM

          Ok so from what I'm getting, I dont even need to use a managed switch anymore???

          Will this setup work / be ideal?

          (WAN) –- pfsense --- Unmanaged Switch LAN ---W2k8, DHCP, DNS, EXCH, etc.
                          |     |
                          |      |
                         |   opt 2
                          |      |
                          |      |----Wireless AP
                          |   
                       opt 1          
                          |----- Web Server

          So basically I will have 4 network cards in my PFsense box, my goal is to keep my web server off the LAN, and keep people connecting wirelessly off the LAN and off the webserver, so that all they have is internet access.

          1 Reply Last reply Reply Quote 0
          • C
            clarknova
            last edited by Jun 2, 2010, 5:01 AM

            With a separate physical interface for WAN, LAN, OPT1 and OPT2 you don't need a managed switch. On the other hand, you could use a single physical NIC and instead create any number of those interfaces as vlans, and for that you would require a managed switch. Some folks feel safer separating their networks physically rather than virtually, but that's another question.

            db

            1 Reply Last reply Reply Quote 0
            • M
              MarcoP
              last edited by Jun 2, 2010, 8:37 AM

              |      PPoE pfSense DHCP  Snort        |
              –----------------------------------
                    LAN        OPT1        OPT2
                      |            |            |
                      |          VOIP          |
                  switch                    switch   
                  |    |                    |      |
                PCs WiFi              WWW  DNS

              1. pfSense's DHCP server uses clients MACs for assigning IPs (usefull for wake up on lan also)
              2. All servers and clients are using OPT2 DNS (bind9's views)
              3. Snort uses different rules for each interface.

              Just been following the logic to join services with similar security risks on the same interface.
              Possibilities are unlimited ... but common sense will give you the right setup.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received