Routing Question on the Lan Side

  • Hi,

    I am trying to do some Policy Based Routing. Here is my typical environment:

    WAN1 \                         /WAN2


    DMZ1           Local Lan                DMZ2     
                     Untangle .2.1
                     Core Switch .1.1

    Local Network

    Ok so in brief I am trying to create specific rules
    1 - Browsing or web or any address traffic goes to the untangle server and then Out to either WAN1 or WAN2 (Working Fine)
    2 - I have rules on my internal router to specify route -> (PF VIP)
    3 - -> 172.0.254

    So in clear all traffic going to the DMZ (Either 1 or 2 - 1 being the DMZ for wan 1 and 2 the DMZ for WAN 2) is routed directly from the switch to the PfSense Server (NOT going thru the Untangle box as I do not want this traffic to be monitored)

    4 - I have a static rule on PfSense that routes all back to the untangle interface (
    5 - Here is when the fun begins! I would like to do this when SOURCE is and Destination is GW : (Core Switch, NOT UNTANGLE)
    6 - Same for DMZ2 when source is and Destination is use GW (and NOT - Untangle)

    Its so easy to put graphically but is a little hard to put in words.

    I looked all the available option for the Policy Based Routing, but I can't select that Alternate Gateway since its on the LAN interface and there is no gateway on that interface.

    Again to maybe summarize:

    All traffic going to and from the DMZ must use the core sw gateway

    All Traffic going to anywhere (Internet) must be going back to untangle server

    Untangle is in Routing Mode it doesnt do Nating for now - One side in and one side in the lan zone
    Core Switch is doing the same, routing no Nating One side in and on side in lan zone

    I just don't want the traffic going to the dmz from my server to go thru the Untangle server that does session monitoring and all kind of check.

Log in to reply