clahti last edited by
I am in the process of redesigning our WAN from the ground up, our out of date debian IP tables firewall just died and I would like to design in a "Better Solution" :). To this end I have started whipping up a network diagram (attached). While this is not complete I wanted to get some advice on the best way to set this up. Some details on our environment:
Two ISPs with static /29 subnets, DSL and T1
Five internal VLANs for trusted hosts
One DMZ VLAN for mail/web servers
Two AMD quad core boxes begging for pfsense goodness with six 1G interfaces each
What I would like to accomplish is not necessarily load balancing, but use T1 for all lab traffic (10.112.x.x/16 subnet) and the DSL for all other subnets. However if either one goes down then failover to the other up ISP. I realize that port forwards to the DMZ will fail that may be tied to the down ISP, this would require BGP between ISPs and is outside the scope of this design. At least one mail server will be port forwarded to a VIP on each ISP. Does my diagram make sense? Would you do anything differently? Best practices? I bought the pfsense book so I am sure I can handle the implementation, I would greatly appreciate design comments, especially routing issues that might arise or stuff I haven't thought about. Thanks in advance, I am shooting for a cutover this weekend for this stuff as the temporary band-aid I have in place is using only one of the ISPs at the moment.
Also I have downloaded and installed latest 2.0 beta, should I do this with 1.2.x?