Where to put pfsense in a Multi-WAN one GW network?
periko last edited by
I friend wants to use pfsense in his network and ask me for help, I have been using the software since 1.0, but my installation had been simple:
ADSL/Cable connections and VPN's not a problem.
Now this network is a company that have a T1 with a Cisco 1800, a enterprise connection.
The layout of the network is like this:
web<–->ISP<--->Router Cisco 1800<-->Company LAN.
This simple, now the cisco have 2 ethernet cards one receive the ISP data and the other goes to the company lan.
One of my doubts is, where I need to put Pfsense WAN? between the cisco and the company LAN?
Right now we are testing some features of pfsense and we have the box connected to the switch.
Other thing is that, the ISP have a pool of public IP for the company and they have like a map:
PUBLIC-IP-A <--> INTERNAL-LAN-IP-A
PUBLIC-IP-B <--> INTERNAL-LAN-IP-B
PUBLIC-IP-C <--> INTERNAL-LAN-IP-C
They have about 8 public IP's, they cross the same GW.
I have read about this layout in the forums but I still don't get how can pfsense can handle this pool of public IP crossing the same gateway(cisco 1800), my analysis is that if we want to manage all the traffic of the router I have to put pfsense between the router and the lan, the pfsense-wan will be connected to the router and the pfsense-lan to the switch, do I'm correct? With this pfsense will now how to move the packets in/out.
Any comments about I will appreciated, thanks!!!
Running Pfsense 2.0-RC3.
You said this is a Multi-WAN setup right? You only mention the T1 at this location with the Cisco 1800 and it only has two ethernet ports on it. That to me only sounds like a single WAN setup. How is the T1 delivered? Usually since there is a Cisco device involved there will be a T1 WIC CSU/DSU in the router that terminated the T1 and provides an ethernet handoff (can sometimes also perform NAT/firewall duties so you don't have to have a downstream device). If the T1 is handed off by ethernet (The T1 WIC will take an standard patch cable as well so be careful) you can technically eliminate the Cisco completely. Regardless, multi WAN or not, you would put pfsense after the Cisco in this case if you want to keep the Cisco in place.
periko last edited by
Hi JoelC707, I was a little confuse, but someone in the IRC already shake my head and looks like we got the solution. Yes is a single WAN with multiple IP's available.
This frind request to the IPS to add some maps into the ISP dns why, he say to save "management", well we are going to work only with a single public IP and start the setup.
Looks like I just need a small switch to connect the cisco router+pfsense wan card there and the pfsense-lan card to the lan switch.
I think this week will be the deployment because their ISA server is down, the HD crash during the morning, he start using pfsense but not in full operation, just the firewall, I'm waiting the call to make the full deployment.
I will let u know guys, thanks :)