PfSense and Untangle on same Host
-
(Oh, here's the correct forum…ignore other)
I've thought about this, but not really put it in practice yet and really need clarification. I already have pfSense and would like to use Untangle with it in a virtualization scenario - using Xen or Hyper-V or other. For example, at the border, I wish to have pfSense in front / behind the ISP router, and behind the pfSense I would have Untangle.
My question is, if pfSense and Untangle is at the border as guest machines on same VM Host machine, how will traffic go from pfSense to Untangle directly? I can see traffic sometimes going through Untangle and sometimes not. Say pfSense 192.168.1.1 and Untangle 192.168.1.2...I guess I am a bit missing on how traffic will be forced to go through pfSense THEN to Untangle before it goes through the rest of my 192.168.1.x subnet. Just because pfSense is 192.168.1.1 does not mean it will flow through 192.168.1.2 next....Can someone clarify please?
UPDATE: I think I got it…http://community.spiceworks.com/topic/14962-untangle-hardware - Bridge / Host / Bridge on VM Nics
If anyone can further improve on this, please let me know. Internet–(bridge VMnic)pfSense(host VMnic)--(host VMnic)Untangle(bridgeVMnic)--LANTaken from sample…
1 - VM bridged NIC 1: Internet --> PFsense WAN
2 - Host Only: PFSense LAN & UT outside
3 - VM Bridge NIC 2: UT inside --> LAN switch -
Setup untangle in transparent mode when your doing the install.
Example of the switch setup:vswitch0 - WAN
WAN <-> pfSense WANvswitch1 - Internal Router
pfSense LAN <-> untangle WAN (In transpartent mode, you give it a static IP for your LAN)vswitch2 - LAN
untangle internal (LAN) (No IP since its bridge to the WAN interface)Accept promiscuous mode needs to be allowed on the interfaces with untangle. I believe both need it but its been away.
I've tried this setup on EXSi and it was really slow when untangle was put into the mix but i was running this on an Atom d510.. Been meaning to try this on a XenServer to see if it improves..