PfSense + Juniper EX3200 + Multi VLAN Set Up
Hi, I new to pfSense but I've been reading it is an excellent firewall solution. I was looking for a firewall solution but I have some special requirements that I would like to ask before to determine if this will be the right solution for me, basically this is what I need:
I have a Layer 3 Juniper EX3200 switch with 6 vlans onfigured on it. I would like to use pfSense as my firewall solution but since I have a Layer 3 Switch I would like to keep it as my main routing device so that pfSense will provide NAT, Firewall, etc. to my network. I whould like to be able to do NAT from my public IP Addresses to servers located on my VLANs. Right now I though a can create an Internet access VLAN that will have only 2 IP Addresses 172.16.1.1 and 172.16.1.2 both with 255.255.255.252 mask, this addresses will be used on for my Switch and other for my pfSense box. Is it posible to configure this VLAN on pfSense and allow Internet access through my pfSense using a default route for all the vlans on my swtich so that psSense's IP will be the next hub? Would I be able to NAT traffic from my public IP Addresses to servers located on other vlans on my network?
Thanks for the help,
It might be easier to understand if could provide a drawing of your current topology and what you want to achieve topology
I think what he is looking for is like this diagram. Please get it from here:
I also would like to achieve the same thing.
I think that it could be done, but i have zero knowledge of juniper devices
Only thing what i wonder is why to have two routers connected to each other without any "visible" reason
Currently the adsl modem don't support VLAN, so using PfSense as the connector sounds like a solution. Am I right?
Don't really know
Is it posible to configure this VLAN on pfSense and allow Internet access through my pfSense using a default route for all the vlans on my swtich so that psSense's IP will be the next hub?
Yes, PCs in VLANs will have L3 switch as Default Gateway, and the L3 will have the pfSense box as it's DG.
Make sure that your pfSense box knows about the networks reachable through your L3 (RIP? static routes?)
Would I be able to NAT traffic from my public IP Addresses to servers located on other vlans on my network?
This is what I did:
1. At PFsense, create Static route to the VLAN subnet. (eg: 172.16.19.0/24)
2. Create a VLAN interface on the LAN interface. For example if your LAN is eth0, create a VLAN on eth0; but ensure that the VLAN ID is the same as the VLAN ID in your coreswitch.
3. Reset your pfsense machine and you are good to go!
you might need to add NAT Outbound for the VLAN subnet
Try it and update us…!