Considering pfSense as new FW, but need a couple of "simple" answers.

  • Hello everyone,

    So far pfSense looks like a great solution for my FW needs.  It has 1:1 Nat, Multiple WAN, DHCP, Load Balancing, IPSec, etc… how could I go wrong with this.

    My scenario is this.

    I have a few web servers that need to have a static IP and 1:1 transparency, the rest of the internal network can operate as DHCP.

    Would it be possible to set these web servers up with static 1:1 IPs from one of our ISPs (no internal load balancing) and have the rest of the internal network operate on DHCP with the load balancing option?

    If so would the rest of the Network be able to communicate with these servers as if they were on the same network even with the load balancing option in place?

    Thank you for your assistance.

  • Sounds doable. How many network cards are you planing to use?

    Consider placing public-accessible servers on your Optional interface, separated from servers (and clients) operating on your trusted networks. This separation protects against attacks from one compromised server to another. Don’t worry, client computers on your trusted networks will be able to access servers on your Optional interface

    Stuff to read

  • Thank you for the links.

    I think that we only need 3 if I understand everything correctly.  2 inbound from ISPs and 1 outbound to the network?  Maybe 2 outbound not entirely sure yet, I have not gotten far enough in my reading.