More of a general networking question (DMZ, firewalling)



  • The way our network is configured is we have a pfsense box (2 in master/backup) out front with a WAN connection and several gig OPT ports.  Our switch ports are broken up into multiple physical segments.  Each segment (web, application, mail, db servers) has a separate connection (one of the multiple OPT) port/gateway and all communication between the WAN and OPT ports (in bound, out bound and everything in between) has rules in place to only allow the various segments to talk to each other on specific ports etc.  All public ips are NATed (carp failover vips/load balanced) to the web and mail private IPs/segments.

    My question is how to best describe this layout in simple terms, less verbose networking terms (no cheap shots please lol).


  • LAYER 8 Global Moderator

    Pictures are always worth a 1000 words ;)

    Who do you need to explain it to?  That would not understand what you just wrote?

    I would draw it up in visio for example showing your different networks connected to the pfsense box - which is connected to a cloud to represent the internet ;)

    If you just replace a couple of terms in your above write up I think it would be fine for even the most lay of people.

    Where you say WAN, say internet connection.  Where you say OPT ports, say local network interface.  Where you say rules for various segments use the term firewall (everyone should understand what a firewall is) that allows only specific communication between the different networking devices.

    As to the Nated - say something to the effect of translation of public internet IPs to our private local network addresses.  As to Carp and load balanced - just say the pfsense boxes are designed for high availability and redundancy if one where to fail.


Log in to reply