Behind another firewall
-
I had my existing firewall on my network, and i want pfsense behind it as my ips/ids, how can i setup my pfsense behind existing firewall.
this what i want to do.ISP => Existing Firewall => pfsense => switch => workstations.
-
Well, you have a couple of options, you can setup a double NAT, or you can setup a bridge. Then you would setup snort to monitor the interfaces.
-
Please send me a step by step instruction how to setup in bridge mode,, am i newbie. tnx
-
or in NAT i dont know how to setup in NAT mode please help..
-
NAT is the default mode. You should be able to use it as is if you have the WAN and LAN setup.
-
sorry sir but in not NAT mode the setup that i would like to be in my pf sense box. I want it in bridge mode. bcause i will use my existing firewall as my gateway.
-
Then you will need to set NAT to manual and remove all NAT rules created. Then follow the tutorial for bridge (which includes the NAT disabling).
http://forum.pfsense.org/index.php/topic,50711.0/topicseen.html
Have fun. -
I've already red that tutorial but nothing happens still can't ping LAN side of my existing firewall from workstation passing through PFsense box.
I want to know the physical connections of LAN cables. I already plug on all Ports that i have in the pfsense box but still i cant get ip from dhcp server of my existing firewall..tnx
-
You have to create the special rules in the bride to pass that type of traffic. What I would do for now is to allow all protocols on any source or destination on any port to pass. Once you have it working, then you can change it to be more restrictive. I would also hard set an IP to test if only dhcp configured systems are affected.
-
how will i do that? please…. tnx
-
If you followed the guide, you are going to have a LAN wan and opt interface. Opt I think would need to be wide open. LAN would also need to allow most thinks in. Then you are going to create in bound rules on the wan interface. It has been a long time since I did a firewalled bridg e perhaps I need to refresh.
-
Sir Thank You very much for your support it was a success..
On the other hand i had another question to ask you,,, on that setup the topic that we've talked, is it possible to trunk LAN and WAN, how?
tahnks. -
sir how can i setup this bridge mode in vlan. i have my layer 2 switch with vlan..
-
For trunking, I guess you could do LAGG interfaces into the bridge, though I have never done that before.
It would imagine that it would be the same for VLAN. Assign VLANs to WAN and LAN (or opt1 and opt2 with the bridge on opt3) and then create the bridge out of them. Again, I am theorizing as I have don't have experience doing that either. -
Hi Sir
this is the setup that i have and we discussed earlier.ISP => Existing Firewall => PFSense => Switch => workstations
This setup has been solved
The new setup is like this:ISP => Existing Firewall => PFSense => Layer 3 switch setup with VLAN's => workstations connected to VLAN's
My VLAN's can ping each other without PFSense.
But when i setup PFSense in transparent bridge mode. I can't obtain ip from existing firewall. how can i setup my network like this with PFSense in Bridge Mode.Thanks,
-
You will have to create an interface per each VLAN you have setup. The apply all those interfaces into the bridge. Though, if you have VLANs, is your existing firewall handing out DHCP address on each VLAN in a different subnet?
-
Hi sir, yes sir, I have created 9 VLAN's in my existing firewall with DHCP on it. How can i set up this with PFsense on bridge mode?
Thanks, -
And in different subnets the 9 VLAN's
-
Sorry, I think you are going to have to create 18 VLANs (1 on WAN and its matching one on LAN). Then put each matching VLAN into its own bridge. I think that is going to be the only way that the VLAN tag will survive.
-
I can't understand you sir,, how can i create 18 VLAN's if i have 3 NIC's on my PFSense box? RL0 as my WAN, DC0 as my LAN and DC1 as the OPT1 as where i assign my RL0 and DC0 bridge.
on other i had my 9 VLAN's setup on my existing firewall (Zyxell USG 1000)
thanks,