Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How I should rethink my network when moving my protected LAN to a Datacenter ?

    Firewalling
    2
    3
    1066
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marcello last edited by

      My current network topology is as follows:

      I have 30 port forwarding in pfSense for internet services, and those services depend on databases hosted in the LAN. Besides that we have a couple a Test Servers only accessible in the LAN.

      After running peacefully (pfSensefully ) this setup in a closet on the company premises, I have now the duty to move all of this to a datacenter. ( 4 servers with 30 some VMs)

      Is it a good idea to keep the private LAN in a datacenter ? Or should I try to give public IP adresses to all servers and do only firewalling with pfSense ?

      1 Reply Last reply Reply Quote 0
      • W
        wm408 last edited by

        I think there are many ways to consider all of this.  It is a topic that I will run into in the future more, I just keep hiding from it because I haven't been tasked with it.

        Here is my first thought, and two cents:

        It really depends on the services that you provide.  Generally speaking if most of the services are intended for internal use only, I would consider a VPN tunnel from say, a main office, to the datacenter.  It can help narrow down entry points into your network(s) and may be easier to manage from a security standpoint.

        Opening up all of your services to the public net introduces more challenges and work.

        I tried to keep my response as simple as possible here.  I am sure there are much more sophisticated ones.

        Good luck.

        @marcello:

        My current network topology is as follows:

        I have 30 port forwarding in pfSense for internet services, and those services depend on databases hosted in the LAN. Besides that we have a couple a Test Servers only accessible in the LAN.

        After running peacefully (pfSensefully ) this setup in a closet on the company premises, I have now the duty to move all of this to a datacenter. ( 4 servers with 30 some VMs)

        Is it a good idea to keep the private LAN in a datacenter ? Or should I try to give public IP adresses to all servers and do only firewalling with pfSense ?

        1 Reply Last reply Reply Quote 0
        • M
          marcello last edited by

          The more I am thinking of this, the more I am thinking I will keep the same network with the internal LAN and setup a VPN to work there from remote ( yes much easier to have a single entry point to monitor)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post