PfSense doubled up with Cisco?



  • I currently have this setup:

    cablemodem –- ciscorouter/firewall --- windowsxpmachines

    I am investigating pfsense for more security and control. I was wondering if there is any downside to inserting my pfsense box in between the cable modem and the cisco box - rather than replacing the cisco box with the pfsense box and a switch?

    I am getting the impression that for testing purposes this sort of thing is often done, but I'm talking about permanently. For example one reason might be that I make a mistake in firewall rules; in that case the cisco box backs me up until I get it right.


  • Netgate Administrator

    In that situation it's likely that both boxes will be doing NAT. This can cause problems for some things. However as you say I do this all the time for testing and have yet to see anything seriously not working. You would struggle, for example, if you need to use UPNP. It almost certainly wouldn't work though double NAT.

    Steve



  • Thanks, just what I'm looking for. With old XP boxes in our store I doubt we are doing any UPnP; it's a pretty static system anyway. This also saves me buying a switch…


Locked