Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help Me Design My Network With pfSense

    Scheduled Pinned Locked Moved Hardware
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      naughtyusmaximus
      last edited by

      I can't decide what the best way of designing my network is, so I thought I'd ask you guys for some insight.

      I've attached two .png files with examples of what I've thought of so far.  Which do you think makes the most sense, or are there better ways of setting it up?

      Basically, I have multiple servers, which all need to be accessible from both the internet, and the client side LAN.  Since I have to connect them to the LAN anyway, does it make any sense to segregate them?  I have two WAN connection that need to be at very least failover for the servers and the clients.  Ideally I will load balance the connections as well.  I know this will vastly complicate things, but from what I understand it should all still be possible.

      Edit:
      The diagram 2 is slightly off, Switch B should connect directly to Router A
      NetworkOption1.png
      NetworkOption1.png_thumb
      NetworkOption2.png
      NetworkOption2.png_thumb

      1 Reply Last reply Reply Quote 0
      • N
        naughtyusmaximus
        last edited by

        Obviously, option 2 would be way easier to implement - but would there be any advantage with segregating like in option 1?

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          Exposed services should always be on a separate network from other hosts.  It should look something like:

          Internet –-- pfSense A
                          |
                Exposed Services (DMZ)
                          |
                        pfSense B
                          |
              Desktops, printers etc

          Ideally the DMZ should only contain the services that should be exposed.  Nothing else should be in the DMZ, particularly file sharing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.