Help Me Design My Network With pfSense

  • I can't decide what the best way of designing my network is, so I thought I'd ask you guys for some insight.

    I've attached two .png files with examples of what I've thought of so far.  Which do you think makes the most sense, or are there better ways of setting it up?

    Basically, I have multiple servers, which all need to be accessible from both the internet, and the client side LAN.  Since I have to connect them to the LAN anyway, does it make any sense to segregate them?  I have two WAN connection that need to be at very least failover for the servers and the clients.  Ideally I will load balance the connections as well.  I know this will vastly complicate things, but from what I understand it should all still be possible.

    The diagram 2 is slightly off, Switch B should connect directly to Router A

  • Obviously, option 2 would be way easier to implement - but would there be any advantage with segregating like in option 1?

  • Exposed services should always be on a separate network from other hosts.  It should look something like:

    Internet –-- pfSense A
          Exposed Services (DMZ)
                  pfSense B
        Desktops, printers etc

    Ideally the DMZ should only contain the services that should be exposed.  Nothing else should be in the DMZ, particularly file sharing.

Log in to reply