Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Separating public network from private network

    General pfSense Questions
    3
    3
    934
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coreybrett
      last edited by

      What are the “Best Practices” for separating public network from private network but allowing selected traffic?

      I currently have pfSense setup with a separate interface for my office network and my WIFI network, each with its own subnet.

      I like this because I have a single pfSense box to maintain. Also, if I eventually turn Squid on , I’ll have a single cache for both networks to benefit from.

      However, I’m wondering what the best method is for allowing clients on the WIFI network to securely access resources on the private network (mainly RDP).

      I’m assuming that the VPN features of pfSense would only work from the WAN side. Is that correct?

      I have firewall rules setup to limit traffic between the subnets and only allow RDP traffic.

      However, I still need VPN for when they are not using our WIFI.

      Therefore, it seems like I have to configure two separate connections for them.

      Is there a better way to approach this?

      1 Reply Last reply Reply Quote 0
      • N
        nothing
        last edited by

        Generally the public network should be on another physical or VLAN interface. Default pfsense firewall rule is deny, so enable only the ports and the hosts you like to connect to inside network.
        It makes no sense to use VPN in private network. Generally the people who are using mobile computers should have a shortcut for the VPN connection and they should be instructed to double click it before they try to do RDP.
        As simple as that :)

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Who is on your wifi network? How secure do you need the access to be? Are you using captive portal?
          Using a vpn internally seems completely reasonable if your wifi is pretty much public. I'm not sure you can use the same vpn as wan though. Hmm.

          Strve

          1 Reply Last reply Reply Quote 0
          • First post
            Last post