General Questions
-
If I'm posting this in the wrong section, please let me know.
I'm getting ready to pull the plug on my Cisco ASA5505 and replace it with pfsense. My ASA is solid but I feel it's performance is degrading. I have some general questions concerning pfsense and have provided screen shots of my setup. Could someone give these a look over and tell me if anything is out of place or setup incorrectly? I have a simple network with LAN being 192.168.0.0. I have 12 public IP's given to me by my ISP and an upstream Cisco 2900 router in-house. The gateway on the router is 2XX.XX.XX.1 and I have setup 2XX.XX.XX.2 as the WAN interface on the pfsense with 2XX.XX.XX.1 as the gateway. (see screen shots).
I understand that creating Virtual IP's in pfsense binds your Public IP addresses to your WAN interface so they can be used to present themselves, in the example of outbound SMTP, where some need to have their outgoing email coming from a certain Public IP address. I have done just that for my SMTP server, but I have only setup one (of my 12) as a Virtual IP.
1. Should I create VIP's for all my public IP's? Or just the ones that need to be presented to the outside world?
2. Also, Is it a requirement to use AON (Manual Outbound NAT) to present my outgoing SMTP server on a public IP other than the WAN IP of pfsense? From what I have read, this is the way to go.
3. On the General Setup screen I added my internal DNS servers, as these have forwarders to my ISP's DNS servers. Obviously, all the LAN clients use these as DNS. Is this correct?
4. Since I'm already doing port forwarding for SMTP, do I need to specify port 25 anywhere on the Manual Outbound rule I setup for Outgoing SMTP?