4. Location of a new PFSense appliance

Location of a new PFSense appliance

  • A

    Hi all,

    Normally, I religiously use Sonicwall or Cisco ASA appliances for security but, since Ive closed my office and now working from home, I've decided to cut costs and go with a PFSense rack mounted appliance.

    Never used this sort of firewall before so my questions is, where would the ideal location of the appliance should go?

    My initial thought are to have it in the same wiring as a VPN firewall/concentrator where one NIC goes to the router, and the other NIC to the switch.

    Or could I just simple wire both NIC's to the router or switch then, configure it as a DCHP/Firewall appliance?

    Basically the deployment situation is that I want my development Server Running Windows server 2008 and my MAC PRO behind a firewall and, allow certain TCP/IP addresses and Ports be allowed to be accessed from the DMZ/Internet.

    Can I please ask for some pointers/ configuration tips please.

    Thanks

    0
  • U

    You would use Wan the first Ethernet port as the in link from your router,  Lan1(your local connection going from your firewall to a small switch or server) you can get a small switch and enable DHCP on lan1 and that should automatically assign an IP to all the servers connected to your switch.

    0
  • K

    KISS = Modem > pfsense WAN(s) > Switche(s) > Clients.

    0
  • A

    @kejianshi:

    KISS = Modem > pfsense WAN(s) > Switche(s) > Clients.

    Precisely what I was planning and instinctively thought. Install it in the same way you would a VPN concentrator.

    KISS = Modem > PfSense from the wan of the MODEM Router > Switch > Server & Clients.

    (do I have to fit a WAN NIC Card to the PFsense to go from the appliance to the switch?  Or will a standard NIC card suffice.  Also, With it being a physical operating system, how will speed be a factor? And I'm assuming I can still use the DCHP Reservation from the Modem router and no configure the PFSense to assign IPs?

    Apologies for all the Questions on this, and it would be probably easier to go out and deploy a sonic wall but the sheer cost in this is prohibitive..

    thanks

    0
  • K

    In most cases at home, WAN or LAN NIC cards, its all the same.  Just get yourself at least two nice compatible Intel NICs (can be on a single card).

    Not sure about you second question, but you can get gigabit throughput pretty cheap.  Possibly even rummaging in a junk yard for hardware.  haha.

    Sure - You can get your DHCP IPs from your modem, no problem in most cases.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy