Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does this setup make sense? (Dual WAN, 3 pfSense boxes)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      naughtyusmaximus
      last edited by

      I currently have a single pfSense box providing routing for my dual WAN, single LAN setup.  I need to add in some redundancy, as well as creating a DMZ for my servers.

      I've also found that some server applications are really difficult to configure with the setup I have right now.  The services currently hosted include OpenVPN (through pfSense), http and ftp.  OpenVPN and http are critical services.  Would this proposed setup be advisable?

      WAN1 -> PFSense1

      WAN2 -> PFSense2

      –---
      PFSense1 -> DMZ1 (http, ftp)
      PFSense1 -> PFSense3

      PFSense2 -> DMZ2 (http, ftp) (secondary, or perhaps some sort of round robin DNS?)
      PFSense2 -> PFSense3


      PFSense3 -> LAN (desktops, samba server)

      I can see this getting a little bit complicated to set up as well, but would it presumably offer a better configuration than I have now?  The advantages over my current setup would be:
      -easier distinction of DMZ services
      -spread out hardware load

      In this type of setup, where would I be best advised to put the OpenVPN server?  I currently have this on my single PFSense router, providing access for both roaming users and remote offices.  I could envision putting it on PFSense3, and doing some sort of load balancing or round robin DNS with the two boarder routers - is this a good idea?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        I would go with 2 pfSense boxes running as CARP cluster (if you have enough public IPs, each system needs a real IP additional to the virtual IPs, so that would make at least 3 public IPs per WAN).

        1 Reply Last reply Reply Quote 0
        • N
          naughtyusmaximus
          last edited by

          What is the advantage of using 2 w/ CARP over the setup illustrated above?  I assume I would lose the ability to have a transparent proxy, but I'm not sure what I gain by using 2 w/ CARP (other than needing one less server)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.