Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reverse proxy, SSL Offloading and IPS/IDS with one nic?

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guybrush
      last edited by

      Greetings,

      I have a Watchguard X750e Cluster with a dedicated DMZ. There I have all my websites and such… My problem is that I am running out of public IP adresses, and so I wanted to aggregate all incoming connections to one IP (or group as websites and webservices and split them to two IPs) and route the traffic in the background with the help of a reverse proxy. Additionally I wanted to offload all SSL trafficto that machine also. So I could have all in one place.

      So I have my range of pulic IP adresses like 212.222.223.xxx, and I am forwarding to my DMZ network 10.0.0.x

      Before I start with that, I would like to clarify some details which I am not completely aware yet:

      • is it possible to accomplish all of the above with one nic in my pfsense? So incoming traffic is forwarded to e.g. 10.0.0.20 (pfsense) and then hitting my webservers also from 10.0.0.20? or do I need to have a second IP? If the latter, can this be one on the same subnet, or do I necesarrily have to NAT here?
      • Can I use different SSL Certificates? I have bought my cerificates over time when I needed them, so there is no real system to it. Each website (mostly different domains) have their own website, but out of history we also have e.g. mywebsite.com and www.mywebsite.com in one certificate, but webmail.mywebsite.com, autodiscover.mywebsite.com and mobileemail.mywebsite.com combined in another certificate
      • what is the best way of logging my traffic (for reports and troubleshooting)? any advice from your side?
      • Can I run IDS/IPS (Suricata?) in that configuration?

      I would be happy if some of you could bring some light into the dark here. Many thanks for the time I save with trial and error (and pulling out my hair :)

      Cheers
      Johannes

      1 Reply Last reply Reply Quote 0
      • G
        guybrush
        last edited by

        Hi guys,

        I cannot believe nobody can help me here or at least tell me that I have an error in my plan. Do I need the second NIC (so, is there a requierement for NAT)?

        Regards
        Johannes

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.