Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Reverse proxy, SSL Offloading and IPS/IDS with one nic?

    Cache/Proxy
    1
    2
    747
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guybrush last edited by

      Greetings,

      I have a Watchguard X750e Cluster with a dedicated DMZ. There I have all my websites and such… My problem is that I am running out of public IP adresses, and so I wanted to aggregate all incoming connections to one IP (or group as websites and webservices and split them to two IPs) and route the traffic in the background with the help of a reverse proxy. Additionally I wanted to offload all SSL trafficto that machine also. So I could have all in one place.

      So I have my range of pulic IP adresses like 212.222.223.xxx, and I am forwarding to my DMZ network 10.0.0.x

      Before I start with that, I would like to clarify some details which I am not completely aware yet:

      • is it possible to accomplish all of the above with one nic in my pfsense? So incoming traffic is forwarded to e.g. 10.0.0.20 (pfsense) and then hitting my webservers also from 10.0.0.20? or do I need to have a second IP? If the latter, can this be one on the same subnet, or do I necesarrily have to NAT here?
      • Can I use different SSL Certificates? I have bought my cerificates over time when I needed them, so there is no real system to it. Each website (mostly different domains) have their own website, but out of history we also have e.g. mywebsite.com and www.mywebsite.com in one certificate, but webmail.mywebsite.com, autodiscover.mywebsite.com and mobileemail.mywebsite.com combined in another certificate
      • what is the best way of logging my traffic (for reports and troubleshooting)? any advice from your side?
      • Can I run IDS/IPS (Suricata?) in that configuration?

      I would be happy if some of you could bring some light into the dark here. Many thanks for the time I save with trial and error (and pulling out my hair :)

      Cheers
      Johannes

      1 Reply Last reply Reply Quote 0
      • G
        guybrush last edited by

        Hi guys,

        I cannot believe nobody can help me here or at least tell me that I have an error in my plan. Do I need the second NIC (so, is there a requierement for NAT)?

        Regards
        Johannes

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy