Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN and Switch for DMZ

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CrunchyToast
      last edited by

      Good evening. I have been hunting for hours for information related to my particular setup with no helpful result.

      I run a KVM host server in my home that needs to be in a DMZ. I haven't been on pfSense in quite some time so I am having issues getting this going.

      I currently have the latest version of pfSense running off of a USB stick. The system has 2 NICs. 1 WAN (connected to modem) and one LAN (connected to Netgear JGS524PE switch). I created a VLAN in pfSense on a different subnet from my main network (eg: home = 192.168.10.1, DMZ = 192.168.15.1). I set up the firewall rules and then got stuck. I reconfigured my KVM server to use an IP off of the DMZ subnet and attempted to ping a website and received no response. Is there something that I have to do on the switch? I've come across a few pages that have stated a VLAN on the switch has to be set up also, but I have no idea.

      Anyone have any resources for me to be able to figure this out?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • S
        SM7I
        last edited by

        Hi,

        Yes, if you set up a VLAN on the pfSense (or any other firewall or router) you have to set a VLAN ID.

        All packets to and from the VLAN interface is expected to carry this ID which means that your switch also has to be configured with the same VLAN ID.

        All switchports you need on that VLAN should be configured as memberports (untagged) of that VLAN ID, and the uplinkport to the firewall needs to be tagged on the same VLAN ID.

        //Johan

        @CrunchyToast:

        Good evening. I have been hunting for hours for information related to my particular setup with no helpful result.

        I run a KVM host server in my home that needs to be in a DMZ. I haven't been on pfSense in quite some time so I am having issues getting this going.

        I currently have the latest version of pfSense running off of a USB stick. The system has 2 NICs. 1 WAN (connected to modem) and one LAN (connected to Netgear JGS524PE switch). I created a VLAN in pfSense on a different subnet from my main network (eg: home = 192.168.10.1, DMZ = 192.168.15.1). I set up the firewall rules and then got stuck. I reconfigured my KVM server to use an IP off of the DMZ subnet and attempted to ping a website and received no response. Is there something that I have to do on the switch? I've come across a few pages that have stated a VLAN on the switch has to be set up also, but I have no idea.

        Anyone have any resources for me to be able to figure this out?

        Thank you!

        1 Reply Last reply Reply Quote 0
        • C
          CrunchyToast
          last edited by

          Thank you. I got it working!

          Next, if I could only get my port forwards to work properly.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.