Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal interVLAN configuration

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 751 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nick76
      last edited by

      Hi all,
      I'm completely new to pfSense… I'm writing you because I need some suggestion. I need to configure an extra layer of security on some VLAN with sensitive servers. I wish to filter all the data access to these VLAN with a couple of pfSense servers in CARP.
      these 2 pfSense servers should be the default gateways for the protected servers and the other servers and client in the domain.

      Right now our core switches are doing the routing between the vlans.

      What I wish to know is the following:

      • someone is using pfsense for intervlan filtering?
      • how should I configure the pfsense? what is the WAN? and the LAN?
      • there are some best practices to follow? or some tips and tricks?
      • I wish to move the routing in order to point to the pfsense ip. is it correct?

      thank you for helping me
      kind regards
      Nick

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        So anyone using pfsense with more than one network segment/vlan on it is doing "intervlan" routing between those segments.

        If if your going to use pfsense to firewall/router between your networks then it would be the gateway for those networks.

        what is your wan now?  That would be your wan in pfsense, what are you networks - those would be on the "lan" side of pfsense - as to which one is actually connected to "lan" that would be up to you.. Those are only names on the interfaces.. Lan is no different than any other segment on your local side other than its there out of the box with any any rules on it.. While when you add other interfaces they will not have any rules on them.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • N Offline
          nick76
          last edited by

          Hi John,
          thank you for your reply.
          For the WAN: right now there is no WAN on these servers. they aren't allowed to go to Internet. Right now the default gateway of these servers is the core switch were all the vlans are pointing as default gateways.
          Should I still use this as Default gateway on pfsense? by doing this I don't have any WAN but only a LAN with a default gateway, correct?

          thank you a lot
          best regards
          Nick

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.