-1

i want to setup Pfsense on edge .. DMZ .. Internal PFSENSE with squid + squid Guard + lighttp for reporting... Internal Network.

edge firewall will have 2 wans on loadbalancing & failover.

remote users to get access to DMZ and internal network with openvpn. where to configure vpn server ? edge or internal pfsense ?

can i have Edge and internal pfsense both in esxi , kvm or hyperV ? or edge must be on physical ?

if i have edge in virtual how to configure both WANs ? ... Confused ..

squid proxy doesnt like multiple WANs with loadbalance and failover so i thought i will have one edge pfsense only for loadbalance and failover and DMZ ..internal pfsense will take care of squid and reporting ..

advice please

malik Mazhar Ali
  • 1
  • 1
  • Would be nice if you could focus your post on one specific problem that bothers you most. – Deer Hunter Jan 25 '15 at 00:21
  • sorry deer hunter i am confused so wrote everything was in my mind. so my main problem is i want to configure edged firewall .. DMZ.. internal firewall with squid proxy.. do i need double nating or single on edge will work ? – malik Mazhar Ali Jan 26 '15 at 12:26

1 Answers1

0

Single NAT on edge should work. Due to security reasons people always discourage to have virtualized edge router. However internal edge could work well on a virtual machine. Even with edge or virtual e.g. on esxi you use vmswitches and vm interfaces to direct traffic on your edge router. However it seems you are trying to work on too many areas. First try to run both pfsense without virtualization, if every things works then move to virtualized environment. Even better would be to have a low cost dd-wrt router for edge, port forward it to pfsense and use everything else like proxy on pfsense (virutal or non-virtual).

Umair Naqvi
  • 29
  • 7