I have two WANs with static IPs:
- DSL (PPPoA)
- Fibre (Ethernet through fibre media converter)
So far I was using one firewall Vigor2830Vn to handle traffic from both WAN ports. But I need to be able to restart it from the internet in case it becomes unresponsive. I thought of adding an additional firewall between Wan2 and the firewall, one to which I can login from the internet, e.g. pfSense SG-2220. I thought of replacing Vigor completely but then I would need to buy a separate DSL modem as well as WiFi gateway - both are handled by the Vigor router currently.
Anyway, the topology would be like this:
PPPoA Fibre
StaticIP1 StaticIP2
| WAN
| pfSense
| LAN
| |
Wan1 Wan2
Vigor2830Vn
LAN
|
In other words, WAN2 of Vigor would be connected to LAN of pfSense.
An alternative topology could be:
PPPoA Fibre
StaticIP1 StaticIP2
| WAN
| pfSense
| LAN
Wan1 Wan2 |
Vigor2830Vn |
LAN-----------
|
LAN
Thus connecting LAN port of pfSense directly to one of the free LAN ports in Vigor (which should then work as a switch bridging traffic from both WAN ports).
Now questions. Is there a standard way of connecting multiple routers one after another like this? I heard of DMZ or DMZ Host but I think they would not apply here.
In the first topology, how can I access the web interface of pfSense from LAN? The traffic would need to go through Wan2 of Vigor. If pfSense's LAN interface was assigned a local IP (e.g. 10.0.0.1) Vigor would not pass the local traffic through Wan2 to pfSense. And I can't assign a public IP since it may be routed through the other router.
In the second topology, how would the traffic from LAN be routed to the internet? I guess it would depend on the Gateway set up on each computer in LAN (i.e. it would be either the local IP of Vigor or pfSense). Would any load-balancing or failover be possible?
