I recommend you create a management network for OPT1 with private IP.
On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna <robertocarn...@gmail.com> wrote: > I think this is good for us: > > > - Router ISP with IP 200.0.0.1 > > - pFsense with the following interfaces: > > a) WAN IP-Less > b) LAN IP-Less > c) OPT1 with IP 200.0.0.2 (management) > d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less > > - Corporate firewall with IP 200.0.0.3 > > - Snort runs in Bridge interface > > Do you think this is correct ??? > > Good night !!! > > Roberto > > > 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral <jelocab...@gmail.com>: > > I can say that I imagine this addresses space: > > > > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- > Firewall / > > IP 200.1.1.2 > > OPT1 / IP > > 200.1.1.3 > > (management) > > > > So, the WAN and LAN interfaces from pFsense are IP-LESS (promiscuos > mode), > > and the OPT1 interface from pFsense has a public IP as router and > firewall. > > > > Can I do this in pfsense ??? > > > > > > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral < > jelocab...@gmail.com> > > wrote: > >> > >> OK Ivo, this is very helpful to me....Suppose I have: > >> > >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP 200.1.1.2 > >> > >> I have to maintan invariable the addressing of this scenario, so what IP > >> addresses do I have to assign to WAN and LAN pFsense interfaces ??? > >> > >> Thanks a lot, > >> > >> JeLo > >> > >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <i...@tonev.pro.br> wrote: > >>> > >>> In production environment you need 3 interfaces - one for WAN, one for > >>> LAN and one for management. > >>> > >>> > >>> > http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html > >>> > >>> > >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc <comp...@hotrodpc.com> wrote: > >>>> > >>>> > But you say: one interface for WAN, a second for > >>>> > >>>> >LAN...and which interface is for managing ??? > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> You manage with a browser from LAN, and optional also from the WAN > port. > >>>> And with ssh from the LAN. > >>>> > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> List mailing list > >>>> List@lists.pfsense.org > >>>> https://lists.pfsense.org/mailman/listinfo/list > >>> > >>> > >>> > >>> > >>> -- > >>> Ivo R. Tonev > >>> +55 61 8409-2642 > >>> i...@tonev.com.br > >>> > >>> _______________________________________________ > >>> List mailing list > >>> List@lists.pfsense.org > >>> https://lists.pfsense.org/mailman/listinfo/list > >> > >> > > > > > > _______________________________________________ > > List mailing list > > List@lists.pfsense.org > > https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- Ivo R. Tonev +55 61 8409-2642 i...@tonev.com.br
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
