Ivo, that's a good idea....but please tell me if I'm correct or not: WAN, LAN, Bridge interfaces: IP-Less OPT1: IP for management in a management network
Tnaks again, 2014-09-30 9:27 GMT-03:00 Ivo Tonev <i...@tonev.pro.br>: > I recommend you create a management network for OPT1 with private IP. > > > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna <robertocarn...@gmail.com> > wrote: >> >> I think this is good for us: >> >> >> - Router ISP with IP 200.0.0.1 >> >> - pFsense with the following interfaces: >> >> a) WAN IP-Less >> b) LAN IP-Less >> c) OPT1 with IP 200.0.0.2 (management) >> d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less >> >> - Corporate firewall with IP 200.0.0.3 >> >> - Snort runs in Bridge interface >> >> Do you think this is correct ??? >> >> Good night !!! >> >> Roberto >> >> >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral <jelocab...@gmail.com>: >> > I can say that I imagine this addresses space: >> > >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- >> > Firewall / >> > IP 200.1.1.2 >> > OPT1 / IP >> > 200.1.1.3 >> > (management) >> > >> > So, the WAN and LAN interfaces from pFsense are IP-LESS (promiscuos >> > mode), >> > and the OPT1 interface from pFsense has a public IP as router and >> > firewall. >> > >> > Can I do this in pfsense ??? >> > >> > >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral >> > <jelocab...@gmail.com> >> > wrote: >> >> >> >> OK Ivo, this is very helpful to me....Suppose I have: >> >> >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP 200.1.1.2 >> >> >> >> I have to maintan invariable the addressing of this scenario, so what >> >> IP >> >> addresses do I have to assign to WAN and LAN pFsense interfaces ??? >> >> >> >> Thanks a lot, >> >> >> >> JeLo >> >> >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <i...@tonev.pro.br> wrote: >> >>> >> >>> In production environment you need 3 interfaces - one for WAN, one for >> >>> LAN and one for management. >> >>> >> >>> >> >>> >> >>> http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html >> >>> >> >>> >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc <comp...@hotrodpc.com> wrote: >> >>>> >> >>>> > But you say: one interface for WAN, a second for >> >>>> >> >>>> >LAN...and which interface is for managing ??? >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> You manage with a browser from LAN, and optional also from the WAN >> >>>> port. >> >>>> And with ssh from the LAN. >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> _______________________________________________ >> >>>> List mailing list >> >>>> List@lists.pfsense.org >> >>>> https://lists.pfsense.org/mailman/listinfo/list >> >>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Ivo R. Tonev >> >>> +55 61 8409-2642 >> >>> i...@tonev.com.br >> >>> >> >>> _______________________________________________ >> >>> List mailing list >> >>> List@lists.pfsense.org >> >>> https://lists.pfsense.org/mailman/listinfo/list >> >> >> >> >> > >> > >> > _______________________________________________ >> > List mailing list >> > List@lists.pfsense.org >> > https://lists.pfsense.org/mailman/listinfo/list >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > > > > > -- > Ivo R. Tonev > +55 61 8409-2642 > i...@tonev.com.br > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
