Yes. Always use out of band management.
On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna <robertocarn...@gmail.com> wrote: > Ivo, that's a good idea....but please tell me if I'm correct or not: > > WAN, LAN, Bridge interfaces: IP-Less > OPT1: IP for management in a management network > > Tnaks again, > > 2014-09-30 9:27 GMT-03:00 Ivo Tonev <i...@tonev.pro.br>: > > I recommend you create a management network for OPT1 with private IP. > > > > > > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < > robertocarn...@gmail.com> > > wrote: > >> > >> I think this is good for us: > >> > >> > >> - Router ISP with IP 200.0.0.1 > >> > >> - pFsense with the following interfaces: > >> > >> a) WAN IP-Less > >> b) LAN IP-Less > >> c) OPT1 with IP 200.0.0.2 (management) > >> d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less > >> > >> - Corporate firewall with IP 200.0.0.3 > >> > >> - Snort runs in Bridge interface > >> > >> Do you think this is correct ??? > >> > >> Good night !!! > >> > >> Roberto > >> > >> > >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral <jelocab...@gmail.com>: > >> > I can say that I imagine this addresses space: > >> > > >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- > >> > Firewall / > >> > IP 200.1.1.2 > >> > OPT1 / IP > >> > 200.1.1.3 > >> > > (management) > >> > > >> > So, the WAN and LAN interfaces from pFsense are IP-LESS (promiscuos > >> > mode), > >> > and the OPT1 interface from pFsense has a public IP as router and > >> > firewall. > >> > > >> > Can I do this in pfsense ??? > >> > > >> > > >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral > >> > <jelocab...@gmail.com> > >> > wrote: > >> >> > >> >> OK Ivo, this is very helpful to me....Suppose I have: > >> >> > >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP 200.1.1.2 > >> >> > >> >> I have to maintan invariable the addressing of this scenario, so what > >> >> IP > >> >> addresses do I have to assign to WAN and LAN pFsense interfaces ??? > >> >> > >> >> Thanks a lot, > >> >> > >> >> JeLo > >> >> > >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <i...@tonev.pro.br> wrote: > >> >>> > >> >>> In production environment you need 3 interfaces - one for WAN, one > for > >> >>> LAN and one for management. > >> >>> > >> >>> > >> >>> > >> >>> > http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html > >> >>> > >> >>> > >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc <comp...@hotrodpc.com> > wrote: > >> >>>> > >> >>>> > But you say: one interface for WAN, a second for > >> >>>> > >> >>>> >LAN...and which interface is for managing ??? > >> >>>> > >> >>>> > >> >>>> > >> >>>> > >> >>>> > >> >>>> You manage with a browser from LAN, and optional also from the WAN > >> >>>> port. > >> >>>> And with ssh from the LAN. > >> >>>> > >> >>>> > >> >>>> > >> >>>> > >> >>>> _______________________________________________ > >> >>>> List mailing list > >> >>>> List@lists.pfsense.org > >> >>>> https://lists.pfsense.org/mailman/listinfo/list > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> -- > >> >>> Ivo R. Tonev > >> >>> +55 61 8409-2642 > >> >>> i...@tonev.com.br > >> >>> > >> >>> _______________________________________________ > >> >>> List mailing list > >> >>> List@lists.pfsense.org > >> >>> https://lists.pfsense.org/mailman/listinfo/list > >> >> > >> >> > >> > > >> > > >> > _______________________________________________ > >> > List mailing list > >> > List@lists.pfsense.org > >> > https://lists.pfsense.org/mailman/listinfo/list > >> _______________________________________________ > >> List mailing list > >> List@lists.pfsense.org > >> https://lists.pfsense.org/mailman/listinfo/list > > > > > > > > > > -- > > Ivo R. Tonev > > +55 61 8409-2642 > > i...@tonev.com.br > > > > _______________________________________________ > > List mailing list > > List@lists.pfsense.org > > https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- Ivo R. Tonev +55 61 8409-2642 i...@tonev.com.br
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
