On Sun, Jul 4, 2010 at 5:46 AM, Tonix (Antonio Nati) <to...@interazioni.it> wrote: > First question. > We are planning to use PFsense as frontend gateway routing to customers > subnets, and in such architecture, we could use pfsense as pure routing > device, except we want to protect the "LAN" network. > Does the "disable firewall" option exclude completely any NAT or filtering > rules, without any possibility to protect the LAN interface? >
Yes. > Second question. > We may have one frontend Internet link doubled on two FE switches (using > redundant switches and spanning tree features), so if one FE switch fails, > we can have the connection on the other FE switch. > > Apart of using a master/slave couple of fw, we are evaluating if to bridge > two interfaces, for each FW, placed on both FE switches. > > Link ---> > ---> SW1 ----> em0 (pf1-em0) > ---> SW2 ----> em1 (pf1-em1 bridged to em0) > > In such a case, the bridging feature on PFsense, can handle the trick? In > case of SW1 failure, can states open on interface em0 work also on interface > em1-bridged-to em-0? > Never tried anything like that on a single system, it works with two systems using CARP (with proper STP or a devd script to up/down the bridge accordingly). Not sure if the states would failover correctly with one system. --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org