After learning of the CARP failover/sync features, we intend to use a
VM based firewall for our new private cloud, and have it sync to a failover
that would also be a VM. If it all works, we would be able to move the VMs
around our cluster as necessary, while they are in use. We figure we can set
up our switch to put all incoming packets on a VLAN for only the firewall(s),
have the servers on a different VLAN, and have pfSense route between them.
Possibly with NAT; not sure yet.
In the data center, if we end up needing more than the default block of
IPs, there is a fee, so I was thinking about just getting another block when/if
it was necessary. That gives up one more IP to the firewall, but it will take
years for that to cost more than to start with a bigger block up front. Can we
just add a second subnet? Does that simply show as a second WAN network?
Would any common rules (say, blocking pings) need to be duplicated for each or
could they apply to both?
Thanks,
Steve Yates
ITS, Inc.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
