On Thu, Oct 25, 2012 at 02:08:57AM +0530, ASIM IQBAL - GREYTIP wrote: > I have read all the PF documentation and try to understand but I have > some doubts on using PF in our existing environment below mentioned are > my doubts. > Is it possible to use PACKET FENCE with existing firewall (I am using > PFSENSE FIREWALL)? > Is I have to put PACKET FENCE behind the firewall > How many NIC are required on PACKET FENCE to function properly and > smoothly > Do I have to configure my entire desktop client’s gateway to PACKET > FENCE IP? > Is it possible to route all the PACKET FENCE traffic through my > existence firewall
There are two options. 1. "Inline enforcement" means all your outbound traffic goes via the PacketFence box. In a flat network, yes your clients would point their gateway at the PacketFence box. The PFSense box could be on the outside (i.e. PacketFence points default route at the PFSense firewall) 2. "VLAN enforcement" means that users are dropped into one VLAN when their port is not enabled (this VLAN would default gateway via the Packet Fence box) and a different VLAN when their port is enabled for live traffic (that VLAN can have the PFSense firewall as its default gateway). Option 2 scales much better because your "live" traffic is not traversing the PacketFence box; however it requires that you have switches which are supported by PacketFence in terms of SNMP control to switch ports between VLANs and to be notified when the user has changed on the port. This should become clearer if you read the packetfence manual. HTH, Brian. ------------------------------------------------------------------------------ WINDOWS 8 is here. Millions of people. Your app in 30 days. Visit The Windows 8 Center at Sourceforge for all your go to resources. http://windows8center.sourceforge.net/ join-generation-app-and-make-money-coding-fast/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
