On Sun, Apr 18, 2010 at 9:35 PM, Paul Peziol <[email protected]> wrote: > We have a block of static addresses from our ISP. In the PFsense currently I > have setup VIP and 1:1 NAT to several servers. The network only has 1 lan > subnet 192.168.2.x currently with the servers and a few office computers on > their. The client machines that connect are connected to a comcast network > and totally separate. We're gonna need to setup a few more servers and with > such I want to put them on their own network. It has slowly evolved and > hence the original 1 server being on the same network as the office > computers and a server here and there being added. Best practices I know is > to put the servers on their own network so I am backstepping here due to a > recent fast growth of servers.
If they're Internet-accessible, putting them into a DMZ would make sense (in which case you don't want another box, you want another interface in your firewall). If they're LAN-only servers that push a lot of traffic, splitting them off into another network is probably not desirable for performance reasons unless you have a hefty firewall or L3 switch. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
