The pfSense Store

Poll

Can I configure NAT and Internet Navigation using an L3 switch and pfSense on a Multi-Vlan evironment?

Yes
2 (100%)
No
0 (0%)

Total Members Voted: 2

Author Topic: pfSense + Juniper EX3200 + Multi VLAN Set Up  (Read 3118 times)

0 Members and 1 Guest are viewing this topic.

Offline hunterz

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
pfSense + Juniper EX3200 + Multi VLAN Set Up
« on: July 13, 2011, 11:32:55 pm »
Hi, I new to pfSense but I've been reading it is an excellent firewall solution. I was looking for a firewall solution but I have some special requirements that I would like to ask before to determine if this will be the right solution for me, basically this is what I need:

I have a Layer 3 Juniper EX3200 switch with 6 vlans onfigured on it. I would like to use pfSense as my firewall solution but since I have a Layer 3 Switch I would like to keep it as my main routing device so that pfSense will provide NAT, Firewall, etc. to my network. I whould like to be able to do NAT from my public IP Addresses to servers located on my VLANs. Right now I though a can create an Internet access VLAN that will have only 2 IP Addresses 172.16.1.1 and 172.16.1.2 both with 255.255.255.252 mask, this addresses will be used on for my Switch and other for my pfSense box. Is it posible to configure this VLAN on pfSense and allow Internet access through my pfSense using a default route for all the vlans on my swtich so that psSense's IP will be the next hub? Would I be able to NAT traffic from my public IP Addresses to servers located on other vlans on my network?

Thanks for the help,

Petter

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #1 on: July 14, 2011, 12:18:22 am »
It might be easier to understand if could provide a drawing of your current topology and what you want to achieve topology

Offline cipherxyz

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #2 on: December 28, 2011, 09:12:29 pm »
Hi,

I think what he is looking for is like this diagram. Please get it from here:

https://skydrive.live.com/redir.aspx?cid=7659951f371a2086&resid=7659951F371A2086!118&parid=7659951F371A2086!115&authkey=!AG9PM60kV66IWds

I also would like to achieve the same thing.



Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #3 on: December 29, 2011, 01:43:26 am »
I think that it could be done, but i have zero knowledge of juniper devices

Only thing what i wonder is why to have two routers connected to each other without any "visible" reason

Offline cipherxyz

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #4 on: January 09, 2012, 12:28:32 am »
Currently the adsl modem don't support VLAN, so using PfSense as the connector sounds like a solution. Am I right?


Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #5 on: January 09, 2012, 04:40:51 pm »
Don't really know

Offline SeventhSon

  • Full Member
  • ***
  • Posts: 287
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #6 on: January 09, 2012, 07:51:33 pm »
Quote
Is it posible to configure this VLAN on pfSense and allow Internet access through my pfSense using a default route for all the vlans on my swtich so that psSense's IP will be the next hub?
Yes, PCs in VLANs will have L3 switch as Default Gateway, and the L3 will have the pfSense box as it's DG.
Make sure that your pfSense box knows about the networks reachable through your L3 (RIP? static routes?)

Quote
Would I be able to NAT traffic from my public IP Addresses to servers located on other vlans on my network?
Yes


Offline cipherxyz

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense + Juniper EX3200 + Multi VLAN Set Up
« Reply #7 on: March 28, 2012, 04:08:55 am »
This is what I did:

1. At PFsense, create Static route to the VLAN subnet. (eg: 172.16.19.0/24)

2. Create a VLAN interface on the LAN interface. For example if your LAN is eth0, create a VLAN on eth0; but ensure that the VLAN ID is the same as the VLAN ID in your coreswitch.

3. Reset your pfsense machine and you are good to go!

**you might need to add NAT Outbound for the VLAN subnet**

Try it and update us...!


Regards,