This might be stupid but I want to have 2 pfsense deploy. One for my Lab and one for my home network. I know I can just add the subnet and etc. But I want to deploy 2 of them.
The home will be Sophos 310 device and Lab will be Sophos 210 device. I believe I can do something like this.
Going from my home switch I will plug into my lab PFsense device and let that grab an IP and start managing it. Is this doable? Here is a picture of what I’m thinking. The reason why I’m doing this so I can reboot my lab network if need and not reboot my main network and I can test new features and etc.
Yes that will work fine, you will be double mat though and that presents some issues but as long as you are comfortable with the firewall and willing to make it all work then it’s fine. I’ve done this before and it works.
My lab at home is done in a similar way, and it works OK so far. Tom has a few videos where he talks about setting up a customer firewall and issuing it one of their public IP addresses, and doing all of this behind his main firewall to isolate the pre-build system but have it ready to deploy when it comes back out of the box.
Honestly this will work just fine. Make sure when setting up the PFSense firewall you make rules to allow hosts from your primary network(s) to have explicit access to lab devices that are hosting services you’re tooling around with, unless you want to completely keep it isolated entirely. PFSense out of the box basically nukes any incoming connections that aren’t already in the state table, so just some food for thought.
