Hello, sorry for a lengthy read.
I’ve come to rely on my pfSense setup and realized if it went down, I can’t just slap something in place and be up, so I bought a 2nd one as a backup. Instead of just having it sit here I would like to learn from it knowing I have a known good backup for a single router situation ready to throw on it if needed.
I want to have an internal and external pfSense setup to learn from as well as add another layer. Here’s the general idea.
ISP <-> Modem <-> (WAN) EXT FW (LAN) <-> (WAN) INT FW (LAN) <-> Core Switch > Etc.
I’m planning on putting Outbound NAT on the EXT FW and disabling it on the INT FW, but assume I will need static routes and rules along the way somewhere, and that’s what’s stalled me. I feel like this should be a simple thing to do but I am either overthinking it or underthinking it. Hoping to be able to make changes within a few hours and have things back to working.
Just looking for some feedback or suggestions. Both appliances will have 2 OPT ports I will be using for other things, but for now I want to make sure I am not missing something to be able to get the current devices I have back online with minimal disruption.
Any thoughts or comments are appreciated.