NAT, HAProxy, or combination?

Hi all,

I’m moving from a Dell Sonicwall to a Netgate 8200 with PFSense+. Here is my scenario:

I need to access two servers in my local network; DNS is in place externally and internally.

Server-A hosts computer-aided dispatch software with multiple ports needed to access TLS and UDP protocols. The third-party SSL certificate is bound directly to the server. (considering Let’s Encrypt)

Server-B is a web server (accessible for public view) that only needs ports 80 and 443 for the webpage and Let’s Encrypt.

With Sonicwall, I have FQDN-specific NAT rules, i.e., if the destination is, then forward to Server-A internal address on specified ports.

What is the best way to handle this? Can it all be done within HAProxy or a combination of NAT rules?

VPN has now entered the chat…(Sonicwall NetXtender was horrible for users)

I always start with simplicity, if all you need is just a NAT rule to get it working then use that. HAProxy is nice because it will give you the much more extended features allowing for more control and of course handling of certificates. Also HAProxy can be used for internal services at the same time as well.

OpenVPN works great in pfsense.