Connect MX and virtual pfSense

Lars_Petterson
Here to help

Connect MX and virtual pfSense

Hi there,

 

We are going to have two firewalls at the same location (same rack) and we need to connect these two together in order to route traffic from one firewall to another. Now here what I have been thinking which I need to verify with you guys. 

 

1. I need a link net (subnet) between two firewalls (an ethernet cable that goes from one firewall to another),

2. I need a route on both firewalls to route traffics,

3. I need policies to pass or allow certain traffic.

 

Are these three points sufficient to achieve this?

4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal

Yes, that is all you need.

For the MX, you should use a LAN-Port with your Link-Subnet and not one of the WAN-Ports for this. Also make sure that all internal systems route the traffic to these firewalls if not handled automatically with a default-route.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Lars_Petterson
Here to help

Hi Karstenl,

 

Thanks for the answer. I dont understand the latter you wrote about internal systems, what do you mean by that?

KarstenI
Kind of a big deal
Kind of a big deal

Imagine an internal L3-switch which has a static route towards the MX, but a default-route to a different firewall. The traffic to the remote site would never reach the MX and there would be a static route needed to the MX.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Lars_Petterson
Here to help

Do you mean that if I have a lets say default route 0.0.0.0/0 with wan IP as a default route and then I put the other route with a specific destination toward the other firewall, the traffic will still match the 0.0.0.0/0 and never reach the one we want! If thats the case, can we solve this with permanent routes on the clients itself?

 

route ADD destination_network MASK subnet_mask  gateway_ip

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels