Using Smoothwall Express With a Cisco Layer 3 Switch?

[twin--turbo]

or you could have the PFS as the only thing plugged into the Cisco, and it's second interface connected to a switch for the BYOD. Then all traffic would travers the PF

Rob

[FN-GM]

Just set pfsense as your default gateway.

Then the switch wont route between other vlans.

or you could have the PFS as the only thing plugged into the Cisco, and it's second interface connected to a switch for the BYOD. Then all traffic would travers the PF

Rob

When the time comes we wont be using a free product for the firewall.

[twin--turbo]

When the time comes we wont be using a free product for the firewall.

????

the PF is not for the EXTERNAL firewall, its to sit between the BYOD devices and the Cisco switch.

Rob

[twin--turbo]

byod.pdf

Rough!

[FN-GM]

I mis understood you. Can we move the BYOD stuff to the other post please as this thread is about the main firewall. thanks

[FN-GM]

Well i dont want it to route between the VLANS i want the L3 switch to do that.

Would i set a static route on the Switch so it knows for that vlan to go to pfsense? The DG of my clients will be the VLAN interface IP.

Something like

ip route 172.20.2.0 255.255.255.0 <ip of pfsense>

Basically i want it to act as a firewall and to get an internet connection to my test setup.

Thanks

Will this work please?

[twin--turbo]

that will route all trafic going to the 172.20.2.0 via the PF

[FN-GM]

that will route all trafic going to the 172.20.2.0 via the PF

oh good so that will be right then

[SYNACK]

pfsense is rubbish with PPTP traffic so if anyone uses that then avoid it.

There are others like ClearOS Community Edition | Software
Router/Bridge Linux Firewall
and
Untangle: Network Policy at Work
are also good choices that can handle protocols a bit better and include stuff like WAN load sharing.

[FN-GM]

Its only a test really i think we are going for smoothwall in the end of it.

[SYNACK]

Its only a test really i think we are going for smoothwall in the end of it.

Yea Smoothwall does do all that stuff, but only in the pay for versions.

[twin--turbo]

Well I am 70% of the way there.

I haev PF up, captive working , just need to fix it's DNS as that's being funky... and then make sure the rest of it is LOCKED down.

I wasted 2 hrs because explorer would not show the toolbar at the top and I could not manage PF via the WAN interface. Firefox on a client side allowed me to enable HTTPS to get in via firefox on the wan side.

Rob

[FN-GM]

Yea Smoothwall does do all that stuff, but only in the pay for versions.

Yer thats the one we will be gunning for.
@twin--turbo i look forward to your setup guide

[cpjitservices]

Im glad PFSense is serving you guys well! and hope you enjoy it as much as I have......

[twin--turbo]

Well:

My test laptop can get an IP, it gets DNS.

I fire up firefox and try to go to google.

It goes to the captive portal and I log on ( will change this to an accept button )

And it goes directly to the citrix logon.

I try to go to google, it does nothing.
I try to ssh to our web server, it does nothing.
I try any website other than the VDI.... It does nothing..
HAHAHAHAHAHAHAHAHAHAHAHAH

Rob