This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrating to a new firewall (home environment)

In the coming weeks I'll be migrating to pfsense. I've thought about various ways to make migration easier/more efficient.

The current configuration consists of several vlans and internet exposed servers.

One way to do the migration would be cold turkey - that is replicate as much of the config as possible on the new platform before switching wan to the new.

Another way is to leave utm in path for now, while doing config on the new system a bit at a time. To facilitate this strategy I think I need to effectively nat all inbound traffic to the pfsense instance?

There's full nat, 1:1 nat, and no nat. It's a bit unclear which option to choose?

Thoughts/suggestions?

This thread was automatically locked due to age.

Parents

0 Alan Brand 3 months ago

I'd go for the first. Maybe you happen to have two spare public IP's so you can set the systems "side by side".

After all both are based on linux and built around iptables, so a "iptables -l" on both in a rootshell might give further insights.

For inbound you can switch services one by one by editing them in the public DNS, for outbound this is done in your routing table.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Alan Brand 3 months ago

I'd go for the first. Maybe you happen to have two spare public IP's so you can set the systems "side by side".

After all both are based on linux and built around iptables, so a "iptables -l" on both in a rootshell might give further insights.

For inbound you can switch services one by one by editing them in the public DNS, for outbound this is done in your routing table.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data