Setting Up One pfSense Behind Another

Further segmenting networks with a firewall behind a firewall

Teri Radichel
Cloud Security
Published in
13 min readNov 29, 2024

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: pfSense | Network Security | Netgate

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this post my goal is to run a pfSense firewall behind another pfSense firewall.

Why configure one pfSense to run behind another?

Because when you run a device on the edge of your network, you cannot see what is coming out of that device. There’s no device in front of that device to inspect the traffic. It’s heading out of that box to the ISP. The ISP can see what is coming out of your edge device but you cannot.

So that’s where putting one firewall in front of another can help you inspect the traffic that’s coming out of the intermediary firewall. I wrote about that here in Watching the Network Watchers:

--

--

Teri Radichel
Teri Radichel

Written by Teri Radichel

CEO 2nd Sight Lab | Pentesting | Research | AWS Security Hero | Masters of Infosec & Masters Software Engineering | GSE | IANS | SANS Difference Makers Award