I think we may have something mis configured.
our set up is : internet <—> pfsense <—> Lan including freepbx .
at pfsense we limit addresses and ports that have access to freepbx. also remote phones use openvpn at pfsense
at freepbx eth0 has the IP 10.1.4.17
at settings > firewall > networks 10.0.0.0/8 is set to trusted
at settings > firewall > interfaces eth0 is set as “local (Local trusted traffic)”
My question is: should eth0 be changed to “Internet (Default Firewall)” ? I think that is needed in case we screw up the firewall setting or something sometime.
If you have pfsense firewall in front of the PBX then running the FreePBX firewall in addition might complicate things.
If you set eth0 as Local you don’t need to add the local subnet as trusted as it will automatically trust anything on the same subnet.
Setting eth0 as Internet means that you would need to add the local subnet to a trusted zone.
I guess the key thing is to understand what the issue is you are having in the first place.
We are not having any issues with our set up. However i am not an expert on security.
I guess I am just looking for other opinions on if our set up is done well for security.
Looks good to me, assuming pfsense is configured correctly then your setup should be fine.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.