Hello,
I would like to use a pfSense-powered computer as an IDS, but I would also like to use my existing ROS router to do packet filtering and LAN management because of the SFP link being used. Here is the operation mode in detail:
WAN<->ROS<->pfSense<->ROS<->LAN
When a packet arrives, the WAN interface of the ROS router drops it if it matches with a given set of rules in the firewall. Else it continues its way.
Then, the pfSense device passes it through an IDS.
Finally, it reaches the ROS router again and exists through the SFP port to get to the switch (labeled “LAN” here).
How can I force the path a packet must take within ROS ? I thought about VLAN’s but I’m not quite sure on how to implement such a feature. I could also use another ROS router for packet filtering but that would require having three devices and would make management a nightmare.
Thanks in advance.