Allow users in a local network to access the Internet via pfSense without using a proxy server

Question

Our users connect to other sites through the private MPLS under the following set-up. Now we would like to allow the users to surf the Internet by purchasing the Internet service. To secure our local network, we plan to set up the pfSense firewall and connect it to our local network as below:

Subnet: 192.168.1.0/24

PCs --> switch --> Layer-3 switch --> Router --> Private MPLS
                                      |
                                      |--> pfSense --> ISP Router --> Internet

Is our set-up correct? Is it possible to allow PC users to access the Internet via pfSense without setting up a proxy server? (we try to avoid it because some applications may not work under proxy)

Answer 1

pfSense is in fact a router. If you set it up to have a WAN connection, with its default gateway being the IP address of the ISP Router (or simply configure with DHCP), it will work just as expected and you will have internet connection.
No proxy needed.

However, there is a problem with your topology. You can't have 2 gateway routers in the same network. There is no point of having both Router and pfSense.

The traffic will have to go either through the Router to the Private MPLS or to the pfSense and the Internet connection. Choose one. You can simply use pfSense for the internet connection and configure routing to your Private MPLS.

You can read a text guide for pfSense WAN setup here.