after i replace my pfsense machine with ipfire i see its time to re-design my firewall placement
so i see it nice place to ask what is best placement firewall in DC my network as shown :
1- wan sides have 3 internet connect each one have 100mbits come from my isp .
2- core router mikrotik ccr2004 for load balance and some NAT works .
3- server side have mikrotik ccr 1009 router for routing and tunnels purpose
4- clients side have mikrotik ccr 1009 router for capsman (mikrotik wireless management ) and pcq queues .
i need two firewall one for server sides to block all traffic form clients sides except port 443 for 172.xxx.xxx.6 and port 1812 and 1813 for 172.xxx.xxx.5 and port 53 and icmp for 172.xxx.xxx.3
clients side for location block and Transparent proxy and some rules filters .
my thought :
core router → server firewall (ipfire) → server-router → server-switch (L2)
core router → clients firewall (ipfire) → clients-router → clients-switch
its nice to see any suggestions