Managed Virtual Routers with pfSense Routing Control
Route traffic between private networks and VLANs with NAT, BGP/OSPF dynamic routing, and multi-WAN failover, deployed and tuned by Togglebox engineers.
Steer traffic between subnets, VLANs, and app tiers with centralized routing rules.
Manage outbound NAT and publish services with controlled port forwarding and policy.
BGP and OSPF handle advanced topologies that have outgrown static routes.
Gateway monitoring and failover policies keep connectivity up during upstream issues.
Part of our Network Security Solutions platform. Also available: Managed Firewalls and Managed VPNs.
What Is a Managed Virtual Router?
A virtual router controls traffic between networks: which subnets communicate, how outbound traffic is NAT’d, how inbound traffic is forwarded, and how routes are advertised or learned. Togglebox Managed Virtual Routers run as pfSense virtual appliances, letting you centralize routing rules in one place instead of scattering them across individual servers.
Routing and segmentation control
Define clear paths between private networks, application tiers, and management zones without exposing internal services.
NAT and gateway behavior
Manage outbound NAT, inbound port forwarding, and failover policy across one or more uplinks.
BGP and OSPF support
Run dynamic routing with BGP and OSPF when growth and resilience requirements outgrow static routes.
How Routing Control Works
NAT and reverse NAT (port forwards)
Use NAT for outbound connectivity and port forwards to publish specific services safely. Keep internal services on private networks while exposing only intended public entry points.
Static routing and policy-based routing
Static routes pin specific subnets to fixed gateways for predictable paths. Policy-based routing steers traffic over specific gateways based on source, destination, or service. It is especially useful in multi-uplink environments and staged migrations.
Segmentation between VLANs and networks
Separate public ingress, app tiers, databases, admin networks, and partner connectivity. A managed virtual router enforces boundaries while keeping routing clear.
Routing Patterns for Growing Networks
Dynamic routing (BGP / OSPF)
When static routing becomes unwieldy, dynamic routing lets your network adapt as paths change. pfSense supports BGP and OSPF via the FRR package.
- BGP peering for controlled route exchange between environments or providers
- OSPF for internal route propagation in complex networks
- Route filtering to keep advertisements safe and intentional
Multi-WAN and failover
For environments with multiple uplinks, a managed virtual router supports multiple gateways and failover to maintain connectivity during upstream outages.
- Gateway monitoring to detect upstream failures
- Failover policy to shift traffic to the healthy path
- Traffic steering so critical services prefer the best route
Where Virtual Routers Fit
Managed virtual routers connect multiple private networks inside a Togglebox private cloud. A few patterns we deploy often:
- Isolated database tier on a dedicated private network, reachable only from the app subnet
- Admin-only network reachable by VPN, separate from production traffic paths
- Internal service network for east-west communication between app components
Togglebox engineers own the initial plan, NAT design, route troubleshooting, and later routing changes, so the routing stays clear and documented as your environment grows.
Virtual Router vs. Firewall vs. VPN
These solutions overlap. Pick based on your primary goal:
- Virtual Router: you need routing and NAT control between networks
- Firewall: you need security-focused ingress/egress rules, segmentation, and filtering
- VPN: you need encrypted connectivity between sites or for remote user access
For help choosing, the Network Security Solutions hub page breaks options down by use case.
Pricing and Ordering
Pricing starts at $25/month + server resource costs. We can help you choose the right CPU/RAM allocation based on routes, throughput, and the features you plan to enable.
Also available: Managed Firewalls and Managed VPNs.
Common Questions
How do I choose between firewall, VPN, and virtual router services?
Choose firewall for boundary control, VPN for encrypted remote access, and virtual routers for routing or segmentation design.
Can I get help reviewing my security architecture?
Reach out to a security engineer for a fit and sizing review.
No matching questions found.
Ready to Deploy a Managed Virtual Router?
Tell us your routing and network requirements. We will design the routing configuration and deploy it for you.