Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtualization confusion - lab scenarios security help

    Scheduled Pinned Locked Moved
    Virtualization
    2
    3
    409
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      srytryagn
      last edited by

      Followed some tutorials online to setup virtualized labs but do not understand fully what they accomplish in terms of security and segregation. Have some questions, tried to keep the scenarios as short as possible, please help me understand.

      Setup 1:
      ISP Router NATted-> windows 10 pc-> Virtual box pfsense -> other vms on same pc's virtual box connected to pfsense
      ->Does this at all secure the VMs ? Since the host is a windows 10 pc with virtual box what does this even accomplish for security?

      Setup2:
      ISP Router NATted -> VIrtualized pfsense type 1 hypervisor -> VMs on same pc connected to virtualized pfsense
      ->Does this double nat and virtual bridges in type 1 hyper secure the vms or is this counter productive?

      Setup 3:
      PFsense bare metal -> windows 10 pc-> Virtual box with another pfsense -> other vms on same pc's virtual box connected to pfsense

      ->Is this scenario more secure than above and is the second virtual box pfsense adding security to the setup or is it futile?

      Setup 4:
      PFsense bare metal ->Type 1 hypervisor-> VIrtualized pfsense type 1 hypervisor -> VMs on same pc connected to virtualized pfsense

      ->Under this scenario does the second Pfsense add any security for further segregating VMs?

      S 1 Reply Last reply Reply Quote 0
      • S
        srytryagn @srytryagn
        last edited by

        @srytryagn Anybody ?

        Let me ask more simply.

        Example you run windows 10 and virtualbox. You use a combo modem/router from ISP, the ISP box to connect to the net. You make a pfsesne vm and connect other vms to it. What have you accomplished in tems of security ?

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @srytryagn
          last edited by

          @srytryagn
          Running pfSense virtualized on top of another system naturally adds an additional layer to the whole system, which may offer additional vulnerabilities and possibilities for attacks. These grow up with the number of services you're running on the host.
          Hence I'd not recommend to run a production pfSense on a PC which you use for working, playing or any other purposes.

          However, if you virtualize pfSense together with other machines on a dedicated hypervisor system I'd not much concerns due to security.
          But Windows + Virtualbox is not really well eligible for these purposes in my opinion.

          For instance, my home pfSense runs virtualized on top of Linux with KVM aside from a web server to achieve better utilization of my hardware and safe cables, energy and hardware costs.
          The host itself is only connected to the LAN side of pfSense, so the firewall secures my whole system. The pfSense WAN is connected to the ISP modem and establishes the internet connection via PPPoE.

          Natting the traffic on the ISP router is basically not a security issue as long as the router works reliably.

          If pfSense can increase security for the VMs depends on your network design. pfSense, whether bare metal or virtualized, can segregate your (virtualized) network, you can drive this up to connect each VM to a separate network interface if you want, so that no VM can access anything without passing the firewall.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post