Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VMWARE ESX AND PFSENSE

    Scheduled Pinned Locked Moved Virtualization
    4 Posts 4 Posters 10.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beaven67
      last edited by

      :D
      Hello,
              I've been researching different software firewall options. I have looked at IPCOP, SMOOTHWALL
      IPTABLES, ALTON and now MONOWALL/PFSENSE!
      Can anyone give me any cons to using pfsense in the ESX environment? It looks like a very viable option. I thought I would post this before I spend hours testing it myself in the vm environment to get a listing of any issues that have come up when using the firewall in a vm! Any and all information is appreciated.
      I'm looking for recommendations also for system requirements the firewall in the vm environment.

      Should i use more than 256Meg of memory and is 200Mhz cpu enough?
      Should i build a vm of the firewall or use the appliance already built?
      Thanks,
      Pat  ;D

      1 Reply Last reply Reply Quote 0
      • J
        j2b
        last edited by

        Despite all comments concerning overall host & guest security, we are using 6 pfsense vms on ESX servers in Failover configuration. Please keep in mind that, if you are very security concerned. In such case, make separate ESX servers for firewall and router stack - separate from other services, and provide physical connections to production and dmz networks.

        At this point these vms are most stable ones and they started to work from very first minutes after installation. We had some questions concerning SNMP configuration - for that keep in mind, that you have to edit manualy *.vmx file adding following lines of configuration, to take vnics on correct speed:

        ethernetX.virtualDev = "e1000"

        Do that for every vNIC. Although we could not manage to configure virtual CARP interfaces to report correct speed with SNMP.

        Concerning vm configuration an resources - it depends on your requirements. At the moment we deploy pfsense vms with 2 CPUs and 512MB RAM and they work well. You can start from the smallest config and afterwards monitor real needs. Keep in mind, that web GUI is configured to use very small amount of resources, and you may think, that vm is overloaded. No, it is because all resources are reserved to router production services. Search forum to find configuration to increse web GUI speed. CPU frequency at the moment we are not reserving. So could not comment on it.

        VMware tools - There are some discussions concerning installing vmware tools on freebsd. I've tried one time, but unsuccessfuly. So - we are not using them. There are several Pros and Cons concerning use of VMware Tools - mainly time synchronization.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Works great. Use http://blog.pfsense.org/?p=293 which already sets e1000 and includes VMware Tools.

          1 Reply Last reply Reply Quote 0
          • B
            buzzinh
            last edited by

            Hey guys,

            I have ESXi @ Home Running several ubuntu boxes and im using the aforementioned VM appliance to serve internet to my entire household… it works really well, have squid and squid reporter running on it. works a treat!

            Only weird thing is that phpsysinfo show more ram being used than the system page?!? any ideas?

            cheers

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.