Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best practices for virtualized fully collapsed dmz ala pfsense in esxi cluster

    Scheduled Pinned Locked Moved Virtualization
    1 Posts 1 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tojaktoty
      last edited by

      Wans are ATT Uverse and Comcast business gateways both with built-in multi port lan interface switches and several static ips. Looking at Comcast MetroEthernet. Pfsense will be performing traffic shaping, qos, and vpns plus more.

      What are the best methods for eliminating single points of failure in network for virtualized pfsense in an esxi vsphere cluster? Should the isp gateway wans cross connect into vlans onto two different managed switches and then trunk/tag this into each esxi host? Pfsync would have dedicated vlan but how will pfsense carp primary and backup vm instances connect to second switches redundant wan vlans? (additional gateways but with lower priority and triggered by member down?)

      Is it worthwhile to investigate pfsense behavior with vmotion, FT, HA?

      Reviewing http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf and am curious if others have had success and could share their strategies in esxi clusters. Maybe separating the firewall from the cluster and setting up two hardware pfsense boxes is best method? Open to all comments and suggestions.. thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.