Installing pfSense 2.2+ into VMware workstation 11, Windows Server 2012 host
-
Hi.
I have not used a Linux distro, or Vmware, in quite some time and I was interested in learning about pfSense. I plan to use it for a home network firewall/routing that usually has 6 to 9 devices (2 wired, rest are wireless). I currently have a Windows Server 2012 unit that runs some basic file storage and Plex media server on it. Since I am not to comfortable with jumping head first into VSphere Hypervisor, just yet, I wanted to experiment in using pfSense on Workstation. I understand from reading other forum posts that using Worsktation is not the best setup, but I wanted to have an easy way to undo my "pfSense setup" incase I botch the install or configuration. So in a sense, a practice run of pfSense.
My Windows Server has 2 Intel NICs (PCI-Express ones) and a third realtek NIC (I think it was realtek). My thoughts was to setup a Virtual "Box" and isolate the two Intel NICs for the "Virtualized" pfSense. Since I had the third network card, I was thinking of just running a Cat 6 from the modem into the WAN Intel NIC, then running a Cat 6 from the LAN Intel NIC to a switch, and then another cable back to the Realtek NIC for the Windows OS to have exclusive use of. I understand I can have both the host OS and the VM'd pfSense share the LAN NIC, but this is more for experimenting, then deployment efficiency.
The end result would be something akin to this:
-> = cable connections
=> [insert name here] = software connectionsInternet -> Modem -> Windows Server Tower (Intel NIC 1) => [pfSense] => Windows Server Tower (Intel NIC 2) -> Switch (which connects the rest of LAN, and a wireless router with DHCP turned off) -> Windows Server Tower (Realtek NIC) => [Windows Server 2012 (for sole use)].
I am seeking some detailed advice on some options for making this work. Will this be a safe setup, or will this leave the Windows Server 2012 OS open for attack? Should I use an older version of pfSense? As I said, it has been a very longtime since I used any VM software, and last time I used Workstation was back in 2006. I do not have to solely use VMware Workstation 11, as it was the only option I could think of.
Main reason I do not want to jump on the "wipe the Server and start over" option is because it will take a very long time to move everything off, then back on, and then set everything up again. I'd like to save "that" time sink for when I am really comfortable, and confident, with pfSense/VMware and am ready to do a more permanent setup.
I tried to clearly explain and illustrate what I want to do. I apologize for any confusion in my post.
-
Seems like a reasonable idea to me.
Just make sure you are passing through the NICs to the pfSense VM and they are isolated from the host. You may need to remove or disable the IP components from the Windows config for those NICs.
pfSense is build on FreeBSD and that's not Linux so choose the FreeBSD option when creating your VM.
No need to use an older version as far as I'm aware.Steve
-
Seems like a reasonable idea to me.
Just make sure you are passing through the NICs to the pfSense VM and they are isolated from the host. You may need to remove or disable the IP components from the Windows config for those NICs.
pfSense is build on FreeBSD and that's not Linux so choose the FreeBSD option when creating your VM.
No need to use an older version as far as I'm aware.Steve
Thanks for the response Steve.
It did not even cross my mind about the IP components and the Windows config for the two Intel NICs. Thank you for pointing that out. I will check into it and update with my results.
-
So I tried ESXI 6.0 and was disappointed to find out that part of the Hardware was unusable. Especially two NICS out of the three (a Realtek & an Intel). Apparently ESXI waas not compatible with my motherboard's PCI Express 3.0 Slot that my second Intel NIC was in.
I ended up re-installing Windows Server 2012 and I setup Workstation 11. I bridged the two Intel NICs and disabled their components in Windows. When installing pfSense, the installation process only saw one of the Intel NICs as an Intel NIC. The 2nd Intel NIC, was labeled as AMD something or another. In the end, both NICS still worked. I am not sure if the miss-labeling is something I did wrong in Workstation's Network settings, or just an error on behalf of the pfSense installation.
I managed to Setup my Windows Server to auto start the VM with pfSense, as a shared VM, and auto login the account running the VM. This way, when I hit the power button, the Server auto loads pfSense and the internet will work, without having to physically login to the Server Box.
So far, pfSense is very impressive. I have another question… Does the Interface label in the pfSense web interface an issue? I attached a screenshot to this post to show the NIC labels that pfSense displays. Will this be an issue if it is using the 1000 for the WAN and the LAN as Auto?
-
Nothing wrong with that dashboard display.
However it does seem as though your other interface is being emulated as compatible with the amd le driver which is not great. You should try to make sure they all appear as Intel NICs or better that the hardware is actually passed through so they appear as the real NIC.Steve
