How secure is vmware ESXi with pfsense - noob question
-
Hi,
i will planing try pfsense VM on ESXi. I want ask, how secure is ESXi with pfsense VM. Can i expose ESXi ethernet interface to internet? Can attakers compromise ESXi and than LAN network or VMs?
I can add to ESXi box ethernet ports assigned only for pfsense VM.
-
I would not suggest you expose your vmkern to the freaking internet no ;)
What exactly do you think your exposing by running pfsense on vm? Guess its possible if they exploit pfsense, and then there is some exploit to allow a VM to access the esxi host or other VMS then sure if your pfsense is compromised you could have issues. But I would think if your firewall is compromised then you prob have other things to worry about of it could be exploited to also hit the host ;)
Only thing that would be listening on your interent interface should be pfsense wan vm nic, etc.
-
I ask because i want only try it (i want learn something new).
I want create pfsense VM and run it on ESXi. pfsense will have WAN, LAN and DMZ interface. ESXi will have vmnic0 for management ESXi connected to LAN, ESXi vmnic1 as pfsense WAN, vmnic2 as pfsense LAN and vmnic3 as pfsense DMZ. On ESXi also i want run Zoneminder VM appliance, Minecraft server VM appliance, TeamSpeak VM appliance.
pfsense WAN (vmnic1) i want expose directly to internet (ISP).I interested if it is all secure, as if pfsense run on separate real PC. Is ESXi secure enough (i want expose vmnic1 to internet)?
-
Been running pfsense on esxi for years.. Hundreds if not 1000 is not 10's of thousands of people run routers/firewalls on VM.. Yes it a standard practice..